Solved Adverts playing in Windows background / redirecting websites

[psav]

Hi, around a few days ago i started to get these random adverts playing every 5-15mins in the background. No pop-ups or anything, just the adverts playing. Also while browsing sometimes i would get redirecting to shity advertising websites and ebay. here is my log report with TDSSkiller.exe. Help would be appreciated

16:06:43.0805 9524 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
16:06:44.0183 9524 ============================================================
16:06:44.0183 9524 Current date / time: 2012/02/06 16:06:44.0183
16:06:44.0183 9524 SystemInfo:
16:06:44.0183 9524
16:06:44.0183 9524 OS Version: 6.1.7600 ServicePack: 0.0
16:06:44.0183 9524 Product type: Workstation
16:06:44.0184 9524 ComputerName: PARAND-PC
16:06:44.0184 9524 UserName: Parand
16:06:44.0184 9524 Windows directory: C:\Windows
16:06:44.0184 9524 System windows directory: C:\Windows
16:06:44.0184 9524 Processor architecture: Intel x86
16:06:44.0184 9524 Number of processors: 2
16:06:44.0184 9524 Page size: 0x1000
16:06:44.0184 9524 Boot type: Normal boot
16:06:44.0184 9524 ============================================================
16:06:45.0338 9524 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:06:45.0361 9524 Drive \Device\Harddisk1\DR1 - Size: 0x78A80000 (1.89 Gb), SectorSize: 0x200, Cylinders: 0xF6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:06:45.0362 9524 \Device\Harddisk0\DR0:
16:06:45.0362 9524 MBR used
16:06:45.0362 9524 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F608, BlocksNum 0xD91C59B
16:06:45.0378 9524 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xD93FAA3, BlocksNum 0x4A7967E
16:06:45.0378 9524 \Device\Harddisk1\DR1:
16:06:45.0379 9524 MBR used
16:06:45.0379 9524 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3C51E0
16:06:45.0514 9524 Initialize success
16:06:45.0514 9524 ============================================================
16:06:49.0853 8188 ============================================================
16:06:49.0853 8188 Scan started
16:06:49.0853 8188 Mode: Manual;
16:06:49.0853 8188 ============================================================
16:06:52.0343 8188 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
16:06:52.0354 8188 1394ohci - ok
16:06:52.0403 8188 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
16:06:52.0410 8188 ACPI - ok
16:06:52.0446 8188 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
16:06:52.0449 8188 AcpiPmi - ok
16:06:52.0532 8188 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
16:06:52.0541 8188 adp94xx - ok
16:06:52.0589 8188 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
16:06:52.0596 8188 adpahci - ok
16:06:52.0615 8188 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
16:06:52.0620 8188 adpu320 - ok
16:06:52.0672 8188 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
16:06:52.0684 8188 AFD - ok
16:06:52.0708 8188 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
16:06:52.0714 8188 agp440 - ok
16:06:52.0750 8188 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
16:06:52.0753 8188 aic78xx - ok
16:06:52.0840 8188 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
16:06:52.0843 8188 aliide - ok
16:06:52.0876 8188 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
16:06:52.0880 8188 amdagp - ok
16:06:52.0915 8188 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
16:06:52.0918 8188 amdide - ok
16:06:52.0975 8188 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
16:06:52.0981 8188 AmdK8 - ok
16:06:53.0005 8188 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
16:06:53.0015 8188 AmdPPM - ok
16:06:53.0059 8188 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
16:06:53.0068 8188 amdsata - ok
16:06:53.0113 8188 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
16:06:53.0155 8188 amdsbs - ok
16:06:53.0192 8188 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
16:06:53.0196 8188 amdxata - ok
16:06:53.0249 8188 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
16:06:53.0254 8188 AppID - ok
16:06:53.0331 8188 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
16:06:53.0335 8188 arc - ok
16:06:53.0351 8188 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
16:06:53.0355 8188 arcsas - ok
16:06:53.0443 8188 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
16:06:53.0446 8188 AsyncMac - ok
16:06:53.0503 8188 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
16:06:53.0506 8188 atapi - ok
16:06:53.0691 8188 atikmdag (7db96c2801a78513bdc133c25d07929e) C:\Windows\system32\DRIVERS\atikmdag.sys
16:06:53.0802 8188 atikmdag - ok
16:06:53.0925 8188 atksgt (547f07839f71a4357a5e503646cac2b0) C:\Windows\system32\DRIVERS\atksgt.sys
16:06:53.0937 8188 atksgt - ok
16:06:54.0072 8188 Avgfwfd (d30b785ab801a0e2b0ad922d66f971f3) C:\Windows\system32\DRIVERS\avgfwd6x.sys
16:06:54.0075 8188 Avgfwfd - ok
16:06:54.0125 8188 AVGIDSDriver (b9acb889ba1e0561868c025f95d63e25) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
16:06:54.0131 8188 AVGIDSDriver - ok
16:06:54.0176 8188 AVGIDSEH (13256fc72fa5b3f6d6e8c5957e579b7c) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
16:06:54.0179 8188 AVGIDSEH - ok
16:06:54.0200 8188 AVGIDSFilter (fa0685cc51de5cfd804e7deaa6488e0e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
16:06:54.0202 8188 AVGIDSFilter - ok
16:06:54.0232 8188 AVGIDSShim (f788b51100d0f40ea176798cce954a1a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
16:06:54.0236 8188 AVGIDSShim - ok
16:06:54.0282 8188 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
16:06:54.0289 8188 Avgldx86 - ok
16:06:54.0309 8188 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
16:06:54.0313 8188 Avgmfx86 - ok
16:06:54.0368 8188 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
16:06:54.0371 8188 Avgrkx86 - ok
16:06:54.0381 8188 Avgtdix - ok
16:06:54.0463 8188 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
16:06:54.0472 8188 b06bdrv - ok
16:06:54.0542 8188 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
16:06:54.0549 8188 b57nd60x - ok
16:06:54.0625 8188 bcm4sbxp (82dd21bfa8bbe0a3a3833a1bd8e86158) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
16:06:54.0629 8188 bcm4sbxp - ok
16:06:54.0673 8188 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
16:06:54.0678 8188 Beep - ok
16:06:54.0696 8188 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
16:06:54.0705 8188 blbdrive - ok
16:06:54.0781 8188 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
16:06:54.0785 8188 bowser - ok
16:06:54.0826 8188 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:06:54.0829 8188 BrFiltLo - ok
16:06:54.0853 8188 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:06:54.0856 8188 BrFiltUp - ok
16:06:54.0898 8188 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
16:06:54.0904 8188 Brserid - ok
16:06:54.0926 8188 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
16:06:54.0930 8188 BrSerWdm - ok
16:06:54.0949 8188 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:06:54.0951 8188 BrUsbMdm - ok
16:06:54.0977 8188 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
16:06:54.0985 8188 BrUsbSer - ok
16:06:55.0040 8188 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
16:06:55.0043 8188 BTHMODEM - ok
16:06:55.0112 8188 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
16:06:55.0116 8188 cdfs - ok
16:06:55.0152 8188 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
16:06:55.0156 8188 cdrom - ok
16:06:55.0217 8188 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
16:06:55.0232 8188 circlass - ok
16:06:55.0281 8188 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
16:06:55.0288 8188 CLFS - ok
16:06:55.0420 8188 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
16:06:55.0437 8188 CmBatt - ok
16:06:55.0463 8188 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
16:06:55.0466 8188 cmdide - ok
16:06:55.0491 8188 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
16:06:55.0502 8188 CNG - ok
16:06:55.0544 8188 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
16:06:55.0552 8188 Compbatt - ok
16:06:55.0602 8188 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
16:06:55.0607 8188 CompositeBus - ok
16:06:55.0666 8188 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
16:06:55.0670 8188 crcdisk - ok
16:06:55.0829 8188 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
16:06:55.0876 8188 CSC - ok
16:06:55.0961 8188 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
16:06:55.0965 8188 DfsC - ok
16:06:56.0006 8188 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
16:06:56.0009 8188 discache - ok
16:06:56.0058 8188 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
16:06:56.0072 8188 Disk - ok
16:06:56.0147 8188 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
16:06:56.0173 8188 drmkaud - ok
16:06:56.0241 8188 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:06:56.0252 8188 dtsoftbus01 - ok
16:06:56.0304 8188 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
16:06:56.0320 8188 DXGKrnl - ok
16:06:56.0460 8188 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
16:06:56.0547 8188 ebdrv - ok
16:06:56.0603 8188 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
16:06:56.0613 8188 elxstor - ok
16:06:56.0642 8188 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
16:06:56.0654 8188 ErrDev - ok
16:06:56.0722 8188 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
16:06:56.0742 8188 exfat - ok
16:06:56.0780 8188 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
16:06:56.0786 8188 fastfat - ok
16:06:56.0821 8188 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
16:06:56.0858 8188 fdc - ok
16:06:56.0901 8188 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
16:06:56.0910 8188 FileInfo - ok
16:06:56.0927 8188 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
16:06:56.0930 8188 Filetrace - ok
16:06:56.0956 8188 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
16:06:56.0958 8188 flpydisk - ok
16:06:57.0022 8188 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
16:06:57.0027 8188 FltMgr - ok
16:06:57.0084 8188 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
16:06:57.0089 8188 FsDepends - ok
16:06:57.0124 8188 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
16:06:57.0159 8188 Fs_Rec - ok
16:06:57.0193 8188 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
16:06:57.0200 8188 fvevol - ok
16:06:57.0250 8188 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:06:57.0253 8188 gagp30kx - ok
16:06:57.0321 8188 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:06:57.0332 8188 GEARAspiWDM - ok
16:06:57.0395 8188 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
16:06:57.0397 8188 hamachi - ok
16:06:57.0456 8188 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
16:06:57.0464 8188 hcw85cir - ok
16:06:57.0553 8188 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
16:06:57.0560 8188 HdAudAddService - ok
16:06:57.0623 8188 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:06:57.0630 8188 HDAudBus - ok
16:06:57.0666 8188 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
16:06:57.0709 8188 HidBatt - ok
16:06:57.0752 8188 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
16:06:57.0756 8188 HidBth - ok
16:06:57.0795 8188 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
16:06:57.0799 8188 HidIr - ok
16:06:57.0861 8188 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
16:06:57.0864 8188 HidUsb - ok
16:06:57.0928 8188 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
16:06:57.0932 8188 HpSAMD - ok
16:06:57.0979 8188 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
16:06:58.0022 8188 HTTP - ok
16:06:58.0047 8188 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
16:06:58.0050 8188 hwpolicy - ok
16:06:58.0085 8188 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
16:06:58.0089 8188 i8042prt - ok
16:06:58.0144 8188 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
16:06:58.0154 8188 iaStorV - ok
16:06:58.0202 8188 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
16:06:58.0221 8188 iirsp - ok
16:06:58.0254 8188 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
16:06:58.0258 8188 intelide - ok
16:06:58.0293 8188 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
16:06:58.0297 8188 intelppm - ok
16:06:58.0324 8188 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:06:58.0328 8188 IpFilterDriver - ok
16:06:58.0365 8188 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
16:06:58.0373 8188 IPMIDRV - ok
16:06:58.0400 8188 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
16:06:58.0434 8188 IPNAT - ok
16:06:58.0492 8188 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
16:06:58.0496 8188 IRENUM - ok
16:06:58.0524 8188 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
16:06:58.0529 8188 isapnp - ok
16:06:58.0580 8188 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
16:06:58.0586 8188 iScsiPrt - ok
16:06:58.0639 8188 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:06:58.0651 8188 kbdclass - ok
16:06:58.0719 8188 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
16:06:58.0722 8188 kbdhid - ok
16:06:58.0749 8188 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
16:06:58.0755 8188 KSecDD - ok
16:06:58.0788 8188 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
16:06:58.0793 8188 KSecPkg - ok
16:06:58.0951 8188 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
16:06:58.0954 8188 lirsgt - ok
16:06:59.0040 8188 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
16:06:59.0048 8188 lltdio - ok
16:06:59.0122 8188 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:06:59.0129 8188 LSI_FC - ok
16:06:59.0199 8188 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:06:59.0203 8188 LSI_SAS - ok
16:06:59.0228 8188 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:06:59.0262 8188 LSI_SAS2 - ok
16:06:59.0326 8188 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:06:59.0330 8188 LSI_SCSI - ok
16:06:59.0374 8188 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
16:06:59.0379 8188 luafv - ok
16:06:59.0435 8188 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
16:06:59.0438 8188 MBAMProtector - ok
16:06:59.0505 8188 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
16:06:59.0508 8188 megasas - ok
16:06:59.0551 8188 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
16:06:59.0557 8188 MegaSR - ok
16:06:59.0608 8188 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
16:06:59.0611 8188 Modem - ok
16:06:59.0654 8188 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
16:06:59.0656 8188 monitor - ok
16:06:59.0700 8188 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
16:06:59.0703 8188 mouclass - ok
16:06:59.0756 8188 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
16:06:59.0760 8188 mouhid - ok
16:06:59.0779 8188 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
16:06:59.0783 8188 mountmgr - ok
16:06:59.0819 8188 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
16:06:59.0825 8188 mpio - ok
16:06:59.0846 8188 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
16:06:59.0855 8188 mpsdrv - ok
16:06:59.0899 8188 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
16:06:59.0905 8188 MRxDAV - ok
16:06:59.0942 8188 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:06:59.0947 8188 mrxsmb - ok
16:06:59.0972 8188 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:06:59.0980 8188 mrxsmb10 - ok
16:07:00.0018 8188 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:07:00.0022 8188 mrxsmb20 - ok
16:07:00.0068 8188 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
16:07:00.0071 8188 msahci - ok
16:07:00.0110 8188 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
16:07:00.0115 8188 msdsm - ok
16:07:00.0162 8188 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
16:07:00.0164 8188 Msfs - ok
16:07:00.0184 8188 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
16:07:00.0199 8188 mshidkmdf - ok
16:07:00.0225 8188 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
16:07:00.0229 8188 msisadrv - ok
16:07:00.0273 8188 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
16:07:00.0277 8188 MSKSSRV - ok
16:07:00.0303 8188 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
16:07:00.0306 8188 MSPCLOCK - ok
16:07:00.0339 8188 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
16:07:00.0348 8188 MSPQM - ok
16:07:00.0573 8188 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
16:07:00.0615 8188 MsRPC - ok
16:07:00.0684 8188 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
16:07:00.0687 8188 mssmbios - ok
16:07:00.0731 8188 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
16:07:00.0733 8188 MSTEE - ok
16:07:00.0761 8188 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
16:07:00.0763 8188 MTConfig - ok
16:07:00.0791 8188 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
16:07:00.0795 8188 Mup - ok
16:07:00.0827 8188 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
16:07:00.0834 8188 NativeWifiP - ok
16:07:00.0875 8188 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
16:07:00.0910 8188 NDIS - ok
16:07:00.0945 8188 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
16:07:00.0948 8188 NdisCap - ok
16:07:00.0971 8188 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
16:07:00.0974 8188 NdisTapi - ok
16:07:01.0001 8188 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
16:07:01.0006 8188 Ndisuio - ok
16:07:01.0040 8188 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
16:07:01.0046 8188 NdisWan - ok
16:07:01.0064 8188 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
16:07:01.0067 8188 NDProxy - ok
16:07:01.0147 8188 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
16:07:01.0150 8188 NetBIOS - ok
16:07:01.0183 8188 NetBT (a04b5a480f1fe28d424b613e9e0ed75c) C:\Windows\system32\DRIVERS\netbt.sys
16:07:01.0207 8188 NetBT ( Virus.Win32.ZAccess.l ) - infected
16:07:01.0208 8188 NetBT - detected Virus.Win32.ZAccess.l (0)
16:07:01.0371 8188 netr28u (27ee4b406e2f26f6117a9a420bd4cb65) C:\Windows\system32\DRIVERS\netr28u.sys
16:07:01.0398 8188 netr28u - ok
16:07:01.0457 8188 netr73 (76b1157ef850830c5ece61d3e591ca8b) C:\Windows\system32\DRIVERS\netr73.sys
16:07:01.0475 8188 netr73 - ok
16:07:01.0528 8188 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
16:07:01.0531 8188 nfrd960 - ok
16:07:01.0576 8188 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
16:07:01.0579 8188 Npfs - ok
16:07:01.0600 8188 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
16:07:01.0602 8188 nsiproxy - ok
16:07:01.0653 8188 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
16:07:01.0688 8188 Ntfs - ok
16:07:01.0721 8188 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
16:07:01.0724 8188 Null - ok
16:07:01.0771 8188 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
16:07:01.0776 8188 nvraid - ok
16:07:01.0816 8188 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
16:07:01.0818 8188 nvstor - ok
16:07:01.0857 8188 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
16:07:01.0863 8188 nv_agp - ok
16:07:01.0924 8188 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
16:07:01.0966 8188 ohci1394 - ok
16:07:02.0017 8188 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
16:07:02.0061 8188 Parport - ok
16:07:02.0080 8188 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
16:07:02.0088 8188 partmgr - ok
16:07:02.0111 8188 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
16:07:02.0129 8188 Parvdm - ok
16:07:02.0155 8188 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
16:07:02.0224 8188 pci - ok
16:07:02.0269 8188 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
16:07:02.0294 8188 pciide - ok
16:07:02.0322 8188 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
16:07:02.0342 8188 pcmcia - ok
16:07:02.0376 8188 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
16:07:02.0379 8188 pcw - ok
16:07:02.0430 8188 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
16:07:02.0455 8188 PEAUTH - ok
16:07:02.0564 8188 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
16:07:02.0624 8188 PptpMiniport - ok
16:07:02.0683 8188 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
16:07:02.0725 8188 Processor - ok
16:07:02.0804 8188 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
16:07:02.0821 8188 Psched - ok
16:07:02.0890 8188 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
16:07:02.0926 8188 ql2300 - ok
16:07:02.0969 8188 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
16:07:02.0974 8188 ql40xx - ok
16:07:03.0014 8188 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
16:07:03.0018 8188 QWAVEdrv - ok
16:07:03.0043 8188 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
16:07:03.0046 8188 RasAcd - ok
16:07:03.0083 8188 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:07:03.0086 8188 RasAgileVpn - ok
16:07:03.0129 8188 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:07:03.0172 8188 Rasl2tp - ok
16:07:03.0287 8188 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
16:07:03.0312 8188 RasPppoe - ok
16:07:03.0333 8188 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
16:07:03.0367 8188 RasSstp - ok
16:07:03.0438 8188 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
16:07:03.0456 8188 rdbss - ok
16:07:03.0479 8188 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
16:07:03.0504 8188 rdpbus - ok
16:07:03.0519 8188 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:07:03.0528 8188 RDPCDD - ok
16:07:03.0564 8188 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
16:07:03.0640 8188 RDPDR - ok
16:07:03.0714 8188 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
16:07:03.0732 8188 RDPENCDD - ok
16:07:03.0778 8188 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
16:07:03.0820 8188 RDPREFMP - ok
16:07:03.0886 8188 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
16:07:03.0937 8188 RDPWD - ok
16:07:03.0984 8188 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
16:07:03.0991 8188 rdyboost - ok
16:07:04.0071 8188 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
16:07:04.0082 8188 rspndr - ok
16:07:04.0140 8188 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
16:07:04.0143 8188 s3cap - ok
16:07:04.0192 8188 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
16:07:04.0200 8188 sbp2port - ok
16:07:04.0225 8188 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
16:07:04.0228 8188 scfilter - ok
16:07:04.0302 8188 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:07:04.0305 8188 secdrv - ok
16:07:04.0341 8188 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
16:07:04.0366 8188 Serenum - ok
16:07:04.0385 8188 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
16:07:04.0389 8188 Serial - ok
16:07:04.0402 8188 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
16:07:04.0410 8188 sermouse - ok
16:07:04.0454 8188 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
16:07:04.0483 8188 sffdisk - ok
16:07:04.0521 8188 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
16:07:04.0540 8188 sffp_mmc - ok
16:07:04.0574 8188 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:07:04.0578 8188 sffp_sd - ok
16:07:04.0597 8188 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
16:07:04.0600 8188 sfloppy - ok
16:07:04.0622 8188 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
16:07:04.0649 8188 sisagp - ok
16:07:04.0680 8188 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:07:04.0684 8188 SiSRaid2 - ok
16:07:04.0729 8188 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
16:07:04.0762 8188 SiSRaid4 - ok
16:07:04.0805 8188 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
16:07:04.0811 8188 Smb - ok
16:07:04.0866 8188 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
16:07:04.0869 8188 spldr - ok
16:07:04.0942 8188 srv (dd0dd124d95390fdffa7fb6283923ed4) C:\Windows\system32\DRIVERS\srv.sys
16:07:05.0026 8188 srv - ok
16:07:05.0176 8188 srv2 (59ef6d9c690e89d51b0692ccb13a06fc) C:\Windows\system32\DRIVERS\srv2.sys
16:07:05.0194 8188 srv2 - ok
16:07:05.0218 8188 srvnet (08f28676802b58138e48a2b40caf6204) C:\Windows\system32\DRIVERS\srvnet.sys
16:07:05.0222 8188 srvnet - ok
16:07:05.0289 8188 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
16:07:05.0294 8188 stexstor - ok
16:07:05.0350 8188 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
16:07:05.0353 8188 storflt - ok
16:07:05.0388 8188 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
16:07:05.0392 8188 storvsc - ok
16:07:05.0417 8188 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
16:07:05.0420 8188 swenum - ok
16:07:05.0567 8188 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
16:07:05.0626 8188 Tcpip - ok
16:07:05.0942 8188 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
16:07:05.0952 8188 TCPIP6 - ok
16:07:06.0009 8188 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
16:07:06.0014 8188 tcpipreg - ok
16:07:06.0044 8188 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
16:07:06.0047 8188 TDPIPE - ok
16:07:06.0073 8188 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
16:07:06.0077 8188 TDTCP - ok
16:07:06.0111 8188 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
16:07:06.0115 8188 tdx - ok
16:07:06.0151 8188 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
16:07:06.0160 8188 TermDD - ok
16:07:06.0246 8188 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:07:06.0253 8188 tssecsrv - ok
16:07:06.0288 8188 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
16:07:06.0300 8188 tunnel - ok
16:07:06.0331 8188 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
16:07:06.0338 8188 uagp35 - ok
16:07:06.0392 8188 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
16:07:06.0399 8188 udfs - ok
16:07:06.0467 8188 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
16:07:06.0472 8188 uliagpkx - ok
16:07:06.0530 8188 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
16:07:06.0543 8188 umbus - ok
16:07:06.0593 8188 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
16:07:06.0596 8188 UmPass - ok
16:07:06.0676 8188 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
16:07:06.0679 8188 USBAAPL - ok
16:07:06.0727 8188 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
16:07:06.0731 8188 usbccgp - ok
16:07:06.0782 8188 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
16:07:06.0786 8188 usbcir - ok
16:07:06.0830 8188 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
16:07:06.0833 8188 usbehci - ok
16:07:06.0872 8188 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
16:07:06.0880 8188 usbhub - ok
16:07:06.0911 8188 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
16:07:06.0914 8188 usbohci - ok
16:07:06.0947 8188 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
16:07:06.0950 8188 usbprint - ok
16:07:06.0975 8188 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:07:06.0979 8188 USBSTOR - ok
16:07:07.0010 8188 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
16:07:07.0019 8188 usbuhci - ok
16:07:07.0086 8188 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
16:07:07.0092 8188 vdrvroot - ok
16:07:07.0139 8188 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
16:07:07.0144 8188 vga - ok
16:07:07.0162 8188 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
16:07:07.0168 8188 VgaSave - ok
16:07:07.0212 8188 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
16:07:07.0218 8188 vhdmp - ok
16:07:07.0260 8188 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
16:07:07.0264 8188 viaagp - ok
16:07:07.0301 8188 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
16:07:07.0304 8188 ViaC7 - ok
16:07:07.0347 8188 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
16:07:07.0350 8188 viaide - ok
16:07:07.0392 8188 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
16:07:07.0397 8188 vmbus - ok
16:07:07.0449 8188 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
16:07:07.0452 8188 VMBusHID - ok
16:07:07.0492 8188 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
16:07:07.0499 8188 volmgr - ok
16:07:07.0532 8188 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
16:07:07.0538 8188 volmgrx - ok
16:07:07.0564 8188 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
16:07:07.0571 8188 volsnap - ok
16:07:07.0613 8188 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
16:07:07.0618 8188 vsmraid - ok
16:07:07.0645 8188 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
16:07:07.0648 8188 vwifibus - ok
16:07:07.0677 8188 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
16:07:07.0680 8188 vwififlt - ok
16:07:07.0727 8188 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
16:07:07.0730 8188 vwifimp - ok
16:07:07.0778 8188 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
16:07:07.0786 8188 WacomPen - ok
16:07:07.0827 8188 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
16:07:07.0833 8188 WANARP - ok
16:07:07.0839 8188 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
16:07:07.0841 8188 Wanarpv6 - ok
16:07:07.0926 8188 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
16:07:07.0929 8188 Wd - ok
16:07:07.0982 8188 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
16:07:07.0991 8188 Wdf01000 - ok
16:07:08.0066 8188 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
16:07:08.0068 8188 WfpLwf - ok
16:07:08.0092 8188 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
16:07:08.0095 8188 WIMMount - ok
16:07:08.0219 8188 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
16:07:08.0227 8188 WinUsb - ok
16:07:08.0280 8188 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:07:08.0283 8188 WmiAcpi - ok
16:07:08.0374 8188 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
16:07:08.0378 8188 ws2ifsl - ok
16:07:08.0415 8188 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
16:07:08.0419 8188 WudfPf - ok
16:07:08.0473 8188 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:07:08.0478 8188 WUDFRd - ok
16:07:08.0563 8188 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:07:08.0613 8188 \Device\Harddisk0\DR0 - ok
16:07:08.0621 8188 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1
16:07:08.0626 8188 \Device\Harddisk1\DR1 - ok
16:07:08.0632 8188 Boot (0x1200) (8164597088ac29f17002fee29e4fbb10) \Device\Harddisk0\DR0\Partition0
16:07:08.0632 8188 \Device\Harddisk0\DR0\Partition0 - ok
16:07:08.0662 8188 Boot (0x1200) (4a88d0da4628203221f593e127d20814) \Device\Harddisk0\DR0\Partition1
16:07:08.0663 8188 \Device\Harddisk0\DR0\Partition1 - ok
16:07:08.0669 8188 Boot (0x1200) (9ed0ee1e4e0023fc1ce8cec346d4b591) \Device\Harddisk1\DR1\Partition0
16:07:08.0670 8188 \Device\Harddisk1\DR1\Partition0 - ok
16:07:08.0674 8188 ============================================================
16:07:08.0674 8188 Scan finished
16:07:08.0674 8188 ============================================================
16:07:08.0695 2784 Detected object count: 1
16:07:08.0695 2784 Actual detected object count: 1
16:07:20.0007 2784 C:\Windows\system32\DRIVERS\netbt.sys - copied to quarantine
16:07:22.0939 2784 Backup copy found, using it..
16:07:22.0967 2784 C:\Windows\system32\DRIVERS\netbt.sys - will be cured on reboot
16:07:26.0514 2784 NetBT ( Virus.Win32.ZAccess.l ) - User select action: Cure

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[psav]

ok i will get on those steps right away

 

[psav]

ok this is step 2 log file with malwarebytes, im about to start step 3.

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.06.03

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Parand :: PARAND-PC [administrator]

06/02/2012 17:56:29
mbam-log-2012-02-06 (17-56-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 174589
Time elapsed: 9 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\System32\drivers\cdrom.sys (Trojan.Patched) -> Quarantined and deleted successfully.

(end)

 

[psav]

step 3 done here is the log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-02-06 19:12:58
Windows 6.1.7600 Harddisk0\DR0 -> \Device\00000061 ST316081 rev.3.AD
Running: t59lf331.exe; Driver: C:\Users\Parand\AppData\Local\Temp\awdiapow.sys


---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Processes - GMER 1.0.15 ----

Process PING.EXE (*** hidden *** ) 1452

---- EOF - GMER 1.0.15 ----

 

[psav]

step 4

DDS log file

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.2.1
Run by Parand at 19:18:44 on 2012-02-06
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.2046.876 [GMT 0:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.0 runtime\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Google Update] "c:\users\parand\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
TCP: Interfaces\{823C5755-3475-4B56-BA5D-97D6F90E72E1} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{8AB5AEFD-0AD0-44E3-8E09-86D4C1E2CFFB} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{8AB5AEFD-0AD0-44E3-8E09-86D4C1E2CFFB}\2445F40756E6A7F6E656D284 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{8AB5AEFD-0AD0-44E3-8E09-86D4C1E2CFFB}\6796277696E6D65646961603035313935343 : DhcpNameServer = 194.168.4.100 194.168.8.100
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\parand\appdata\roaming\mozilla\firefox\profiles\l5vrrg5p.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\byond\bin\npbyond.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\oracle\javafx 2.0 runtime\bin\new_plugin\npjp2.dll
FF - plugin: c:\users\parand\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\users\parand\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-7-12 54112]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-1-2 218688]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2011-3-9 2708024]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-2-2 1373576]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-6 652360]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-8 20464]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-6-10 545792]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2009-6-10 657408]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2012-02-06 17:50:55 111616 ----a-w- c:\windows\system32\5WLy1k.com
2012-02-06 16:24:18 26176 ---ha-w- c:\windows\system32\hamachi.sys
2012-02-06 16:24:13 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-02-06 16:07:19 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-06 04:35:32 -------- d-----w- c:\program files\Oracle
2012-02-06 04:34:29 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-02-06 04:21:58 388096 ----a-r- c:\users\parand\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-02-06 04:21:57 -------- d-----w- c:\program files\Trend Micro
2012-02-06 03:11:53 -------- d-----w- c:\users\parand\appdata\roaming\f-secure
2012-02-06 03:11:09 -------- d-----w- c:\programdata\F-Secure
2012-02-05 16:40:16 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-04 03:49:32 -------- d-----w- c:\program files\Microsoft WSE
2012-01-31 21:56:29 -------- d-----w- c:\users\parand\appdata\roaming\foobar2000
2012-01-31 21:51:27 -------- d-----w- c:\program files\foobar2000
2012-01-31 19:43:05 -------- d-----w- c:\users\parand\appdata\roaming\Ybozi
2012-01-31 19:43:05 -------- d-----w- c:\users\parand\appdata\roaming\Ubemez
2012-01-28 02:52:12 1936528 ----a-w- c:\windows\system32\ltmm15.dll
2012-01-28 02:52:11 135168 ----a-w- c:\windows\system32\DSKernel2.dll
2012-01-28 02:50:47 737280 ----a-w- c:\windows\iun6002.exe
2012-01-28 02:50:03 -------- d-----w- c:\program files\Replay AV 8
2012-01-28 02:16:31 -------- d-----w- c:\users\parand\appdata\local\Jaksta_Technologies_Pty_L
2012-01-28 02:14:39 -------- d-----w- c:\program files\Applian Technologies
2012-01-28 02:14:33 -------- d-----w- c:\programdata\Applian
2012-01-26 02:47:56 -------- d-----w- c:\program files\EA GAMES
2012-01-26 02:47:03 749568 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iKernel.dll
2012-01-26 02:47:03 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\ctor.dll
2012-01-26 02:47:03 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\DotNetInstaller.exe
2012-01-26 02:47:03 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iscript.dll
2012-01-26 02:47:03 192644 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iGdi.dll
2012-01-26 02:47:03 180224 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iuser.dll
2012-01-26 02:47:02 323716 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\setup.dll
2012-01-26 00:14:38 -------- d-----w- c:\programdata\Ralink
2012-01-13 05:34:02 -------- d-----w- C:\codec-info
2012-01-13 05:33:33 -------- d-----w- c:\programdata\Premium
2012-01-13 05:33:32 -------- d-----w- c:\programdata\InstallMate
2012-01-12 23:40:58 299520 ----a-w- c:\windows\uninst.exe
2012-01-12 23:39:09 -------- d-----w- c:\program files\Square Soft, Inc
2012-01-09 17:47:51 -------- d-----w- c:\users\parand\appdata\local\Lucasarts
2012-01-09 17:38:50 -------- d-----w- c:\users\parand\appdata\roaming\dll-files.com
2012-01-09 17:38:39 286208 ----a-w- c:\windows\system32\binkw32.dll
2012-01-09 17:38:39 -------- d-----w- c:\program files\Dll-Files.com Fixer
2012-01-08 03:07:46 -------- d-----w- c:\users\parand\appdata\roaming\Malwarebytes
2012-01-08 03:07:17 -------- d-----w- c:\programdata\Malwarebytes
2012-01-08 03:07:14 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-08 03:07:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2012-02-06 16:22:48 187904 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-01-03 01:22:33 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-01-02 21:25:16 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-11-13 03:35:13 83872 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-11-13 03:35:13 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-11-08 19:56:06 567184 ----a-w- c:\windows\system32\deployJava1.dll
2007-03-09 08:12:32 27648 --sha-w- c:\windows\system32\AVSredirect.dll
.
============= FINISH: 19:21:08.99 ===============

Step 4

attach file log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 26/04/2011 22:13:22
System Uptime: 06/02/2012 18:11:46 (1 hours ago)
.
Motherboard: Dell Inc | | 0HY175
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket M2 | 2200/1000mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 109 GiB total, 14.181 GiB free.
D: is FIXED (NTFS) - 37 GiB total, 13.088 GiB free.
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
Description: CD-ROM Drive
Device ID: DTSOFTBUS&REV1\DTCDROM&REV1\1&79F5D87&1&02
Manufacturer: (Standard CD-ROM drives)
Name: DTSoftBusCd02
PNP Device ID: DTSOFTBUS&REV1\DTCDROM&REV1\1&79F5D87&1&02
Service: cdrom
.
Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
Description: CD-ROM Drive
Device ID: DTSOFTBUS&REV1\DTCDROM&REV1\1&79F5D87&1&03
Manufacturer: (Standard CD-ROM drives)
Name: DTSoftBusCd03
PNP Device ID: DTSOFTBUS&REV1\DTCDROM&REV1\1&79F5D87&1&03
Service: cdrom
.
Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_TSSTCORP&PROD_DVD+-RW_TS-H653A\4&377153BC&0&010100
Manufacturer: (Standard CD-ROM drives)
Name: TSSTcorp DVD+-RW TS-H653A SCSI CdRom Device
PNP Device ID: SCSI\CDROM&VEN_TSSTCORP&PROD_DVD+-RW_TS-H653A\4&377153BC&0&010100
Service: cdrom
.
Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
Description: CD-ROM Drive
Device ID: DTSOFTBUS&REV1\DTCDROM&REV1\1&79F5D87&1&00
Manufacturer: (Standard CD-ROM drives)
Name: DTSoftBusCd00
PNP Device ID: DTSOFTBUS&REV1\DTCDROM&REV1\1&79F5D87&1&00
Service: cdrom
.
Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
Description: CD-ROM Drive
Device ID: DTSOFTBUS&REV1\DTCDROM&REV1\1&79F5D87&1&01
Manufacturer: (Standard CD-ROM drives)
Name: DTSoftBusCd01
PNP Device ID: DTSOFTBUS&REV1\DTCDROM&REV1\1&79F5D87&1&01
Service: cdrom
.
==== System Restore Points ===================
.
RP263: 06/02/2012 19:02:01 - Removed AVG 2011
.
==== Installed Programs ======================
.
888poker
Adobe AIR
Adobe Community Help
Adobe Content Viewer
Adobe Download Assistant
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe InDesign CS5.5
Adobe Reader X (10.1.0)
Adobe Shockwave Player 11.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
ATI Catalyst Install Manager
Audiosurf
AVG 2011
Battlefield 2(TM) Demo
BitTorrent
Bonjour
Canon iP4600 series Printer Driver
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Collab
Counter-Strike: Source
DAEMON Tools Lite
DivX Setup
Dll-Files.com Fixer
Final Fantasy VII
Final Fantasy VII Phoenix Rejuvenation Project
FL Studio 8
foobar2000 v1.1.10
Fraps
Garry's Mod
Google Chrome
Guild Wars
Half-Life 2
HiJackThis
IL Download Manager
iTunes
Java Auto Updater
Java(TM) 6 Update 27
Java(TM) 7 Update 2
JavaFX 2.0.2
LogMeIn Hamachi
Malwarebytes Anti-Malware version 1.60.1.1000
Medieval II Total War
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office Excel Viewer
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word 2007
Microsoft Office Word MUI (English) 2007
Microsoft PowerPoint Viewer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 4.0
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 9.0.1 (x86 en-GB)
Need for Speed™ Most Wanted
NVIDIA PhysX
Oblivion
Oblivion - BTmod 2.20
Oblivion - Horse Armor Pack
Oblivion - Knights of the Nine
Oblivion - Mehrunes Razor
Oblivion - Orrery
Oblivion - Spell Tomes
Oblivion - Thieves Den
Oblivion - Vile Lair
Oblivion - Wizard's Tower
Oblivion mod manager 1.1.12
PDF Settings CS5
Postal Fudge Pack
Project64 1.6
QuickTime
Replay AV 8
Replay Converter 2.8
S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005]
Skins
Skype Click to Call
Skype™ 5.5
Spotify
Star Wars JK II Jedi Outcast
Steam
swMSM
System Requirements Lab CYRI
Team Fortress 2
Terraria
The Longest Journey
The Sims™ 3
Unity Web Player
Universe Sandbox
Unofficial Oblivion Patch v3.2.0
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.1.9
WinRAR 4.00 (32-bit)
WorldsPlayer by Worlds.com
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
30/01/2012 15:26:14, Error: bowser [8003] - The master browser has received a server announcement from the computer FAREED-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{DEE54EB0-E435-4271-8043-7175ECC4. The master browser is stopping or an election is being forced.
30/01/2012 14:53:28, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
06/02/2012 19:18:58, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
06/02/2012 19:06:51, Error: Service Control Manager [7000] - The AVG TDI Driver service failed to start due to the following error: The system cannot find the file specified.
06/02/2012 19:05:23, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgfws service.
06/02/2012 18:12:48, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
06/02/2012 18:12:35, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgtdix cdrom
06/02/2012 18:12:31, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
06/02/2012 18:12:18, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
06/02/2012 18:12:16, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
06/02/2012 17:19:33, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgtdix
06/02/2012 16:24:27, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.
06/02/2012 16:24:27, Error: Service Control Manager [7000] - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
06/02/2012 16:24:18, Error: Service Control Manager [7030] - The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
06/02/2012 16:16:52, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
06/02/2012 14:00:17, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
06/02/2012 06:49:33, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0xb6ab4438, 0x00000002, 0x00000000, 0x82c6df04). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020612-25584-01.
06/02/2012 04:42:23, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
06/02/2012 04:41:22, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the upnphost service.
06/02/2012 04:41:22, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
06/02/2012 04:40:45, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
06/02/2012 03:27:43, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
05/02/2012 19:42:56, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
05/02/2012 16:27:04, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
05/02/2012 00:09:22, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0xa6422700, 0x00000002, 0x00000000, 0x82c99f04). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020512-41153-01.
04/02/2012 11:10:28, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
04/02/2012 11:10:28, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
04/02/2012 04:04:32, Error: Service Control Manager [7034] - The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly. It has done this 1 time(s).
03/02/2012 14:23:46, Error: Service Control Manager [7034] - The AMService service terminated unexpectedly. It has done this 1 time(s).
03/02/2012 13:53:35, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x9b311008, 0x00000002, 0x00000000, 0x82c67f04). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020312-60949-01.
02/02/2012 21:34:41, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
01/02/2012 09:10:09, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0xb50fbcd8, 0x00000002, 0x00000000, 0x82c67f04). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020112-58375-01.
01/02/2012 07:53:07, Error: Service Control Manager [7030] - The AMService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================

 

[psav]

All steps completed.
Any ideas?

 

[Broni]

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==========================================================

Download Bootkit Remover to your Desktop.

• Unzip downloaded file to your Desktop.
• Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

 

[psav]

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-06 20:02:47
-----------------------------
20:02:47.310 OS Version: Windows 6.1.7600
20:02:47.310 Number of processors: 2 586 0x4B02
20:02:47.312 ComputerName: PARAND-PC UserName: Parand
20:02:51.312 Initialize success
20:07:22.210 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000061
20:07:22.217 Disk 0 Vendor: ST316081 3.AD Size: 152587MB BusType: 3
20:07:22.230 Disk 0 MBR read successfully
20:07:22.235 Disk 0 MBR scan
20:07:22.239 Disk 0 Windows 7 default MBR code
20:07:22.245 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
20:07:22.254 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 111160 MB offset 128520
20:07:22.260 Disk 0 Partition - 00 0F Extended LBA 38130 MB offset 227801700
20:07:22.287 Disk 0 Partition 3 00 DB CP/M / CTOS MSDOS5.0 3223 MB offset 305893665
20:07:22.320 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 38130 MB offset 227801763
20:07:22.347 Disk 0 scanning sectors +312496380
20:07:22.431 Disk 0 scanning C:\Windows\system32\drivers
20:07:33.739 Service scanning
20:07:35.853 Modules scanning
20:07:42.139 Module: C:\Windows\system32\DRIVERS\avgldx86.sys **SUSPICIOUS**
20:07:43.237 Disk 0 trace - called modules:
20:07:43.264 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x97603fc0]<<
20:07:43.275 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a6d030]
20:07:43.285 3 CLASSPNP.SYS[88fac59e] -> nt!IofCallDriver -> [0x86c70d58]
20:07:43.295 \Driver\00002997[0x86c70e90] -> IRP_MJ_CREATE -> 0x97603fc0
20:07:43.306 Scan finished successfully
20:07:55.453 Disk 0 MBR has been saved successfully to "C:\Users\Parand\Desktop\MBR.dat"
20:07:55.519 The log file has been saved successfully to "C:\Users\Parand\Desktop\aswMBR.txt"
20:08:27.323 Disk 0 MBR has been saved successfully to "C:\Users\Parand\Desktop\MBR.dat"
20:08:27.334 The log file has been saved successfully to "C:\Users\Parand\Desktop\aswMBR1.txt"


Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Ultimate Edition (build 7600), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`03ec1000
ATA_Read(): DeviceIoControl() ERROR 1
Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...

 

[Broni]

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[psav]

sorry for the long time taken to reply, have been having troubles with the internet, about to perform those tasks will post results.

 

[psav]

ok heres the log from combofix

ComboFix 12-02-02.02 - Parand 07/02/2012 5:17.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.2046.1251 [GMT 0:00]
Running from: c:\users\Parand\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\Yru3u7jf.exe
c:\windows\$NtUninstallKB2324$
c:\windows\$NtUninstallKB2324$\3021771430
c:\windows\$NtUninstallKB63211$\220740190
c:\windows\$NtUninstallKB63211$\2847301469\@
c:\windows\$NtUninstallKB63211$\2847301469\cfg.ini
c:\windows\$NtUninstallKB63211$\2847301469\Desktop.ini
c:\windows\$NtUninstallKB63211$\2847301469\L\xadqgnnk
c:\windows\$NtUninstallKB63211$\2847301469\U\00000001.@
c:\windows\$NtUninstallKB63211$\2847301469\U\00000002.@
c:\windows\$NtUninstallKB63211$\2847301469\U\00000004.@
c:\windows\$NtUninstallKB63211$\2847301469\U\80000000.@
c:\windows\$NtUninstallKB63211$\2847301469\U\80000004.@
c:\windows\$NtUninstallKB63211$\2847301469\U\80000032.@
c:\windows\$NtUninstallKB63211$\2847301469\version
c:\windows\iun6002.exe
c:\windows\system32\roboot.exe
c:\windows\system32\SET6AF0.tmp
c:\windows\system32\SETAB32.tmp
c:\windows\system32\SETC751.tmp
D:\Autorun.inf
.
c:\windows\system32\drivers\netbt.sys . . . is missing!!
.
c:\windows\system32\drivers\cdrom.sys was missing
Restored copy from - c:\windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-01-07 to 2012-02-07 )))))))))))))))))))))))))))))))
.
.
2012-02-07 05:28 . 2012-02-07 05:33 -------- d-----w- c:\users\Parand\AppData\Local\temp
2012-02-06 17:50 . 2012-02-04 15:49 111616 ----a-w- c:\windows\system32\5WLy1k.com
2012-02-06 16:24 . 2009-03-18 16:35 26176 ---ha-w- c:\windows\system32\hamachi.sys
2012-02-06 16:24 . 2012-02-06 16:24 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-02-06 16:07 . 2012-02-06 16:07 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-06 05:07 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
2012-02-06 05:07 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2012-02-06 05:05 . 2010-12-18 05:29 541184 ----a-w- c:\windows\system32\kerberos.dll
2012-02-06 05:00 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\system32\quartz.dll
2012-02-06 04:59 . 2011-11-17 05:39 99840 ----a-w- c:\windows\system32\sspicli.dll
2012-02-06 04:51 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2012-02-06 04:36 . 2012-02-06 04:36 -------- d-----w- c:\program files\Common Files\Java
2012-02-06 04:35 . 2012-02-06 04:35 -------- d-----w- c:\program files\Oracle
2012-02-06 04:34 . 2011-11-08 19:56 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-02-06 04:21 . 2012-02-06 04:21 388096 ----a-r- c:\users\Parand\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-06 04:21 . 2012-02-06 04:21 -------- d-----w- c:\program files\Trend Micro
2012-02-06 03:11 . 2012-02-06 03:11 -------- d-----w- c:\users\Parand\AppData\Roaming\f-secure
2012-02-06 03:11 . 2012-02-06 03:11 -------- d-----w- c:\programdata\F-Secure
2012-02-05 16:40 . 2012-02-07 05:33 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-04 03:49 . 2012-02-04 03:49 -------- d-----w- c:\program files\Microsoft WSE
2012-02-04 03:38 . 2012-02-04 03:38 -------- d-----w- c:\program files\Electronic Arts
2012-01-31 21:56 . 2012-02-01 15:30 -------- d-----w- c:\users\Parand\AppData\Roaming\foobar2000
2012-01-31 21:55 . 2012-01-31 21:55 -------- d-----w- c:\program files\Winamp
2012-01-31 21:51 . 2012-01-31 21:51 -------- d-----w- c:\program files\foobar2000
2012-01-31 19:43 . 2012-02-04 04:01 -------- d-----w- c:\users\Parand\AppData\Roaming\Ubemez
2012-01-31 19:43 . 2012-02-04 03:42 -------- d-----w- c:\users\Parand\AppData\Roaming\Ybozi
2012-01-28 02:52 . 2007-03-04 12:55 1936528 ----a-w- c:\windows\system32\ltmm15.dll
2012-01-28 02:52 . 2007-03-04 12:55 135168 ----a-w- c:\windows\system32\DSKernel2.dll
2012-01-28 02:16 . 2012-02-01 19:15 -------- d-----w- c:\users\Parand\AppData\Local\Jaksta_Technologies_Pty_L
2012-01-28 02:14 . 2012-01-28 02:14 -------- d-----w- c:\program files\Applian Technologies
2012-01-28 02:14 . 2012-01-28 02:14 -------- d-----w- c:\programdata\Applian
2012-01-26 02:47 . 2012-01-26 02:47 -------- d-----w- c:\program files\EA GAMES
2012-01-26 02:47 . 2012-01-26 02:47 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2012-01-26 02:47 . 2004-10-22 02:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2012-01-26 02:47 . 2004-10-22 02:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2012-01-26 02:47 . 2004-10-22 02:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2012-01-26 02:47 . 2004-10-22 02:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2012-01-26 02:47 . 2004-10-22 02:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2012-01-26 02:47 . 2012-01-26 02:47 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2012-01-26 00:14 . 2012-01-26 00:15 -------- d-----w- c:\programdata\Ralink
2012-01-13 05:34 . 2012-01-13 05:34 -------- d-----w- C:\codec-info
2012-01-13 05:33 . 2012-01-13 05:33 -------- d-----w- c:\programdata\Premium
2012-01-13 05:33 . 2012-01-13 05:34 -------- d-----w- c:\programdata\InstallMate
2012-01-12 23:40 . 1997-04-08 20:08 299520 ----a-w- c:\windows\uninst.exe
2012-01-12 23:39 . 2012-01-12 23:39 -------- d-----w- c:\program files\Square Soft, Inc
2012-01-09 17:47 . 2012-01-09 17:47 -------- d-----w- c:\users\Parand\AppData\Local\Lucasarts
2012-01-09 17:38 . 2012-01-09 17:38 -------- d-----w- c:\users\Parand\AppData\Roaming\dll-files.com
2012-01-09 17:38 . 2012-01-09 17:38 -------- d-----w- c:\program files\Dll-Files.com Fixer
2012-01-09 17:38 . 2011-09-27 03:39 286208 ----a-w- c:\windows\system32\binkw32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-03 01:22 . 2012-01-03 01:22 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-12-10 15:24 . 2012-01-08 03:07 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-13 03:35 . 2011-11-13 00:46 83872 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-11-13 03:35 . 2011-11-13 00:46 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-01-07 17:58 . 2011-04-26 15:21 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-14 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-02 1987976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2012-02-02 1373576]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ccevtmgr
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-06 c:\windows\Tasks\At1.job
- c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
.
2012-02-07 c:\windows\Tasks\At10.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-06 c:\windows\Tasks\At11.job
- c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
.
2012-02-06 c:\windows\Tasks\At12.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-06 c:\windows\Tasks\At13.job
- c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
.
2012-02-06 c:\windows\Tasks\At14.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-06 c:\windows\Tasks\At15.job
- c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
.
2012-02-06 c:\windows\Tasks\At16.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-06 c:\windows\Tasks\At17.job
- c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
.
2012-02-06 c:\windows\Tasks\At18.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-06 c:\windows\Tasks\At19.job
- c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
.
2012-02-06 c:\windows\Tasks\At2.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-06 c:\windows\Tasks\At20.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-06 c:\windows\Tasks\At21.job
- c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
.
2012-02-06 c:\windows\Tasks\At22.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-06 c:\windows\Tasks\At23.job
- c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
.
2012-02-06 c:\windows\Tasks\At24.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-06 c:\windows\Tasks\At25.job
- c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
.
2012-02-06 c:\windows\Tasks\At26.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-06 c:\windows\Tasks\At27.job
- c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
.
2012-02-06 c:\windows\Tasks\At28.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-06 c:\windows\Tasks\At29.job
- c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
.
2012-02-06 c:\windows\Tasks\At3.job
- c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
.
2012-02-06 c:\windows\Tasks\At30.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-06 c:\windows\Tasks\At31.job
- c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
.
2012-02-06 c:\windows\Tasks\At32.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-06 c:\windows\Tasks\At33.job
- c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
.
2012-02-06 c:\windows\Tasks\At34.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-06 c:\windows\Tasks\At35.job
- c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
.
2012-02-06 c:\windows\Tasks\At36.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-06 c:\windows\Tasks\At37.job
- c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
.
2012-02-06 c:\windows\Tasks\At38.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-06 c:\windows\Tasks\At39.job
- c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
.
2012-02-06 c:\windows\Tasks\At4.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-06 c:\windows\Tasks\At40.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-05 c:\windows\Tasks\At41.job
- c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
.
2012-02-05 c:\windows\Tasks\At42.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-05 c:\windows\Tasks\At43.job
- c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
.
2012-02-05 c:\windows\Tasks\At44.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-05 c:\windows\Tasks\At45.job
- c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
.
2012-02-05 c:\windows\Tasks\At46.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-05 c:\windows\Tasks\At47.job
- c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
.
2012-02-05 c:\windows\Tasks\At48.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-07 c:\windows\Tasks\At5.job
- c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
.
2012-02-07 c:\windows\Tasks\At6.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-07 c:\windows\Tasks\At7.job
- c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
.
2012-02-07 c:\windows\Tasks\At8.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-07 c:\windows\Tasks\At9.job
- c:\windows\system32\5WLy1k.com [2012-02-06 15:49]
.
2012-02-01 c:\windows\Tasks\DLL-files.com Fixer_UPDATES.job
- c:\program files\Dll-Files.com Fixer\DLLFixer.exe [2012-01-09 17:48]
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2392525166-896632410-2993892592-1000Core.job
- c:\users\Parand\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-24 10:40]
.
2012-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2392525166-896632410-2993892592-1000UA.job
- c:\users\Parand\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-24 10:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
LSP: mswsock.dll
FF - ProfilePath - c:\users\Parand\AppData\Roaming\Mozilla\Firefox\Profiles\l5vrrg5p.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-38197557.sys
AddRemove-BTmod - c:\program files\Bethesda Softworks\Oblivion\Data\BTmod-Uninstall.exe
AddRemove-Final Fantasy VII - c:\program files\Square Soft
AddRemove-Fraps - c:\fraps\uninstall.exe
AddRemove-Guild Wars - c:\program files\Guild Wars\Gw.exe
AddRemove-Oblivion mod manager_is1 - c:\program files\Bethesda Softworks\Oblivion\obmm\uninstall\unins000.exe
AddRemove-Replay_AV_807 - c:\windows\iun6002.exe
AddRemove-Replay_Converter_1 - c:\windows\iun6002.exe
AddRemove-Universe Sandbox - c:\program files\Universe Sandbox\uninstall.exe
AddRemove-Unofficial Oblivion Patch_is1 - c:\program files\Bethesda Softworks\Oblivion\Unofficial Oblivion Patch\unins000.exe
AddRemove-{ADE91A13-434D-4229-00BC-182BAD607303} - c:\program files\EA GAMES\Need for Speed Most Wanted\EAUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2392525166-896632410-2993892592-1000\Software\id\Doom95\Config\ø*! *]
"mouse_sensitivity"=dword:00000005
"sfx_volume"=dword:00000008
"music_volume"=dword:00000008
"show_messages"=dword:00000001
"key_right"=dword:0000004d
"key_left"=dword:0000004b
"key_up"=dword:00000048
"key_down"=dword:00000050
"key_strafeleft"=dword:00000033
"key_straferight"=dword:00000034
"key_fire"=dword:0000001d
"key_use"=dword:00000039
"key_strafe"=dword:00000038
"key_speed"=dword:00000036
"use_mouse"=dword:00000000
"full_screen"=dword:00000000
"full_keyboard"=dword:00000000
"mouseb_fire"=dword:00000000
"mouseb_strafe"=dword:00000001
"mouseb_forward"=dword:00000002
"use_joystick"=dword:00000000
"joyb_fire"=dword:00000000
"joyb_strafe"=dword:00000001
"joyb_use"=dword:00000003
"joyb_speed"=dword:00000002
"joy_id"=dword:00000000
"joy_axis_map"="yx "
"joy_feedback_DLL"=""
"joy_move_threshold"=dword:00000800
"joy_move_sensitivity"=dword:00000250
"joy_turn_threshold"=dword:00001000
"joy_turn_sensitivity"=dword:00000020
"joyb_fist_saw"=dword:ffffffff
"joyb_pistol"=dword:ffffffff
"joyb_shotgun"=dword:ffffffff
"joyb_chaingun"=dword:ffffffff
"joyb_missile"=dword:ffffffff
"joyb_plasma"=dword:ffffffff
"joyb_bfg"=dword:ffffffff
"joyb_inc"=dword:ffffffff
"joyb_dec"=dword:ffffffff
"screenblocks"=dword:00000009
"detaillevel"=dword:00000000
"snd_channels"=dword:00000003
"usegamma"=dword:00000000
"chatmacro0"="No"
"chatmacro1"="I'm ready to kick butt!"
"chatmacro2"="I'm OK."
"chatmacro3"="I'm not looking too good!"
"chatmacro4"="Help!"
"chatmacro5"="You suck!"
"chatmacro6"="Next time, scumbag..."
"chatmacro7"="Come here!"
"chatmacro8"="I'll take care of it."
"chatmacro9"="Yes"
.
[HKEY_USERS\S-1-5-21-2392525166-896632410-2993892592-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-02-07 05:40:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-07 05:40
.
Pre-Run: 17,892,904,960 bytes free
Post-Run: 19,520,671,744 bytes free
.
- - End Of File - - 4FAF5FC8C901C2B709778E66B3E06AB5

 

[Broni]

We have one system file missing.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE

• Double-click SystemLook.exe to run it.
• Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
• Copy the content of the following box and paste it into the main textfield:
  

  :filefind
  netbt.sys

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

[psav]

SystemLook 30.07.11 by jpshortstuff
Log created at 15:19 on 07/02/2012 by Parand
Administrator - Elevation successful

========== filefind ==========

Searching for "netbt.sys"
C:\i386\netbt.sys --a---- 162816 bytes [17:37 17/09/2009] [05:00 04/08/2004] 0C80E410CD2F47134407EE7DD19CC86B
C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_603b1e855897bcd6\netbt.sys --a---- 187904 bytes [23:12 13/07/2009] [16:22 06/02/2012] F2505C37236B292C1E6BB55EC3E5D081

-= EOF =-

 

[Broni]

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

FCopy::
C:\i386\netbt.sys | c:\windows\system32\drivers\netbt.sys
c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll | c:\windows\System32\user32.dll

File::
c:\windows\system32\5WLy1k.com

At::

NetSvc::
ccevtmgr

ClearJavaCache::

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[psav]

ComboFix 12-02-07.01 - Parand 07/02/2012 18:21:15.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.2046.1347 [GMT 0:00]
Running from: c:\users\Parand\Desktop\ComboFix.exe
Command switches used :: c:\users\Parand\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\5WLy1k.com"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB63211$\2191842353
c:\windows\$NtUninstallKB63211$\2847301469\@
c:\windows\$NtUninstallKB63211$\2847301469\cfg.ini
c:\windows\$NtUninstallKB63211$\2847301469\Desktop.ini
c:\windows\$NtUninstallKB63211$\2847301469\L\xadqgnnk
c:\windows\$NtUninstallKB63211$\2847301469\oemid
c:\windows\$NtUninstallKB63211$\2847301469\U\00000001.@
c:\windows\$NtUninstallKB63211$\2847301469\U\00000002.@
c:\windows\$NtUninstallKB63211$\2847301469\U\00000004.@
c:\windows\$NtUninstallKB63211$\2847301469\U\80000000.@
c:\windows\$NtUninstallKB63211$\2847301469\U\80000004.@
c:\windows\$NtUninstallKB63211$\2847301469\U\80000032.@
c:\windows\$NtUninstallKB63211$\2847301469\version
c:\windows\system32\5WLy1k.com
.
c:\windows\system32\drivers\cdrom.sys was missing
Restored copy from - c:\windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
.
.
--------------- FCopy ---------------
.
c:\i386\netbt.sys --> c:\windows\system32\drivers\netbt.sys
c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll --> c:\windows\System32\user32.dll
.
((((((((((((((((((((((((( Files Created from 2012-01-07 to 2012-02-07 )))))))))))))))))))))))))))))))
.
.
2012-02-07 18:31 . 2012-02-07 18:36 -------- d-----w- c:\users\Parand\AppData\Local\temp
2012-02-07 18:31 . 2012-02-07 18:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-07 18:31 . 2009-07-13 23:11 108544 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-02-07 18:21 . 2004-08-04 05:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-07 15:42 . 2012-02-07 17:43 -------- d-----w- c:\windows\system32\drivers\AVG
2012-02-07 15:41 . 2012-02-07 15:41 -------- d-----w- c:\program files\AVG
2012-02-07 05:12 . 2009-07-13 23:53 45568 ----a-w- c:\windows\system32\drivers\ndisuio.sys
2012-02-06 16:24 . 2009-03-18 16:35 26176 ---ha-w- c:\windows\system32\hamachi.sys
2012-02-06 16:24 . 2012-02-06 16:24 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-02-06 16:07 . 2012-02-06 16:07 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-06 05:07 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
2012-02-06 05:07 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2012-02-06 05:05 . 2010-12-18 05:29 541184 ----a-w- c:\windows\system32\kerberos.dll
2012-02-06 05:00 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\system32\quartz.dll
2012-02-06 04:59 . 2011-11-17 05:39 99840 ----a-w- c:\windows\system32\sspicli.dll
2012-02-06 04:51 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2012-02-06 04:36 . 2012-02-06 04:36 -------- d-----w- c:\program files\Common Files\Java
2012-02-06 04:35 . 2012-02-06 04:35 -------- d-----w- c:\program files\Oracle
2012-02-06 04:34 . 2011-11-08 19:56 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-02-06 04:21 . 2012-02-06 04:21 388096 ----a-r- c:\users\Parand\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-06 04:21 . 2012-02-06 04:21 -------- d-----w- c:\program files\Trend Micro
2012-02-06 03:11 . 2012-02-06 03:11 -------- d-----w- c:\users\Parand\AppData\Roaming\f-secure
2012-02-06 03:11 . 2012-02-06 03:11 -------- d-----w- c:\programdata\F-Secure
2012-02-05 16:40 . 2012-02-07 18:20 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-04 21:39 . 2012-02-04 15:49 111616 ----a-w- c:\windows\system32\5WLy1k.com_
2012-02-04 03:49 . 2012-02-04 03:49 -------- d-----w- c:\program files\Microsoft WSE
2012-02-04 03:38 . 2012-02-04 03:38 -------- d-----w- c:\program files\Electronic Arts
2012-01-31 21:56 . 2012-02-01 15:30 -------- d-----w- c:\users\Parand\AppData\Roaming\foobar2000
2012-01-31 21:55 . 2012-01-31 21:55 -------- d-----w- c:\program files\Winamp
2012-01-31 21:51 . 2012-01-31 21:51 -------- d-----w- c:\program files\foobar2000
2012-01-31 19:43 . 2012-02-04 04:01 -------- d-----w- c:\users\Parand\AppData\Roaming\Ubemez
2012-01-31 19:43 . 2012-02-04 03:42 -------- d-----w- c:\users\Parand\AppData\Roaming\Ybozi
2012-01-28 02:52 . 2007-03-04 12:55 1936528 ----a-w- c:\windows\system32\ltmm15.dll
2012-01-28 02:52 . 2007-03-04 12:55 135168 ----a-w- c:\windows\system32\DSKernel2.dll
2012-01-28 02:16 . 2012-02-01 19:15 -------- d-----w- c:\users\Parand\AppData\Local\Jaksta_Technologies_Pty_L
2012-01-28 02:14 . 2012-01-28 02:14 -------- d-----w- c:\program files\Applian Technologies
2012-01-28 02:14 . 2012-01-28 02:14 -------- d-----w- c:\programdata\Applian
2012-01-26 02:47 . 2012-01-26 02:47 -------- d-----w- c:\program files\EA GAMES
2012-01-26 02:47 . 2012-01-26 02:47 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2012-01-26 02:47 . 2004-10-22 02:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2012-01-26 02:47 . 2004-10-22 02:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2012-01-26 02:47 . 2004-10-22 02:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2012-01-26 02:47 . 2004-10-22 02:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2012-01-26 02:47 . 2004-10-22 02:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2012-01-26 02:47 . 2012-01-26 02:47 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2012-01-26 00:14 . 2012-01-26 00:15 -------- d-----w- c:\programdata\Ralink
2012-01-13 05:34 . 2012-01-13 05:34 -------- d-----w- C:\codec-info
2012-01-13 05:33 . 2012-01-13 05:33 -------- d-----w- c:\programdata\Premium
2012-01-13 05:33 . 2012-01-13 05:34 -------- d-----w- c:\programdata\InstallMate
2012-01-12 23:40 . 1997-04-08 20:08 299520 ----a-w- c:\windows\uninst.exe
2012-01-12 23:39 . 2012-01-12 23:39 -------- d-----w- c:\program files\Square Soft, Inc
2012-01-09 17:47 . 2012-01-09 17:47 -------- d-----w- c:\users\Parand\AppData\Local\Lucasarts
2012-01-09 17:38 . 2012-01-09 17:38 -------- d-----w- c:\users\Parand\AppData\Roaming\dll-files.com
2012-01-09 17:38 . 2012-01-09 17:38 -------- d-----w- c:\program files\Dll-Files.com Fixer
2012-01-09 17:38 . 2011-09-27 03:39 286208 ----a-w- c:\windows\system32\binkw32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-03 01:22 . 2012-01-03 01:22 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-12-10 15:24 . 2012-01-08 03:07 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-13 03:35 . 2011-11-13 00:46 83872 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-11-13 03:35 . 2011-11-13 00:46 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-01-07 17:58 . 2011-04-26 15:21 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-02 1987976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe" [2011-06-12 235168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2011-05-23 47968]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [2011-11-23 2391832]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2012-02-02 1373576]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-07 c:\windows\Tasks\At10.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-07 c:\windows\Tasks\At12.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-07 c:\windows\Tasks\At14.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-07 c:\windows\Tasks\At16.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-07 c:\windows\Tasks\At18.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-06 c:\windows\Tasks\At2.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-07 c:\windows\Tasks\At20.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-07 c:\windows\Tasks\At22.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-07 c:\windows\Tasks\At24.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-07 c:\windows\Tasks\At26.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-07 c:\windows\Tasks\At28.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-07 c:\windows\Tasks\At30.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-07 c:\windows\Tasks\At32.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-07 c:\windows\Tasks\At34.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-07 c:\windows\Tasks\At36.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-06 c:\windows\Tasks\At38.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-06 c:\windows\Tasks\At4.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-06 c:\windows\Tasks\At40.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-05 c:\windows\Tasks\At42.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-05 c:\windows\Tasks\At44.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-05 c:\windows\Tasks\At46.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-05 c:\windows\Tasks\At48.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-07 c:\windows\Tasks\At6.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-07 c:\windows\Tasks\At8.job
- c:\windows\system32\5WLy1k.com_ [2012-02-04 15:49]
.
2012-02-01 c:\windows\Tasks\DLL-files.com Fixer_UPDATES.job
- c:\program files\Dll-Files.com Fixer\DLLFixer.exe [2012-01-09 17:48]
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2392525166-896632410-2993892592-1000Core.job
- c:\users\Parand\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-24 10:40]
.
2012-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2392525166-896632410-2993892592-1000UA.job
- c:\users\Parand\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-24 10:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
LSP: mswsock.dll
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\users\Parand\AppData\Roaming\Mozilla\Firefox\Profiles\l5vrrg5p.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2392525166-896632410-2993892592-1000\Software\id\Doom95\Config\ø*! *]
"mouse_sensitivity"=dword:00000005
"sfx_volume"=dword:00000008
"music_volume"=dword:00000008
"show_messages"=dword:00000001
"key_right"=dword:0000004d
"key_left"=dword:0000004b
"key_up"=dword:00000048
"key_down"=dword:00000050
"key_strafeleft"=dword:00000033
"key_straferight"=dword:00000034
"key_fire"=dword:0000001d
"key_use"=dword:00000039
"key_strafe"=dword:00000038
"key_speed"=dword:00000036
"use_mouse"=dword:00000000
"full_screen"=dword:00000000
"full_keyboard"=dword:00000000
"mouseb_fire"=dword:00000000
"mouseb_strafe"=dword:00000001
"mouseb_forward"=dword:00000002
"use_joystick"=dword:00000000
"joyb_fire"=dword:00000000
"joyb_strafe"=dword:00000001
"joyb_use"=dword:00000003
"joyb_speed"=dword:00000002
"joy_id"=dword:00000000
"joy_axis_map"="yx "
"joy_feedback_DLL"=""
"joy_move_threshold"=dword:00000800
"joy_move_sensitivity"=dword:00000250
"joy_turn_threshold"=dword:00001000
"joy_turn_sensitivity"=dword:00000020
"joyb_fist_saw"=dword:ffffffff
"joyb_pistol"=dword:ffffffff
"joyb_shotgun"=dword:ffffffff
"joyb_chaingun"=dword:ffffffff
"joyb_missile"=dword:ffffffff
"joyb_plasma"=dword:ffffffff
"joyb_bfg"=dword:ffffffff
"joyb_inc"=dword:ffffffff
"joyb_dec"=dword:ffffffff
"screenblocks"=dword:00000009
"detaillevel"=dword:00000000
"snd_channels"=dword:00000003
"usegamma"=dword:00000000
"chatmacro0"="No"
"chatmacro1"="I'm ready to kick butt!"
"chatmacro2"="I'm OK."
"chatmacro3"="I'm not looking too good!"
"chatmacro4"="Help!"
"chatmacro5"="You suck!"
"chatmacro6"="Next time, scumbag..."
"chatmacro7"="Come here!"
"chatmacro8"="I'll take care of it."
"chatmacro9"="Yes"
.
[HKEY_USERS\S-1-5-21-2392525166-896632410-2993892592-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\sppsvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\5WLY1K~1.COM
.
**************************************************************************
.
Completion time: 2012-02-07 18:42:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-07 18:42
ComboFix2.txt 2012-02-07 05:40
.
Pre-Run: 15,715,418,112 bytes free
Post-Run: 15,684,681,728 bytes free
.
- - End Of File - - EA5551E460AEE088C0B5A4441F468646

 

[psav]

Also since the last step my internet is stuck on identifying network and i cant get online (using my room mates pc atm to post)

 

[Broni]

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\windows\system32\5WLy1k.com_

At::

ClearJavaCache::

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[psav]

ComboFix 12-02-07.01 - Parand 07/02/2012 20:30:16.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.2046.1384 [GMT 0:00]
Running from: c:\users\Parand\Desktop\ComboFix.exe
Command switches used :: c:\users\Parand\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\5WLy1k.com_"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB63211$
c:\windows\$NtUninstallKB63211$\2085326981
c:\windows\$NtUninstallKB63211$\2847301469\Desktop.ini
.
Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected
Restored copy from - c:\windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
.
c:\windows\system32\drivers\tdx.sys was missing
Restored copy from - c:\windows\ERDNT\cache\tdx.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-01-07 to 2012-02-07 )))))))))))))))))))))))))))))))
.
.
2012-02-07 20:39 . 2012-02-07 20:41 -------- d-----w- c:\users\Parand\AppData\Local\temp
2012-02-07 20:39 . 2012-02-07 20:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-07 20:39 . 2009-07-13 23:12 74240 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-02-07 20:21 . 2009-07-13 23:53 104448 ----a-w- c:\windows\system32\drivers\pacer.sys
2012-02-07 18:31 . 2009-07-13 23:11 108544 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-02-07 18:21 . 2004-08-04 05:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-07 15:42 . 2012-02-07 17:43 -------- d-----w- c:\windows\system32\drivers\AVG
2012-02-07 15:41 . 2012-02-07 15:41 -------- d-----w- c:\program files\AVG
2012-02-07 05:12 . 2009-07-13 23:53 45568 ----a-w- c:\windows\system32\drivers\ndisuio.sys
2012-02-06 16:24 . 2009-03-18 16:35 26176 ---ha-w- c:\windows\system32\hamachi.sys
2012-02-06 16:24 . 2012-02-06 16:24 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-02-06 16:07 . 2012-02-06 16:07 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-06 05:07 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
2012-02-06 05:07 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2012-02-06 05:05 . 2010-12-18 05:29 541184 ----a-w- c:\windows\system32\kerberos.dll
2012-02-06 05:00 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\system32\quartz.dll
2012-02-06 04:59 . 2011-11-17 05:39 99840 ----a-w- c:\windows\system32\sspicli.dll
2012-02-06 04:51 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2012-02-06 04:36 . 2012-02-06 04:36 -------- d-----w- c:\program files\Common Files\Java
2012-02-06 04:35 . 2012-02-06 04:35 -------- d-----w- c:\program files\Oracle
2012-02-06 04:34 . 2011-11-08 19:56 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-02-06 04:21 . 2012-02-06 04:21 388096 ----a-r- c:\users\Parand\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-06 04:21 . 2012-02-06 04:21 -------- d-----w- c:\program files\Trend Micro
2012-02-06 03:11 . 2012-02-06 03:11 -------- d-----w- c:\users\Parand\AppData\Roaming\f-secure
2012-02-06 03:11 . 2012-02-06 03:11 -------- d-----w- c:\programdata\F-Secure
2012-02-05 16:40 . 2012-02-07 18:20 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-04 21:39 . 2012-02-04 15:49 111616 ----a-w- c:\windows\system32\5WLy1k.com__
2012-02-04 03:49 . 2012-02-04 03:49 -------- d-----w- c:\program files\Microsoft WSE
2012-02-04 03:38 . 2012-02-04 03:38 -------- d-----w- c:\program files\Electronic Arts
2012-01-31 21:56 . 2012-02-01 15:30 -------- d-----w- c:\users\Parand\AppData\Roaming\foobar2000
2012-01-31 21:55 . 2012-01-31 21:55 -------- d-----w- c:\program files\Winamp
2012-01-31 21:51 . 2012-01-31 21:51 -------- d-----w- c:\program files\foobar2000
2012-01-31 19:43 . 2012-02-04 04:01 -------- d-----w- c:\users\Parand\AppData\Roaming\Ubemez
2012-01-31 19:43 . 2012-02-04 03:42 -------- d-----w- c:\users\Parand\AppData\Roaming\Ybozi
2012-01-28 02:52 . 2007-03-04 12:55 1936528 ----a-w- c:\windows\system32\ltmm15.dll
2012-01-28 02:52 . 2007-03-04 12:55 135168 ----a-w- c:\windows\system32\DSKernel2.dll
2012-01-28 02:16 . 2012-02-01 19:15 -------- d-----w- c:\users\Parand\AppData\Local\Jaksta_Technologies_Pty_L
2012-01-28 02:14 . 2012-01-28 02:14 -------- d-----w- c:\program files\Applian Technologies
2012-01-28 02:14 . 2012-01-28 02:14 -------- d-----w- c:\programdata\Applian
2012-01-26 02:47 . 2012-01-26 02:47 -------- d-----w- c:\program files\EA GAMES
2012-01-26 02:47 . 2012-01-26 02:47 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2012-01-26 02:47 . 2004-10-22 02:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2012-01-26 02:47 . 2004-10-22 02:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2012-01-26 02:47 . 2004-10-22 02:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2012-01-26 02:47 . 2004-10-22 02:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2012-01-26 02:47 . 2004-10-22 02:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2012-01-26 02:47 . 2012-01-26 02:47 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2012-01-26 00:14 . 2012-01-26 00:15 -------- d-----w- c:\programdata\Ralink
2012-01-13 05:34 . 2012-01-13 05:34 -------- d-----w- C:\codec-info
2012-01-13 05:33 . 2012-01-13 05:33 -------- d-----w- c:\programdata\Premium
2012-01-13 05:33 . 2012-01-13 05:34 -------- d-----w- c:\programdata\InstallMate
2012-01-12 23:40 . 1997-04-08 20:08 299520 ----a-w- c:\windows\uninst.exe
2012-01-12 23:39 . 2012-01-12 23:39 -------- d-----w- c:\program files\Square Soft, Inc
2012-01-09 17:47 . 2012-01-09 17:47 -------- d-----w- c:\users\Parand\AppData\Local\Lucasarts
2012-01-09 17:38 . 2012-01-09 17:38 -------- d-----w- c:\users\Parand\AppData\Roaming\dll-files.com
2012-01-09 17:38 . 2012-01-09 17:38 -------- d-----w- c:\program files\Dll-Files.com Fixer
2012-01-09 17:38 . 2011-09-27 03:39 286208 ----a-w- c:\windows\system32\binkw32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-03 01:22 . 2012-01-03 01:22 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-12-10 15:24 . 2012-01-08 03:07 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-13 03:35 . 2011-11-13 00:46 83872 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-11-13 03:35 . 2011-11-13 00:46 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-01-07 17:58 . 2011-04-26 15:21 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2007-03-09 08:12 27648 --sha-w- c:\windows\System32\AVSredirect.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-02 1987976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe" [2011-06-12 235168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2011-05-23 47968]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [2011-11-23 2391832]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2012-02-02 1373576]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-01 c:\windows\Tasks\DLL-files.com Fixer_UPDATES.job
- c:\program files\Dll-Files.com Fixer\DLLFixer.exe [2012-01-09 17:48]
.
2012-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2392525166-896632410-2993892592-1000Core.job
- c:\users\Parand\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-24 10:40]
.
2012-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2392525166-896632410-2993892592-1000UA.job
- c:\users\Parand\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-24 10:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Parand\AppData\Roaming\Mozilla\Firefox\Profiles\l5vrrg5p.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2392525166-896632410-2993892592-1000\Software\id\Doom95\Config\ø*! *]
"mouse_sensitivity"=dword:00000005
"sfx_volume"=dword:00000008
"music_volume"=dword:00000008
"show_messages"=dword:00000001
"key_right"=dword:0000004d
"key_left"=dword:0000004b
"key_up"=dword:00000048
"key_down"=dword:00000050
"key_strafeleft"=dword:00000033
"key_straferight"=dword:00000034
"key_fire"=dword:0000001d
"key_use"=dword:00000039
"key_strafe"=dword:00000038
"key_speed"=dword:00000036
"use_mouse"=dword:00000000
"full_screen"=dword:00000000
"full_keyboard"=dword:00000000
"mouseb_fire"=dword:00000000
"mouseb_strafe"=dword:00000001
"mouseb_forward"=dword:00000002
"use_joystick"=dword:00000000
"joyb_fire"=dword:00000000
"joyb_strafe"=dword:00000001
"joyb_use"=dword:00000003
"joyb_speed"=dword:00000002
"joy_id"=dword:00000000
"joy_axis_map"="yx "
"joy_feedback_DLL"=""
"joy_move_threshold"=dword:00000800
"joy_move_sensitivity"=dword:00000250
"joy_turn_threshold"=dword:00001000
"joy_turn_sensitivity"=dword:00000020
"joyb_fist_saw"=dword:ffffffff
"joyb_pistol"=dword:ffffffff
"joyb_shotgun"=dword:ffffffff
"joyb_chaingun"=dword:ffffffff
"joyb_missile"=dword:ffffffff
"joyb_plasma"=dword:ffffffff
"joyb_bfg"=dword:ffffffff
"joyb_inc"=dword:ffffffff
"joyb_dec"=dword:ffffffff
"screenblocks"=dword:00000009
"detaillevel"=dword:00000000
"snd_channels"=dword:00000003
"usegamma"=dword:00000000
"chatmacro0"="No"
"chatmacro1"="I'm ready to kick butt!"
"chatmacro2"="I'm OK."
"chatmacro3"="I'm not looking too good!"
"chatmacro4"="Help!"
"chatmacro5"="You suck!"
"chatmacro6"="Next time, scumbag..."
"chatmacro7"="Come here!"
"chatmacro8"="I'll take care of it."
"chatmacro9"="Yes"
.
[HKEY_USERS\S-1-5-21-2392525166-896632410-2993892592-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-02-07 20:45:56 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-07 20:45
ComboFix2.txt 2012-02-07 18:42
ComboFix3.txt 2012-02-07 05:40
.
Pre-Run: 16,010,203,136 bytes free
Post-Run: 15,921,217,536 bytes free
.
- - End Of File - - D624129B7C83574090AE0E3234125DC0

 

[Broni]

Is your internet connection back?

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\windows\system32\5WLy1k.com__

ClearJavaCache::

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[psav]

Yes it is, thanks. I will perform that task now. Night shift coming up so wont be on till morning to post results, thank you so much for all the help.

 

[Broni]

Good ....

 

[psav]

ComboFix 12-02-07.01 - Parand 10/02/2012 0:42.4.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.2046.1494 [GMT 0:00]
Running from: c:\users\Parand\Desktop\ComboFix.exe
Command switches used :: c:\users\Parand\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\system32\5WLy1k.com__"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\5WLy1k.com__
.
.
((((((((((((((((((((((((( Files Created from 2012-01-10 to 2012-02-10 )))))))))))))))))))))))))))))))
.
.
2012-02-10 00:52 . 2012-02-10 00:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-09 22:08 . 2012-02-09 22:08 -------- d-----w- c:\users\Parand\AppData\Local\Two Tribes
2012-02-07 20:39 . 2012-02-10 00:52 -------- d-----w- c:\users\Parand\AppData\Local\temp
2012-02-07 20:39 . 2009-07-13 23:12 74240 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-02-07 20:21 . 2009-07-13 23:53 104448 ----a-w- c:\windows\system32\drivers\pacer.sys
2012-02-07 18:31 . 2009-07-13 23:11 108544 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-02-07 18:21 . 2004-08-04 05:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-07 15:42 . 2012-02-07 17:43 -------- d-----w- c:\windows\system32\drivers\AVG
2012-02-07 15:41 . 2012-02-07 15:41 -------- d-----w- c:\program files\AVG
2012-02-07 05:12 . 2009-07-13 23:53 45568 ----a-w- c:\windows\system32\drivers\ndisuio.sys
2012-02-06 16:24 . 2009-03-18 16:35 26176 ---ha-w- c:\windows\system32\hamachi.sys
2012-02-06 16:24 . 2012-02-06 16:24 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-02-06 16:07 . 2012-02-06 16:07 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-06 05:07 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
2012-02-06 05:07 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2012-02-06 05:05 . 2010-12-18 05:29 541184 ----a-w- c:\windows\system32\kerberos.dll
2012-02-06 05:00 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\system32\quartz.dll
2012-02-06 04:59 . 2011-11-17 05:39 99840 ----a-w- c:\windows\system32\sspicli.dll
2012-02-06 04:51 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2012-02-06 04:36 . 2012-02-06 04:36 -------- d-----w- c:\program files\Common Files\Java
2012-02-06 04:35 . 2012-02-06 04:35 -------- d-----w- c:\program files\Oracle
2012-02-06 04:34 . 2011-11-08 19:56 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-02-06 04:21 . 2012-02-06 04:21 388096 ----a-r- c:\users\Parand\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-06 04:21 . 2012-02-06 04:21 -------- d-----w- c:\program files\Trend Micro
2012-02-06 03:11 . 2012-02-06 03:11 -------- d-----w- c:\users\Parand\AppData\Roaming\f-secure
2012-02-06 03:11 . 2012-02-06 03:11 -------- d-----w- c:\programdata\F-Secure
2012-02-05 16:40 . 2012-02-07 18:20 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-04 03:49 . 2012-02-04 03:49 -------- d-----w- c:\program files\Microsoft WSE
2012-02-04 03:38 . 2012-02-04 03:38 -------- d-----w- c:\program files\Electronic Arts
2012-01-31 21:56 . 2012-02-01 15:30 -------- d-----w- c:\users\Parand\AppData\Roaming\foobar2000
2012-01-31 21:55 . 2012-01-31 21:55 -------- d-----w- c:\program files\Winamp
2012-01-31 21:51 . 2012-01-31 21:51 -------- d-----w- c:\program files\foobar2000
2012-01-31 19:43 . 2012-02-04 04:01 -------- d-----w- c:\users\Parand\AppData\Roaming\Ubemez
2012-01-31 19:43 . 2012-02-04 03:42 -------- d-----w- c:\users\Parand\AppData\Roaming\Ybozi
2012-01-28 02:52 . 2007-03-04 12:55 1936528 ----a-w- c:\windows\system32\ltmm15.dll
2012-01-28 02:52 . 2007-03-04 12:55 135168 ----a-w- c:\windows\system32\DSKernel2.dll
2012-01-28 02:16 . 2012-02-01 19:15 -------- d-----w- c:\users\Parand\AppData\Local\Jaksta_Technologies_Pty_L
2012-01-28 02:14 . 2012-01-28 02:14 -------- d-----w- c:\program files\Applian Technologies
2012-01-28 02:14 . 2012-01-28 02:14 -------- d-----w- c:\programdata\Applian
2012-01-26 02:47 . 2012-01-26 02:47 -------- d-----w- c:\program files\EA GAMES
2012-01-26 02:47 . 2012-01-26 02:47 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2012-01-26 02:47 . 2004-10-22 02:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2012-01-26 02:47 . 2004-10-22 02:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2012-01-26 02:47 . 2004-10-22 02:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2012-01-26 02:47 . 2004-10-22 02:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2012-01-26 02:47 . 2004-10-22 02:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2012-01-26 02:47 . 2012-01-26 02:47 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2012-01-26 00:14 . 2012-01-26 00:15 -------- d-----w- c:\programdata\Ralink
2012-01-13 05:34 . 2012-01-13 05:34 -------- d-----w- C:\codec-info
2012-01-13 05:33 . 2012-01-13 05:33 -------- d-----w- c:\programdata\Premium
2012-01-13 05:33 . 2012-01-13 05:34 -------- d-----w- c:\programdata\InstallMate
2012-01-12 23:40 . 1997-04-08 20:08 299520 ----a-w- c:\windows\uninst.exe
2012-01-12 23:39 . 2012-01-12 23:39 -------- d-----w- c:\program files\Square Soft, Inc
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-03 01:22 . 2012-01-03 01:22 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-12-10 15:24 . 2012-01-08 03:07 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-13 03:35 . 2011-11-13 00:46 83872 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-11-13 03:35 . 2011-11-13 00:46 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-01-07 17:58 . 2011-04-26 15:21 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2007-03-09 08:12 27648 --sha-w- c:\windows\System32\AVSredirect.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-02 1987976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe" [2011-06-12 235168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2011-05-23 47968]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [2011-11-23 2391832]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2012-02-02 1373576]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-08 c:\windows\Tasks\DLL-files.com Fixer_UPDATES.job
- c:\program files\Dll-Files.com Fixer\DLLFixer.exe [2012-01-09 17:48]
.
2012-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2392525166-896632410-2993892592-1000Core.job
- c:\users\Parand\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-24 10:40]
.
2012-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2392525166-896632410-2993892592-1000UA.job
- c:\users\Parand\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-24 10:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Parand\AppData\Roaming\Mozilla\Firefox\Profiles\l5vrrg5p.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2392525166-896632410-2993892592-1000\Software\id\Doom95\Config\ø*! *]
"mouse_sensitivity"=dword:00000005
"sfx_volume"=dword:00000008
"music_volume"=dword:00000008
"show_messages"=dword:00000001
"key_right"=dword:0000004d
"key_left"=dword:0000004b
"key_up"=dword:00000048
"key_down"=dword:00000050
"key_strafeleft"=dword:00000033
"key_straferight"=dword:00000034
"key_fire"=dword:0000001d
"key_use"=dword:00000039
"key_strafe"=dword:00000038
"key_speed"=dword:00000036
"use_mouse"=dword:00000000
"full_screen"=dword:00000000
"full_keyboard"=dword:00000000
"mouseb_fire"=dword:00000000
"mouseb_strafe"=dword:00000001
"mouseb_forward"=dword:00000002
"use_joystick"=dword:00000000
"joyb_fire"=dword:00000000
"joyb_strafe"=dword:00000001
"joyb_use"=dword:00000003
"joyb_speed"=dword:00000002
"joy_id"=dword:00000000
"joy_axis_map"="yx "
"joy_feedback_DLL"=""
"joy_move_threshold"=dword:00000800
"joy_move_sensitivity"=dword:00000250
"joy_turn_threshold"=dword:00001000
"joy_turn_sensitivity"=dword:00000020
"joyb_fist_saw"=dword:ffffffff
"joyb_pistol"=dword:ffffffff
"joyb_shotgun"=dword:ffffffff
"joyb_chaingun"=dword:ffffffff
"joyb_missile"=dword:ffffffff
"joyb_plasma"=dword:ffffffff
"joyb_bfg"=dword:ffffffff
"joyb_inc"=dword:ffffffff
"joyb_dec"=dword:ffffffff
"screenblocks"=dword:00000009
"detaillevel"=dword:00000000
"snd_channels"=dword:00000003
"usegamma"=dword:00000000
"chatmacro0"="No"
"chatmacro1"="I'm ready to kick butt!"
"chatmacro2"="I'm OK."
"chatmacro3"="I'm not looking too good!"
"chatmacro4"="Help!"
"chatmacro5"="You suck!"
"chatmacro6"="Next time, scumbag..."
"chatmacro7"="Come here!"
"chatmacro8"="I'll take care of it."
"chatmacro9"="Yes"
.
[HKEY_USERS\S-1-5-21-2392525166-896632410-2993892592-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-10 00:54:26
ComboFix-quarantined-files.txt 2012-02-10 00:54
ComboFix2.txt 2012-02-07 20:45
ComboFix3.txt 2012-02-07 18:42
ComboFix4.txt 2012-02-07 05:40
.
Pre-Run: 10,326,323,200 bytes free
Post-Run: 10,142,253,056 bytes free
.
- - End Of File - - 2470E929F9074A13066CCBD0164619B2

 

[Broni]

Good

How is computer doing?

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[psav]

The adverts have stopped playing, it seems to be doing better!

OTL logfile created on: 10/02/2012 16:34:14 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Parand\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 67.22% Memory free
4.00 Gb Paging File | 3.16 Gb Available in Paging File | 78.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 108.56 Gb Total Space | 7.82 Gb Free Space | 7.21% Space Free | Partition Type: NTFS
Drive D: | 37.24 Gb Total Space | 13.09 Gb Free Space | 35.15% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 11.45 Gb Free Space | 2.46% Space Free | Partition Type: NTFS

Computer Name: PARAND-PC | User Name: Parand | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/10 02:39:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Parand\Desktop\OTL.exe
PRC - [2012/02/02 13:22:42 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/02/02 13:22:40 | 001,373,576 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/11/23 02:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgfws.exe
PRC - [2011/10/09 11:54:58 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011/07/16 04:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/06 19:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/15 17:59:32 | 000,312,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010/08/29 20:05:59 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 01:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 01:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/07 04:54:12 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2012/02/07 04:53:48 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\442eed762e21796e8e497fcd14f1295a\System.Runtime.Remoting.ni.dll
MOD - [2012/02/07 04:53:20 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2012/02/07 04:53:01 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2012/02/07 04:52:39 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/06 11:34:11 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2011/05/06 11:34:11 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2011/05/06 11:34:07 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3693.42531__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2011/05/06 11:34:07 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2011/05/06 11:34:06 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3693.42530__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2011/05/06 11:34:06 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2011/03/02 19:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/02/02 13:22:40 | 001,373,576 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/10 21:12:33 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/11/23 02:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2011/06/06 19:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 01:14:41 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Stopped] -- C:\Windows\System32\DVDVRRdr_xp.dll -- (ccevtmgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/13 03:35:13 | 000,083,872 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011/11/13 03:35:13 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011/05/23 01:03:28 | 000,047,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2010/02/11 07:42:22 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/14 01:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 01:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 01:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 23:54:27 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndproxy.svs -- (NDProxy)
DRV - [2009/07/13 23:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 23:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 23:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 23:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 22:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009/07/13 22:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009/07/13 22:02:49 | 000,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2392525166-896632410-2993892592-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2392525166-896632410-2993892592-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2392525166-896632410-2993892592-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Parand\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Parand\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Parand\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/22 18:28:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/22 18:28:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/07 17:58:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/06 04:34:29 | 000,000,000 | ---D | M]

[2011/04/26 15:22:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Parand\AppData\Roaming\Mozilla\Extensions
[2012/01/13 06:45:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Parand\AppData\Roaming\Mozilla\Firefox\Profiles\l5vrrg5p.default\extensions
[2011/09/27 14:23:44 | 000,002,571 | ---- | M] () -- C:\Users\Parand\AppData\Roaming\Mozilla\Firefox\Profiles\l5vrrg5p.default\searchplugins\askcom.xml
[2011/07/11 18:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Parand\AppData\Roaming\Mozilla\Firefox\Profiles\l5vrrg5p.default\searchplugins\startsear.xml
[2011/06/05 00:40:57 | 000,004,140 | ---- | M] () -- C:\Users\Parand\AppData\Roaming\Mozilla\Firefox\Profiles\l5vrrg5p.default\searchplugins\youtube.xml
[2012/01/07 17:58:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/12 07:56:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/01/07 17:58:24 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/04 08:31:38 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/10/04 08:31:38 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/04 08:31:38 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/10/04 08:31:38 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/10/04 08:31:38 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Web Search (Enabled)
CHR - default_search_provider: search_url = http://startsear.ch/?aff=1&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Parand\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Parand\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Parand\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Parand\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Parand\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\plugins/avgnpss.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Parand\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Parand\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\Parand\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: DivX HiQ = C:\Users\Parand\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: AVG Safe Search = C:\Users\Parand\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - Extension: Skype Click to Call = C:\Users\Parand\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Parand\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
CHR - Extension: Gmail = C:\Users\Parand\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/10 00:52:11 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-2392525166-896632410-2993892592-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-2392525166-896632410-2993892592-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2392525166-896632410-2993892592-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2392525166-896632410-2993892592-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2392525166-896632410-2993892592-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.1)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{823C5755-3475-4B56-BA5D-97D6F90E72E1}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AB5AEFD-0AD0-44E3-8E09-86D4C1E2CFFB}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.iac2 - C:\PROGRA~1\REPLAY~1\iac25_32.ax File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/10 02:39:43 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Parand\Desktop\OTL.exe
[2012/02/10 01:11:03 | 000,000,000 | ---D | C] -- C:\Users\Parand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Super Meat Boy
[2012/02/10 01:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\Super Meat Boy
[2012/02/10 00:54:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/09 22:08:38 | 000,000,000 | ---D | C] -- C:\Users\Parand\AppData\Local\Two Tribes
[2012/02/09 22:07:19 | 000,000,000 | ---D | C] -- C:\Users\Parand\Desktop\EDGE
[2012/02/07 20:39:21 | 000,000,000 | ---D | C] -- C:\Users\Parand\AppData\Local\temp
[2012/02/07 20:10:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/07 17:57:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/07 17:57:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/07 17:56:51 | 004,398,288 | R--- | C] (Swearware) -- C:\Users\Parand\Desktop\ComboFix.exe
[2012/02/07 15:42:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2012/02/07 15:41:30 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/02/07 04:54:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/06 20:09:59 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\Parand\Desktop\boot_cleaner.exe
[2012/02/06 17:05:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/06 16:27:13 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Parand\Desktop\aswMBR.exe
[2012/02/06 16:24:18 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\System32\hamachi.sys
[2012/02/06 16:24:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/02/06 16:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2012/02/06 16:07:19 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/06 04:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/02/06 04:35:32 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/02/06 04:21:58 | 000,000,000 | ---D | C] -- C:\Users\Parand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/02/06 04:21:57 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/02/06 03:11:53 | 000,000,000 | ---D | C] -- C:\Users\Parand\AppData\Roaming\f-secure
[2012/02/06 03:11:09 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2012/02/04 03:50:55 | 000,000,000 | ---D | C] -- C:\Users\Parand\Documents\Electronic Arts
[2012/02/04 03:49:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2012/02/04 03:38:45 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2012/02/01 09:10:08 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/01/31 21:56:29 | 000,000,000 | ---D | C] -- C:\Users\Parand\AppData\Roaming\foobar2000
[2012/01/31 21:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2012/01/31 21:51:27 | 000,000,000 | ---D | C] -- C:\Program Files\foobar2000
[2012/01/31 19:43:05 | 000,000,000 | ---D | C] -- C:\Users\Parand\AppData\Roaming\Ybozi
[2012/01/31 19:43:05 | 000,000,000 | ---D | C] -- C:\Users\Parand\AppData\Roaming\Ubemez
[2012/01/28 02:51:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Replay Converter
[2012/01/28 02:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Replay AV 8
[2012/01/28 02:16:34 | 000,000,000 | ---D | C] -- C:\Users\Parand\Documents\My Streaming Media
[2012/01/28 02:16:31 | 000,000,000 | ---D | C] -- C:\Users\Parand\AppData\Local\Jaksta_Technologies_Pty_L
[2012/01/28 02:14:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Applian Technologies
[2012/01/28 02:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\Applian Technologies
[2012/01/28 02:14:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Applian
[2012/01/27 19:20:33 | 000,000,000 | ---D | C] -- C:\Users\Parand\Desktop\p
[2012/01/26 03:05:04 | 000,000,000 | ---D | C] -- C:\Users\Parand\Documents\Battlefield 2 Demo
[2012/01/26 02:49:14 | 000,000,000 | ---D | C] -- C:\Users\Parand\Documents\Battlefield 2
[2012/01/26 02:47:56 | 000,000,000 | ---D | C] -- C:\Program Files\EA GAMES
[2012/01/26 00:14:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink
[2012/01/16 20:14:25 | 000,000,000 | ---D | C] -- C:\Users\Parand\Desktop\etc
[2012/01/13 05:34:02 | 000,000,000 | ---D | C] -- C:\codec-info
[2012/01/13 05:33:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012/01/13 05:33:32 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/01/13 01:00:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Fantasy VII
[2012/01/12 23:40:58 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\Windows\uninst.exe
[2012/01/12 23:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\Square Soft, Inc
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/10 16:09:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2392525166-896632410-2993892592-1000UA.job
[2012/02/10 15:50:17 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/10 15:50:17 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/10 15:25:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/10 02:39:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Parand\Desktop\OTL.exe
[2012/02/10 01:11:03 | 000,001,027 | ---- | M] () -- C:\Users\Parand\Desktop\Super Meat Boy.lnk
[2012/02/10 00:52:11 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/02/09 20:09:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2392525166-896632410-2993892592-1000Core.job
[2012/02/08 21:50:15 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\DLL-files.com Fixer_UPDATES.job
[2012/02/08 07:51:44 | 000,672,432 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/08 07:51:44 | 000,128,426 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/07 20:40:09 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/07 18:20:41 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/02/07 17:57:12 | 004,398,288 | R--- | M] (Swearware) -- C:\Users\Parand\Desktop\ComboFix.exe
[2012/02/07 15:57:58 | 000,621,525 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2012/02/07 06:07:07 | 000,000,214 | ---- | M] () -- C:\Users\Parand\Desktop\Champions Online Free For All.url
[2012/02/07 04:50:09 | 003,651,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/06 20:09:06 | 000,000,512 | ---- | M] () -- C:\Users\Parand\Desktop\MBR.dat
[2012/02/06 17:57:38 | 000,302,592 | ---- | M] () -- C:\Users\Parand\Desktop\t59lf331.exe
[2012/02/06 16:35:37 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Parand\Desktop\aswMBR.exe
[2012/02/06 05:40:05 | 000,000,213 | ---- | M] () -- C:\Users\Parand\Desktop\Team Fortress 2.url
[2012/02/06 04:39:10 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/06 04:21:58 | 000,002,969 | ---- | M] () -- C:\Users\Parand\Desktop\HiJackThis.lnk
[2012/02/06 02:24:10 | 735,666,176 | ---- | M] () -- C:\Users\Parand\Desktop\Grindhouse-Planet.Terror[2007][Unrated.Edition]DvDrip[Eng]-aXXo.avi
[2012/02/04 22:39:13 | 000,000,001 | ---- | M] () -- C:\ProgramData\Yru3u7jf.exe_.b
[2012/02/04 22:39:13 | 000,000,001 | ---- | M] () -- C:\ProgramData\Yru3u7jf.exe.b
[2012/02/04 15:49:04 | 000,000,112 | ---- | M] () -- C:\ProgramData\H1flDSmt8.dat
[2012/02/04 03:56:43 | 000,001,808 | ---- | M] () -- C:\Users\Parand\Desktop\TS3 - Shortcut.lnk
[2012/01/31 21:51:30 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\foobar2000.lnk
[2012/01/26 02:50:32 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 2 Demo.lnk
[2012/01/14 05:56:31 | 000,065,764 | ---- | M] () -- C:\sky_b.tex
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/10 01:11:03 | 000,001,027 | ---- | C] () -- C:\Users\Parand\Desktop\Super Meat Boy.lnk
[2012/02/07 17:57:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/07 17:57:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/07 17:57:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/07 17:57:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/07 17:57:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/07 15:57:58 | 000,621,525 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2012/02/07 06:07:07 | 000,000,214 | ---- | C] () -- C:\Users\Parand\Desktop\Champions Online Free For All.url
[2012/02/07 03:42:42 | 735,666,176 | ---- | C] () -- C:\Users\Parand\Desktop\Grindhouse-Planet.Terror[2007][Unrated.Edition]DvDrip[Eng]-aXXo.avi
[2012/02/06 17:57:06 | 000,302,592 | ---- | C] () -- C:\Users\Parand\Desktop\t59lf331.exe
[2012/02/06 16:53:23 | 000,000,512 | ---- | C] () -- C:\Users\Parand\Desktop\MBR.dat
[2012/02/06 05:40:05 | 000,000,213 | ---- | C] () -- C:\Users\Parand\Desktop\Team Fortress 2.url
[2012/02/06 04:39:10 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/06 04:21:58 | 000,002,969 | ---- | C] () -- C:\Users\Parand\Desktop\HiJackThis.lnk
[2012/02/05 16:40:16 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/02/04 22:39:13 | 000,000,001 | ---- | C] () -- C:\ProgramData\Yru3u7jf.exe_.b
[2012/02/04 22:39:13 | 000,000,001 | ---- | C] () -- C:\ProgramData\Yru3u7jf.exe.b
[2012/02/04 15:25:33 | 000,000,112 | ---- | C] () -- C:\ProgramData\H1flDSmt8.dat
[2012/02/04 03:56:43 | 000,001,808 | ---- | C] () -- C:\Users\Parand\Desktop\TS3 - Shortcut.lnk
[2012/01/31 21:51:30 | 000,001,071 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
[2012/01/31 21:51:30 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\foobar2000.lnk
[2012/01/28 02:52:12 | 001,936,528 | ---- | C] () -- C:\Windows\System32\ltmm15.dll
[2012/01/26 02:50:32 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 2 Demo.lnk
[2012/01/13 03:28:24 | 000,065,764 | ---- | C] () -- C:\sky_b.tex
[2012/01/13 01:00:32 | 000,000,797 | ---- | C] () -- C:\Windows\System32\d3d.reg
[2012/01/09 17:38:39 | 000,286,208 | ---- | C] () -- C:\Windows\System32\binkw32.dll
[2012/01/08 02:34:41 | 000,002,248 | -HS- | C] () -- C:\Users\Parand\AppData\Local\q216250v1johetjx4vba880m
[2012/01/08 02:34:41 | 000,002,248 | -HS- | C] () -- C:\ProgramData\q216250v1johetjx4vba880m
[2011/12/23 02:01:29 | 000,109,056 | ---- | C] () -- C:\Windows\System32\un-gamma.exe
[2011/11/13 00:46:36 | 000,083,872 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011/11/13 00:46:35 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011/05/10 20:11:55 | 000,000,094 | ---- | C] () -- C:\Users\Parand\AppData\Local\fusioncache.dat
[2011/04/26 13:06:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/04/10 21:24:34 | 000,000,120 | ---- | C] () -- C:\Users\Parand\AppData\Roaming\5775fd5b.dat
[2010/08/29 20:15:21 | 000,000,792 | ---- | C] () -- C:\Windows\System32\RTSLCS.dll
[2010/02/11 05:30:38 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/07/14 04:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:33:53 | 003,651,240 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 02:05:48 | 000,672,432 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 02:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 02:05:48 | 000,128,426 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 02:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 02:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 02:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 00:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 23:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 23:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 23:41:47 | 000,001,536 | ---- | C] () -- C:\Windows\System32\winver.exe
[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/04/23 22:29:16 | 000,189,051 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/03/09 08:12:32 | 000,027,648 | -HS- | C] () -- C:\Windows\System32\AVSredirect.dll
[2007/03/06 10:14:48 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[1997/11/17 17:13:16 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll

========== LOP Check ==========

[2012/01/08 17:48:29 | 000,000,000 | ---D | M] -- C:\Users\Parand\AppData\Roaming\.minecraft
[2012/02/10 15:33:05 | 000,000,000 | ---D | M] -- C:\Users\Parand\AppData\Roaming\BitTorrent
[2011/11/06 21:26:00 | 000,000,000 | ---D | M] -- C:\Users\Parand\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/11/04 17:43:36 | 000,000,000 | ---D | M] -- C:\Users\Parand\AppData\Roaming\com.adobe.dmp.contentviewer
[2011/07/25 03:30:44 | 000,000,000 | ---D | M] -- C:\Users\Parand\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/04/28 04:53:58 | 000,000,000 | ---D | M] -- C:\Users\Parand\AppData\Roaming\DAEMON Tools Lite
[2012/01/09 17:38:50 | 000,000,000 | ---D | M] -- C:\Users\Parand\AppData\Roaming\dll-files.com
[2011/12/17 05:26:57 | 000,000,000 | ---D | M] -- C:\Users\Parand\AppData\Roaming\DVDVideoSoft
[2012/02/06 03:11:53 | 000,000,000 | ---D | M] -- C:\Users\Parand\AppData\Roaming\f-secure
[2012/02/01 15:30:42 | 000,000,000 | ---D | M] -- C:\Users\Parand\AppData\Roaming\foobar2000
[2011/06/10 20:00:07 | 000,000,000 | ---D | M] -- C:\Users\Parand\AppData\Roaming\Juce VST Host
[2011/09/27 14:50:33 | 000,000,000 | ---D | M] -- C:\Users\Parand\AppData\Roaming\MotionDSP
[2011/12/23 02:45:13 | 000,000,000 | ---D | M] -- C:\Users\Parand\AppData\Roaming\PacificPoker
[2011/12/21 04:54:28 | 000,000,000 | ---D | M] -- C:\Users\Parand\AppData\Roaming\Sports Interactive
[2012/02/09 14:17:05 | 000,000,000 | ---D | M] -- C:\Users\Parand\AppData\Roaming\Spotify
[2012/02/06 00:43:24 | 000,000,000 | ---D | M] -- C:\Users\Parand\AppData\Roaming\SWF.max
[2011/02/28 10:43:18 | 000,000,000 | ---D | M] -- C:\Users\Parand\AppData\Roaming\System
[2011/12/13 22:25:04 | 000,000,000 | ---D | M] -- C:\Users\Parand\AppData\Roaming\SystemRequirementsLab
[2012/01/05 02:42:59 | 000,000,000 | ---D | M] -- C:\Users\Parand\AppData\Roaming\The Creative Assembly
[2012/02/04 04:01:11 | 000,000,000 | ---D | M] -- C:\Users\Parand\AppData\Roaming\Ubemez
[2011/05/16 04:03:17 | 000,000,000 | -HSD | M] -- C:\Users\Parand\AppData\Roaming\wyUpdate AU
[2012/02/04 03:42:24 | 000,000,000 | ---D | M] -- C:\Users\Parand\AppData\Roaming\Ybozi
[2012/02/08 21:50:15 | 000,000,282 | ---- | M] () -- C:\Windows\Tasks\DLL-files.com Fixer_UPDATES.job
[2011/09/30 11:49:38 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/06/10 21:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/11/13 04:48:57 | 000,000,355 | RHS- | M] () -- C:\Boot.ini.saved
[2009/07/14 01:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2011/04/26 22:03:21 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/02/10 00:54:26 | 000,013,868 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 21:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007/11/07 15:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 15:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 15:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2009/08/02 08:59:51 | 000,171,136 | RHS- | M] () -- C:\grldr
[2012/02/07 20:40:09 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 15:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 15:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 15:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 15:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 15:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 15:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 15:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 15:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 15:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 15:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2011/04/12 00:33:06 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/04/12 00:33:06 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 05:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2012/02/07 20:40:09 | 2145,902,592 | -HS- | M] () -- C:\pagefile.sys
[2012/01/08 03:02:29 | 000,000,357 | ---- | M] () -- C:\rkill.log
[2012/01/14 05:56:31 | 000,065,764 | ---- | M] () -- C:\sky_b.tex
[2012/02/06 16:15:49 | 000,081,218 | ---- | M] () -- C:\TDSSKiller.2.7.9.0_06.02.2012_16.06.43_log.txt
[2007/11/07 15:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 15:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 15:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2009/07/14 04:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 04:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 04:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 04:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 21:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/06/12 13:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPD9A.DLL
[2008/06/12 13:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPP9A.DLL
[2009/07/14 01:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2009/07/14 01:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 04:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/04/26 21:14:27 | 000,000,221 | -HS- | M] () -- C:\Users\Parand\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/02/06 16:35:37 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Parand\Desktop\aswMBR.exe
[2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Parand\Desktop\boot_cleaner.exe
[2012/02/07 17:57:12 | 004,398,288 | R--- | M] (Swearware) -- C:\Users\Parand\Desktop\ComboFix.exe
[2011/09/23 19:09:23 | 000,270,142 | ---- | M] () -- C:\Users\Parand\Desktop\Minecraft.exe
[2012/02/10 02:39:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Parand\Desktop\OTL.exe
[2012/02/06 17:57:38 | 000,302,592 | ---- | M] () -- C:\Users\Parand\Desktop\t59lf331.exe