TechSpot

Can't remove win64/patched.a

Solved
By Dadajmond
Oct 28, 2012
  1. Hi!

    I'm a 26 year old girl who has become a victim to This horrible virus. I have tried restarting the computer in fail safe mode and scanning with spybot, spydoctor and avg. I succeeded in removing some trojans (also got à few called seherif gen and bio something) but when I restarted to normal mode My computer just bluescreened on me.... I saw à similar topic with someone who also had This virus win64/patched.a WHO got help from à dragonmaster Jay with getting some kind of fixlist...

    Can u help me too??? Need step by step instructions:( very grateful for your help.

    Thank you from Sweden.
     
  2. Dadajmond

    Dadajmond TS Rookie Topic Starter Posts: 38

    I restored the computer to the point before I deleted the malware in fail safe mode so now I can start the computer again normally but all the trojans and that win64-virus is still there :(
     
  3. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
     
  4. Dadajmond

    Dadajmond TS Rookie Topic Starter Posts: 38

    Thank you so much for your help! I downloaded Farbar and put it on a flash drive. However, I Can't hit the F8 key to get into advanced options...delete key gets me into the bios settings just fine, and f12 key gets me the boot priority list (harddrive cdrom etc). but when I push f8 NOTHING happens. I get to a black screen right after "loading operating system" and a blinking mark such as when you're trying to write something in a word document...I havent waited more than five minutes tho, but I suspect it should work faster than that anyways??? nothing happens so I reboot with the button on the computer. is there another way to do this or is F8 the only way to go???

    Grateful for further help.
     
  5. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Is this Windows 7?
     
  6. Dadajmond

    Dadajmond TS Rookie Topic Starter Posts: 38

    Yes that is correct. Windows7 professional
     
  7. Broni

    Broni Malware Annihilator Posts: 46,868   +254

  8. Dadajmond

    Dadajmond TS Rookie Topic Starter Posts: 38

    Thank you I Will Try This. So I need à 64 gig dvd since I have the 64 bit version??? I apologize for the noob questions :p
     
  9. Dadajmond

    Dadajmond TS Rookie Topic Starter Posts: 38

    I saw now that the iso is 3 gig... Can I copy it to a flashdrive instead? I have one that holds 8 gigs... However I am unsure on how to boot with the flash drive because there are four different "usboptions" in the boot options..
     
  10. Dadajmond

    Dadajmond TS Rookie Topic Starter Posts: 38

    I also have 4,7 gigs dvds. should I burn to one of those? =) I understand that you are sleeping now or something, cause were in different time zones :p in sweden it's noon right now :D
     
  11. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Regular 4.7 DVD will be just fine.
     
     
  12. Dadajmond

    Dadajmond TS Rookie Topic Starter Posts: 38

    Okay thank you! I have burnt the iso onto a disc and I will now try to follow the steps provided. Will be updating with the progress in a few hours.
     
  13. Dadajmond

    Dadajmond TS Rookie Topic Starter Posts: 38

    Umm... Okay. I click repair computer but I cant choose operating system cause its not listed. Instead it tells me to insert the installation media for the device and click ok to select the driver. Which means I need to use My installation cd???? Or what?
     
  14. Dadajmond

    Dadajmond TS Rookie Topic Starter Posts: 38

    It also gives me an option to restore My computer using à system image that I created earlier.
     
  15. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Let me ask the tool maker for an advice.
     
  16. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Did you create Win 7 DVD as described in my link or you're using some of your own repair disk?
     
  17. Dadajmond

    Dadajmond TS Rookie Topic Starter Posts: 38

    I followed your instructions.
     
  18. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
     
  19. Dadajmond

    Dadajmond TS Rookie Topic Starter Posts: 38

    I Will do This and answer as fast as possible. Expect à few hours tho :) Thank you!
     
  20. Dadajmond

    Dadajmond TS Rookie Topic Starter Posts: 38

    So I finished the scans.

    Here are the results for the malwarebyte scan. I apologize that it is in swedish, hope you understand anyways???


    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Databasversion: v2012.10.29.12

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Kristina :: KRISTINA-PC [administratör]

    Skydd: Aktiverad

    2012-10-29 21:10:58
    mbam-log-2012-10-29 (21-10-58).txt

    Skanningstyp: Snabbskanning
    Aktiverade skanningsalternativ: Minne | Start | Register | Filsystem | Heuristik/Extra | Heuristik/Shuriken | PUP | PUM
    Inaktiverade skanningsalternativ: P2P
    Antal skannade objekt: 217495
    Förfluten tid: 3 minut(er), 19 sekund(er)

    Upptäckta minnesprocesser: 0
    (Inga skadliga poster hittades)

    Upptäckta minnesmoduler: 0
    (Inga skadliga poster hittades)

    Upptäckta registernycklar: 0
    (Inga skadliga poster hittades)

    Upptäckta registervärden: 0
    (Inga skadliga poster hittades)

    Upptäckta registerdataposter: 0
    (Inga skadliga poster hittades)

    Upptäckta mappar: 0
    (Inga skadliga poster hittades)

    Upptäckta filer: 3
    C:\Users\Kristina\Downloads\IZArcInstall.exe (PUP.BundleInstaller.BI) -> Sattes I karantän och togs bort.
    C:\Windows\Installer\{15265e7a-c324-1e76-a261-d8fd3cb2775c}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Sattes I karantän och togs bort.
    C:\Windows\Installer\{15265e7a-c324-1e76-a261-d8fd3cb2775c}\U\000000cb.@ (Rootkit.0Access) -> Sattes I karantän och togs bort.

    (klar)
     
  21. Dadajmond

    Dadajmond TS Rookie Topic Starter Posts: 38

    The GMER log turned up completely empty, the scan didn't find any modifications.
     
  22. Dadajmond

    Dadajmond TS Rookie Topic Starter Posts: 38

    And here are the results from the DDS scan:


    Attach log:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-10-19.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 2012-09-30 19:34:16
    System Uptime: 2012-10-29 21:17:20 (0 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | GA-890GPA-UD3H
    Processor: AMD Phenom(tm) II X6 1100T Processor | Socket M2 | 3300/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 466 GiB total, 377,9 GiB free.
    D: is CDROM (UDF)
    E: is FIXED (NTFS) - 1863 GiB total, 1060,982 GiB free.
    F: is CDROM ()
    G: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP33: 2012-10-21 19:28:04 - Windows Live Essentials
    RP34: 2012-10-21 19:29:07 - WLSetup
    RP35: 2012-10-23 11:34:51 - Installed BankID Security Application
    RP36: 2012-10-23 11:49:11 - Installerad Handelsbanken kortläsare
    RP37: 2012-10-26 20:17:18 - DirectX har installerats
    RP38: 2012-10-26 22:15:51 - Återställningsåtgärd
    RP39: 2012-10-29 13:15:21 - AVG PC TuneUp installerades
    RP40: 2012-10-29 14:36:13 - Installed Windows 7 USB/DVD Download Tool
    .
    ==== Installed Programs ======================
    .
    «King`s Bounty - Warriors of the North» 1.0
    7-Zip 9.20
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.4)
    AMD USB Filter Driver
    µTorrent
    AVG 2013
    AVG PC TuneUp
    AVG PC Tuneup 2011
    AVG PC TuneUp Language Pack (en-US)
    BankID säkerhetsprogram
    D3DX10
    DAEMON Tools Lite
    Deus Ex: Human Revolution
    Gigabyte Raid Configurer
    Google Chrome
    Google Update Helper
    Handelsbanken kortläsare
    IZArc 4.1.7
    jZip
    Malwarebytes Anti-Malware version 1.65.1.1000
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (Swedish) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel 2007 Help Uppdatering (KB963678)
    Microsoft Office Excel MUI (Swedish) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (Swedish) 2007
    Microsoft Office InfoPath MUI (Swedish) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (Swedish) 2007
    Microsoft Office Outlook MUI (Swedish) 2007
    Microsoft Office Powerpoint 2007 Help Uppdatering (KB963669)
    Microsoft Office PowerPoint MUI (Swedish) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (Finnish) 2007
    Microsoft Office Proof (German) 2007
    Microsoft Office Proof (Swedish) 2007
    Microsoft Office Proofing (Swedish) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (Swedish) 2007
    Microsoft Office Shared 64-bit MUI (Swedish) 2007
    Microsoft Office Shared MUI (Swedish) 2007
    Microsoft Office Word 2007 Help Uppdatering (KB963665)
    Microsoft Office Word MUI (Swedish) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mozilla Firefox 15.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT110
    MSVCRT110_amd64
    NEC Electronics USB 3.0 Host Controller Driver
    NETGEAR WNA1100 N150 Wireless USB Adapter
    NVIDIA-uppdatering 1.10.8
    NVIDIA 3D Vision drivrutin 306.23
    NVIDIA 3D Vision drivrutin för styrenhet 306.23
    NVIDIA Grafikdrivrutin 306.23
    NVIDIA HD audiodrivrutin 1.3.18.0
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update Components
    NVIDIAs kontrollpanel 306.23
    ON_OFF Charge B10.0427.1
    Photo Common
    Realtek Ethernet Controller Driver For Windows 7
    Realtek High Definition Audio Driver
    Secret Files 3 (c) Deep Silver version 1
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
    Steam
    Torchlight II (c) Runic Games version 1
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
    Windows 7 USB/DVD Download Tool
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Messenger
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    WinRAR 4.20 (64-bit)
    Visual Studio 2010 x64 Redistributables
    VLC media player 2.0.3
    .
    ==== End Of File ===========================
     
  23. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Go on...
     
  24. Dadajmond

    Dadajmond TS Rookie Topic Starter Posts: 38

    And the DDS log:

    DDS (Ver_2012-10-19.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16421
    Run by Kristina at 21:53:27 on 2012-10-29
    Microsoft Windows 7 Professional 6.1.7601.1.1252.46.1053.18.4094.2514 [GMT 1:00]
    .
    AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\SysWOW64\XSrvSetup.exe
    C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
    C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
    C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xportera till Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    LSP: mswsock.dll
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{5CD21730-B2CE-47A3-932F-02ADD69E4B05} : DHCPNameServer = 192.168.1.254
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
    SSODL: WebCheck - <orphaned>
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\kehqrjrq.default\
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-9-21 61792]
    R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
    R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2012-10-3 25056]
    R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2012-10-2 21544]
    R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2012-9-4 50296]
    R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-9-13 151904]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-10-29 30568]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-10-17 283200]
    R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\System32\drivers\jswpslwfx.sys [2012-10-3 26624]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
    R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2012-10-2 1314720]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-10-2 5783672]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-2 193568]
    R2 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe [2012-10-2 72304]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-10-3 1258856]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-8-30 382312]
    R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2012-8-23 2148216]
    R2 WSWNA1100;WSWNA1100;C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2012-10-3 297440]
    R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-10-29 711112]
    R3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2012-10-3 1924096]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-29 25928]
    R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2009-11-20 75776]
    R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2009-11-20 177152]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2012-10-3 189288]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-10-2 347680]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2012-7-4 11880]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-10-2 38456]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Tjänsten Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-21 116648]
    S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-29 399432]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-29 676936]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-9-30 250808]
    S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
    S3 gupdatem;Tjänsten Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-21 116648]
    S3 jswpsapi;JumpStart Wi-Fi Protected Setup;C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2012-10-3 960992]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-9-30 114144]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
    S3 Tdsshbecr;Handelsbanken card reader;C:\Windows\System32\drivers\shbecr.sys [2008-9-22 50176]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-2 59392]
    S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-1 1255736]
    .
    =============== Created Last 30 ================
    .
    2012-10-29 20:08:3125928----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-10-29 13:36:32119808----a-r-C:\Users\Kristina\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
    2012-10-29 13:36:32--------d-----w-C:\Users\Kristina\AppData\Local\Apps
    2012-10-29 12:16:1135192----a-w-C:\Windows\System32\TURegOpt.exe
    2012-10-29 12:16:1126488----a-w-C:\Windows\System32\authuitu.dll
    2012-10-29 12:16:1121880----a-w-C:\Windows\SysWow64\authuitu.dll
    2012-10-29 12:15:58--------d-----w-C:\Users\Kristina\AppData\Roaming\AVG
    2012-10-29 12:15:15--------d-----w-C:\ProgramData\AVG
    2012-10-29 12:15:10--------d-sh--w-C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
    2012-10-29 12:01:21--------d-----w-C:\Users\Kristina\AppData\Local\AVG Secure Search
    2012-10-29 12:01:19--------d-----w-C:\ProgramData\AVG Secure Search
    2012-10-29 12:01:1730568----a-w-C:\Windows\System32\drivers\avgtpx64.sys
    2012-10-29 12:01:16--------d-----w-C:\Program Files (x86)\Common Files\AVG Secure Search
    2012-10-29 12:01:15--------d-----w-C:\Program Files (x86)\AVG Secure Search
    2012-10-27 15:06:13--------d-----w-C:\Users\Kristina\AppData\Roaming\TestApp
    2012-10-27 15:04:42--------d-----w-C:\ProgramData\PC Tools
    2012-10-27 15:04:42--------d-----w-C:\Program Files (x86)\PC Tools Security
    2012-10-27 15:04:42--------d-----w-C:\Program Files (x86)\Common Files\PC Tools
    2012-10-27 10:13:29--------d-----w-C:\Windows\pss
    2012-10-26 21:28:55--------d-----w-C:\ProgramData\Spybot - Search & Destroy
    2012-10-26 21:28:55--------d-----w-C:\Program Files (x86)\Spybot - Search & Destroy
    2012-10-26 21:22:43--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-10-26 21:16:15--------d-----w-C:\Users\Kristina\AppData\Roaming\Malwarebytes
    2012-10-26 21:16:07--------d-----w-C:\ProgramData\Malwarebytes
    2012-10-26 20:53:40--------d-----w-C:\FRST
    2012-10-26 18:34:37--------d-----w-C:\Users\Kristina\AppData\Local\FLT
    2012-10-26 17:35:24--------d-----w-C:\Users\Kristina\AppData\Local\Programs
    2012-10-23 09:49:17--------d-----w-C:\Program Files (x86)\Handelsbanken kortläsare
    2012-10-23 09:35:25--------d-----w-C:\Users\Kristina\AppData\Roaming\Personal
    2012-10-23 09:35:21--------d-----w-C:\Program Files (x86)\Personal
    2012-10-21 17:55:06--------d-----w-C:\Users\Kristina\AppData\Local\Google
    2012-10-18 09:09:22--------d-----w-C:\Program Files (x86)\IZArc
    2012-10-18 09:06:22--------d-----w-C:\Users\Kristina\AppData\Local\jZip
    2012-10-18 09:06:13--------d-----w-C:\Program Files (x86)\jZip
    2012-10-18 08:24:19--------d-----w-C:\Users\Kristina\Tracing
    2012-10-17 20:39:34--------d-----w-C:\ProgramData\RELOADED
    2012-10-17 20:00:36283200----a-w-C:\Windows\System32\drivers\dtsoftbus01.sys
    2012-10-17 20:00:32--------d-----w-C:\Users\Kristina\AppData\Roaming\DAEMON Tools Lite
    2012-10-17 20:00:31--------d-----w-C:\Program Files (x86)\DAEMON Tools Lite
    2012-10-17 19:59:50--------d-----w-C:\ProgramData\DAEMON Tools Lite
    2012-10-13 11:31:58--------d-----w-C:\Users\Kristina\AppData\Local\Adobe
    2012-10-10 07:39:071464320----a-w-C:\Windows\System32\crypt32.dll
    2012-10-10 07:39:071159680----a-w-C:\Windows\SysWow64\crypt32.dll
    2012-10-10 07:39:06184320----a-w-C:\Windows\System32\cryptsvc.dll
    2012-10-10 07:39:06140288----a-w-C:\Windows\SysWow64\cryptsvc.dll
    2012-10-10 07:39:06140288----a-w-C:\Windows\System32\cryptnet.dll
    2012-10-10 07:39:06103936----a-w-C:\Windows\SysWow64\cryptnet.dll
    2012-10-10 07:37:55715776----a-w-C:\Windows\System32\kerberos.dll
    2012-10-10 07:37:55542208----a-w-C:\Windows\SysWow64\kerberos.dll
    2012-10-05 01:26:22111456----a-w-C:\Windows\System32\drivers\avgmfx64.sys
    2012-10-03 20:49:23--------d-----w-C:\Users\Kristina\AppData\Roaming\NVIDIA
    2012-10-03 20:48:24--------d-----w-C:\Users\Kristina\AppData\Roaming\Frogwares
    2012-10-03 18:42:49--------d-----w-C:\Windows\System32\appmgmt
    2012-10-03 18:41:03--------d-----w-C:\Program Files (x86)\Steam
    2012-10-03 18:29:1825056----a-w-C:\Windows\System32\drivers\SCMNdisP.sys
    2012-10-03 18:29:181924096----a-w-C:\Windows\System32\drivers\athurx.sys
    2012-10-03 18:29:1726624----a-w-C:\Windows\System32\drivers\jswpslwfx.sys
    2012-10-03 18:29:14--------d-----w-C:\Program Files (x86)\NETGEAR
    2012-10-03 18:18:52--------d-----w-C:\Users\Kristina\AppData\Local\Diagnostics
    2012-10-03 16:52:54--------d-----w-C:\Users\Kristina\AppData\Local\Microsoft Help
    2012-10-03 16:49:4884992----a-w-C:\Windows\System32\Spool\prtprocs\x64\CNBPP4.DLL
    2012-10-03 16:38:18891240----a-w-C:\Windows\System32\nvvsvc.exe
    2012-10-03 16:38:1863336----a-w-C:\Windows\System32\nvshext.dll
    2012-10-03 16:38:186198120----a-w-C:\Windows\System32\nvcpl.dll
    2012-10-03 16:38:183487434----a-w-C:\Windows\System32\nvcoproc.bin
    2012-10-03 16:38:183266920----a-w-C:\Windows\System32\nvsvc64.dll
    2012-10-03 16:38:182557800----a-w-C:\Windows\System32\nvsvcr.dll
    2012-10-03 16:38:17118120----a-w-C:\Windows\System32\nvmctray.dll
    2012-10-03 16:35:59--------d-----w-C:\NVIDIA
    2012-10-02 21:42:21--------d-----w-C:\Windows\SysWow64\XPSViewer
    2012-10-02 21:42:21--------d-----w-C:\Windows\SysWow64\wbem\sv-SE
    2012-10-02 21:42:21--------d-----w-C:\Windows\SysWow64\sv
    2012-10-02 21:42:21--------d-----w-C:\Windows\SysWow64\drivers\sv-SE
    2012-10-02 21:42:16--------d-----w-C:\Windows\System32\sv
    2012-10-02 21:42:16--------d-----w-C:\Windows\System32\drivers\UMDF\sv-SE
    2012-10-02 21:42:16--------d-----w-C:\Windows\System32\drivers\sv-SE
    2012-10-02 21:42:15--------d-----w-C:\Windows\System32\wbem\sv-SE
    2012-10-02 21:42:08--------d-----w-C:\Windows\sv-SE
    2012-10-02 21:04:00514560----a-w-C:\Windows\SysWow64\qdvd.dll
    2012-10-02 21:04:00366592----a-w-C:\Windows\System32\qdvd.dll
    2012-10-02 21:03:55245760----a-w-C:\Windows\System32\OxpsConverter.exe
    2012-10-02 21:03:54376688----a-w-C:\Windows\System32\drivers\netio.sys
    2012-10-02 21:03:54288624----a-w-C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-10-02 21:03:541913200----a-w-C:\Windows\System32\drivers\tcpip.sys
    2012-10-02 21:03:52950128----a-w-C:\Windows\System32\drivers\ndis.sys
    2012-10-02 21:03:5241472----a-w-C:\Windows\System32\drivers\RNDISMP.sys
    2012-10-02 20:56:4873728----a-w-C:\Windows\SysWow64\ISUSPM.cpl
    2012-10-02 20:56:4831272----a-w-C:\Windows\System32\AppleChargerSrv.exe
    2012-10-02 20:56:4821544----a-w-C:\Windows\System32\drivers\AppleCharger.sys
    2012-10-02 20:56:48--------d-----w-C:\Program Files\GIGABYTE
    2012-10-02 20:56:48--------d-----w-C:\Program Files (x86)\GIGABYTE
    2012-10-02 20:56:4781920----a-w-C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
    2012-10-02 20:56:47581632----a-w-C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe
    2012-10-02 20:56:47385024----a-w-C:\Program Files (x86)\Common Files\InstallShield\UpdateService\_ispmres.dll
    2012-10-02 20:56:47368640----a-w-C:\Program Files (x86)\Common Files\InstallShield\UpdateService\_isusres.dll
    2012-10-02 20:56:47278528----a-w-C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISDM.exe
    2012-10-02 20:56:47221184----a-w-C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
    2012-10-02 20:55:35--------d-----w-C:\Program Files (x86)\NEC Electronics
    2012-10-02 20:54:59--------d-----w-C:\Program Files\ATI
    2012-10-02 20:54:5038456----a-w-C:\Windows\System32\drivers\usbfilter.sys
    2012-10-02 20:54:49--------d-----w-C:\Program Files (x86)\AMD
    2012-10-02 20:54:1070200----a-w-C:\Windows\System32\drivers\amdsata.sys
    2012-10-02 20:54:1028728----a-w-C:\Windows\System32\drivers\amdxata.sys
    2012-10-02 20:54:031976944------r-C:\Windows\SysWow64\xRaidSetup.exe
    2012-10-02 20:54:03158320------r-C:\Windows\SysWow64\xRaidAPI.dll
    2012-10-02 20:54:0272304------r-C:\Windows\SysWow64\XSrvSetup.exe
    2012-10-02 20:53:59--------d-----w-C:\RaidTool
    2012-10-02 20:53:2316440----a-w-C:\Windows\System32\drivers\AtiPcie.sys
    2012-10-02 20:53:15115312----a-w-C:\Windows\System32\drivers\jraid.sys
    2012-10-02 20:53:13--------d-----w-C:\Windows\RaidTool
    2012-10-02 20:52:5463488----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
    2012-10-02 20:52:52184320----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
    2012-10-02 20:52:5169714----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
    2012-10-02 20:52:515632----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
    2012-10-02 20:52:51274432----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
    2012-10-02 20:52:50753664----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
    2012-10-02 20:52:48200836----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
    2012-10-02 20:52:47331908----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
    2012-10-02 20:52:11107552----a-w-C:\Windows\System32\RTNUninst64.dll
    2012-10-02 20:52:1074272----a-w-C:\Windows\System32\RtNicProp64.dll
    2012-10-02 20:52:10347680----a-w-C:\Windows\System32\drivers\Rt64win7.sys
    2012-10-02 20:27:59489744----a-w-C:\Windows\System32\DTSSymmetryDLL64.dll
    2012-10-02 20:03:02--------d-----w-C:\Users\Kristina\AppData\Local\Macromedia
    2012-10-02 20:01:12--------d-----w-C:\Users\Kristina\AppData\Local\Mozilla
    2012-10-02 16:50:54--------d-----w-C:\Spara
    2012-10-02 16:50:16--------d-----w-C:\Windows\System32\SPReview
    2012-10-02 16:49:52--------d-----r-C:\Users\Kristina\Favoriter
    2012-10-02 16:49:41--------d-----w-C:\Windows\System32\EventProviders
    2012-10-02 16:20:0448976----a-w-C:\Windows\System32\netfxperf.dll
    2012-10-02 16:20:041942856----a-w-C:\Windows\System32\dfshim.dll
    2012-10-02 16:20:001130824----a-w-C:\Windows\SysWow64\dfshim.dll
    2012-10-02 16:18:5998304----a-w-C:\Windows\SysWow64\fphc.dll
    2012-10-02 16:01:5498816----a-w-C:\Windows\System32\drivers\usbccgp.sys
    2012-10-02 15:59:211139200----a-w-C:\Windows\System32\FntCache.dll
    2012-10-02 15:59:20902656----a-w-C:\Windows\System32\d2d1.dll
    2012-10-02 15:59:20739840----a-w-C:\Windows\SysWow64\d2d1.dll
    2012-10-02 01:30:38185696----a-w-C:\Windows\System32\drivers\avgldx64.sys
    2012-10-01 02:35:07--------d-----w-C:\Windows\SysWow64\Wat
    2012-10-01 02:35:07--------d-----w-C:\Windows\System32\Wat
    2012-10-01 02:15:09--------d-----w-C:\ProgramData\NVIDIA Corporation
    2012-10-01 02:15:05--------d-----w-C:\Program Files\NVIDIA Corporation
    2012-10-01 02:15:05--------d-----w-C:\Program Files (x86)\NVIDIA Corporation
    2012-10-01 01:28:35294912----a-w-C:\Windows\System32\browserchoice.exe
    2012-10-01 01:06:2881408----a-w-C:\Windows\System32\imagehlp.dll
    2012-10-01 01:06:285120----a-w-C:\Windows\SysWow64\wmi.dll
    2012-10-01 01:06:285120----a-w-C:\Windows\System32\wmi.dll
    2012-10-01 01:06:2823408----a-w-C:\Windows\System32\drivers\fs_rec.sys
    2012-10-01 01:06:28159232----a-w-C:\Windows\SysWow64\imagehlp.dll
    2012-09-30 23:28:29--------d-----w-C:\Windows\Panther
    2012-09-30 22:52:5633792----a-w-C:\Windows\System32\profprov.dll
    2012-09-30 22:52:56209920----a-w-C:\Windows\System32\profsvc.dll
    2012-09-30 22:52:1959392----a-w-C:\Windows\System32\browcli.dll
    2012-09-30 22:52:1941984----a-w-C:\Windows\SysWow64\browcli.dll
    2012-09-30 22:52:19136704----a-w-C:\Windows\System32\browser.dll
    2012-09-30 22:52:1164512----a-w-C:\Windows\SysWow64\devobj.dll
    2012-09-30 22:52:1144544----a-w-C:\Windows\SysWow64\devrtl.dll
    2012-09-30 22:52:11404480----a-w-C:\Windows\System32\umpnpmgr.dll
    2012-09-30 22:52:11252928----a-w-C:\Windows\SysWow64\drvinst.exe
    2012-09-30 22:52:11207872----a-w-C:\Windows\System32\cfgmgr32.dll
    2012-09-30 22:52:11145920----a-w-C:\Windows\SysWow64\cfgmgr32.dll
    2012-09-30 22:51:59574464----a-w-C:\Windows\System32\d3d10level9.dll
    2012-09-30 22:51:59490496----a-w-C:\Windows\SysWow64\d3d10level9.dll
    2012-09-30 22:51:573216384----a-w-C:\Windows\System32\msi.dll
    2012-09-30 22:51:572342400----a-w-C:\Windows\SysWow64\msi.dll
    2012-09-30 22:51:48976896----a-w-C:\Windows\System32\inetcomm.dll
    2012-09-30 22:51:48741376----a-w-C:\Windows\SysWow64\inetcomm.dll
    2012-09-30 22:50:281395712----a-w-C:\Windows\System32\mfc42.dll
    2012-09-30 22:50:281359872----a-w-C:\Windows\System32\mfc42u.dll
    2012-09-30 22:50:271164288----a-w-C:\Windows\SysWow64\mfc42u.dll
    2012-09-30 22:50:271137664----a-w-C:\Windows\SysWow64\mfc42.dll
    2012-09-30 22:50:269216----a-w-C:\Windows\System32\rdrmemptylst.exe
    2012-09-30 22:50:2677312----a-w-C:\Windows\System32\rdpwsx.dll
    2012-09-30 22:50:26149504----a-w-C:\Windows\System32\rdpcorekmts.dll
    2012-09-30 22:41:34--------d-----w-C:\Users\Kristina\AppData\Roaming\AVG2013
    2012-09-30 22:41:07690688----a-w-C:\Windows\SysWow64\msvcrt.dll
    2012-09-30 22:41:07634880----a-w-C:\Windows\System32\msvcrt.dll
    2012-09-30 22:40:583148800----a-w-C:\Windows\System32\win32k.sys
    2012-09-30 22:40:3690624----a-w-C:\Windows\System32\drivers\bowser.sys
    2012-09-30 22:40:17--------d-----w-C:\Users\Kristina\AppData\Roaming\TuneUp Software
    2012-09-30 22:39:27--------d--h--w-C:\$AVG
    2012-09-30 22:39:27--------d-----w-C:\ProgramData\AVG2013
    2012-09-30 22:38:569308616----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E686AF26-19E7-487A-B624-72DBD140D894}\mpengine.dll
    2012-09-30 22:38:54279656------w-C:\Windows\System32\MpSigStub.exe
    2012-09-30 22:38:262164224----a-w-C:\Program Files\Windows Journal\Journal.exe
    2012-09-30 22:38:261732096----a-w-C:\Program Files\Windows Journal\NBDoc.DLL
    2012-09-30 22:38:25936960----a-w-C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2012-09-30 22:38:251402880----a-w-C:\Program Files\Windows Journal\JNWDRV.dll
    2012-09-30 22:38:251393664----a-w-C:\Program Files\Windows Journal\JNTFiltr.dll
    2012-09-30 22:38:251367552----a-w-C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
    2012-09-30 22:37:49--------d-----w-C:\Program Files (x86)\AVG
    2012-09-30 22:37:06--------d--h--w-C:\ProgramData\Common Files
    2012-09-30 22:37:06--------d-----w-C:\Users\Kristina\AppData\Local\MFAData
    2012-09-30 22:37:06--------d-----w-C:\Users\Kristina\AppData\Local\Avg2013
    2012-09-30 22:37:06--------d-----w-C:\ProgramData\MFAData
    2012-09-30 22:35:20--------d-----w-C:\Windows\PCHEALTH
    2012-09-30 22:29:53142336----a-w-C:\Windows\System32\poqexec.exe
    2012-09-30 22:28:53509952----a-w-C:\Windows\System32\ntshrui.dll
    2012-09-30 22:23:18889416-c--a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\30fc36a01cd9f5a01\dotNetFx40_Full_setup.exe
    2012-09-30 22:23:17--------d-----w-C:\Users\Kristina\AppData\Local\Windows Live
    2012-09-30 22:23:12--------d-----w-C:\Program Files (x86)\Common Files\Windows Live
    2012-09-30 22:21:5977312----a-w-C:\Windows\System32\packager.dll
    2012-09-30 22:21:5967072----a-w-C:\Windows\SysWow64\packager.dll
    2012-09-30 22:15:312622464----a-w-C:\Windows\System32\wucltux.dll
    2012-09-30 22:15:2699840----a-w-C:\Windows\System32\wudriver.dll
    2012-09-30 22:15:1936864----a-w-C:\Windows\System32\wuapp.exe
    2012-09-30 22:15:19186752----a-w-C:\Windows\System32\wuwebv.dll
    .
    ==================== Find3M ====================
    .
    2012-10-10 16:47:1273656----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-10 16:47:12696760----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-10-02 21:41:332560----a-w-C:\Windows\SysWow64\drivers\sv-SE\qwavedrv.sys.mui
    2012-10-02 21:41:255632----a-w-C:\Windows\SysWow64\drivers\sv-SE\ndiscap.sys.mui
    2012-10-02 21:41:252560----a-w-C:\Windows\SysWow64\drivers\sv-SE\scfilter.sys.mui
    2012-10-02 21:41:2247104----a-w-C:\Windows\SysWow64\drivers\sv-SE\tcpip.sys.mui
    2012-10-02 21:41:2015872----a-w-C:\Windows\SysWow64\drivers\sv-SE\pacer.sys.mui
    2012-10-02 21:41:1928672----a-w-C:\Windows\SysWow64\drivers\sv-SE\bfe.dll.mui
    2012-10-02 20:39:10152576----a-w-C:\Windows\SysWow64\msclmd.dll
    2012-10-02 20:39:09175616----a-w-C:\Windows\System32\msclmd.dll
    2012-09-21 01:46:04200032----a-w-C:\Windows\System32\drivers\avgtdia.sys
    2012-09-21 01:46:00225120----a-w-C:\Windows\System32\drivers\avgloga.sys
    2012-09-21 01:45:5061792----a-w-C:\Windows\System32\drivers\avgidsha.sys
    2012-09-14 19:19:292048----a-w-C:\Windows\System32\tzres.dll
    2012-09-14 18:28:532048----a-w-C:\Windows\SysWow64\tzres.dll
    2012-09-14 01:05:1840800----a-w-C:\Windows\System32\drivers\avgrkx64.sys
    2012-09-13 01:11:18151904----a-w-C:\Windows\System32\drivers\avgidsdrivera.sys
    2012-09-12 14:07:4458368----a-w-C:\Windows\SysWow64\sirenacm.dll
    2012-09-04 09:39:3250296----a-w-C:\Windows\System32\drivers\avgfwd6a.sys
    2012-08-31 18:19:351659760----a-w-C:\Windows\System32\drivers\ntfs.sys
    2012-08-30 18:03:455559664----a-w-C:\Windows\System32\ntoskrnl.exe
    2012-08-30 17:12:023968880----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
    2012-08-30 17:12:023914096----a-w-C:\Windows\SysWow64\ntoskrnl.exe
    2012-08-30 08:40:14429416----a-w-C:\Windows\SysWow64\nvStreaming.exe
    2012-08-24 18:05:07220160----a-w-C:\Windows\System32\wintrust.dll
    2012-08-24 16:57:48172544----a-w-C:\Windows\SysWow64\wintrust.dll
    2012-08-20 18:48:44362496----a-w-C:\Windows\System32\wow64win.dll
    2012-08-20 18:48:44243200----a-w-C:\Windows\System32\wow64.dll
    2012-08-20 18:48:4413312----a-w-C:\Windows\System32\wow64cpu.dll
    2012-08-20 18:48:43215040----a-w-C:\Windows\System32\winsrv.dll
    2012-08-20 18:48:3716384----a-w-C:\Windows\System32\ntvdm64.dll
    2012-08-20 18:48:35424448----a-w-C:\Windows\System32\KernelBase.dll
    2012-08-20 18:46:22338432----a-w-C:\Windows\System32\conhost.exe
    2012-08-20 17:40:2114336----a-w-C:\Windows\SysWow64\ntvdm64.dll
    2012-08-20 17:38:4444032----a-w-C:\Windows\apppatch\acwow64.dll
    2012-08-20 17:38:2625600----a-w-C:\Windows\SysWow64\setup16.exe
    2012-08-20 17:37:195120----a-w-C:\Windows\SysWow64\wow32.dll
    2012-08-20 17:37:18274944----a-w-C:\Windows\SysWow64\KernelBase.dll
    2012-08-20 15:38:217680----a-w-C:\Windows\SysWow64\instnm.exe
    2012-08-20 15:38:202048----a-w-C:\Windows\SysWow64\user.exe
    2012-08-20 15:33:286144---ha-w-C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 15:33:284608---ha-w-C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 15:33:283584---ha-w-C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 15:33:283072---ha-w-C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    .
    ============= FINISH: 21:54:07,54 ===============
     
  25. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    =========================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    =========================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.