TechSpot

Adverts playing in Windows background / redirecting websites

By psav
Feb 6, 2012
  1. Hi, around a few days ago i started to get these random adverts playing every 5-15mins in the background. No pop-ups or anything, just the adverts playing. Also while browsing sometimes i would get redirecting to shity advertising websites and ebay. here is my log report with TDSSkiller.exe. Help would be appreciated :)

    16:06:43.0805 9524 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
    16:06:44.0183 9524 ============================================================
    16:06:44.0183 9524 Current date / time: 2012/02/06 16:06:44.0183
    16:06:44.0183 9524 SystemInfo:
    16:06:44.0183 9524
    16:06:44.0183 9524 OS Version: 6.1.7600 ServicePack: 0.0
    16:06:44.0183 9524 Product type: Workstation
    16:06:44.0184 9524 ComputerName: PARAND-PC
    16:06:44.0184 9524 UserName: Parand
    16:06:44.0184 9524 Windows directory: C:\Windows
    16:06:44.0184 9524 System windows directory: C:\Windows
    16:06:44.0184 9524 Processor architecture: Intel x86
    16:06:44.0184 9524 Number of processors: 2
    16:06:44.0184 9524 Page size: 0x1000
    16:06:44.0184 9524 Boot type: Normal boot
    16:06:44.0184 9524 ============================================================
    16:06:45.0338 9524 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    16:06:45.0361 9524 Drive \Device\Harddisk1\DR1 - Size: 0x78A80000 (1.89 Gb), SectorSize: 0x200, Cylinders: 0xF6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    16:06:45.0362 9524 \Device\Harddisk0\DR0:
    16:06:45.0362 9524 MBR used
    16:06:45.0362 9524 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F608, BlocksNum 0xD91C59B
    16:06:45.0378 9524 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xD93FAA3, BlocksNum 0x4A7967E
    16:06:45.0378 9524 \Device\Harddisk1\DR1:
    16:06:45.0379 9524 MBR used
    16:06:45.0379 9524 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3C51E0
    16:06:45.0514 9524 Initialize success
    16:06:45.0514 9524 ============================================================
    16:06:49.0853 8188 ============================================================
    16:06:49.0853 8188 Scan started
    16:06:49.0853 8188 Mode: Manual;
    16:06:49.0853 8188 ============================================================
    16:06:52.0343 8188 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
    16:06:52.0354 8188 1394ohci - ok
    16:06:52.0403 8188 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
    16:06:52.0410 8188 ACPI - ok
    16:06:52.0446 8188 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
    16:06:52.0449 8188 AcpiPmi - ok
    16:06:52.0532 8188 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    16:06:52.0541 8188 adp94xx - ok
    16:06:52.0589 8188 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    16:06:52.0596 8188 adpahci - ok
    16:06:52.0615 8188 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    16:06:52.0620 8188 adpu320 - ok
    16:06:52.0672 8188 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
    16:06:52.0684 8188 AFD - ok
    16:06:52.0708 8188 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
    16:06:52.0714 8188 agp440 - ok
    16:06:52.0750 8188 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    16:06:52.0753 8188 aic78xx - ok
    16:06:52.0840 8188 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
    16:06:52.0843 8188 aliide - ok
    16:06:52.0876 8188 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
    16:06:52.0880 8188 amdagp - ok
    16:06:52.0915 8188 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
    16:06:52.0918 8188 amdide - ok
    16:06:52.0975 8188 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    16:06:52.0981 8188 AmdK8 - ok
    16:06:53.0005 8188 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    16:06:53.0015 8188 AmdPPM - ok
    16:06:53.0059 8188 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
    16:06:53.0068 8188 amdsata - ok
    16:06:53.0113 8188 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    16:06:53.0155 8188 amdsbs - ok
    16:06:53.0192 8188 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
    16:06:53.0196 8188 amdxata - ok
    16:06:53.0249 8188 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
    16:06:53.0254 8188 AppID - ok
    16:06:53.0331 8188 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    16:06:53.0335 8188 arc - ok
    16:06:53.0351 8188 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    16:06:53.0355 8188 arcsas - ok
    16:06:53.0443 8188 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    16:06:53.0446 8188 AsyncMac - ok
    16:06:53.0503 8188 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
    16:06:53.0506 8188 atapi - ok
    16:06:53.0691 8188 atikmdag (7db96c2801a78513bdc133c25d07929e) C:\Windows\system32\DRIVERS\atikmdag.sys
    16:06:53.0802 8188 atikmdag - ok
    16:06:53.0925 8188 atksgt (547f07839f71a4357a5e503646cac2b0) C:\Windows\system32\DRIVERS\atksgt.sys
    16:06:53.0937 8188 atksgt - ok
    16:06:54.0072 8188 Avgfwfd (d30b785ab801a0e2b0ad922d66f971f3) C:\Windows\system32\DRIVERS\avgfwd6x.sys
    16:06:54.0075 8188 Avgfwfd - ok
    16:06:54.0125 8188 AVGIDSDriver (b9acb889ba1e0561868c025f95d63e25) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
    16:06:54.0131 8188 AVGIDSDriver - ok
    16:06:54.0176 8188 AVGIDSEH (13256fc72fa5b3f6d6e8c5957e579b7c) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
    16:06:54.0179 8188 AVGIDSEH - ok
    16:06:54.0200 8188 AVGIDSFilter (fa0685cc51de5cfd804e7deaa6488e0e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
    16:06:54.0202 8188 AVGIDSFilter - ok
    16:06:54.0232 8188 AVGIDSShim (f788b51100d0f40ea176798cce954a1a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
    16:06:54.0236 8188 AVGIDSShim - ok
    16:06:54.0282 8188 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
    16:06:54.0289 8188 Avgldx86 - ok
    16:06:54.0309 8188 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
    16:06:54.0313 8188 Avgmfx86 - ok
    16:06:54.0368 8188 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
    16:06:54.0371 8188 Avgrkx86 - ok
    16:06:54.0381 8188 Avgtdix - ok
    16:06:54.0463 8188 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    16:06:54.0472 8188 b06bdrv - ok
    16:06:54.0542 8188 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    16:06:54.0549 8188 b57nd60x - ok
    16:06:54.0625 8188 bcm4sbxp (82dd21bfa8bbe0a3a3833a1bd8e86158) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
    16:06:54.0629 8188 bcm4sbxp - ok
    16:06:54.0673 8188 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    16:06:54.0678 8188 Beep - ok
    16:06:54.0696 8188 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    16:06:54.0705 8188 blbdrive - ok
    16:06:54.0781 8188 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
    16:06:54.0785 8188 bowser - ok
    16:06:54.0826 8188 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    16:06:54.0829 8188 BrFiltLo - ok
    16:06:54.0853 8188 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    16:06:54.0856 8188 BrFiltUp - ok
    16:06:54.0898 8188 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    16:06:54.0904 8188 Brserid - ok
    16:06:54.0926 8188 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    16:06:54.0930 8188 BrSerWdm - ok
    16:06:54.0949 8188 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    16:06:54.0951 8188 BrUsbMdm - ok
    16:06:54.0977 8188 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    16:06:54.0985 8188 BrUsbSer - ok
    16:06:55.0040 8188 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    16:06:55.0043 8188 BTHMODEM - ok
    16:06:55.0112 8188 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    16:06:55.0116 8188 cdfs - ok
    16:06:55.0152 8188 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
    16:06:55.0156 8188 cdrom - ok
    16:06:55.0217 8188 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    16:06:55.0232 8188 circlass - ok
    16:06:55.0281 8188 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    16:06:55.0288 8188 CLFS - ok
    16:06:55.0420 8188 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    16:06:55.0437 8188 CmBatt - ok
    16:06:55.0463 8188 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
    16:06:55.0466 8188 cmdide - ok
    16:06:55.0491 8188 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
    16:06:55.0502 8188 CNG - ok
    16:06:55.0544 8188 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    16:06:55.0552 8188 Compbatt - ok
    16:06:55.0602 8188 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
    16:06:55.0607 8188 CompositeBus - ok
    16:06:55.0666 8188 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    16:06:55.0670 8188 crcdisk - ok
    16:06:55.0829 8188 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
    16:06:55.0876 8188 CSC - ok
    16:06:55.0961 8188 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
    16:06:55.0965 8188 DfsC - ok
    16:06:56.0006 8188 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    16:06:56.0009 8188 discache - ok
    16:06:56.0058 8188 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    16:06:56.0072 8188 Disk - ok
    16:06:56.0147 8188 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    16:06:56.0173 8188 drmkaud - ok
    16:06:56.0241 8188 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    16:06:56.0252 8188 dtsoftbus01 - ok
    16:06:56.0304 8188 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
    16:06:56.0320 8188 DXGKrnl - ok
    16:06:56.0460 8188 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    16:06:56.0547 8188 ebdrv - ok
    16:06:56.0603 8188 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    16:06:56.0613 8188 elxstor - ok
    16:06:56.0642 8188 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
    16:06:56.0654 8188 ErrDev - ok
    16:06:56.0722 8188 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    16:06:56.0742 8188 exfat - ok
    16:06:56.0780 8188 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    16:06:56.0786 8188 fastfat - ok
    16:06:56.0821 8188 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    16:06:56.0858 8188 fdc - ok
    16:06:56.0901 8188 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    16:06:56.0910 8188 FileInfo - ok
    16:06:56.0927 8188 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    16:06:56.0930 8188 Filetrace - ok
    16:06:56.0956 8188 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    16:06:56.0958 8188 flpydisk - ok
    16:06:57.0022 8188 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    16:06:57.0027 8188 FltMgr - ok
    16:06:57.0084 8188 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    16:06:57.0089 8188 FsDepends - ok
    16:06:57.0124 8188 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    16:06:57.0159 8188 Fs_Rec - ok
    16:06:57.0193 8188 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
    16:06:57.0200 8188 fvevol - ok
    16:06:57.0250 8188 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    16:06:57.0253 8188 gagp30kx - ok
    16:06:57.0321 8188 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    16:06:57.0332 8188 GEARAspiWDM - ok
    16:06:57.0395 8188 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
    16:06:57.0397 8188 hamachi - ok
    16:06:57.0456 8188 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    16:06:57.0464 8188 hcw85cir - ok
    16:06:57.0553 8188 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
    16:06:57.0560 8188 HdAudAddService - ok
    16:06:57.0623 8188 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
    16:06:57.0630 8188 HDAudBus - ok
    16:06:57.0666 8188 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    16:06:57.0709 8188 HidBatt - ok
    16:06:57.0752 8188 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    16:06:57.0756 8188 HidBth - ok
    16:06:57.0795 8188 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    16:06:57.0799 8188 HidIr - ok
    16:06:57.0861 8188 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
    16:06:57.0864 8188 HidUsb - ok
    16:06:57.0928 8188 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
    16:06:57.0932 8188 HpSAMD - ok
    16:06:57.0979 8188 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
    16:06:58.0022 8188 HTTP - ok
    16:06:58.0047 8188 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
    16:06:58.0050 8188 hwpolicy - ok
    16:06:58.0085 8188 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
    16:06:58.0089 8188 i8042prt - ok
    16:06:58.0144 8188 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
    16:06:58.0154 8188 iaStorV - ok
    16:06:58.0202 8188 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    16:06:58.0221 8188 iirsp - ok
    16:06:58.0254 8188 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
    16:06:58.0258 8188 intelide - ok
    16:06:58.0293 8188 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    16:06:58.0297 8188 intelppm - ok
    16:06:58.0324 8188 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    16:06:58.0328 8188 IpFilterDriver - ok
    16:06:58.0365 8188 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    16:06:58.0373 8188 IPMIDRV - ok
    16:06:58.0400 8188 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    16:06:58.0434 8188 IPNAT - ok
    16:06:58.0492 8188 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    16:06:58.0496 8188 IRENUM - ok
    16:06:58.0524 8188 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
    16:06:58.0529 8188 isapnp - ok
    16:06:58.0580 8188 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
    16:06:58.0586 8188 iScsiPrt - ok
    16:06:58.0639 8188 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    16:06:58.0651 8188 kbdclass - ok
    16:06:58.0719 8188 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
    16:06:58.0722 8188 kbdhid - ok
    16:06:58.0749 8188 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
    16:06:58.0755 8188 KSecDD - ok
    16:06:58.0788 8188 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
    16:06:58.0793 8188 KSecPkg - ok
    16:06:58.0951 8188 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
    16:06:58.0954 8188 lirsgt - ok
    16:06:59.0040 8188 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    16:06:59.0048 8188 lltdio - ok
    16:06:59.0122 8188 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    16:06:59.0129 8188 LSI_FC - ok
    16:06:59.0199 8188 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    16:06:59.0203 8188 LSI_SAS - ok
    16:06:59.0228 8188 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    16:06:59.0262 8188 LSI_SAS2 - ok
    16:06:59.0326 8188 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    16:06:59.0330 8188 LSI_SCSI - ok
    16:06:59.0374 8188 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    16:06:59.0379 8188 luafv - ok
    16:06:59.0435 8188 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
    16:06:59.0438 8188 MBAMProtector - ok
    16:06:59.0505 8188 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    16:06:59.0508 8188 megasas - ok
    16:06:59.0551 8188 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    16:06:59.0557 8188 MegaSR - ok
    16:06:59.0608 8188 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    16:06:59.0611 8188 Modem - ok
    16:06:59.0654 8188 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    16:06:59.0656 8188 monitor - ok
    16:06:59.0700 8188 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    16:06:59.0703 8188 mouclass - ok
    16:06:59.0756 8188 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    16:06:59.0760 8188 mouhid - ok
    16:06:59.0779 8188 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
    16:06:59.0783 8188 mountmgr - ok
    16:06:59.0819 8188 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
    16:06:59.0825 8188 mpio - ok
    16:06:59.0846 8188 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    16:06:59.0855 8188 mpsdrv - ok
    16:06:59.0899 8188 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
    16:06:59.0905 8188 MRxDAV - ok
    16:06:59.0942 8188 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
    16:06:59.0947 8188 mrxsmb - ok
    16:06:59.0972 8188 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    16:06:59.0980 8188 mrxsmb10 - ok
    16:07:00.0018 8188 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    16:07:00.0022 8188 mrxsmb20 - ok
    16:07:00.0068 8188 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
    16:07:00.0071 8188 msahci - ok
    16:07:00.0110 8188 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
    16:07:00.0115 8188 msdsm - ok
    16:07:00.0162 8188 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    16:07:00.0164 8188 Msfs - ok
    16:07:00.0184 8188 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    16:07:00.0199 8188 mshidkmdf - ok
    16:07:00.0225 8188 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
    16:07:00.0229 8188 msisadrv - ok
    16:07:00.0273 8188 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    16:07:00.0277 8188 MSKSSRV - ok
    16:07:00.0303 8188 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    16:07:00.0306 8188 MSPCLOCK - ok
    16:07:00.0339 8188 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    16:07:00.0348 8188 MSPQM - ok
    16:07:00.0573 8188 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    16:07:00.0615 8188 MsRPC - ok
    16:07:00.0684 8188 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
    16:07:00.0687 8188 mssmbios - ok
    16:07:00.0731 8188 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    16:07:00.0733 8188 MSTEE - ok
    16:07:00.0761 8188 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    16:07:00.0763 8188 MTConfig - ok
    16:07:00.0791 8188 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    16:07:00.0795 8188 Mup - ok
    16:07:00.0827 8188 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    16:07:00.0834 8188 NativeWifiP - ok
    16:07:00.0875 8188 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
    16:07:00.0910 8188 NDIS - ok
    16:07:00.0945 8188 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    16:07:00.0948 8188 NdisCap - ok
    16:07:00.0971 8188 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    16:07:00.0974 8188 NdisTapi - ok
    16:07:01.0001 8188 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
    16:07:01.0006 8188 Ndisuio - ok
    16:07:01.0040 8188 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
    16:07:01.0046 8188 NdisWan - ok
    16:07:01.0064 8188 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
    16:07:01.0067 8188 NDProxy - ok
    16:07:01.0147 8188 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    16:07:01.0150 8188 NetBIOS - ok
    16:07:01.0183 8188 NetBT (a04b5a480f1fe28d424b613e9e0ed75c) C:\Windows\system32\DRIVERS\netbt.sys
    16:07:01.0207 8188 NetBT ( Virus.Win32.ZAccess.l ) - infected
    16:07:01.0208 8188 NetBT - detected Virus.Win32.ZAccess.l (0)
    16:07:01.0371 8188 netr28u (27ee4b406e2f26f6117a9a420bd4cb65) C:\Windows\system32\DRIVERS\netr28u.sys
    16:07:01.0398 8188 netr28u - ok
    16:07:01.0457 8188 netr73 (76b1157ef850830c5ece61d3e591ca8b) C:\Windows\system32\DRIVERS\netr73.sys
    16:07:01.0475 8188 netr73 - ok
    16:07:01.0528 8188 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    16:07:01.0531 8188 nfrd960 - ok
    16:07:01.0576 8188 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    16:07:01.0579 8188 Npfs - ok
    16:07:01.0600 8188 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    16:07:01.0602 8188 nsiproxy - ok
    16:07:01.0653 8188 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
    16:07:01.0688 8188 Ntfs - ok
    16:07:01.0721 8188 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    16:07:01.0724 8188 Null - ok
    16:07:01.0771 8188 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
    16:07:01.0776 8188 nvraid - ok
    16:07:01.0816 8188 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
    16:07:01.0818 8188 nvstor - ok
    16:07:01.0857 8188 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
    16:07:01.0863 8188 nv_agp - ok
    16:07:01.0924 8188 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
    16:07:01.0966 8188 ohci1394 - ok
    16:07:02.0017 8188 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    16:07:02.0061 8188 Parport - ok
    16:07:02.0080 8188 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
    16:07:02.0088 8188 partmgr - ok
    16:07:02.0111 8188 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    16:07:02.0129 8188 Parvdm - ok
    16:07:02.0155 8188 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
    16:07:02.0224 8188 pci - ok
    16:07:02.0269 8188 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
    16:07:02.0294 8188 pciide - ok
    16:07:02.0322 8188 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    16:07:02.0342 8188 pcmcia - ok
    16:07:02.0376 8188 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    16:07:02.0379 8188 pcw - ok
    16:07:02.0430 8188 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    16:07:02.0455 8188 PEAUTH - ok
    16:07:02.0564 8188 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    16:07:02.0624 8188 PptpMiniport - ok
    16:07:02.0683 8188 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    16:07:02.0725 8188 Processor - ok
    16:07:02.0804 8188 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    16:07:02.0821 8188 Psched - ok
    16:07:02.0890 8188 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    16:07:02.0926 8188 ql2300 - ok
    16:07:02.0969 8188 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    16:07:02.0974 8188 ql40xx - ok
    16:07:03.0014 8188 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    16:07:03.0018 8188 QWAVEdrv - ok
    16:07:03.0043 8188 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    16:07:03.0046 8188 RasAcd - ok
    16:07:03.0083 8188 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    16:07:03.0086 8188 RasAgileVpn - ok
    16:07:03.0129 8188 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    16:07:03.0172 8188 Rasl2tp - ok
    16:07:03.0287 8188 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    16:07:03.0312 8188 RasPppoe - ok
    16:07:03.0333 8188 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    16:07:03.0367 8188 RasSstp - ok
    16:07:03.0438 8188 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
    16:07:03.0456 8188 rdbss - ok
    16:07:03.0479 8188 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    16:07:03.0504 8188 rdpbus - ok
    16:07:03.0519 8188 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
    16:07:03.0528 8188 RDPCDD - ok
    16:07:03.0564 8188 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
    16:07:03.0640 8188 RDPDR - ok
    16:07:03.0714 8188 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    16:07:03.0732 8188 RDPENCDD - ok
    16:07:03.0778 8188 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    16:07:03.0820 8188 RDPREFMP - ok
    16:07:03.0886 8188 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
    16:07:03.0937 8188 RDPWD - ok
    16:07:03.0984 8188 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
    16:07:03.0991 8188 rdyboost - ok
    16:07:04.0071 8188 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    16:07:04.0082 8188 rspndr - ok
    16:07:04.0140 8188 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
    16:07:04.0143 8188 s3cap - ok
    16:07:04.0192 8188 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
    16:07:04.0200 8188 sbp2port - ok
    16:07:04.0225 8188 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
    16:07:04.0228 8188 scfilter - ok
    16:07:04.0302 8188 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    16:07:04.0305 8188 secdrv - ok
    16:07:04.0341 8188 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    16:07:04.0366 8188 Serenum - ok
    16:07:04.0385 8188 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    16:07:04.0389 8188 Serial - ok
    16:07:04.0402 8188 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    16:07:04.0410 8188 sermouse - ok
    16:07:04.0454 8188 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
    16:07:04.0483 8188 sffdisk - ok
    16:07:04.0521 8188 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    16:07:04.0540 8188 sffp_mmc - ok
    16:07:04.0574 8188 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
    16:07:04.0578 8188 sffp_sd - ok
    16:07:04.0597 8188 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    16:07:04.0600 8188 sfloppy - ok
    16:07:04.0622 8188 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
    16:07:04.0649 8188 sisagp - ok
    16:07:04.0680 8188 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    16:07:04.0684 8188 SiSRaid2 - ok
    16:07:04.0729 8188 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    16:07:04.0762 8188 SiSRaid4 - ok
    16:07:04.0805 8188 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    16:07:04.0811 8188 Smb - ok
    16:07:04.0866 8188 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    16:07:04.0869 8188 spldr - ok
    16:07:04.0942 8188 srv (dd0dd124d95390fdffa7fb6283923ed4) C:\Windows\system32\DRIVERS\srv.sys
    16:07:05.0026 8188 srv - ok
    16:07:05.0176 8188 srv2 (59ef6d9c690e89d51b0692ccb13a06fc) C:\Windows\system32\DRIVERS\srv2.sys
    16:07:05.0194 8188 srv2 - ok
    16:07:05.0218 8188 srvnet (08f28676802b58138e48a2b40caf6204) C:\Windows\system32\DRIVERS\srvnet.sys
    16:07:05.0222 8188 srvnet - ok
    16:07:05.0289 8188 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    16:07:05.0294 8188 stexstor - ok
    16:07:05.0350 8188 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
    16:07:05.0353 8188 storflt - ok
    16:07:05.0388 8188 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
    16:07:05.0392 8188 storvsc - ok
    16:07:05.0417 8188 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
    16:07:05.0420 8188 swenum - ok
    16:07:05.0567 8188 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
    16:07:05.0626 8188 Tcpip - ok
    16:07:05.0942 8188 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
    16:07:05.0952 8188 TCPIP6 - ok
    16:07:06.0009 8188 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
    16:07:06.0014 8188 tcpipreg - ok
    16:07:06.0044 8188 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
    16:07:06.0047 8188 TDPIPE - ok
    16:07:06.0073 8188 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
    16:07:06.0077 8188 TDTCP - ok
    16:07:06.0111 8188 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
    16:07:06.0115 8188 tdx - ok
    16:07:06.0151 8188 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
    16:07:06.0160 8188 TermDD - ok
    16:07:06.0246 8188 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
    16:07:06.0253 8188 tssecsrv - ok
    16:07:06.0288 8188 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
    16:07:06.0300 8188 tunnel - ok
    16:07:06.0331 8188 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    16:07:06.0338 8188 uagp35 - ok
    16:07:06.0392 8188 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
    16:07:06.0399 8188 udfs - ok
    16:07:06.0467 8188 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
    16:07:06.0472 8188 uliagpkx - ok
    16:07:06.0530 8188 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
    16:07:06.0543 8188 umbus - ok
    16:07:06.0593 8188 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    16:07:06.0596 8188 UmPass - ok
    16:07:06.0676 8188 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
    16:07:06.0679 8188 USBAAPL - ok
    16:07:06.0727 8188 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
    16:07:06.0731 8188 usbccgp - ok
    16:07:06.0782 8188 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
    16:07:06.0786 8188 usbcir - ok
    16:07:06.0830 8188 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
    16:07:06.0833 8188 usbehci - ok
    16:07:06.0872 8188 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
    16:07:06.0880 8188 usbhub - ok
    16:07:06.0911 8188 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
    16:07:06.0914 8188 usbohci - ok
    16:07:06.0947 8188 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    16:07:06.0950 8188 usbprint - ok
    16:07:06.0975 8188 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    16:07:06.0979 8188 USBSTOR - ok
    16:07:07.0010 8188 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
    16:07:07.0019 8188 usbuhci - ok
    16:07:07.0086 8188 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
    16:07:07.0092 8188 vdrvroot - ok
    16:07:07.0139 8188 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    16:07:07.0144 8188 vga - ok
    16:07:07.0162 8188 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    16:07:07.0168 8188 VgaSave - ok
    16:07:07.0212 8188 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
    16:07:07.0218 8188 vhdmp - ok
    16:07:07.0260 8188 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
    16:07:07.0264 8188 viaagp - ok
    16:07:07.0301 8188 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    16:07:07.0304 8188 ViaC7 - ok
    16:07:07.0347 8188 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
    16:07:07.0350 8188 viaide - ok
    16:07:07.0392 8188 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
    16:07:07.0397 8188 vmbus - ok
    16:07:07.0449 8188 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
    16:07:07.0452 8188 VMBusHID - ok
    16:07:07.0492 8188 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
    16:07:07.0499 8188 volmgr - ok
    16:07:07.0532 8188 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    16:07:07.0538 8188 volmgrx - ok
    16:07:07.0564 8188 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
    16:07:07.0571 8188 volsnap - ok
    16:07:07.0613 8188 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    16:07:07.0618 8188 vsmraid - ok
    16:07:07.0645 8188 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
    16:07:07.0648 8188 vwifibus - ok
    16:07:07.0677 8188 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
    16:07:07.0680 8188 vwififlt - ok
    16:07:07.0727 8188 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
    16:07:07.0730 8188 vwifimp - ok
    16:07:07.0778 8188 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    16:07:07.0786 8188 WacomPen - ok
    16:07:07.0827 8188 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    16:07:07.0833 8188 WANARP - ok
    16:07:07.0839 8188 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    16:07:07.0841 8188 Wanarpv6 - ok
    16:07:07.0926 8188 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    16:07:07.0929 8188 Wd - ok
    16:07:07.0982 8188 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    16:07:07.0991 8188 Wdf01000 - ok
    16:07:08.0066 8188 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    16:07:08.0068 8188 WfpLwf - ok
    16:07:08.0092 8188 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    16:07:08.0095 8188 WIMMount - ok
    16:07:08.0219 8188 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
    16:07:08.0227 8188 WinUsb - ok
    16:07:08.0280 8188 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    16:07:08.0283 8188 WmiAcpi - ok
    16:07:08.0374 8188 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    16:07:08.0378 8188 ws2ifsl - ok
    16:07:08.0415 8188 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
    16:07:08.0419 8188 WudfPf - ok
    16:07:08.0473 8188 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
    16:07:08.0478 8188 WUDFRd - ok
    16:07:08.0563 8188 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    16:07:08.0613 8188 \Device\Harddisk0\DR0 - ok
    16:07:08.0621 8188 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1
    16:07:08.0626 8188 \Device\Harddisk1\DR1 - ok
    16:07:08.0632 8188 Boot (0x1200) (8164597088ac29f17002fee29e4fbb10) \Device\Harddisk0\DR0\Partition0
    16:07:08.0632 8188 \Device\Harddisk0\DR0\Partition0 - ok
    16:07:08.0662 8188 Boot (0x1200) (4a88d0da4628203221f593e127d20814) \Device\Harddisk0\DR0\Partition1
    16:07:08.0663 8188 \Device\Harddisk0\DR0\Partition1 - ok
    16:07:08.0669 8188 Boot (0x1200) (9ed0ee1e4e0023fc1ce8cec346d4b591) \Device\Harddisk1\DR1\Partition0
    16:07:08.0670 8188 \Device\Harddisk1\DR1\Partition0 - ok
    16:07:08.0674 8188 ============================================================
    16:07:08.0674 8188 Scan finished
    16:07:08.0674 8188 ============================================================
    16:07:08.0695 2784 Detected object count: 1
    16:07:08.0695 2784 Actual detected object count: 1
    16:07:20.0007 2784 C:\Windows\system32\DRIVERS\netbt.sys - copied to quarantine
    16:07:22.0939 2784 Backup copy found, using it..
    16:07:22.0967 2784 C:\Windows\system32\DRIVERS\netbt.sys - will be cured on reboot
    16:07:26.0514 2784 NetBT ( Virus.Win32.ZAccess.l ) - User select action: Cure
     
  2. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. psav

    psav TS Rookie Topic Starter Posts: 31

    ok i will get on those steps right away
     
  4. psav

    psav TS Rookie Topic Starter Posts: 31

    ok this is step 2 log file with malwarebytes, im about to start step 3.

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.06.03

    Windows 7 x86 NTFS
    Internet Explorer 8.0.7600.16385
    Parand :: PARAND-PC [administrator]

    06/02/2012 17:56:29
    mbam-log-2012-02-06 (17-56-29).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 174589
    Time elapsed: 9 minute(s), 46 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\System32\drivers\cdrom.sys (Trojan.Patched) -> Quarantined and deleted successfully.

    (end)
     
  5. psav

    psav TS Rookie Topic Starter Posts: 31

    step 3 done here is the log

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-02-06 19:12:58
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\00000061 ST316081 rev.3.AD
    Running: t59lf331.exe; Driver: C:\Users\Parand\AppData\Local\Temp\awdiapow.sys


    ---- Devices - GMER 1.0.15 ----

    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
    Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Processes - GMER 1.0.15 ----

    Process PING.EXE (*** hidden *** ) 1452

    ---- EOF - GMER 1.0.15 ----
     
  6. psav

    psav TS Rookie Topic Starter Posts: 31

    step 4

    DDS log file

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.2.1
    Run by Parand at 19:18:44 on 2012-02-06
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.2046.876 [GMT 0:00]
    .
    AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\DAEMON Tools Lite\DTLite.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\AVG\AVG10\avgam.exe
    C:\Program Files\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\Program Files\AVG\AVG10\avgchsvx.exe
    C:\Program Files\AVG\AVG10\avgfws.exe
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.0 runtime\bin\jp2ssv.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [Google Update] "c:\users\parand\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
    TCP: Interfaces\{823C5755-3475-4B56-BA5D-97D6F90E72E1} : DhcpNameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{8AB5AEFD-0AD0-44E3-8E09-86D4C1E2CFFB} : DhcpNameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{8AB5AEFD-0AD0-44E3-8E09-86D4C1E2CFFB}\2445F40756E6A7F6E656D284 : DhcpNameServer = 192.168.22.22 192.168.22.23
    TCP: Interfaces\{8AB5AEFD-0AD0-44E3-8E09-86D4C1E2CFFB}\6796277696E6D65646961603035313935343 : DhcpNameServer = 194.168.4.100 194.168.8.100
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\parand\appdata\roaming\mozilla\firefox\profiles\l5vrrg5p.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\byond\bin\npbyond.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
    FF - plugin: c:\program files\oracle\javafx 2.0 runtime\bin\new_plugin\npjp2.dll
    FF - plugin: c:\users\parand\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\users\parand\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\windows\system32\npdeployJava1.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
    R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-7-12 54112]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-1-2 218688]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
    R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2011-3-9 2708024]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-2-2 1373576]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-6 652360]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-8 20464]
    R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-6-10 545792]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2009-6-10 657408]
    S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    .
    =============== Created Last 30 ================
    .
    2012-02-06 17:50:55 111616 ----a-w- c:\windows\system32\5WLy1k.com
    2012-02-06 16:24:18 26176 ---ha-w- c:\windows\system32\hamachi.sys
    2012-02-06 16:24:13 -------- d-----w- c:\program files\LogMeIn Hamachi
    2012-02-06 16:07:19 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-02-06 04:35:32 -------- d-----w- c:\program files\Oracle
    2012-02-06 04:34:29 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-02-06 04:21:58 388096 ----a-r- c:\users\parand\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2012-02-06 04:21:57 -------- d-----w- c:\program files\Trend Micro
    2012-02-06 03:11:53 -------- d-----w- c:\users\parand\appdata\roaming\f-secure
    2012-02-06 03:11:09 -------- d-----w- c:\programdata\F-Secure
    2012-02-05 16:40:16 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-02-04 03:49:32 -------- d-----w- c:\program files\Microsoft WSE
    2012-01-31 21:56:29 -------- d-----w- c:\users\parand\appdata\roaming\foobar2000
    2012-01-31 21:51:27 -------- d-----w- c:\program files\foobar2000
    2012-01-31 19:43:05 -------- d-----w- c:\users\parand\appdata\roaming\Ybozi
    2012-01-31 19:43:05 -------- d-----w- c:\users\parand\appdata\roaming\Ubemez
    2012-01-28 02:52:12 1936528 ----a-w- c:\windows\system32\ltmm15.dll
    2012-01-28 02:52:11 135168 ----a-w- c:\windows\system32\DSKernel2.dll
    2012-01-28 02:50:47 737280 ----a-w- c:\windows\iun6002.exe
    2012-01-28 02:50:03 -------- d-----w- c:\program files\Replay AV 8
    2012-01-28 02:16:31 -------- d-----w- c:\users\parand\appdata\local\Jaksta_Technologies_Pty_L
    2012-01-28 02:14:39 -------- d-----w- c:\program files\Applian Technologies
    2012-01-28 02:14:33 -------- d-----w- c:\programdata\Applian
    2012-01-26 02:47:56 -------- d-----w- c:\program files\EA GAMES
    2012-01-26 02:47:03 749568 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iKernel.dll
    2012-01-26 02:47:03 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\ctor.dll
    2012-01-26 02:47:03 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\DotNetInstaller.exe
    2012-01-26 02:47:03 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iscript.dll
    2012-01-26 02:47:03 192644 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iGdi.dll
    2012-01-26 02:47:03 180224 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iuser.dll
    2012-01-26 02:47:02 323716 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\setup.dll
    2012-01-26 00:14:38 -------- d-----w- c:\programdata\Ralink
    2012-01-13 05:34:02 -------- d-----w- C:\codec-info
    2012-01-13 05:33:33 -------- d-----w- c:\programdata\Premium
    2012-01-13 05:33:32 -------- d-----w- c:\programdata\InstallMate
    2012-01-12 23:40:58 299520 ----a-w- c:\windows\uninst.exe
    2012-01-12 23:39:09 -------- d-----w- c:\program files\Square Soft, Inc
    2012-01-09 17:47:51 -------- d-----w- c:\users\parand\appdata\local\Lucasarts
    2012-01-09 17:38:50 -------- d-----w- c:\users\parand\appdata\roaming\dll-files.com
    2012-01-09 17:38:39 286208 ----a-w- c:\windows\system32\binkw32.dll
    2012-01-09 17:38:39 -------- d-----w- c:\program files\Dll-Files.com Fixer
    2012-01-08 03:07:46 -------- d-----w- c:\users\parand\appdata\roaming\Malwarebytes
    2012-01-08 03:07:17 -------- d-----w- c:\programdata\Malwarebytes
    2012-01-08 03:07:14 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-08 03:07:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    .
    ==================== Find3M ====================
    .
    2012-02-06 16:22:48 187904 ----a-w- c:\windows\system32\drivers\netbt.sys
    2012-01-03 01:22:33 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
    2012-01-02 21:25:16 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2011-11-13 03:35:13 83872 ----a-w- c:\windows\system32\drivers\atksgt.sys
    2011-11-13 03:35:13 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
    2011-11-08 19:56:06 567184 ----a-w- c:\windows\system32\deployJava1.dll
    2007-03-09 08:12:32 27648 --sha-w- c:\windows\system32\AVSredirect.dll
    .
    ============= FINISH: 19:21:08.99 ===============

    Step 4

    attach file log

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume2
    Install Date: 26/04/2011 22:13:22
    System Uptime: 06/02/2012 18:11:46 (1 hours ago)
    .
    Motherboard: Dell Inc | | 0HY175
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket M2 | 2200/1000mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 109 GiB total, 14.181 GiB free.
    D: is FIXED (NTFS) - 37 GiB total, 13.088 GiB free.
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
    Description: CD-ROM Drive
    Device ID: DTSOFTBUS&REV1\DTCDROM&REV1\1&79F5D87&1&02
    Manufacturer: (Standard CD-ROM drives)
    Name: DTSoftBusCd02
    PNP Device ID: DTSOFTBUS&REV1\DTCDROM&REV1\1&79F5D87&1&02
    Service: cdrom
    .
    Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
    Description: CD-ROM Drive
    Device ID: DTSOFTBUS&REV1\DTCDROM&REV1\1&79F5D87&1&03
    Manufacturer: (Standard CD-ROM drives)
    Name: DTSoftBusCd03
    PNP Device ID: DTSOFTBUS&REV1\DTCDROM&REV1\1&79F5D87&1&03
    Service: cdrom
    .
    Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
    Description: CD-ROM Drive
    Device ID: SCSI\CDROM&VEN_TSSTCORP&PROD_DVD+-RW_TS-H653A\4&377153BC&0&010100
    Manufacturer: (Standard CD-ROM drives)
    Name: TSSTcorp DVD+-RW TS-H653A SCSI CdRom Device
    PNP Device ID: SCSI\CDROM&VEN_TSSTCORP&PROD_DVD+-RW_TS-H653A\4&377153BC&0&010100
    Service: cdrom
    .
    Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
    Description: CD-ROM Drive
    Device ID: DTSOFTBUS&REV1\DTCDROM&REV1\1&79F5D87&1&00
    Manufacturer: (Standard CD-ROM drives)
    Name: DTSoftBusCd00
    PNP Device ID: DTSOFTBUS&REV1\DTCDROM&REV1\1&79F5D87&1&00
    Service: cdrom
    .
    Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
    Description: CD-ROM Drive
    Device ID: DTSOFTBUS&REV1\DTCDROM&REV1\1&79F5D87&1&01
    Manufacturer: (Standard CD-ROM drives)
    Name: DTSoftBusCd01
    PNP Device ID: DTSOFTBUS&REV1\DTCDROM&REV1\1&79F5D87&1&01
    Service: cdrom
    .
    ==== System Restore Points ===================
    .
    RP263: 06/02/2012 19:02:01 - Removed AVG 2011
    .
    ==== Installed Programs ======================
    .
    888poker
    Adobe AIR
    Adobe Community Help
    Adobe Content Viewer
    Adobe Download Assistant
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe InDesign CS5.5
    Adobe Reader X (10.1.0)
    Adobe Shockwave Player 11.6
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ASIO4ALL
    ATI Catalyst Install Manager
    Audiosurf
    AVG 2011
    Battlefield 2(TM) Demo
    BitTorrent
    Bonjour
    Canon iP4600 series Printer Driver
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center HydraVision Full
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Collab
    Counter-Strike: Source
    DAEMON Tools Lite
    DivX Setup
    Dll-Files.com Fixer
    Final Fantasy VII
    Final Fantasy VII Phoenix Rejuvenation Project
    FL Studio 8
    foobar2000 v1.1.10
    Fraps
    Garry's Mod
    Google Chrome
    Guild Wars
    Half-Life 2
    HiJackThis
    IL Download Manager
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 27
    Java(TM) 7 Update 2
    JavaFX 2.0.2
    LogMeIn Hamachi
    Malwarebytes Anti-Malware version 1.60.1.1000
    Medieval II Total War
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Office Excel Viewer
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft PowerPoint Viewer
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219
    Microsoft WSE 3.0 Runtime
    Microsoft XNA Framework Redistributable 4.0
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    Mozilla Firefox 9.0.1 (x86 en-GB)
    Need for Speed™ Most Wanted
    NVIDIA PhysX
    Oblivion
    Oblivion - BTmod 2.20
    Oblivion - Horse Armor Pack
    Oblivion - Knights of the Nine
    Oblivion - Mehrunes Razor
    Oblivion - Orrery
    Oblivion - Spell Tomes
    Oblivion - Thieves Den
    Oblivion - Vile Lair
    Oblivion - Wizard's Tower
    Oblivion mod manager 1.1.12
    PDF Settings CS5
    Postal Fudge Pack
    Project64 1.6
    QuickTime
    Replay AV 8
    Replay Converter 2.8
    S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005]
    Skins
    Skype Click to Call
    Skype™ 5.5
    Spotify
    Star Wars JK II Jedi Outcast
    Steam
    swMSM
    System Requirements Lab CYRI
    Team Fortress 2
    Terraria
    The Longest Journey
    The Sims™ 3
    Unity Web Player
    Universe Sandbox
    Unofficial Oblivion Patch v3.2.0
    VC80CRTRedist - 8.0.50727.4053
    VLC media player 1.1.9
    WinRAR 4.00 (32-bit)
    WorldsPlayer by Worlds.com
    Yahoo! Messenger
    .
    ==== Event Viewer Messages From Past Week ========
    .
    30/01/2012 15:26:14, Error: bowser [8003] - The master browser has received a server announcement from the computer FAREED-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{DEE54EB0-E435-4271-8043-7175ECC4. The master browser is stopping or an election is being forced.
    30/01/2012 14:53:28, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
    06/02/2012 19:18:58, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
    06/02/2012 19:06:51, Error: Service Control Manager [7000] - The AVG TDI Driver service failed to start due to the following error: The system cannot find the file specified.
    06/02/2012 19:05:23, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgfws service.
    06/02/2012 18:12:48, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
    06/02/2012 18:12:35, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgtdix cdrom
    06/02/2012 18:12:31, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    06/02/2012 18:12:18, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    06/02/2012 18:12:16, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    06/02/2012 17:19:33, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgtdix
    06/02/2012 16:24:27, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.
    06/02/2012 16:24:27, Error: Service Control Manager [7000] - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    06/02/2012 16:24:18, Error: Service Control Manager [7030] - The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    06/02/2012 16:16:52, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
    06/02/2012 14:00:17, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
    06/02/2012 06:49:33, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0xb6ab4438, 0x00000002, 0x00000000, 0x82c6df04). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020612-25584-01.
    06/02/2012 04:42:23, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
    06/02/2012 04:41:22, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the upnphost service.
    06/02/2012 04:41:22, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    06/02/2012 04:40:45, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
    06/02/2012 03:27:43, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
    05/02/2012 19:42:56, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    05/02/2012 16:27:04, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
    05/02/2012 00:09:22, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0xa6422700, 0x00000002, 0x00000000, 0x82c99f04). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020512-41153-01.
    04/02/2012 11:10:28, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
    04/02/2012 11:10:28, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
    04/02/2012 04:04:32, Error: Service Control Manager [7034] - The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly. It has done this 1 time(s).
    03/02/2012 14:23:46, Error: Service Control Manager [7034] - The AMService service terminated unexpectedly. It has done this 1 time(s).
    03/02/2012 13:53:35, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x9b311008, 0x00000002, 0x00000000, 0x82c67f04). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020312-60949-01.
    02/02/2012 21:34:41, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    01/02/2012 09:10:09, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0xb50fbcd8, 0x00000002, 0x00000000, 0x82c67f04). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020112-58375-01.
    01/02/2012 07:53:07, Error: Service Control Manager [7030] - The AMService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    .
    ==== End Of File ===========================
     
  7. psav

    psav TS Rookie Topic Starter Posts: 31

    All steps completed.
    Any ideas?
     
  8. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==========================================================

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  9. psav

    psav TS Rookie Topic Starter Posts: 31

    aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
    Run date: 2012-02-06 20:02:47
    -----------------------------
    20:02:47.310 OS Version: Windows 6.1.7600
    20:02:47.310 Number of processors: 2 586 0x4B02
    20:02:47.312 ComputerName: PARAND-PC UserName: Parand
    20:02:51.312 Initialize success
    20:07:22.210 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000061
    20:07:22.217 Disk 0 Vendor: ST316081 3.AD Size: 152587MB BusType: 3
    20:07:22.230 Disk 0 MBR read successfully
    20:07:22.235 Disk 0 MBR scan
    20:07:22.239 Disk 0 Windows 7 default MBR code
    20:07:22.245 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
    20:07:22.254 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 111160 MB offset 128520
    20:07:22.260 Disk 0 Partition - 00 0F Extended LBA 38130 MB offset 227801700
    20:07:22.287 Disk 0 Partition 3 00 DB CP/M / CTOS MSDOS5.0 3223 MB offset 305893665
    20:07:22.320 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 38130 MB offset 227801763
    20:07:22.347 Disk 0 scanning sectors +312496380
    20:07:22.431 Disk 0 scanning C:\Windows\system32\drivers
    20:07:33.739 Service scanning
    20:07:35.853 Modules scanning
    20:07:42.139 Module: C:\Windows\system32\DRIVERS\avgldx86.sys **SUSPICIOUS**
    20:07:43.237 Disk 0 trace - called modules:
    20:07:43.264 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x97603fc0]<<
    20:07:43.275 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a6d030]
    20:07:43.285 3 CLASSPNP.SYS[88fac59e] -> nt!IofCallDriver -> [0x86c70d58]
    20:07:43.295 \Driver\00002997[0x86c70e90] -> IRP_MJ_CREATE -> 0x97603fc0
    20:07:43.306 Scan finished successfully
    20:07:55.453 Disk 0 MBR has been saved successfully to "C:\Users\Parand\Desktop\MBR.dat"
    20:07:55.519 The log file has been saved successfully to "C:\Users\Parand\Desktop\aswMBR.txt"
    20:08:27.323 Disk 0 MBR has been saved successfully to "C:\Users\Parand\Desktop\MBR.dat"
    20:08:27.334 The log file has been saved successfully to "C:\Users\Parand\Desktop\aswMBR1.txt"


    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Ultimate Edition (build 7600), 32-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`03ec1000
    ATA_Read(): DeviceIoControl() ERROR 1
    Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
     
  10. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  11. psav

    psav TS Rookie Topic Starter Posts: 31

    sorry for the long time taken to reply, have been having troubles with the internet, about to perform those tasks will post results.
     
  12. psav

    psav TS Rookie Topic Starter Posts: 31

    ok heres the log from combofix

    ComboFix 12-02-02.02 - Parand 07/02/2012 5:17.1.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.2046.1251 [GMT 0:00]
    Running from: c:\users\Parand\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Install.exe
    c:\programdata\Yru3u7jf.exe
    c:\windows\$NtUninstallKB2324$
    c:\windows\$NtUninstallKB2324$\3021771430
    c:\windows\$NtUninstallKB63211$\220740190
    c:\windows\$NtUninstallKB63211$\2847301469\@
    c:\windows\$NtUninstallKB63211$\2847301469\cfg.ini
    c:\windows\$NtUninstallKB63211$\2847301469\Desktop.ini
    c:\windows\$NtUninstallKB63211$\2847301469\L\xadqgnnk
    c:\windows\$NtUninstallKB63211$\2847301469\U\00000001.@
    c:\windows\$NtUninstallKB63211$\2847301469\U\00000002.@
    c:\windows\$NtUninstallKB63211$\2847301469\U\00000004.@
    c:\windows\$NtUninstallKB63211$\2847301469\U\80000000.@
    c:\windows\$NtUninstallKB63211$\2847301469\U\80000004.@
    c:\windows\$NtUninstallKB63211$\2847301469\U\80000032.@
    c:\windows\$NtUninstallKB63211$\2847301469\version
    c:\windows\iun6002.exe
    c:\windows\system32\roboot.exe
    c:\windows\system32\SET6AF0.tmp
    c:\windows\system32\SETAB32.tmp
    c:\windows\system32\SETC751.tmp
    D:\Autorun.inf
    .
    c:\windows\system32\drivers\netbt.sys . . . is missing!!
    .
    c:\windows\system32\drivers\cdrom.sys was missing
    Restored copy from - c:\windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-07 to 2012-02-07 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-07 05:28 . 2012-02-07 05:33 -------- d-----w- c:\users\Parand\AppData\Local\temp
    2012-02-06 17:50 . 2012-02-04 15:49 111616 ----a-w- c:\windows\system32\5WLy1k.com
    2012-02-06 16:24 . 2009-03-18 16:35 26176 ---ha-w- c:\windows\system32\hamachi.sys
    2012-02-06 16:24 . 2012-02-06 16:24 -------- d-----w- c:\program files\LogMeIn Hamachi
    2012-02-06 16:07 . 2012-02-06 16:07 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-02-06 05:07 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
    2012-02-06 05:07 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
    2012-02-06 05:05 . 2010-12-18 05:29 541184 ----a-w- c:\windows\system32\kerberos.dll
    2012-02-06 05:00 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\system32\quartz.dll
    2012-02-06 04:59 . 2011-11-17 05:39 99840 ----a-w- c:\windows\system32\sspicli.dll
    2012-02-06 04:51 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
    2012-02-06 04:36 . 2012-02-06 04:36 -------- d-----w- c:\program files\Common Files\Java
    2012-02-06 04:35 . 2012-02-06 04:35 -------- d-----w- c:\program files\Oracle
    2012-02-06 04:34 . 2011-11-08 19:56 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-02-06 04:21 . 2012-02-06 04:21 388096 ----a-r- c:\users\Parand\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-02-06 04:21 . 2012-02-06 04:21 -------- d-----w- c:\program files\Trend Micro
    2012-02-06 03:11 . 2012-02-06 03:11 -------- d-----w- c:\users\Parand\AppData\Roaming\f-secure
    2012-02-06 03:11 . 2012-02-06 03:11 -------- d-----w- c:\programdata\F-Secure
    2012-02-05 16:40 . 2012-02-07 05:33 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-02-04 03:49 . 2012-02-04 03:49 -------- d-----w- c:\program files\Microsoft WSE
    2012-02-04 03:38 . 2012-02-04 03:38 -------- d-----w- c:\program files\Electronic Arts
    2012-01-31 21:56 . 2012-02-01 15:30 -------- d-----w- c:\users\Parand\AppData\Roaming\foobar2000
    2012-01-31 21:55 . 2012-01-31 21:55 -------- d-----w- c:\program files\Winamp
    2012-01-31 21:51 . 2012-01-31 21:51 -------- d-----w- c:\program files\foobar2000
    2012-01-31 19:43 . 2012-02-04 04:01 -------- d-----w- c:\users\Parand\AppData\Roaming\Ubemez
    2012-01-31 19:43 . 2012-02-04 03:42 -------- d-----w- c:\users\Parand\AppData\Roaming\Ybozi
    2012-01-28 02:52 . 2007-03-04 12:55 1936528 ----a-w- c:\windows\system32\ltmm15.dll
    2012-01-28 02:52 . 2007-03-04 12:55 135168 ----a-w- c:\windows\system32\DSKernel2.dll
    2012-01-28 02:16 . 2012-02-01 19:15 -------- d-----w- c:\users\Parand\AppData\Local\Jaksta_Technologies_Pty_L
    2012-01-28 02:14 . 2012-01-28 02:14 -------- d-----w- c:\program files\Applian Technologies
    2012-01-28 02:14 . 2012-01-28 02:14 -------- d-----w- c:\programdata\Applian
    2012-01-26 02:47 . 2012-01-26 02:47 -------- d-----w- c:\program files\EA GAMES
    2012-01-26 02:47 . 2012-01-26 02:47 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
    2012-01-26 02:47 . 2004-10-22 02:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
    2012-01-26 02:47 . 2004-10-22 02:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
    2012-01-26 02:47 . 2004-10-22 02:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
    2012-01-26 02:47 . 2004-10-22 02:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
    2012-01-26 02:47 . 2004-10-22 02:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
    2012-01-26 02:47 . 2012-01-26 02:47 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
    2012-01-26 00:14 . 2012-01-26 00:15 -------- d-----w- c:\programdata\Ralink
    2012-01-13 05:34 . 2012-01-13 05:34 -------- d-----w- C:\codec-info
    2012-01-13 05:33 . 2012-01-13 05:33 -------- d-----w- c:\programdata\Premium
    2012-01-13 05:33 . 2012-01-13 05:34 -------- d-----w- c:\programdata\InstallMate
    2012-01-12 23:40 . 1997-04-08 20:08 299520 ----a-w- c:\windows\uninst.exe
    2012-01-12 23:39 . 2012-01-12 23:39 -------- d-----w- c:\program files\Square Soft, Inc
    2012-01-09 17:47 . 2012-01-09 17:47 -------- d-----w- c:\users\Parand\AppData\Local\Lucasarts
    2012-01-09 17:38 . 2012-01-09 17:38 -------- d-----w- c:\users\Parand\AppData\Roaming\dll-files.com
    2012-01-09 17:38 . 2012-01-09 17:38 -------- d-----w- c:\program files\Dll-Files.com Fixer
    2012-01-09 17:38 . 2011-09-27 03:39 286208 ----a-w- c:\windows\system32\binkw32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-03 01:22 . 2012-01-03 01:22 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
    2011-12-10 15:24 . 2012-01-08 03:07 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-13 03:35 . 2011-11-13 00:46 83872 ----a-w- c:\windows\system32\drivers\atksgt.sys
    2011-11-13 03:35 . 2011-11-13 00:46 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
    2012-01-07 17:58 . 2011-04-26 15:21 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2009-07-14 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
    [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
    "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-02 1987976]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
    R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
    R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2012-02-02 1373576]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
    S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
    .
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    ccevtmgr
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-06 c:\windows\Tasks\At1.job
    - c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
    .
    2012-02-07 c:\windows\Tasks\At10.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-06 c:\windows\Tasks\At11.job
    - c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
    .
    2012-02-06 c:\windows\Tasks\At12.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-06 c:\windows\Tasks\At13.job
    - c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
    .
    2012-02-06 c:\windows\Tasks\At14.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-06 c:\windows\Tasks\At15.job
    - c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
    .
    2012-02-06 c:\windows\Tasks\At16.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-06 c:\windows\Tasks\At17.job
    - c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
    .
    2012-02-06 c:\windows\Tasks\At18.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-06 c:\windows\Tasks\At19.job
    - c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
    .
    2012-02-06 c:\windows\Tasks\At2.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-06 c:\windows\Tasks\At20.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-06 c:\windows\Tasks\At21.job
    - c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
    .
    2012-02-06 c:\windows\Tasks\At22.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-06 c:\windows\Tasks\At23.job
    - c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
    .
    2012-02-06 c:\windows\Tasks\At24.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-06 c:\windows\Tasks\At25.job
    - c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
    .
    2012-02-06 c:\windows\Tasks\At26.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-06 c:\windows\Tasks\At27.job
    - c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
    .
    2012-02-06 c:\windows\Tasks\At28.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-06 c:\windows\Tasks\At29.job
    - c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
    .
    2012-02-06 c:\windows\Tasks\At3.job
    - c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
    .
    2012-02-06 c:\windows\Tasks\At30.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-06 c:\windows\Tasks\At31.job
    - c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
    .
    2012-02-06 c:\windows\Tasks\At32.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-06 c:\windows\Tasks\At33.job
    - c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
    .
    2012-02-06 c:\windows\Tasks\At34.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-06 c:\windows\Tasks\At35.job
    - c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
    .
    2012-02-06 c:\windows\Tasks\At36.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-06 c:\windows\Tasks\At37.job
    - c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
    .
    2012-02-06 c:\windows\Tasks\At38.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-06 c:\windows\Tasks\At39.job
    - c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
    .
    2012-02-06 c:\windows\Tasks\At4.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-06 c:\windows\Tasks\At40.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-05 c:\windows\Tasks\At41.job
    - c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
    .
    2012-02-05 c:\windows\Tasks\At42.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-05 c:\windows\Tasks\At43.job
    - c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
    .
    2012-02-05 c:\windows\Tasks\At44.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-05 c:\windows\Tasks\At45.job
    - c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
    .
    2012-02-05 c:\windows\Tasks\At46.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-05 c:\windows\Tasks\At47.job
    - c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
    .
    2012-02-05 c:\windows\Tasks\At48.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-07 c:\windows\Tasks\At5.job
    - c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
    .
    2012-02-07 c:\windows\Tasks\At6.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-07 c:\windows\Tasks\At7.job
    - c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
    .
    2012-02-07 c:\windows\Tasks\At8.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-07 c:\windows\Tasks\At9.job
    - c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
    .
    2012-02-01 c:\windows\Tasks\DLL-files.com Fixer_UPDATES.job
    - c:\program files\Dll-Files.com Fixer\DLLFixer.exe [2012-01-09 17:48]
    .
    2012-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2392525166-896632410-2993892592-1000Core.job
    - c:\users\Parand\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-24 10:40]
    .
    2012-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2392525166-896632410-2993892592-1000UA.job
    - c:\users\Parand\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-24 10:40]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local
    LSP: mswsock.dll
    FF - ProfilePath - c:\users\Parand\AppData\Roaming\Mozilla\Firefox\Profiles\l5vrrg5p.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    SafeBoot-38197557.sys
    AddRemove-BTmod - c:\program files\Bethesda Softworks\Oblivion\Data\BTmod-Uninstall.exe
    AddRemove-Final Fantasy VII - c:\program files\Square Soft
    AddRemove-Fraps - c:\fraps\uninstall.exe
    AddRemove-Guild Wars - c:\program files\Guild Wars\Gw.exe
    AddRemove-Oblivion mod manager_is1 - c:\program files\Bethesda Softworks\Oblivion\obmm\uninstall\unins000.exe
    AddRemove-Replay_AV_807 - c:\windows\iun6002.exe
    AddRemove-Replay_Converter_1 - c:\windows\iun6002.exe
    AddRemove-Universe Sandbox - c:\program files\Universe Sandbox\uninstall.exe
    AddRemove-Unofficial Oblivion Patch_is1 - c:\program files\Bethesda Softworks\Oblivion\Unofficial Oblivion Patch\unins000.exe
    AddRemove-{ADE91A13-434D-4229-00BC-182BAD607303} - c:\program files\EA GAMES\Need for Speed Most Wanted\EAUninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2392525166-896632410-2993892592-1000\Software\id\Doom95\Config\ø*! *]
    "mouse_sensitivity"=dword:00000005
    "sfx_volume"=dword:00000008
    "music_volume"=dword:00000008
    "show_messages"=dword:00000001
    "key_right"=dword:0000004d
    "key_left"=dword:0000004b
    "key_up"=dword:00000048
    "key_down"=dword:00000050
    "key_strafeleft"=dword:00000033
    "key_straferight"=dword:00000034
    "key_fire"=dword:0000001d
    "key_use"=dword:00000039
    "key_strafe"=dword:00000038
    "key_speed"=dword:00000036
    "use_mouse"=dword:00000000
    "full_screen"=dword:00000000
    "full_keyboard"=dword:00000000
    "mouseb_fire"=dword:00000000
    "mouseb_strafe"=dword:00000001
    "mouseb_forward"=dword:00000002
    "use_joystick"=dword:00000000
    "joyb_fire"=dword:00000000
    "joyb_strafe"=dword:00000001
    "joyb_use"=dword:00000003
    "joyb_speed"=dword:00000002
    "joy_id"=dword:00000000
    "joy_axis_map"="yx "
    "joy_feedback_DLL"=""
    "joy_move_threshold"=dword:00000800
    "joy_move_sensitivity"=dword:00000250
    "joy_turn_threshold"=dword:00001000
    "joy_turn_sensitivity"=dword:00000020
    "joyb_fist_saw"=dword:ffffffff
    "joyb_pistol"=dword:ffffffff
    "joyb_shotgun"=dword:ffffffff
    "joyb_chaingun"=dword:ffffffff
    "joyb_missile"=dword:ffffffff
    "joyb_plasma"=dword:ffffffff
    "joyb_bfg"=dword:ffffffff
    "joyb_inc"=dword:ffffffff
    "joyb_dec"=dword:ffffffff
    "screenblocks"=dword:00000009
    "detaillevel"=dword:00000000
    "snd_channels"=dword:00000003
    "usegamma"=dword:00000000
    "chatmacro0"="No"
    "chatmacro1"="I'm ready to kick butt!"
    "chatmacro2"="I'm OK."
    "chatmacro3"="I'm not looking too good!"
    "chatmacro4"="Help!"
    "chatmacro5"="You suck!"
    "chatmacro6"="Next time, scumbag..."
    "chatmacro7"="Come here!"
    "chatmacro8"="I'll take care of it."
    "chatmacro9"="Yes"
    .
    [HKEY_USERS\S-1-5-21-2392525166-896632410-2993892592-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\taskhost.exe
    c:\windows\system32\conhost.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\sppsvc.exe
    .
    **************************************************************************
    .
    Completion time: 2012-02-07 05:40:21 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-02-07 05:40
    .
    Pre-Run: 17,892,904,960 bytes free
    Post-Run: 19,520,671,744 bytes free
    .
    - - End Of File - - 4FAF5FC8C901C2B709778E66B3E06AB5
     
  13. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    We have one system file missing.

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box and paste it into the main textfield:
      Code:
      :filefind
      netbt.sys
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  14. psav

    psav TS Rookie Topic Starter Posts: 31

    SystemLook 30.07.11 by jpshortstuff
    Log created at 15:19 on 07/02/2012 by Parand
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "netbt.sys"
    C:\i386\netbt.sys --a---- 162816 bytes [17:37 17/09/2009] [05:00 04/08/2004] 0C80E410CD2F47134407EE7DD19CC86B
    C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_603b1e855897bcd6\netbt.sys --a---- 187904 bytes [23:12 13/07/2009] [16:22 06/02/2012] F2505C37236B292C1E6BB55EC3E5D081

    -= EOF =-
     
  15. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    FCopy::
    C:\i386\netbt.sys | c:\windows\system32\drivers\netbt.sys
    c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll | c:\windows\System32\user32.dll
    
    File::
    c:\windows\system32\5WLy1k.com
    
    At::
    
    NetSvc::
    ccevtmgr
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  16. psav

    psav TS Rookie Topic Starter Posts: 31

    ComboFix 12-02-07.01 - Parand 07/02/2012 18:21:15.2.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.2046.1347 [GMT 0:00]
    Running from: c:\users\Parand\Desktop\ComboFix.exe
    Command switches used :: c:\users\Parand\Desktop\CFScript.txt
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\windows\system32\5WLy1k.com"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\$NtUninstallKB63211$\2191842353
    c:\windows\$NtUninstallKB63211$\2847301469\@
    c:\windows\$NtUninstallKB63211$\2847301469\cfg.ini
    c:\windows\$NtUninstallKB63211$\2847301469\Desktop.ini
    c:\windows\$NtUninstallKB63211$\2847301469\L\xadqgnnk
    c:\windows\$NtUninstallKB63211$\2847301469\oemid
    c:\windows\$NtUninstallKB63211$\2847301469\U\00000001.@
    c:\windows\$NtUninstallKB63211$\2847301469\U\00000002.@
    c:\windows\$NtUninstallKB63211$\2847301469\U\00000004.@
    c:\windows\$NtUninstallKB63211$\2847301469\U\80000000.@
    c:\windows\$NtUninstallKB63211$\2847301469\U\80000004.@
    c:\windows\$NtUninstallKB63211$\2847301469\U\80000032.@
    c:\windows\$NtUninstallKB63211$\2847301469\version
    c:\windows\system32\5WLy1k.com
    .
    c:\windows\system32\drivers\cdrom.sys was missing
    Restored copy from - c:\windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
    .
    .
    --------------- FCopy ---------------
    .
    c:\i386\netbt.sys --> c:\windows\system32\drivers\netbt.sys
    c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll --> c:\windows\System32\user32.dll
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-07 to 2012-02-07 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-07 18:31 . 2012-02-07 18:36 -------- d-----w- c:\users\Parand\AppData\Local\temp
    2012-02-07 18:31 . 2012-02-07 18:31 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-02-07 18:31 . 2009-07-13 23:11 108544 ----a-w- c:\windows\system32\drivers\cdrom.sys
    2012-02-07 18:21 . 2004-08-04 05:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
    2012-02-07 15:42 . 2012-02-07 17:43 -------- d-----w- c:\windows\system32\drivers\AVG
    2012-02-07 15:41 . 2012-02-07 15:41 -------- d-----w- c:\program files\AVG
    2012-02-07 05:12 . 2009-07-13 23:53 45568 ----a-w- c:\windows\system32\drivers\ndisuio.sys
    2012-02-06 16:24 . 2009-03-18 16:35 26176 ---ha-w- c:\windows\system32\hamachi.sys
    2012-02-06 16:24 . 2012-02-06 16:24 -------- d-----w- c:\program files\LogMeIn Hamachi
    2012-02-06 16:07 . 2012-02-06 16:07 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-02-06 05:07 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
    2012-02-06 05:07 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
    2012-02-06 05:05 . 2010-12-18 05:29 541184 ----a-w- c:\windows\system32\kerberos.dll
    2012-02-06 05:00 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\system32\quartz.dll
    2012-02-06 04:59 . 2011-11-17 05:39 99840 ----a-w- c:\windows\system32\sspicli.dll
    2012-02-06 04:51 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
    2012-02-06 04:36 . 2012-02-06 04:36 -------- d-----w- c:\program files\Common Files\Java
    2012-02-06 04:35 . 2012-02-06 04:35 -------- d-----w- c:\program files\Oracle
    2012-02-06 04:34 . 2011-11-08 19:56 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-02-06 04:21 . 2012-02-06 04:21 388096 ----a-r- c:\users\Parand\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-02-06 04:21 . 2012-02-06 04:21 -------- d-----w- c:\program files\Trend Micro
    2012-02-06 03:11 . 2012-02-06 03:11 -------- d-----w- c:\users\Parand\AppData\Roaming\f-secure
    2012-02-06 03:11 . 2012-02-06 03:11 -------- d-----w- c:\programdata\F-Secure
    2012-02-05 16:40 . 2012-02-07 18:20 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-02-04 21:39 . 2012-02-04 15:49 111616 ----a-w- c:\windows\system32\5WLy1k.com_
    2012-02-04 03:49 . 2012-02-04 03:49 -------- d-----w- c:\program files\Microsoft WSE
    2012-02-04 03:38 . 2012-02-04 03:38 -------- d-----w- c:\program files\Electronic Arts
    2012-01-31 21:56 . 2012-02-01 15:30 -------- d-----w- c:\users\Parand\AppData\Roaming\foobar2000
    2012-01-31 21:55 . 2012-01-31 21:55 -------- d-----w- c:\program files\Winamp
    2012-01-31 21:51 . 2012-01-31 21:51 -------- d-----w- c:\program files\foobar2000
    2012-01-31 19:43 . 2012-02-04 04:01 -------- d-----w- c:\users\Parand\AppData\Roaming\Ubemez
    2012-01-31 19:43 . 2012-02-04 03:42 -------- d-----w- c:\users\Parand\AppData\Roaming\Ybozi
    2012-01-28 02:52 . 2007-03-04 12:55 1936528 ----a-w- c:\windows\system32\ltmm15.dll
    2012-01-28 02:52 . 2007-03-04 12:55 135168 ----a-w- c:\windows\system32\DSKernel2.dll
    2012-01-28 02:16 . 2012-02-01 19:15 -------- d-----w- c:\users\Parand\AppData\Local\Jaksta_Technologies_Pty_L
    2012-01-28 02:14 . 2012-01-28 02:14 -------- d-----w- c:\program files\Applian Technologies
    2012-01-28 02:14 . 2012-01-28 02:14 -------- d-----w- c:\programdata\Applian
    2012-01-26 02:47 . 2012-01-26 02:47 -------- d-----w- c:\program files\EA GAMES
    2012-01-26 02:47 . 2012-01-26 02:47 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
    2012-01-26 02:47 . 2004-10-22 02:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
    2012-01-26 02:47 . 2004-10-22 02:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
    2012-01-26 02:47 . 2004-10-22 02:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
    2012-01-26 02:47 . 2004-10-22 02:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
    2012-01-26 02:47 . 2004-10-22 02:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
    2012-01-26 02:47 . 2012-01-26 02:47 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
    2012-01-26 00:14 . 2012-01-26 00:15 -------- d-----w- c:\programdata\Ralink
    2012-01-13 05:34 . 2012-01-13 05:34 -------- d-----w- C:\codec-info
    2012-01-13 05:33 . 2012-01-13 05:33 -------- d-----w- c:\programdata\Premium
    2012-01-13 05:33 . 2012-01-13 05:34 -------- d-----w- c:\programdata\InstallMate
    2012-01-12 23:40 . 1997-04-08 20:08 299520 ----a-w- c:\windows\uninst.exe
    2012-01-12 23:39 . 2012-01-12 23:39 -------- d-----w- c:\program files\Square Soft, Inc
    2012-01-09 17:47 . 2012-01-09 17:47 -------- d-----w- c:\users\Parand\AppData\Local\Lucasarts
    2012-01-09 17:38 . 2012-01-09 17:38 -------- d-----w- c:\users\Parand\AppData\Roaming\dll-files.com
    2012-01-09 17:38 . 2012-01-09 17:38 -------- d-----w- c:\program files\Dll-Files.com Fixer
    2012-01-09 17:38 . 2011-09-27 03:39 286208 ----a-w- c:\windows\system32\binkw32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-03 01:22 . 2012-01-03 01:22 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
    2011-12-10 15:24 . 2012-01-08 03:07 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-13 03:35 . 2011-11-13 00:46 83872 ----a-w- c:\windows\system32\drivers\atksgt.sys
    2011-11-13 03:35 . 2011-11-13 00:46 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
    2012-01-07 17:58 . 2011-04-26 15:21 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
    "RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
    "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-02 1987976]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe" [2011-06-12 235168]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
    .
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
    R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2011-05-23 47968]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [2011-11-23 2391832]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2012-02-02 1373576]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
    S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-07 c:\windows\Tasks\At10.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-07 c:\windows\Tasks\At12.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-07 c:\windows\Tasks\At14.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-07 c:\windows\Tasks\At16.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-07 c:\windows\Tasks\At18.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-06 c:\windows\Tasks\At2.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-07 c:\windows\Tasks\At20.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-07 c:\windows\Tasks\At22.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-07 c:\windows\Tasks\At24.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-07 c:\windows\Tasks\At26.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-07 c:\windows\Tasks\At28.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-07 c:\windows\Tasks\At30.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-07 c:\windows\Tasks\At32.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-07 c:\windows\Tasks\At34.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-07 c:\windows\Tasks\At36.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-06 c:\windows\Tasks\At38.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-06 c:\windows\Tasks\At4.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-06 c:\windows\Tasks\At40.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-05 c:\windows\Tasks\At42.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-05 c:\windows\Tasks\At44.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-05 c:\windows\Tasks\At46.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-05 c:\windows\Tasks\At48.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-07 c:\windows\Tasks\At6.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-07 c:\windows\Tasks\At8.job
    - c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
    .
    2012-02-01 c:\windows\Tasks\DLL-files.com Fixer_UPDATES.job
    - c:\program files\Dll-Files.com Fixer\DLLFixer.exe [2012-01-09 17:48]
    .
    2012-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2392525166-896632410-2993892592-1000Core.job
    - c:\users\Parand\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-24 10:40]
    .
    2012-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2392525166-896632410-2993892592-1000UA.job
    - c:\users\Parand\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-24 10:40]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local
    LSP: mswsock.dll
    TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
    FF - ProfilePath - c:\users\Parand\AppData\Roaming\Mozilla\Firefox\Profiles\l5vrrg5p.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2392525166-896632410-2993892592-1000\Software\id\Doom95\Config\ø*! *]
    "mouse_sensitivity"=dword:00000005
    "sfx_volume"=dword:00000008
    "music_volume"=dword:00000008
    "show_messages"=dword:00000001
    "key_right"=dword:0000004d
    "key_left"=dword:0000004b
    "key_up"=dword:00000048
    "key_down"=dword:00000050
    "key_strafeleft"=dword:00000033
    "key_straferight"=dword:00000034
    "key_fire"=dword:0000001d
    "key_use"=dword:00000039
    "key_strafe"=dword:00000038
    "key_speed"=dword:00000036
    "use_mouse"=dword:00000000
    "full_screen"=dword:00000000
    "full_keyboard"=dword:00000000
    "mouseb_fire"=dword:00000000
    "mouseb_strafe"=dword:00000001
    "mouseb_forward"=dword:00000002
    "use_joystick"=dword:00000000
    "joyb_fire"=dword:00000000
    "joyb_strafe"=dword:00000001
    "joyb_use"=dword:00000003
    "joyb_speed"=dword:00000002
    "joy_id"=dword:00000000
    "joy_axis_map"="yx "
    "joy_feedback_DLL"=""
    "joy_move_threshold"=dword:00000800
    "joy_move_sensitivity"=dword:00000250
    "joy_turn_threshold"=dword:00001000
    "joy_turn_sensitivity"=dword:00000020
    "joyb_fist_saw"=dword:ffffffff
    "joyb_pistol"=dword:ffffffff
    "joyb_shotgun"=dword:ffffffff
    "joyb_chaingun"=dword:ffffffff
    "joyb_missile"=dword:ffffffff
    "joyb_plasma"=dword:ffffffff
    "joyb_bfg"=dword:ffffffff
    "joyb_inc"=dword:ffffffff
    "joyb_dec"=dword:ffffffff
    "screenblocks"=dword:00000009
    "detaillevel"=dword:00000000
    "snd_channels"=dword:00000003
    "usegamma"=dword:00000000
    "chatmacro0"="No"
    "chatmacro1"="I'm ready to kick butt!"
    "chatmacro2"="I'm OK."
    "chatmacro3"="I'm not looking too good!"
    "chatmacro4"="Help!"
    "chatmacro5"="You suck!"
    "chatmacro6"="Next time, scumbag..."
    "chatmacro7"="Come here!"
    "chatmacro8"="I'll take care of it."
    "chatmacro9"="Yes"
    .
    [HKEY_USERS\S-1-5-21-2392525166-896632410-2993892592-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\taskhost.exe
    c:\windows\system32\conhost.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\windows\system32\sppsvc.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\system32\5WLY1K~1.COM
    .
    **************************************************************************
    .
    Completion time: 2012-02-07 18:42:16 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-02-07 18:42
    ComboFix2.txt 2012-02-07 05:40
    .
    Pre-Run: 15,715,418,112 bytes free
    Post-Run: 15,684,681,728 bytes free
    .
    - - End Of File - - EA5551E460AEE088C0B5A4441F468646
     
  17. psav

    psav TS Rookie Topic Starter Posts: 31

    Also since the last step my internet is stuck on identifying network and i cant get online (using my room mates pc atm to post)
     
  18. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system32\5WLy1k.com_
    
    At::
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  19. psav

    psav TS Rookie Topic Starter Posts: 31

    ComboFix 12-02-07.01 - Parand 07/02/2012 20:30:16.3.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.2046.1384 [GMT 0:00]
    Running from: c:\users\Parand\Desktop\ComboFix.exe
    Command switches used :: c:\users\Parand\Desktop\CFScript.txt
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\windows\system32\5WLy1k.com_"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\$NtUninstallKB63211$
    c:\windows\$NtUninstallKB63211$\2085326981
    c:\windows\$NtUninstallKB63211$\2847301469\Desktop.ini
    .
    Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected
    Restored copy from - c:\windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
    .
    c:\windows\system32\drivers\tdx.sys was missing
    Restored copy from - c:\windows\ERDNT\cache\tdx.sys
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-07 to 2012-02-07 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-07 20:39 . 2012-02-07 20:41 -------- d-----w- c:\users\Parand\AppData\Local\temp
    2012-02-07 20:39 . 2012-02-07 20:39 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-02-07 20:39 . 2009-07-13 23:12 74240 ----a-w- c:\windows\system32\drivers\tdx.sys
    2012-02-07 20:21 . 2009-07-13 23:53 104448 ----a-w- c:\windows\system32\drivers\pacer.sys
    2012-02-07 18:31 . 2009-07-13 23:11 108544 ----a-w- c:\windows\system32\drivers\cdrom.sys
    2012-02-07 18:21 . 2004-08-04 05:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
    2012-02-07 15:42 . 2012-02-07 17:43 -------- d-----w- c:\windows\system32\drivers\AVG
    2012-02-07 15:41 . 2012-02-07 15:41 -------- d-----w- c:\program files\AVG
    2012-02-07 05:12 . 2009-07-13 23:53 45568 ----a-w- c:\windows\system32\drivers\ndisuio.sys
    2012-02-06 16:24 . 2009-03-18 16:35 26176 ---ha-w- c:\windows\system32\hamachi.sys
    2012-02-06 16:24 . 2012-02-06 16:24 -------- d-----w- c:\program files\LogMeIn Hamachi
    2012-02-06 16:07 . 2012-02-06 16:07 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-02-06 05:07 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
    2012-02-06 05:07 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
    2012-02-06 05:05 . 2010-12-18 05:29 541184 ----a-w- c:\windows\system32\kerberos.dll
    2012-02-06 05:00 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\system32\quartz.dll
    2012-02-06 04:59 . 2011-11-17 05:39 99840 ----a-w- c:\windows\system32\sspicli.dll
    2012-02-06 04:51 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
    2012-02-06 04:36 . 2012-02-06 04:36 -------- d-----w- c:\program files\Common Files\Java
    2012-02-06 04:35 . 2012-02-06 04:35 -------- d-----w- c:\program files\Oracle
    2012-02-06 04:34 . 2011-11-08 19:56 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-02-06 04:21 . 2012-02-06 04:21 388096 ----a-r- c:\users\Parand\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-02-06 04:21 . 2012-02-06 04:21 -------- d-----w- c:\program files\Trend Micro
    2012-02-06 03:11 . 2012-02-06 03:11 -------- d-----w- c:\users\Parand\AppData\Roaming\f-secure
    2012-02-06 03:11 . 2012-02-06 03:11 -------- d-----w- c:\programdata\F-Secure
    2012-02-05 16:40 . 2012-02-07 18:20 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-02-04 21:39 . 2012-02-04 15:49 111616 ----a-w- c:\windows\system32\5WLy1k.com__
    2012-02-04 03:49 . 2012-02-04 03:49 -------- d-----w- c:\program files\Microsoft WSE
    2012-02-04 03:38 . 2012-02-04 03:38 -------- d-----w- c:\program files\Electronic Arts
    2012-01-31 21:56 . 2012-02-01 15:30 -------- d-----w- c:\users\Parand\AppData\Roaming\foobar2000
    2012-01-31 21:55 . 2012-01-31 21:55 -------- d-----w- c:\program files\Winamp
    2012-01-31 21:51 . 2012-01-31 21:51 -------- d-----w- c:\program files\foobar2000
    2012-01-31 19:43 . 2012-02-04 04:01 -------- d-----w- c:\users\Parand\AppData\Roaming\Ubemez
    2012-01-31 19:43 . 2012-02-04 03:42 -------- d-----w- c:\users\Parand\AppData\Roaming\Ybozi
    2012-01-28 02:52 . 2007-03-04 12:55 1936528 ----a-w- c:\windows\system32\ltmm15.dll
    2012-01-28 02:52 . 2007-03-04 12:55 135168 ----a-w- c:\windows\system32\DSKernel2.dll
    2012-01-28 02:16 . 2012-02-01 19:15 -------- d-----w- c:\users\Parand\AppData\Local\Jaksta_Technologies_Pty_L
    2012-01-28 02:14 . 2012-01-28 02:14 -------- d-----w- c:\program files\Applian Technologies
    2012-01-28 02:14 . 2012-01-28 02:14 -------- d-----w- c:\programdata\Applian
    2012-01-26 02:47 . 2012-01-26 02:47 -------- d-----w- c:\program files\EA GAMES
    2012-01-26 02:47 . 2012-01-26 02:47 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
    2012-01-26 02:47 . 2004-10-22 02:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
    2012-01-26 02:47 . 2004-10-22 02:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
    2012-01-26 02:47 . 2004-10-22 02:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
    2012-01-26 02:47 . 2004-10-22 02:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
    2012-01-26 02:47 . 2004-10-22 02:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
    2012-01-26 02:47 . 2012-01-26 02:47 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
    2012-01-26 00:14 . 2012-01-26 00:15 -------- d-----w- c:\programdata\Ralink
    2012-01-13 05:34 . 2012-01-13 05:34 -------- d-----w- C:\codec-info
    2012-01-13 05:33 . 2012-01-13 05:33 -------- d-----w- c:\programdata\Premium
    2012-01-13 05:33 . 2012-01-13 05:34 -------- d-----w- c:\programdata\InstallMate
    2012-01-12 23:40 . 1997-04-08 20:08 299520 ----a-w- c:\windows\uninst.exe
    2012-01-12 23:39 . 2012-01-12 23:39 -------- d-----w- c:\program files\Square Soft, Inc
    2012-01-09 17:47 . 2012-01-09 17:47 -------- d-----w- c:\users\Parand\AppData\Local\Lucasarts
    2012-01-09 17:38 . 2012-01-09 17:38 -------- d-----w- c:\users\Parand\AppData\Roaming\dll-files.com
    2012-01-09 17:38 . 2012-01-09 17:38 -------- d-----w- c:\program files\Dll-Files.com Fixer
    2012-01-09 17:38 . 2011-09-27 03:39 286208 ----a-w- c:\windows\system32\binkw32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-03 01:22 . 2012-01-03 01:22 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
    2011-12-10 15:24 . 2012-01-08 03:07 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-13 03:35 . 2011-11-13 00:46 83872 ----a-w- c:\windows\system32\drivers\atksgt.sys
    2011-11-13 03:35 . 2011-11-13 00:46 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
    2012-01-07 17:58 . 2011-04-26 15:21 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2007-03-09 08:12 27648 --sha-w- c:\windows\System32\AVSredirect.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
    "RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
    "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-02 1987976]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe" [2011-06-12 235168]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
    .
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
    R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2011-05-23 47968]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [2011-11-23 2391832]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2012-02-02 1373576]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
    S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-01 c:\windows\Tasks\DLL-files.com Fixer_UPDATES.job
    - c:\program files\Dll-Files.com Fixer\DLLFixer.exe [2012-01-09 17:48]
    .
    2012-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2392525166-896632410-2993892592-1000Core.job
    - c:\users\Parand\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-24 10:40]
    .
    2012-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2392525166-896632410-2993892592-1000UA.job
    - c:\users\Parand\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-24 10:40]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local
    FF - ProfilePath - c:\users\Parand\AppData\Roaming\Mozilla\Firefox\Profiles\l5vrrg5p.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2392525166-896632410-2993892592-1000\Software\id\Doom95\Config\ø*! *]
    "mouse_sensitivity"=dword:00000005
    "sfx_volume"=dword:00000008
    "music_volume"=dword:00000008
    "show_messages"=dword:00000001
    "key_right"=dword:0000004d
    "key_left"=dword:0000004b
    "key_up"=dword:00000048
    "key_down"=dword:00000050
    "key_strafeleft"=dword:00000033
    "key_straferight"=dword:00000034
    "key_fire"=dword:0000001d
    "key_use"=dword:00000039
    "key_strafe"=dword:00000038
    "key_speed"=dword:00000036
    "use_mouse"=dword:00000000
    "full_screen"=dword:00000000
    "full_keyboard"=dword:00000000
    "mouseb_fire"=dword:00000000
    "mouseb_strafe"=dword:00000001
    "mouseb_forward"=dword:00000002
    "use_joystick"=dword:00000000
    "joyb_fire"=dword:00000000
    "joyb_strafe"=dword:00000001
    "joyb_use"=dword:00000003
    "joyb_speed"=dword:00000002
    "joy_id"=dword:00000000
    "joy_axis_map"="yx "
    "joy_feedback_DLL"=""
    "joy_move_threshold"=dword:00000800
    "joy_move_sensitivity"=dword:00000250
    "joy_turn_threshold"=dword:00001000
    "joy_turn_sensitivity"=dword:00000020
    "joyb_fist_saw"=dword:ffffffff
    "joyb_pistol"=dword:ffffffff
    "joyb_shotgun"=dword:ffffffff
    "joyb_chaingun"=dword:ffffffff
    "joyb_missile"=dword:ffffffff
    "joyb_plasma"=dword:ffffffff
    "joyb_bfg"=dword:ffffffff
    "joyb_inc"=dword:ffffffff
    "joyb_dec"=dword:ffffffff
    "screenblocks"=dword:00000009
    "detaillevel"=dword:00000000
    "snd_channels"=dword:00000003
    "usegamma"=dword:00000000
    "chatmacro0"="No"
    "chatmacro1"="I'm ready to kick butt!"
    "chatmacro2"="I'm OK."
    "chatmacro3"="I'm not looking too good!"
    "chatmacro4"="Help!"
    "chatmacro5"="You suck!"
    "chatmacro6"="Next time, scumbag..."
    "chatmacro7"="Come here!"
    "chatmacro8"="I'll take care of it."
    "chatmacro9"="Yes"
    .
    [HKEY_USERS\S-1-5-21-2392525166-896632410-2993892592-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\WUDFHost.exe
    c:\windows\system32\taskhost.exe
    c:\windows\system32\conhost.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\sppsvc.exe
    .
    **************************************************************************
    .
    Completion time: 2012-02-07 20:45:56 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-02-07 20:45
    ComboFix2.txt 2012-02-07 18:42
    ComboFix3.txt 2012-02-07 05:40
    .
    Pre-Run: 16,010,203,136 bytes free
    Post-Run: 15,921,217,536 bytes free
    .
    - - End Of File - - D624129B7C83574090AE0E3234125DC0
     
  20. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Is your internet connection back?

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system32\5WLy1k.com__
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  21. psav

    psav TS Rookie Topic Starter Posts: 31

    Yes it is, thanks. I will perform that task now. Night shift coming up so wont be on till morning to post results, thank you so much for all the help.
     
  22. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Good :)....
     
  23. psav

    psav TS Rookie Topic Starter Posts: 31

    ComboFix 12-02-07.01 - Parand 10/02/2012 0:42.4.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.2046.1494 [GMT 0:00]
    Running from: c:\users\Parand\Desktop\ComboFix.exe
    Command switches used :: c:\users\Parand\Desktop\CFScript.txt
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    FILE ::
    "c:\windows\system32\5WLy1k.com__"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\5WLy1k.com__
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-10 to 2012-02-10 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-10 00:52 . 2012-02-10 00:52 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-02-09 22:08 . 2012-02-09 22:08 -------- d-----w- c:\users\Parand\AppData\Local\Two Tribes
    2012-02-07 20:39 . 2012-02-10 00:52 -------- d-----w- c:\users\Parand\AppData\Local\temp
    2012-02-07 20:39 . 2009-07-13 23:12 74240 ----a-w- c:\windows\system32\drivers\tdx.sys
    2012-02-07 20:21 . 2009-07-13 23:53 104448 ----a-w- c:\windows\system32\drivers\pacer.sys
    2012-02-07 18:31 . 2009-07-13 23:11 108544 ----a-w- c:\windows\system32\drivers\cdrom.sys
    2012-02-07 18:21 . 2004-08-04 05:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
    2012-02-07 15:42 . 2012-02-07 17:43 -------- d-----w- c:\windows\system32\drivers\AVG
    2012-02-07 15:41 . 2012-02-07 15:41 -------- d-----w- c:\program files\AVG
    2012-02-07 05:12 . 2009-07-13 23:53 45568 ----a-w- c:\windows\system32\drivers\ndisuio.sys
    2012-02-06 16:24 . 2009-03-18 16:35 26176 ---ha-w- c:\windows\system32\hamachi.sys
    2012-02-06 16:24 . 2012-02-06 16:24 -------- d-----w- c:\program files\LogMeIn Hamachi
    2012-02-06 16:07 . 2012-02-06 16:07 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-02-06 05:07 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
    2012-02-06 05:07 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
    2012-02-06 05:05 . 2010-12-18 05:29 541184 ----a-w- c:\windows\system32\kerberos.dll
    2012-02-06 05:00 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\system32\quartz.dll
    2012-02-06 04:59 . 2011-11-17 05:39 99840 ----a-w- c:\windows\system32\sspicli.dll
    2012-02-06 04:51 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
    2012-02-06 04:36 . 2012-02-06 04:36 -------- d-----w- c:\program files\Common Files\Java
    2012-02-06 04:35 . 2012-02-06 04:35 -------- d-----w- c:\program files\Oracle
    2012-02-06 04:34 . 2011-11-08 19:56 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-02-06 04:21 . 2012-02-06 04:21 388096 ----a-r- c:\users\Parand\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-02-06 04:21 . 2012-02-06 04:21 -------- d-----w- c:\program files\Trend Micro
    2012-02-06 03:11 . 2012-02-06 03:11 -------- d-----w- c:\users\Parand\AppData\Roaming\f-secure
    2012-02-06 03:11 . 2012-02-06 03:11 -------- d-----w- c:\programdata\F-Secure
    2012-02-05 16:40 . 2012-02-07 18:20 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-02-04 03:49 . 2012-02-04 03:49 -------- d-----w- c:\program files\Microsoft WSE
    2012-02-04 03:38 . 2012-02-04 03:38 -------- d-----w- c:\program files\Electronic Arts
    2012-01-31 21:56 . 2012-02-01 15:30 -------- d-----w- c:\users\Parand\AppData\Roaming\foobar2000
    2012-01-31 21:55 . 2012-01-31 21:55 -------- d-----w- c:\program files\Winamp
    2012-01-31 21:51 . 2012-01-31 21:51 -------- d-----w- c:\program files\foobar2000
    2012-01-31 19:43 . 2012-02-04 04:01 -------- d-----w- c:\users\Parand\AppData\Roaming\Ubemez
    2012-01-31 19:43 . 2012-02-04 03:42 -------- d-----w- c:\users\Parand\AppData\Roaming\Ybozi
    2012-01-28 02:52 . 2007-03-04 12:55 1936528 ----a-w- c:\windows\system32\ltmm15.dll
    2012-01-28 02:52 . 2007-03-04 12:55 135168 ----a-w- c:\windows\system32\DSKernel2.dll
    2012-01-28 02:16 . 2012-02-01 19:15 -------- d-----w- c:\users\Parand\AppData\Local\Jaksta_Technologies_Pty_L
    2012-01-28 02:14 . 2012-01-28 02:14 -------- d-----w- c:\program files\Applian Technologies
    2012-01-28 02:14 . 2012-01-28 02:14 -------- d-----w- c:\programdata\Applian
    2012-01-26 02:47 . 2012-01-26 02:47 -------- d-----w- c:\program files\EA GAMES
    2012-01-26 02:47 . 2012-01-26 02:47 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
    2012-01-26 02:47 . 2004-10-22 02:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
    2012-01-26 02:47 . 2004-10-22 02:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
    2012-01-26 02:47 . 2004-10-22 02:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
    2012-01-26 02:47 . 2004-10-22 02:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
    2012-01-26 02:47 . 2004-10-22 02:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
    2012-01-26 02:47 . 2012-01-26 02:47 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
    2012-01-26 00:14 . 2012-01-26 00:15 -------- d-----w- c:\programdata\Ralink
    2012-01-13 05:34 . 2012-01-13 05:34 -------- d-----w- C:\codec-info
    2012-01-13 05:33 . 2012-01-13 05:33 -------- d-----w- c:\programdata\Premium
    2012-01-13 05:33 . 2012-01-13 05:34 -------- d-----w- c:\programdata\InstallMate
    2012-01-12 23:40 . 1997-04-08 20:08 299520 ----a-w- c:\windows\uninst.exe
    2012-01-12 23:39 . 2012-01-12 23:39 -------- d-----w- c:\program files\Square Soft, Inc
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-03 01:22 . 2012-01-03 01:22 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
    2011-12-10 15:24 . 2012-01-08 03:07 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-13 03:35 . 2011-11-13 00:46 83872 ----a-w- c:\windows\system32\drivers\atksgt.sys
    2011-11-13 03:35 . 2011-11-13 00:46 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
    2012-01-07 17:58 . 2011-04-26 15:21 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2007-03-09 08:12 27648 --sha-w- c:\windows\System32\AVSredirect.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
    "RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
    "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-02 1987976]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe" [2011-06-12 235168]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
    .
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
    R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2011-05-23 47968]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [2011-11-23 2391832]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2012-02-02 1373576]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
    S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-08 c:\windows\Tasks\DLL-files.com Fixer_UPDATES.job
    - c:\program files\Dll-Files.com Fixer\DLLFixer.exe [2012-01-09 17:48]
    .
    2012-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2392525166-896632410-2993892592-1000Core.job
    - c:\users\Parand\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-24 10:40]
    .
    2012-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2392525166-896632410-2993892592-1000UA.job
    - c:\users\Parand\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-24 10:40]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local
    FF - ProfilePath - c:\users\Parand\AppData\Roaming\Mozilla\Firefox\Profiles\l5vrrg5p.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2392525166-896632410-2993892592-1000\Software\id\Doom95\Config\ø*! *]
    "mouse_sensitivity"=dword:00000005
    "sfx_volume"=dword:00000008
    "music_volume"=dword:00000008
    "show_messages"=dword:00000001
    "key_right"=dword:0000004d
    "key_left"=dword:0000004b
    "key_up"=dword:00000048
    "key_down"=dword:00000050
    "key_strafeleft"=dword:00000033
    "key_straferight"=dword:00000034
    "key_fire"=dword:0000001d
    "key_use"=dword:00000039
    "key_strafe"=dword:00000038
    "key_speed"=dword:00000036
    "use_mouse"=dword:00000000
    "full_screen"=dword:00000000
    "full_keyboard"=dword:00000000
    "mouseb_fire"=dword:00000000
    "mouseb_strafe"=dword:00000001
    "mouseb_forward"=dword:00000002
    "use_joystick"=dword:00000000
    "joyb_fire"=dword:00000000
    "joyb_strafe"=dword:00000001
    "joyb_use"=dword:00000003
    "joyb_speed"=dword:00000002
    "joy_id"=dword:00000000
    "joy_axis_map"="yx "
    "joy_feedback_DLL"=""
    "joy_move_threshold"=dword:00000800
    "joy_move_sensitivity"=dword:00000250
    "joy_turn_threshold"=dword:00001000
    "joy_turn_sensitivity"=dword:00000020
    "joyb_fist_saw"=dword:ffffffff
    "joyb_pistol"=dword:ffffffff
    "joyb_shotgun"=dword:ffffffff
    "joyb_chaingun"=dword:ffffffff
    "joyb_missile"=dword:ffffffff
    "joyb_plasma"=dword:ffffffff
    "joyb_bfg"=dword:ffffffff
    "joyb_inc"=dword:ffffffff
    "joyb_dec"=dword:ffffffff
    "screenblocks"=dword:00000009
    "detaillevel"=dword:00000000
    "snd_channels"=dword:00000003
    "usegamma"=dword:00000000
    "chatmacro0"="No"
    "chatmacro1"="I'm ready to kick butt!"
    "chatmacro2"="I'm OK."
    "chatmacro3"="I'm not looking too good!"
    "chatmacro4"="Help!"
    "chatmacro5"="You suck!"
    "chatmacro6"="Next time, scumbag..."
    "chatmacro7"="Come here!"
    "chatmacro8"="I'll take care of it."
    "chatmacro9"="Yes"
    .
    [HKEY_USERS\S-1-5-21-2392525166-896632410-2993892592-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-02-10 00:54:26
    ComboFix-quarantined-files.txt 2012-02-10 00:54
    ComboFix2.txt 2012-02-07 20:45
    ComboFix3.txt 2012-02-07 18:42
    ComboFix4.txt 2012-02-07 05:40
    .
    Pre-Run: 10,326,323,200 bytes free
    Post-Run: 10,142,253,056 bytes free
    .
    - - End Of File - - 2470E929F9074A13066CCBD0164619B2
     
  24. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Good :)

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  25. psav

    psav TS Rookie Topic Starter Posts: 31

    The adverts have stopped playing, it seems to be doing better!

    OTL logfile created on: 10/02/2012 16:34:14 - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Parand\Desktop
    Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 67.22% Memory free
    4.00 Gb Paging File | 3.16 Gb Available in Paging File | 78.96% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 108.56 Gb Total Space | 7.82 Gb Free Space | 7.21% Space Free | Partition Type: NTFS
    Drive D: | 37.24 Gb Total Space | 13.09 Gb Free Space | 35.15% Space Free | Partition Type: NTFS
    Drive F: | 465.76 Gb Total Space | 11.45 Gb Free Space | 2.46% Space Free | Partition Type: NTFS

    Computer Name: PARAND-PC | User Name: Parand | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/02/10 02:39:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Parand\Desktop\OTL.exe
    PRC - [2012/02/02 13:22:42 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
    PRC - [2012/02/02 13:22:40 | 001,373,576 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/11/23 02:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgfws.exe
    PRC - [2011/10/09 11:54:58 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
    PRC - [2011/07/16 04:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2011/06/06 19:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/03/15 17:59:32 | 000,312,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    PRC - [2010/08/29 20:05:59 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/07/14 01:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009/07/14 01:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/02/07 04:54:12 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
    MOD - [2012/02/07 04:53:48 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\442eed762e21796e8e497fcd14f1295a\System.Runtime.Remoting.ni.dll
    MOD - [2012/02/07 04:53:20 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
    MOD - [2012/02/07 04:53:01 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
    MOD - [2012/02/07 04:52:39 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
    MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/05/06 11:34:11 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll
    MOD - [2011/05/06 11:34:11 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll
    MOD - [2011/05/06 11:34:07 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3693.42531__90ba9c70f846762e\MOM.Implementation.dll
    MOD - [2011/05/06 11:34:07 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll
    MOD - [2011/05/06 11:34:06 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3693.42530__90ba9c70f846762e\LOG.Foundation.Implementation.dll
    MOD - [2011/05/06 11:34:06 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
    MOD - [2011/03/02 19:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2012/02/02 13:22:40 | 001,373,576 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
    SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/01/10 21:12:33 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2011/11/23 02:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgfws.exe -- (avgfws)
    SRV - [2011/06/06 19:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/14 01:14:41 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Stopped] -- C:\Windows\System32\DVDVRRdr_xp.dll -- (ccevtmgr)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/11/13 03:35:13 | 000,083,872 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
    DRV - [2011/11/13 03:35:13 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
    DRV - [2011/05/23 01:03:28 | 000,047,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
    DRV - [2010/02/11 07:42:22 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2009/07/14 01:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
    DRV - [2009/07/14 01:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
    DRV - [2009/07/14 01:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
    DRV - [2009/07/13 23:54:27 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndproxy.svs -- (NDProxy)
    DRV - [2009/07/13 23:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
    DRV - [2009/07/13 23:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2009/07/13 23:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
    DRV - [2009/07/13 23:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
    DRV - [2009/07/13 22:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
    DRV - [2009/07/13 22:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
    DRV - [2009/07/13 22:02:49 | 000,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2392525166-896632410-2993892592-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\S-1-5-21-2392525166-896632410-2993892592-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2392525166-896632410-2993892592-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "www.google.com"


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Parand\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Parand\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Parand\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/22 18:28:22 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/22 18:28:22 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/07 17:58:25 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/06 04:34:29 | 000,000,000 | ---D | M]

    [2011/04/26 15:22:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Parand\AppData\Roaming\Mozilla\Extensions
    [2012/01/13 06:45:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Parand\AppData\Roaming\Mozilla\Firefox\Profiles\l5vrrg5p.default\extensions
    [2011/09/27 14:23:44 | 000,002,571 | ---- | M] () -- C:\Users\Parand\AppData\Roaming\Mozilla\Firefox\Profiles\l5vrrg5p.default\searchplugins\askcom.xml
    [2011/07/11 18:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Parand\AppData\Roaming\Mozilla\Firefox\Profiles\l5vrrg5p.default\searchplugins\startsear.xml
    [2011/06/05 00:40:57 | 000,004,140 | ---- | M] () -- C:\Users\Parand\AppData\Roaming\Mozilla\Firefox\Profiles\l5vrrg5p.default\searchplugins\youtube.xml
    [2012/01/07 17:58:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/10/12 07:56:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/01/07 17:58:24 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/10/04 08:31:38 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2011/10/04 08:31:38 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/10/04 08:31:38 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2011/10/04 08:31:38 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2011/10/04 08:31:38 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

    ========== Chrome ==========

    CHR - default_search_provider: Web Search (Enabled)
    CHR - default_search_provider: search_url = http://startsear.ch/?aff=1&q={searchTerms}
    CHR - default_search_provider: suggest_url =
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Parand\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Parand\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Parand\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Parand\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Parand\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\plugins/avgnpss.dll
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
    CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
    CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Parand\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Users\Parand\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
    CHR - Extension: Google Search = C:\Users\Parand\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
    CHR - Extension: DivX HiQ = C:\Users\Parand\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
    CHR - Extension: AVG Safe Search = C:\Users\Parand\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
    CHR - Extension: Skype Click to Call = C:\Users\Parand\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Parand\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
    CHR - Extension: Gmail = C:\Users\Parand\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/02/10 00:52:11 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKU\S-1-5-21-2392525166-896632410-2993892592-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKU\S-1-5-21-2392525166-896632410-2993892592-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-2392525166-896632410-2993892592-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
    O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe (Adobe Systems, Inc.)
    O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe (Adobe Systems, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2392525166-896632410-2993892592-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2392525166-896632410-2993892592-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.1)
    O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{823C5755-3475-4B56-BA5D-97D6F90E72E1}: DhcpNameServer = 194.168.4.100 194.168.8.100
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AB5AEFD-0AD0-44E3-8E09-86D4C1E2CFFB}: DhcpNameServer = 194.168.4.100 194.168.8.100
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.iac2 - C:\PROGRA~1\REPLAY~1\iac25_32.ax File not found
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.ffds - C:\Windows\System32\ff_vfw.dll ()
    Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
    Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/02/10 02:39:43 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Parand\Desktop\OTL.exe
    [2012/02/10 01:11:03 | 000,000,000 | ---D | C] -- C:\Users\Parand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Super Meat Boy
    [2012/02/10 01:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\Super Meat Boy
    [2012/02/10 00:54:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/02/09 22:08:38 | 000,000,000 | ---D | C] -- C:\Users\Parand\AppData\Local\Two Tribes
    [2012/02/09 22:07:19 | 000,000,000 | ---D | C] -- C:\Users\Parand\Desktop\EDGE
    [2012/02/07 20:39:21 | 000,000,000 | ---D | C] -- C:\Users\Parand\AppData\Local\temp
    [2012/02/07 20:10:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/02/07 17:57:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/02/07 17:57:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/02/07 17:56:51 | 004,398,288 | R--- | C] (Swearware) -- C:\Users\Parand\Desktop\ComboFix.exe
    [2012/02/07 15:42:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
    [2012/02/07 15:41:30 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
    [2012/02/07 04:54:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/02/06 20:09:59 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\Parand\Desktop\boot_cleaner.exe
    [2012/02/06 17:05:39 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/02/06 16:27:13 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Parand\Desktop\aswMBR.exe
    [2012/02/06 16:24:18 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\System32\hamachi.sys
    [2012/02/06 16:24:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
    [2012/02/06 16:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
    [2012/02/06 16:07:19 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/02/06 04:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2012/02/06 04:35:32 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
    [2012/02/06 04:21:58 | 000,000,000 | ---D | C] -- C:\Users\Parand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    [2012/02/06 04:21:57 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2012/02/06 03:11:53 | 000,000,000 | ---D | C] -- C:\Users\Parand\AppData\Roaming\f-secure
    [2012/02/06 03:11:09 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
    [2012/02/04 03:50:55 | 000,000,000 | ---D | C] -- C:\Users\Parand\Documents\Electronic Arts
    [2012/02/04 03:49:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
    [2012/02/04 03:38:45 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
    [2012/02/01 09:10:08 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2012/01/31 21:56:29 | 000,000,000 | ---D | C] -- C:\Users\Parand\AppData\Roaming\foobar2000
    [2012/01/31 21:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
    [2012/01/31 21:51:27 | 000,000,000 | ---D | C] -- C:\Program Files\foobar2000
    [2012/01/31 19:43:05 | 000,000,000 | ---D | C] -- C:\Users\Parand\AppData\Roaming\Ybozi
    [2012/01/31 19:43:05 | 000,000,000 | ---D | C] -- C:\Users\Parand\AppData\Roaming\Ubemez
    [2012/01/28 02:51:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Replay Converter
    [2012/01/28 02:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Replay AV 8
    [2012/01/28 02:16:34 | 000,000,000 | ---D | C] -- C:\Users\Parand\Documents\My Streaming Media
    [2012/01/28 02:16:31 | 000,000,000 | ---D | C] -- C:\Users\Parand\AppData\Local\Jaksta_Technologies_Pty_L
    [2012/01/28 02:14:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Applian Technologies
    [2012/01/28 02:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\Applian Technologies
    [2012/01/28 02:14:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Applian
    [2012/01/27 19:20:33 | 000,000,000 | ---D | C] -- C:\Users\Parand\Desktop\p
    [2012/01/26 03:05:04 | 000,000,000 | ---D | C] -- C:\Users\Parand\Documents\Battlefield 2 Demo
    [2012/01/26 02:49:14 | 000,000,000 | ---D | C] -- C:\Users\Parand\Documents\Battlefield 2
    [2012/01/26 02:47:56 | 000,000,000 | ---D | C] -- C:\Program Files\EA GAMES
    [2012/01/26 00:14:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink
    [2012/01/16 20:14:25 | 000,000,000 | ---D | C] -- C:\Users\Parand\Desktop\etc
    [2012/01/13 05:34:02 | 000,000,000 | ---D | C] -- C:\codec-info
    [2012/01/13 05:33:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
    [2012/01/13 05:33:32 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
    [2012/01/13 01:00:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Fantasy VII
    [2012/01/12 23:40:58 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\Windows\uninst.exe
    [2012/01/12 23:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\Square Soft, Inc
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/02/10 16:09:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2392525166-896632410-2993892592-1000UA.job
    [2012/02/10 15:50:17 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/02/10 15:50:17 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/02/10 15:25:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/02/10 02:39:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Parand\Desktop\OTL.exe
    [2012/02/10 01:11:03 | 000,001,027 | ---- | M] () -- C:\Users\Parand\Desktop\Super Meat Boy.lnk
    [2012/02/10 00:52:11 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/02/09 20:09:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2392525166-896632410-2993892592-1000Core.job
    [2012/02/08 21:50:15 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\DLL-files.com Fixer_UPDATES.job
    [2012/02/08 07:51:44 | 000,672,432 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/02/08 07:51:44 | 000,128,426 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/02/07 20:40:09 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
    [2012/02/07 18:20:41 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
    [2012/02/07 17:57:12 | 004,398,288 | R--- | M] (Swearware) -- C:\Users\Parand\Desktop\ComboFix.exe
    [2012/02/07 15:57:58 | 000,621,525 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
    [2012/02/07 06:07:07 | 000,000,214 | ---- | M] () -- C:\Users\Parand\Desktop\Champions Online Free For All.url
    [2012/02/07 04:50:09 | 003,651,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/02/06 20:09:06 | 000,000,512 | ---- | M] () -- C:\Users\Parand\Desktop\MBR.dat
    [2012/02/06 17:57:38 | 000,302,592 | ---- | M] () -- C:\Users\Parand\Desktop\t59lf331.exe
    [2012/02/06 16:35:37 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Parand\Desktop\aswMBR.exe
    [2012/02/06 05:40:05 | 000,000,213 | ---- | M] () -- C:\Users\Parand\Desktop\Team Fortress 2.url
    [2012/02/06 04:39:10 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/02/06 04:21:58 | 000,002,969 | ---- | M] () -- C:\Users\Parand\Desktop\HiJackThis.lnk
    [2012/02/06 02:24:10 | 735,666,176 | ---- | M] () -- C:\Users\Parand\Desktop\Grindhouse-Planet.Terror[2007][Unrated.Edition]DvDrip[Eng]-aXXo.avi
    [2012/02/04 22:39:13 | 000,000,001 | ---- | M] () -- C:\ProgramData\Yru3u7jf.exe_.b
    [2012/02/04 22:39:13 | 000,000,001 | ---- | M] () -- C:\ProgramData\Yru3u7jf.exe.b
    [2012/02/04 15:49:04 | 000,000,112 | ---- | M] () -- C:\ProgramData\H1flDSmt8.dat
    [2012/02/04 03:56:43 | 000,001,808 | ---- | M] () -- C:\Users\Parand\Desktop\TS3 - Shortcut.lnk
    [2012/01/31 21:51:30 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\foobar2000.lnk
    [2012/01/26 02:50:32 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 2 Demo.lnk
    [2012/01/14 05:56:31 | 000,065,764 | ---- | M] () -- C:\sky_b.tex
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/02/10 01:11:03 | 000,001,027 | ---- | C] () -- C:\Users\Parand\Desktop\Super Meat Boy.lnk
    [2012/02/07 17:57:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/02/07 17:57:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/02/07 17:57:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/02/07 17:57:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/02/07 17:57:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/02/07 15:57:58 | 000,621,525 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
    [2012/02/07 06:07:07 | 000,000,214 | ---- | C] () -- C:\Users\Parand\Desktop\Champions Online Free For All.url
    [2012/02/07 03:42:42 | 735,666,176 | ---- | C] () -- C:\Users\Parand\Desktop\Grindhouse-Planet.Terror[2007][Unrated.Edition]DvDrip[Eng]-aXXo.avi
    [2012/02/06 17:57:06 | 000,302,592 | ---- | C] () -- C:\Users\Parand\Desktop\t59lf331.exe
    [2012/02/06 16:53:23 | 000,000,512 | ---- | C] () -- C:\Users\Parand\Desktop\MBR.dat
    [2012/02/06 05:40:05 | 000,000,213 | ---- | C] () -- C:\Users\Parand\Desktop\Team Fortress 2.url
    [2012/02/06 04:39:10 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/02/06 04:21:58 | 000,002,969 | ---- | C] () -- C:\Users\Parand\Desktop\HiJackThis.lnk
    [2012/02/05 16:40:16 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd
    [2012/02/04 22:39:13 | 000,000,001 | ---- | C] () -- C:\ProgramData\Yru3u7jf.exe_.b
    [2012/02/04 22:39:13 | 000,000,001 | ---- | C] () -- C:\ProgramData\Yru3u7jf.exe.b
    [2012/02/04 15:25:33 | 000,000,112 | ---- | C] () -- C:\ProgramData\H1flDSmt8.dat
    [2012/02/04 03:56:43 | 000,001,808 | ---- | C] () -- C:\Users\Parand\Desktop\TS3 - Shortcut.lnk
    [2012/01/31 21:51:30 | 000,001,071 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
    [2012/01/31 21:51:30 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\foobar2000.lnk
    [2012/01/28 02:52:12 | 001,936,528 | ---- | C] () -- C:\Windows\System32\ltmm15.dll
    [2012/01/26 02:50:32 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 2 Demo.lnk
    [2012/01/13 03:28:24 | 000,065,764 | ---- | C] () -- C:\sky_b.tex
    [2012/01/13 01:00:32 | 000,000,797 | ---- | C] () -- C:\Windows\System32\d3d.reg
    [2012/01/09 17:38:39 | 000,286,208 | ---- | C] () -- C:\Windows\System32\binkw32.dll
    [2012/01/08 02:34:41 | 000,002,248 | -HS- | C] () -- C:\Users\Parand\AppData\Local\q216250v1johetjx4vba880m
    [2012/01/08 02:34:41 | 000,002,248 | -HS- | C] () -- C:\ProgramData\q216250v1johetjx4vba880m
    [2011/12/23 02:01:29 | 000,109,056 | ---- | C] () -- C:\Windows\System32\un-gamma.exe
    [2011/11/13 00:46:36 | 000,083,872 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
    [2011/11/13 00:46:35 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
    [2011/05/10 20:11:55 | 000,000,094 | ---- | C] () -- C:\Users\Parand\AppData\Local\fusioncache.dat
    [2011/04/26 13:06:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2011/04/10 21:24:34 | 000,000,120 | ---- | C] () -- C:\Users\Parand\AppData\Roaming\5775fd5b.dat
    [2010/08/29 20:15:21 | 000,000,792 | ---- | C] () -- C:\Windows\System32\RTSLCS.dll
    [2010/02/11 05:30:38 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2009/07/14 04:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/14 04:33:53 | 003,651,240 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2009/07/14 02:05:48 | 000,672,432 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2009/07/14 02:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2009/07/14 02:05:48 | 000,128,426 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2009/07/14 02:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2009/07/14 02:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2009/07/14 02:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2009/07/14 00:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2009/07/13 23:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 23:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2009/07/13 23:41:47 | 000,001,536 | ---- | C] () -- C:\Windows\System32\winver.exe
    [2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2009/04/23 22:29:16 | 000,189,051 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2007/03/09 08:12:32 | 000,027,648 | -HS- | C] () -- C:\Windows\System32\AVSredirect.dll
    [2007/03/06 10:14:48 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [1997/11/17 17:13:16 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll

    ========== LOP Check ==========

    [2012/01/08 17:48:29 | 000,000,000 | ---D | M] -- C:\Users\Parand\AppData\Roaming\.minecraft
    [2012/02/10 15:33:05 | 000,000,000 | ---D | M] -- C:\Users\Parand\AppData\Roaming\BitTorrent
    [2011/11/06 21:26:00 | 000,000,000 | ---D | M] -- C:\Users\Parand\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2011/11/04 17:43:36 | 000,000,000 | ---D | M] -- C:\Users\Parand\AppData\Roaming\com.adobe.dmp.contentviewer
    [2011/07/25 03:30:44 | 000,000,000 | ---D | M] -- C:\Users\Parand\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    [2011/04/28 04:53:58 | 000,000,000 | ---D | M] -- C:\Users\Parand\AppData\Roaming\DAEMON Tools Lite
    [2012/01/09 17:38:50 | 000,000,000 | ---D | M] -- C:\Users\Parand\AppData\Roaming\dll-files.com
    [2011/12/17 05:26:57 | 000,000,000 | ---D | M] -- C:\Users\Parand\AppData\Roaming\DVDVideoSoft
    [2012/02/06 03:11:53 | 000,000,000 | ---D | M] -- C:\Users\Parand\AppData\Roaming\f-secure
    [2012/02/01 15:30:42 | 000,000,000 | ---D | M] -- C:\Users\Parand\AppData\Roaming\foobar2000
    [2011/06/10 20:00:07 | 000,000,000 | ---D | M] -- C:\Users\Parand\AppData\Roaming\Juce VST Host
    [2011/09/27 14:50:33 | 000,000,000 | ---D | M] -- C:\Users\Parand\AppData\Roaming\MotionDSP
    [2011/12/23 02:45:13 | 000,000,000 | ---D | M] -- C:\Users\Parand\AppData\Roaming\PacificPoker
    [2011/12/21 04:54:28 | 000,000,000 | ---D | M] -- C:\Users\Parand\AppData\Roaming\Sports Interactive
    [2012/02/09 14:17:05 | 000,000,000 | ---D | M] -- C:\Users\Parand\AppData\Roaming\Spotify
    [2012/02/06 00:43:24 | 000,000,000 | ---D | M] -- C:\Users\Parand\AppData\Roaming\SWF.max
    [2011/02/28 10:43:18 | 000,000,000 | ---D | M] -- C:\Users\Parand\AppData\Roaming\System
    [2011/12/13 22:25:04 | 000,000,000 | ---D | M] -- C:\Users\Parand\AppData\Roaming\SystemRequirementsLab
    [2012/01/05 02:42:59 | 000,000,000 | ---D | M] -- C:\Users\Parand\AppData\Roaming\The Creative Assembly
    [2012/02/04 04:01:11 | 000,000,000 | ---D | M] -- C:\Users\Parand\AppData\Roaming\Ubemez
    [2011/05/16 04:03:17 | 000,000,000 | -HSD | M] -- C:\Users\Parand\AppData\Roaming\wyUpdate AU
    [2012/02/04 03:42:24 | 000,000,000 | ---D | M] -- C:\Users\Parand\AppData\Roaming\Ybozi
    [2012/02/08 21:50:15 | 000,000,282 | ---- | M] () -- C:\Windows\Tasks\DLL-files.com Fixer_UPDATES.job
    [2011/09/30 11:49:38 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/11/13 04:48:57 | 000,000,355 | RHS- | M] () -- C:\Boot.ini.saved
    [2009/07/14 01:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2011/04/26 22:03:21 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2012/02/10 00:54:26 | 000,013,868 | ---- | M] () -- C:\ComboFix.txt
    [2009/06/10 21:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2007/11/07 15:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 15:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 15:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2009/08/02 08:59:51 | 000,171,136 | RHS- | M] () -- C:\grldr
    [2012/02/07 20:40:09 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
    [2007/11/07 15:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 15:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 15:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 15:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 15:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 15:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 15:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 15:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 15:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 15:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2011/04/12 00:33:06 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/04/12 00:33:06 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2004/08/04 05:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
    [2012/02/07 20:40:09 | 2145,902,592 | -HS- | M] () -- C:\pagefile.sys
    [2012/01/08 03:02:29 | 000,000,357 | ---- | M] () -- C:\rkill.log
    [2012/01/14 05:56:31 | 000,065,764 | ---- | M] () -- C:\sky_b.tex
    [2012/02/06 16:15:49 | 000,081,218 | ---- | M] () -- C:\TDSSKiller.2.7.9.0_06.02.2012_16.06.43_log.txt
    [2007/11/07 15:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 15:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 15:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

    < %systemroot%\Fonts\*.com >
    [2009/07/14 04:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 04:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 04:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 04:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 21:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/06/12 13:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPD9A.DLL
    [2008/06/12 13:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPP9A.DLL
    [2009/07/14 01:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2009/07/14 01:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 04:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/04/26 21:14:27 | 000,000,221 | -HS- | M] () -- C:\Users\Parand\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/02/06 16:35:37 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Parand\Desktop\aswMBR.exe
    [2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Parand\Desktop\boot_cleaner.exe
    [2012/02/07 17:57:12 | 004,398,288 | R--- | M] (Swearware) -- C:\Users\Parand\Desktop\ComboFix.exe
    [2011/09/23 19:09:23 | 000,270,142 | ---- | M] () -- C:\Users\Parand\Desktop\Minecraft.exe
    [2012/02/10 02:39:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Parand\Desktop\OTL.exe
    [2012/02/06 17:57:38 | 000,302,592 | ---- | M] () -- C:\Users\Parand\Desktop\t59lf331.exe
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...