Can't remove win64/patched.a

Solved
By Dadajmond
Oct 28, 2012
  1. Dadajmond

    Dadajmond Newcomer, in training Topic Starter Posts: 38

    The RKreport log file:

    RogueKiller V8.2.1 [10/29/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Kristina [Admin rights]
    Mode : Remove -- Date : 10/29/2012 22:33:18

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 3 ¤¤¤
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] @ : C:\Windows\Installer\{15265e7a-c324-1e76-a261-d8fd3cb2775c}\@ --> REMOVED AT REBOOT
    [Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{15265e7a-c324-1e76-a261-d8fd3cb2775c}\U\00000004.@ --> REMOVED
    [Del.Parent][FILE] 00000008.@ : C:\Windows\Installer\{15265e7a-c324-1e76-a261-d8fd3cb2775c}\U\00000008.@ --> REMOVED
    [Del.Parent][FILE] 000000cb.@ : C:\Windows\Installer\{15265e7a-c324-1e76-a261-d8fd3cb2775c}\U\000000cb.@ --> REMOVED
    [Del.Parent][FILE] 80000000.@ : C:\Windows\Installer\{15265e7a-c324-1e76-a261-d8fd3cb2775c}\U\80000000.@ --> REMOVED
    [Del.Parent][FILE] 80000032.@ : C:\Windows\Installer\{15265e7a-c324-1e76-a261-d8fd3cb2775c}\U\80000032.@ --> REMOVED
    [Del.Parent][FILE] 80000064.@ : C:\Windows\Installer\{15265e7a-c324-1e76-a261-d8fd3cb2775c}\U\80000064.@ --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{15265e7a-c324-1e76-a261-d8fd3cb2775c}\U --> REMOVED
    [Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{15265e7a-c324-1e76-a261-d8fd3cb2775c}\L\00000004.@ --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{15265e7a-c324-1e76-a261-d8fd3cb2775c}\L --> REMOVED
    [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> REMOVED AT REBOOT
    [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> REMOVED AT REBOOT
    [Susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> REPLACED AT REBOOT (C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe)

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD20EARS-00MVWB0 SCSI Disk Device +++++
    --- User ---
    [MBR] 8bbffe35c21f57f0578b280410194bc0
    [BSP] fdedf0c1a65d979eb919acb04261f48f : MBR Code unknown
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 1907726 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive1: SAMSUNG HD502HI SCSI Disk Device +++++
    --- User ---
    [MBR] 79edd32d6ebc5efcde22d986bd678057
    [BSP] 5445e8da5f4746025c9c09c9dcfb7197 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476836 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive2: USB Flash Memory USB Device +++++
    --- User ---
    [MBR] da99dc89cbe2ae43e77c996cad560482
    [BSP] 9ab224430cae5d4642efe916dd8f39b0 : Standard MBR Code
    Partition table:
    0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8064 | Size: 7747 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
  2. Dadajmond

    Dadajmond Newcomer, in training Topic Starter Posts: 38

    TDSS log file part 1:

    22:35:51.0929 6804 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
    22:35:52.0213 6804 ============================================================
    22:35:52.0213 6804 Current date / time: 2012/10/29 22:35:52.0213
    22:35:52.0213 6804 SystemInfo:
    22:35:52.0213 6804
    22:35:52.0213 6804 OS Version: 6.1.7601 ServicePack: 1.0
    22:35:52.0213 6804 Product type: Workstation
    22:35:52.0213 6804 ComputerName: KRISTINA-PC
    22:35:52.0214 6804 UserName: Kristina
    22:35:52.0214 6804 Windows directory: C:\Windows
    22:35:52.0214 6804 System windows directory: C:\Windows
    22:35:52.0214 6804 Running under WOW64
    22:35:52.0214 6804 Processor architecture: Intel x64
    22:35:52.0214 6804 Number of processors: 6
    22:35:52.0214 6804 Page size: 0x1000
    22:35:52.0214 6804 Boot type: Normal boot
    22:35:52.0214 6804 ============================================================
    22:35:52.0618 6804 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
    22:35:52.0632 6804 Drive \Device\Harddisk1\DR1 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
    22:35:52.0636 6804 Drive \Device\Harddisk2\DR2 - Size: 0x1E4700000 (7.57 Gb), SectorSize: 0x200, Cylinders: 0x3DC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    22:35:52.0638 6804 ============================================================
    22:35:52.0638 6804 \Device\Harddisk0\DR0:
    22:35:52.0670 6804 MBR partitions:
    22:35:52.0670 6804 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E07482
    22:35:52.0670 6804 \Device\Harddisk1\DR1:
    22:35:52.0670 6804 MBR partitions:
    22:35:52.0670 6804 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    22:35:52.0670 6804 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A352000
    22:35:52.0670 6804 \Device\Harddisk2\DR2:
    22:35:52.0670 6804 MBR partitions:
    22:35:52.0670 6804 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xB, StartLBA 0x1F80, BlocksNum 0xF21880
    22:35:52.0670 6804 ============================================================
    22:35:52.0695 6804 C: <-> \Device\Harddisk1\DR1\Partition2
    22:35:52.0712 6804 E: <-> \Device\Harddisk0\DR0\Partition1
    22:35:52.0712 6804 ============================================================
    22:35:52.0712 6804 Initialize success
    22:35:52.0712 6804 ============================================================
    22:35:55.0501 7744 ============================================================
    22:35:55.0501 7744 Scan started
    22:35:55.0501 7744 Mode: Manual;
    22:35:55.0501 7744 ============================================================
    22:35:55.0969 7744 ================ Scan system memory ========================
    22:35:55.0969 7744 System memory - ok
    22:35:55.0969 7744 ================ Scan services =============================
    22:35:56.0127 7744 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    22:35:56.0133 7744 1394ohci - ok
    22:35:56.0170 7744 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    22:35:56.0175 7744 ACPI - ok
    22:35:56.0191 7744 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    22:35:56.0192 7744 AcpiPmi - ok
    22:35:56.0272 7744 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    22:35:56.0273 7744 AdobeARMservice - ok
    22:35:56.0383 7744 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    22:35:56.0384 7744 AdobeFlashPlayerUpdateSvc - ok
    22:35:56.0510 7744 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    22:35:56.0518 7744 adp94xx - ok
    22:35:56.0544 7744 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    22:35:56.0549 7744 adpahci - ok
    22:35:56.0596 7744 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    22:35:56.0599 7744 adpu320 - ok
    22:35:56.0634 7744 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    22:35:56.0636 7744 AeLookupSvc - ok
    22:35:56.0667 7744 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    22:35:56.0673 7744 AFD - ok
    22:35:56.0713 7744 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    22:35:56.0714 7744 agp440 - ok
    22:35:56.0768 7744 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    22:35:56.0782 7744 ALG - ok
    22:35:56.0808 7744 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    22:35:56.0809 7744 aliide - ok
    22:35:56.0829 7744 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    22:35:56.0830 7744 amdide - ok
    22:35:56.0866 7744 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    22:35:56.0868 7744 AmdK8 - ok
    22:35:56.0895 7744 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    22:35:56.0896 7744 AmdPPM - ok
    22:35:56.0932 7744 [ 53D8D46D51D390ABDB54ECA623165CB7 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
    22:35:56.0933 7744 amdsata - ok
    22:35:56.0950 7744 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    22:35:56.0952 7744 amdsbs - ok
    22:35:57.0003 7744 [ 75C51148154E34EB3D7BB84749A758D5 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    22:35:57.0012 7744 amdxata - ok
    22:35:57.0047 7744 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    22:35:57.0049 7744 AppID - ok
    22:35:57.0074 7744 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    22:35:57.0074 7744 AppIDSvc - ok
    22:35:57.0129 7744 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    22:35:57.0140 7744 Appinfo - ok
    22:35:57.0177 7744 [ 301AA64F9643BC453D90A66C4C0E7204 ] AppleCharger C:\Windows\system32\DRIVERS\AppleCharger.sys
    22:35:57.0178 7744 AppleCharger - ok
    22:35:57.0262 7744 [ 95EF7247C50C7241FDAE39A9B3AFF4AE ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
    22:35:57.0263 7744 AppleChargerSrv - ok
    22:35:57.0286 7744 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
    22:35:57.0288 7744 AppMgmt - ok
    22:35:57.0309 7744 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    22:35:57.0311 7744 arc - ok
    22:35:57.0330 7744 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    22:35:57.0331 7744 arcsas - ok
    22:35:57.0495 7744 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    22:35:57.0497 7744 aspnet_state - ok
    22:35:57.0514 7744 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    22:35:57.0514 7744 AsyncMac - ok
    22:35:57.0548 7744 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    22:35:57.0549 7744 atapi - ok
    22:35:57.0632 7744 [ C24A645AEDBDF5FA0A23F7581C6F9C63 ] athur C:\Windows\system32\DRIVERS\athurx.sys
    22:35:57.0652 7744 athur - ok
    22:35:57.0685 7744 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
    22:35:57.0686 7744 AtiPcie - ok
    22:35:57.0741 7744 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    22:35:57.0755 7744 AudioEndpointBuilder - ok
    22:35:57.0766 7744 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    22:35:57.0769 7744 AudioSrv - ok
    22:35:57.0839 7744 [ 3D1FFAA3358CA0D8A298DEA8BECFC468 ] Avgfwfd C:\Windows\system32\DRIVERS\avgfwd6a.sys
    22:35:57.0840 7744 Avgfwfd - ok
    22:35:58.0160 7744 [ 2E0DB82F4254FF91E153F331BA9B2D6E ] avgfws C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
    22:35:58.0165 7744 avgfws - ok
    22:35:58.0287 7744 [ B41F0E54105801538D56623271A0AE49 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    22:35:58.0311 7744 AVGIDSAgent - ok
    22:35:58.0352 7744 [ F1A99DA71E6549D7D944596E15142866 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
    22:35:58.0354 7744 AVGIDSDriver - ok
    22:35:58.0381 7744 [ E6CB84918C1ABE84AAAF749D2EA4E764 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
    22:35:58.0382 7744 AVGIDSHA - ok
    22:35:58.0425 7744 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
    22:35:58.0427 7744 Avgldx64 - ok
    22:35:58.0452 7744 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
    22:35:58.0455 7744 Avgloga - ok
    22:35:58.0480 7744 [ EAFF19168F26FA225EB679547B718051 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
    22:35:58.0481 7744 Avgmfx64 - ok
    22:35:58.0514 7744 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
    22:35:58.0515 7744 Avgrkx64 - ok
    22:35:58.0556 7744 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
    22:35:58.0559 7744 Avgtdia - ok
    22:35:58.0585 7744 [ BFD698CC6E1DE2E0D23155DECC513D2F ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
    22:35:58.0586 7744 avgtp - ok
    22:35:58.0619 7744 [ 0D2EB149AFF89A307E5D82D0A2B78439 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    22:35:58.0620 7744 avgwd - ok
    22:35:58.0657 7744 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    22:35:58.0659 7744 AxInstSV - ok
    22:35:58.0701 7744 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    22:35:58.0722 7744 b06bdrv - ok
    22:35:58.0768 7744 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    22:35:58.0773 7744 b57nd60a - ok
    22:35:58.0805 7744 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    22:35:58.0807 7744 BDESVC - ok
    22:35:58.0822 7744 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    22:35:58.0823 7744 Beep - ok
    22:35:58.0852 7744 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    22:35:58.0853 7744 blbdrive - ok
    22:35:58.0905 7744 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    22:35:58.0907 7744 bowser - ok
    22:35:58.0910 7744 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    22:35:58.0911 7744 BrFiltLo - ok
    22:35:58.0914 7744 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    22:35:58.0915 7744 BrFiltUp - ok
    22:35:58.0940 7744 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    22:35:58.0943 7744 Browser - ok
    22:35:58.0987 7744 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    22:35:58.0992 7744 Brserid - ok
    22:35:58.0996 7744 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    22:35:58.0996 7744 BrSerWdm - ok
    22:35:59.0013 7744 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    22:35:59.0014 7744 BrUsbMdm - ok
    22:35:59.0017 7744 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    22:35:59.0017 7744 BrUsbSer - ok
    22:35:59.0049 7744 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    22:35:59.0050 7744 BTHMODEM - ok
    22:35:59.0075 7744 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    22:35:59.0077 7744 bthserv - ok
    22:35:59.0099 7744 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    22:35:59.0101 7744 cdfs - ok
    22:35:59.0136 7744 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    22:35:59.0138 7744 cdrom - ok
    22:35:59.0194 7744 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    22:35:59.0195 7744 CertPropSvc - ok
    22:35:59.0213 7744 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    22:35:59.0214 7744 circlass - ok
    22:35:59.0239 7744 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    22:35:59.0244 7744 CLFS - ok
    22:35:59.0328 7744 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    22:35:59.0342 7744 clr_optimization_v2.0.50727_32 - ok
    22:35:59.0369 7744 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    22:35:59.0371 7744 clr_optimization_v2.0.50727_64 - ok
    22:35:59.0432 7744 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    22:35:59.0434 7744 clr_optimization_v4.0.30319_32 - ok
    22:35:59.0464 7744 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    22:35:59.0467 7744 clr_optimization_v4.0.30319_64 - ok
    22:35:59.0479 7744 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    22:35:59.0480 7744 CmBatt - ok
    22:35:59.0513 7744 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    22:35:59.0541 7744 cmdide - ok
    22:35:59.0585 7744 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    22:35:59.0603 7744 CNG - ok
    22:35:59.0624 7744 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    22:35:59.0625 7744 Compbatt - ok
    22:35:59.0657 7744 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    22:35:59.0658 7744 CompositeBus - ok
    22:35:59.0673 7744 COMSysApp - ok
    22:35:59.0690 7744 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    22:35:59.0691 7744 crcdisk - ok
    22:35:59.0747 7744 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
    22:35:59.0750 7744 CryptSvc - ok
    22:35:59.0786 7744 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
    22:35:59.0792 7744 CSC - ok
    22:35:59.0853 7744 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
    22:35:59.0861 7744 CscService - ok
    22:35:59.0906 7744 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    22:35:59.0912 7744 DcomLaunch - ok
    22:35:59.0967 7744 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    22:35:59.0970 7744 defragsvc - ok
    22:35:59.0988 7744 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    22:35:59.0989 7744 DfsC - ok
    22:36:00.0026 7744 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    22:36:00.0031 7744 Dhcp - ok
    22:36:00.0059 7744 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    22:36:00.0068 7744 discache - ok
    22:36:00.0092 7744 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    22:36:00.0094 7744 Disk - ok
    22:36:00.0121 7744 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    22:36:00.0124 7744 Dnscache - ok
    22:36:00.0161 7744 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    22:36:00.0164 7744 dot3svc - ok
    22:36:00.0200 7744 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    22:36:00.0203 7744 DPS - ok
    22:36:00.0254 7744 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    22:36:00.0260 7744 drmkaud - ok
    22:36:00.0314 7744 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    22:36:00.0319 7744 dtsoftbus01 - ok
    22:36:00.0364 7744 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    22:36:00.0388 7744 DXGKrnl - ok
    22:36:00.0424 7744 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    22:36:00.0425 7744 EapHost - ok
    22:36:00.0520 7744 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    22:36:00.0556 7744 ebdrv - ok
    22:36:00.0586 7744 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    22:36:00.0587 7744 EFS - ok
    22:36:00.0720 7744 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    22:36:00.0727 7744 ehRecvr - ok
    22:36:00.0768 7744 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    22:36:00.0783 7744 ehSched - ok
    22:36:00.0808 7744 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    22:36:00.0814 7744 elxstor - ok
    22:36:00.0850 7744 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    22:36:00.0851 7744 ErrDev - ok
    22:36:00.0893 7744 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    22:36:00.0898 7744 EventSystem - ok
    22:36:00.0905 7744 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    22:36:00.0908 7744 exfat - ok
    22:36:00.0957 7744 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    22:36:00.0960 7744 fastfat - ok
    22:36:01.0098 7744 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    22:36:01.0122 7744 Fax - ok
    22:36:01.0125 7744 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    22:36:01.0126 7744 fdc - ok
    22:36:01.0135 7744 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    22:36:01.0136 7744 fdPHost - ok
    22:36:01.0142 7744 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    22:36:01.0143 7744 FDResPub - ok
    22:36:01.0156 7744 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    22:36:01.0166 7744 FileInfo - ok
    22:36:01.0181 7744 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    22:36:01.0182 7744 Filetrace - ok
    22:36:01.0185 7744 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    22:36:01.0186 7744 flpydisk - ok
    22:36:01.0203 7744 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    22:36:01.0207 7744 FltMgr - ok
    22:36:01.0329 7744 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    22:36:01.0364 7744 FontCache - ok
    22:36:01.0396 7744 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    22:36:01.0398 7744 FontCache3.0.0.0 - ok
    22:36:01.0410 7744 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    22:36:01.0411 7744 FsDepends - ok
    22:36:01.0451 7744 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    22:36:01.0452 7744 Fs_Rec - ok
    22:36:01.0498 7744 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    22:36:01.0500 7744 fvevol - ok
    22:36:01.0527 7744 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    22:36:01.0528 7744 gagp30kx - ok
    22:36:01.0539 7744 gdrv - ok
    22:36:01.0584 7744 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    22:36:01.0594 7744 gpsvc - ok
    22:36:01.0682 7744 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    22:36:01.0684 7744 gupdate - ok
    22:36:01.0687 7744 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    22:36:01.0688 7744 gupdatem - ok
    22:36:01.0701 7744 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    22:36:01.0702 7744 hcw85cir - ok
    22:36:01.0734 7744 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    22:36:01.0740 7744 HdAudAddService - ok
    22:36:01.0764 7744 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    22:36:01.0766 7744 HDAudBus - ok
    22:36:01.0781 7744 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    22:36:01.0794 7744 HidBatt - ok
    22:36:01.0805 7744 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    22:36:01.0807 7744 HidBth - ok
    22:36:01.0820 7744 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    22:36:01.0821 7744 HidIr - ok
    22:36:01.0843 7744 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    22:36:01.0844 7744 hidserv - ok
    22:36:01.0887 7744 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    22:36:01.0888 7744 HidUsb - ok
    22:36:01.0905 7744 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    22:36:01.0907 7744 hkmsvc - ok
    22:36:01.0932 7744 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    22:36:01.0936 7744 HomeGroupListener - ok
    22:36:01.0961 7744 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    22:36:01.0964 7744 HomeGroupProvider - ok
    22:36:01.0984 7744 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    22:36:01.0985 7744 HpSAMD - ok
    22:36:02.0043 7744 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    22:36:02.0052 7744 HTTP - ok
    22:36:02.0090 7744 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    22:36:02.0092 7744 hwpolicy - ok
    22:36:02.0127 7744 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    22:36:02.0129 7744 i8042prt - ok
    22:36:02.0156 7744 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    22:36:02.0161 7744 iaStorV - ok
    22:36:02.0226 7744 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    22:36:02.0236 7744 idsvc - ok
    22:36:02.0263 7744 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    22:36:02.0265 7744 iirsp - ok
    22:36:02.0290 7744 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    22:36:02.0300 7744 IKEEXT - ok
    22:36:02.0372 7744 [ 0ADF714079AE174A39D69036143E4C50 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    22:36:02.0397 7744 IntcAzAudAddService - ok
    22:36:02.0411 7744 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    22:36:02.0412 7744 intelide - ok
    22:36:02.0437 7744 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    22:36:02.0451 7744 intelppm - ok
    22:36:02.0497 7744 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    22:36:02.0499 7744 IPBusEnum - ok
    22:36:02.0530 7744 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    22:36:02.0531 7744 IpFilterDriver - ok
    22:36:02.0564 7744 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    22:36:02.0565 7744 IPMIDRV - ok
    22:36:02.0585 7744 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    22:36:02.0587 7744 IPNAT - ok
    22:36:02.0606 7744 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    22:36:02.0607 7744 IRENUM - ok
    22:36:02.0634 7744 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    22:36:02.0636 7744 isapnp - ok
    22:36:02.0664 7744 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    22:36:02.0669 7744 iScsiPrt - ok
    22:36:02.0744 7744 [ F3A41EC4C6506E76E07A219B3A1DF8D2 ] JMB36X C:\Windows\SysWOW64\XSrvSetup.exe
    22:36:02.0745 7744 JMB36X - ok
    22:36:02.0763 7744 [ 1C368C1A2733DCC5B8E15420AA2B0F6D ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
    22:36:02.0764 7744 JRAID - ok
    22:36:02.0865 7744 [ CF9BA304B8047B9582D72D9BFEF42EAE ] jswpsapi C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe
    22:36:02.0888 7744 jswpsapi - ok
    22:36:02.0924 7744 [ 5BE640E88814B77A9E84B4549B5DCC2C ] JSWPSLWF C:\Windows\system32\DRIVERS\jswpslwfx.sys
    22:36:02.0925 7744 JSWPSLWF - ok
    22:36:02.0934 7744 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    22:36:02.0936 7744 kbdclass - ok
    22:36:02.0971 7744 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    22:36:02.0988 7744 kbdhid - ok
    22:36:02.0997 7744 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    22:36:02.0998 7744 KeyIso - ok
    22:36:03.0021 7744 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    22:36:03.0023 7744 KSecDD - ok
    22:36:03.0034 7744 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    22:36:03.0036 7744 KSecPkg - ok
    22:36:03.0061 7744 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    22:36:03.0063 7744 ksthunk - ok
    22:36:03.0110 7744 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    22:36:03.0115 7744 KtmRm - ok
    22:36:03.0140 7744 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    22:36:03.0144 7744 LanmanServer - ok
    22:36:03.0172 7744 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    22:36:03.0175 7744 LanmanWorkstation - ok
    22:36:03.0214 7744 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    22:36:03.0216 7744 lltdio - ok
    22:36:03.0258 7744 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    22:36:03.0263 7744 lltdsvc - ok
    22:36:03.0280 7744 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    22:36:03.0281 7744 lmhosts - ok
    22:36:03.0319 7744 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    22:36:03.0321 7744 LSI_FC - ok
    22:36:03.0335 7744 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    22:36:03.0337 7744 LSI_SAS - ok
    22:36:03.0386 7744 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    22:36:03.0387 7744 LSI_SAS2 - ok
    22:36:03.0420 7744 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    22:36:03.0422 7744 LSI_SCSI - ok
    22:36:03.0448 7744 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    22:36:03.0449 7744 luafv - ok
    22:36:03.0486 7744 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    22:36:03.0487 7744 MBAMProtector - ok
    22:36:03.0564 7744 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    22:36:03.0569 7744 MBAMScheduler - ok
    22:36:03.0768 7744 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    22:36:03.0777 7744 MBAMService - ok
    22:36:03.0798 7744 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    22:36:03.0800 7744 Mcx2Svc - ok
    22:36:03.0824 7744 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    22:36:03.0825 7744 megasas - ok
    22:36:03.0860 7744 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    22:36:03.0865 7744 MegaSR - ok
    22:36:03.0889 7744 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    22:36:03.0891 7744 MMCSS - ok
    22:36:03.0921 7744 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    22:36:03.0922 7744 Modem - ok
    22:36:03.0939 7744 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    22:36:03.0940 7744 monitor - ok
    22:36:03.0984 7744 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    22:36:03.0985 7744 mouclass - ok
    22:36:04.0059 7744 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    22:36:04.0060 7744 mouhid - ok
    22:36:04.0087 7744 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    22:36:04.0089 7744 mountmgr - ok
    22:36:04.0125 7744 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    22:36:04.0126 7744 MozillaMaintenance - ok
    22:36:04.0239 7744 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    22:36:04.0241 7744 mpio - ok
    22:36:04.0263 7744 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    22:36:04.0264 7744 mpsdrv - ok
    22:36:04.0292 7744 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    22:36:04.0294 7744 MRxDAV - ok
    22:36:04.0314 7744 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    22:36:04.0317 7744 mrxsmb - ok
    22:36:04.0330 7744 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    22:36:04.0335 7744 mrxsmb10 - ok
    22:36:04.0361 7744 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    22:36:04.0363 7744 mrxsmb20 - ok
    22:36:04.0391 7744 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    22:36:04.0392 7744 msahci - ok
    22:36:04.0414 7744 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    22:36:04.0416 7744 msdsm - ok
    22:36:04.0453 7744 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    22:36:04.0455 7744 MSDTC - ok
    22:36:04.0470 7744 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    22:36:04.0471 7744 Msfs - ok
    22:36:04.0479 7744 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    22:36:04.0481 7744 mshidkmdf - ok
    22:36:04.0484 7744 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    22:36:04.0485 7744 msisadrv - ok
    22:36:04.0523 7744 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    22:36:04.0526 7744 MSiSCSI - ok
    22:36:04.0529 7744 msiserver - ok
    22:36:04.0543 7744 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    22:36:04.0544 7744 MSKSSRV - ok
    22:36:04.0559 7744 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    22:36:04.0560 7744 MSPCLOCK - ok
    22:36:04.0567 7744 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    22:36:04.0568 7744 MSPQM - ok
    22:36:04.0590 7744 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    22:36:04.0595 7744 MsRPC - ok
    22:36:04.0615 7744 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    22:36:04.0615 7744 mssmbios - ok
    22:36:04.0627 7744 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    22:36:04.0628 7744 MSTEE - ok
    22:36:04.0631 7744 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig
  3. Dadajmond

    Dadajmond Newcomer, in training Topic Starter Posts: 38

    TDSS log file part 2 of 2:

    C:\Windows\system32\DRIVERS\MTConfig.sys
    22:36:04.0632 7744 MTConfig - ok
    22:36:04.0688 7744 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    22:36:04.0709 7744 Mup - ok
    22:36:04.0756 7744 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    22:36:04.0763 7744 napagent - ok
    22:36:04.0798 7744 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    22:36:04.0803 7744 NativeWifiP - ok
    22:36:04.0838 7744 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    22:36:04.0848 7744 NDIS - ok
    22:36:04.0857 7744 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    22:36:04.0858 7744 NdisCap - ok
    22:36:04.0872 7744 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    22:36:04.0884 7744 NdisTapi - ok
    22:36:04.0919 7744 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    22:36:04.0921 7744 Ndisuio - ok
    22:36:04.0950 7744 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    22:36:04.0952 7744 NdisWan - ok
    22:36:04.0994 7744 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    22:36:05.0011 7744 NDProxy - ok
    22:36:05.0036 7744 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    22:36:05.0037 7744 NetBIOS - ok
    22:36:05.0061 7744 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    22:36:05.0065 7744 NetBT - ok
    22:36:05.0088 7744 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    22:36:05.0089 7744 Netlogon - ok
    22:36:05.0125 7744 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    22:36:05.0130 7744 Netman - ok
    22:36:05.0174 7744 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    22:36:05.0176 7744 NetMsmqActivator - ok
    22:36:05.0179 7744 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    22:36:05.0180 7744 NetPipeActivator - ok
    22:36:05.0195 7744 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    22:36:05.0201 7744 netprofm - ok
    22:36:05.0205 7744 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    22:36:05.0206 7744 NetTcpActivator - ok
    22:36:05.0209 7744 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    22:36:05.0210 7744 NetTcpPortSharing - ok
    22:36:05.0235 7744 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    22:36:05.0236 7744 nfrd960 - ok
    22:36:05.0269 7744 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    22:36:05.0274 7744 NlaSvc - ok
    22:36:05.0298 7744 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    22:36:05.0307 7744 Npfs - ok
    22:36:05.0333 7744 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    22:36:05.0334 7744 nsi - ok
    22:36:05.0373 7744 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    22:36:05.0379 7744 nsiproxy - ok
    22:36:05.0427 7744 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    22:36:05.0496 7744 Ntfs - ok
    22:36:05.0527 7744 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    22:36:05.0553 7744 Null - ok
    22:36:05.0581 7744 [ 785298579B5F9B4032152DFBB992FDB6 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
    22:36:05.0582 7744 nusb3hub - ok
    22:36:05.0609 7744 [ DF2750481B4964814467C974F2B0EEF1 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
    22:36:05.0628 7744 nusb3xhc - ok
    22:36:05.0682 7744 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
    22:36:05.0684 7744 NVHDA - ok
    22:36:06.0321 7744 [ BF7A24A71E1932200D864BC1CE15E596 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    22:36:06.0532 7744 nvlddmkm - ok
    22:36:06.0547 7744 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    22:36:06.0550 7744 nvraid - ok
    22:36:06.0566 7744 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    22:36:06.0568 7744 nvstor - ok
    22:36:06.0624 7744 [ 43F91595049DE14C4B61D1E76436164F ] nvsvc C:\Windows\system32\nvvsvc.exe
    22:36:06.0647 7744 nvsvc - ok
    22:36:06.0749 7744 [ 322B69422836F97B76F4AA59B47507BA ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    22:36:06.0754 7744 nvUpdatusService - ok
    22:36:06.0771 7744 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    22:36:06.0773 7744 nv_agp - ok
    22:36:06.0864 7744 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    22:36:06.0876 7744 odserv - ok
    22:36:06.0898 7744 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    22:36:06.0899 7744 ohci1394 - ok
    22:36:06.0921 7744 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    22:36:06.0923 7744 ose - ok
    22:36:06.0961 7744 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    22:36:06.0966 7744 p2pimsvc - ok
    22:36:06.0992 7744 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    22:36:06.0998 7744 p2psvc - ok
    22:36:07.0026 7744 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    22:36:07.0027 7744 Parport - ok
    22:36:07.0059 7744 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    22:36:07.0060 7744 partmgr - ok
    22:36:07.0076 7744 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    22:36:07.0079 7744 PcaSvc - ok
    22:36:07.0091 7744 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    22:36:07.0094 7744 pci - ok
    22:36:07.0113 7744 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    22:36:07.0114 7744 pciide - ok
    22:36:07.0134 7744 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    22:36:07.0137 7744 pcmcia - ok
    22:36:07.0151 7744 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    22:36:07.0153 7744 pcw - ok
    22:36:07.0178 7744 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    22:36:07.0185 7744 PEAUTH - ok
    22:36:07.0220 7744 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
    22:36:07.0249 7744 PeerDistSvc - ok
    22:36:07.0277 7744 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    22:36:07.0278 7744 PerfHost - ok
    22:36:07.0345 7744 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    22:36:07.0361 7744 pla - ok
    22:36:07.0393 7744 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    22:36:07.0399 7744 PlugPlay - ok
    22:36:07.0410 7744 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    22:36:07.0412 7744 PNRPAutoReg - ok
    22:36:07.0425 7744 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    22:36:07.0427 7744 PNRPsvc - ok
    22:36:07.0535 7744 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    22:36:07.0565 7744 PolicyAgent - ok
    22:36:07.0600 7744 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    22:36:07.0603 7744 Power - ok
    22:36:07.0634 7744 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    22:36:07.0635 7744 PptpMiniport - ok
    22:36:07.0662 7744 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    22:36:07.0664 7744 Processor - ok
    22:36:07.0687 7744 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    22:36:07.0690 7744 ProfSvc - ok
    22:36:07.0698 7744 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    22:36:07.0699 7744 ProtectedStorage - ok
    22:36:07.0732 7744 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    22:36:07.0735 7744 Psched - ok
    22:36:07.0791 7744 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    22:36:07.0808 7744 ql2300 - ok
    22:36:07.0831 7744 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    22:36:07.0832 7744 ql40xx - ok
    22:36:07.0863 7744 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    22:36:07.0866 7744 QWAVE - ok
    22:36:07.0881 7744 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    22:36:07.0882 7744 QWAVEdrv - ok
    22:36:07.0892 7744 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    22:36:07.0893 7744 RasAcd - ok
    22:36:07.0920 7744 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    22:36:07.0921 7744 RasAgileVpn - ok
    22:36:07.0932 7744 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    22:36:07.0934 7744 RasAuto - ok
    22:36:07.0955 7744 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    22:36:07.0957 7744 Rasl2tp - ok
    22:36:07.0997 7744 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    22:36:08.0002 7744 RasMan - ok
    22:36:08.0021 7744 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    22:36:08.0022 7744 RasPppoe - ok
    22:36:08.0055 7744 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    22:36:08.0056 7744 RasSstp - ok
    22:36:08.0153 7744 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    22:36:08.0166 7744 rdbss - ok
    22:36:08.0181 7744 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    22:36:08.0197 7744 rdpbus - ok
    22:36:08.0216 7744 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    22:36:08.0217 7744 RDPCDD - ok
    22:36:08.0248 7744 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
    22:36:08.0250 7744 RDPDR - ok
    22:36:08.0271 7744 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    22:36:08.0272 7744 RDPENCDD - ok
    22:36:08.0287 7744 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    22:36:08.0288 7744 RDPREFMP - ok
    22:36:08.0317 7744 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    22:36:08.0319 7744 RDPWD - ok
    22:36:08.0349 7744 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    22:36:08.0351 7744 rdyboost - ok
    22:36:08.0385 7744 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    22:36:08.0387 7744 RemoteAccess - ok
    22:36:08.0434 7744 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    22:36:08.0437 7744 RemoteRegistry - ok
    22:36:08.0464 7744 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    22:36:08.0466 7744 RpcEptMapper - ok
    22:36:08.0498 7744 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    22:36:08.0499 7744 RpcLocator - ok
    22:36:08.0532 7744 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    22:36:08.0535 7744 RpcSs - ok
    22:36:08.0571 7744 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    22:36:08.0572 7744 rspndr - ok
    22:36:08.0613 7744 [ 4FBDA07EF0A3097CE14C5CABF723B278 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    22:36:08.0618 7744 RTL8167 - ok
    22:36:08.0651 7744 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
    22:36:08.0652 7744 s3cap - ok
    22:36:08.0660 7744 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    22:36:08.0661 7744 SamSs - ok
    22:36:08.0671 7744 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    22:36:08.0673 7744 sbp2port - ok
    22:36:08.0689 7744 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    22:36:08.0701 7744 SCardSvr - ok
    22:36:08.0723 7744 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    22:36:08.0723 7744 scfilter - ok
    22:36:08.0784 7744 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    22:36:08.0797 7744 Schedule - ok
    22:36:08.0835 7744 [ 2A50BE713FAF033420466C25979C028E ] SCMNdisP C:\Windows\system32\DRIVERS\scmndisp.sys
    22:36:08.0836 7744 SCMNdisP - ok
    22:36:08.0883 7744 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    22:36:08.0883 7744 SCPolicySvc - ok
    22:36:08.0932 7744 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    22:36:08.0952 7744 SDRSVC - ok
    22:36:08.0996 7744 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    22:36:08.0997 7744 secdrv - ok
    22:36:09.0027 7744 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    22:36:09.0029 7744 seclogon - ok
    22:36:09.0057 7744 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    22:36:09.0063 7744 SENS - ok
    22:36:09.0079 7744 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    22:36:09.0081 7744 SensrSvc - ok
    22:36:09.0110 7744 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    22:36:09.0111 7744 Serenum - ok
    22:36:09.0133 7744 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    22:36:09.0135 7744 Serial - ok
    22:36:09.0169 7744 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    22:36:09.0171 7744 sermouse - ok
    22:36:09.0196 7744 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    22:36:09.0198 7744 SessionEnv - ok
    22:36:09.0220 7744 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    22:36:09.0221 7744 sffdisk - ok
    22:36:09.0224 7744 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    22:36:09.0225 7744 sffp_mmc - ok
    22:36:09.0228 7744 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    22:36:09.0229 7744 sffp_sd - ok
    22:36:09.0242 7744 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    22:36:09.0243 7744 sfloppy - ok
    22:36:09.0260 7744 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    22:36:09.0266 7744 ShellHWDetection - ok
    22:36:09.0297 7744 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    22:36:09.0298 7744 SiSRaid2 - ok
    22:36:09.0322 7744 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    22:36:09.0324 7744 SiSRaid4 - ok
    22:36:09.0352 7744 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    22:36:09.0354 7744 Smb - ok
    22:36:09.0379 7744 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    22:36:09.0381 7744 SNMPTRAP - ok
    22:36:09.0390 7744 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    22:36:09.0391 7744 spldr - ok
    22:36:09.0417 7744 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    22:36:09.0424 7744 Spooler - ok
    22:36:09.0522 7744 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    22:36:09.0565 7744 sppsvc - ok
    22:36:09.0578 7744 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    22:36:09.0580 7744 sppuinotify - ok
    22:36:09.0614 7744 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    22:36:09.0619 7744 srv - ok
    22:36:09.0642 7744 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    22:36:09.0647 7744 srv2 - ok
    22:36:09.0668 7744 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    22:36:09.0670 7744 srvnet - ok
    22:36:09.0711 7744 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    22:36:09.0714 7744 SSDPSRV - ok
    22:36:09.0730 7744 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    22:36:09.0732 7744 SstpSvc - ok
    22:36:09.0741 7744 Steam Client Service - ok
    22:36:09.0802 7744 [ A766CCAD980235FF34E7F8089D3175A3 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    22:36:09.0804 7744 Stereo Service - ok
    22:36:09.0829 7744 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    22:36:09.0830 7744 stexstor - ok
    22:36:09.0893 7744 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    22:36:09.0910 7744 stisvc - ok
    22:36:09.0938 7744 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
    22:36:09.0939 7744 storflt - ok
    22:36:09.0957 7744 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
    22:36:09.0958 7744 StorSvc - ok
    22:36:09.0982 7744 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
    22:36:09.0983 7744 storvsc - ok
    22:36:10.0003 7744 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    22:36:10.0004 7744 swenum - ok
    22:36:10.0022 7744 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    22:36:10.0029 7744 swprv - ok
    22:36:10.0120 7744 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    22:36:10.0139 7744 SysMain - ok
    22:36:10.0168 7744 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    22:36:10.0177 7744 TabletInputService - ok
    22:36:10.0203 7744 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    22:36:10.0208 7744 TapiSrv - ok
    22:36:10.0227 7744 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    22:36:10.0229 7744 TBS - ok
    22:36:10.0291 7744 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    22:36:10.0318 7744 Tcpip - ok
    22:36:10.0364 7744 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    22:36:10.0373 7744 TCPIP6 - ok
    22:36:10.0403 7744 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    22:36:10.0404 7744 tcpipreg - ok
    22:36:10.0425 7744 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    22:36:10.0426 7744 TDPIPE - ok
    22:36:10.0489 7744 [ 03E62CD83A62859F4F796434EE6C385E ] Tdsshbecr C:\Windows\system32\DRIVERS\shbecr.sys
    22:36:10.0490 7744 Tdsshbecr - ok
    22:36:10.0515 7744 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    22:36:10.0516 7744 TDTCP - ok
    22:36:10.0537 7744 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    22:36:10.0539 7744 tdx - ok
    22:36:10.0545 7744 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    22:36:10.0547 7744 TermDD - ok
    22:36:10.0593 7744 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    22:36:10.0602 7744 TermService - ok
    22:36:10.0631 7744 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    22:36:10.0632 7744 Themes - ok
    22:36:10.0646 7744 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    22:36:10.0647 7744 THREADORDER - ok
    22:36:10.0660 7744 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    22:36:10.0662 7744 TrkWks - ok
    22:36:10.0715 7744 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    22:36:10.0718 7744 TrustedInstaller - ok
    22:36:10.0754 7744 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    22:36:10.0755 7744 tssecsrv - ok
    22:36:10.0771 7744 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    22:36:10.0772 7744 TsUsbFlt - ok
    22:36:10.0973 7744 [ DD296C78B0D2C3F5E42DC0D2972CD992 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
    22:36:10.0995 7744 TuneUp.UtilitiesSvc - ok
    22:36:11.0023 7744 [ 7BC3381C0713F613B31ACDE38B71CB53 ] TuneUpUtilitiesDrv C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys
    22:36:11.0024 7744 TuneUpUtilitiesDrv - ok
    22:36:11.0085 7744 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    22:36:11.0087 7744 tunnel - ok
    22:36:11.0114 7744 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    22:36:11.0116 7744 uagp35 - ok
    22:36:11.0183 7744 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    22:36:11.0188 7744 udfs - ok
    22:36:11.0217 7744 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    22:36:11.0219 7744 UI0Detect - ok
    22:36:11.0246 7744 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    22:36:11.0262 7744 uliagpkx - ok
    22:36:11.0321 7744 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    22:36:11.0323 7744 umbus - ok
    22:36:11.0344 7744 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    22:36:11.0345 7744 UmPass - ok
    22:36:11.0387 7744 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
    22:36:11.0391 7744 UmRdpService - ok
    22:36:11.0420 7744 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    22:36:11.0426 7744 upnphost - ok
    22:36:11.0451 7744 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    22:36:11.0453 7744 usbccgp - ok
    22:36:11.0477 7744 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    22:36:11.0479 7744 usbcir - ok
    22:36:11.0532 7744 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    22:36:11.0541 7744 usbehci - ok
    22:36:11.0564 7744 [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
    22:36:11.0565 7744 usbfilter - ok
    22:36:11.0631 7744 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    22:36:11.0643 7744 usbhub - ok
    22:36:11.0654 7744 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    22:36:11.0655 7744 usbohci - ok
    22:36:11.0672 7744 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    22:36:11.0673 7744 usbprint - ok
    22:36:11.0682 7744 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    22:36:11.0684 7744 USBSTOR - ok
    22:36:11.0703 7744 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    22:36:11.0704 7744 usbuhci - ok
    22:36:11.0736 7744 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    22:36:11.0738 7744 UxSms - ok
    22:36:11.0745 7744 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    22:36:11.0746 7744 VaultSvc - ok
    22:36:11.0764 7744 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    22:36:11.0765 7744 vdrvroot - ok
    22:36:11.0794 7744 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    22:36:11.0800 7744 vds - ok
    22:36:11.0810 7744 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    22:36:11.0811 7744 vga - ok
    22:36:11.0841 7744 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    22:36:11.0842 7744 VgaSave - ok
    22:36:11.0861 7744 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    22:36:11.0864 7744 vhdmp - ok
    22:36:11.0873 7744 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    22:36:11.0874 7744 viaide - ok
    22:36:11.0893 7744 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
    22:36:11.0896 7744 vmbus - ok
    22:36:11.0908 7744 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
    22:36:11.0909 7744 VMBusHID - ok
    22:36:11.0943 7744 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    22:36:11.0945 7744 volmgr - ok
    22:36:11.0975 7744 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    22:36:11.0980 7744 volmgrx - ok
    22:36:12.0003 7744 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    22:36:12.0008 7744 volsnap - ok
    22:36:12.0056 7744 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    22:36:12.0058 7744 vsmraid - ok
    22:36:12.0118 7744 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    22:36:12.0135 7744 VSS - ok
    22:36:12.0187 7744 [ 7DB85B78309C05C9F06F469ED976DC9E ] vToolbarUpdater13.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    22:36:12.0190 7744 vToolbarUpdater13.2.0 - ok
    22:36:12.0202 7744 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    22:36:12.0215 7744 vwifibus - ok
    22:36:12.0240 7744 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    22:36:12.0241 7744 vwififlt - ok
    22:36:12.0293 7744 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    22:36:12.0298 7744 W32Time - ok
    22:36:12.0303 7744 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    22:36:12.0304 7744 WacomPen - ok
    22:36:12.0336 7744 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    22:36:12.0338 7744 WANARP - ok
    22:36:12.0341 7744 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    22:36:12.0342 7744 Wanarpv6 - ok
    22:36:12.0480 7744 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    22:36:12.0493 7744 WatAdminSvc - ok
    22:36:12.0557 7744 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    22:36:12.0577 7744 wbengine - ok
    22:36:12.0603 7744 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    22:36:12.0606 7744 WbioSrvc - ok
    22:36:12.0639 7744 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    22:36:12.0673 7744 wcncsvc - ok
    22:36:12.0699 7744 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    22:36:12.0701 7744 WcsPlugInService - ok
    22:36:12.0734 7744 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    22:36:12.0747 7744 Wd - ok
    22:36:12.0784 7744 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    22:36:12.0793 7744 Wdf01000 - ok
    22:36:12.0811 7744 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    22:36:12.0814 7744 WdiServiceHost - ok
    22:36:12.0817 7744 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    22:36:12.0818 7744 WdiSystemHost - ok
    22:36:12.0840 7744 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    22:36:12.0844 7744 WebClient - ok
    22:36:12.0855 7744 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    22:36:12.0859 7744 Wecsvc - ok
    22:36:12.0872 7744 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    22:36:12.0874 7744 wercplsupport - ok
    22:36:12.0916 7744 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    22:36:12.0918 7744 WerSvc - ok
    22:36:12.0934 7744 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    22:36:12.0935 7744 WfpLwf - ok
    22:36:12.0956 7744 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    22:36:12.0957 7744 WIMMount - ok
    22:36:12.0962 7744 WinHttpAutoProxySvc - ok
    22:36:13.0175 7744 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    22:36:13.0178 7744 Winmgmt - ok
    22:36:13.0403 7744 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    22:36:13.0426 7744 WinRM - ok
    22:36:13.0475 7744 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    22:36:13.0485 7744 Wlansvc - ok
    22:36:13.0647 7744 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    22:36:13.0671 7744 wlidsvc - ok
    22:36:13.0694 7744 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    22:36:13.0695 7744 WmiAcpi - ok
    22:36:13.0727 7744 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    22:36:13.0729 7744 wmiApSrv - ok
    22:36:13.0745 7744 WMPNetworkSvc - ok
    22:36:13.0757 7744 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    22:36:13.0759 7744 WPCSvc - ok
    22:36:13.0789 7744 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    22:36:13.0791 7744 WPDBusEnum - ok
    22:36:13.0825 7744 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    22:36:13.0830 7744 ws2ifsl - ok
    22:36:13.0833 7744 WSearch - ok
    22:36:13.0902 7744 [ 0001DC46B513A37B1E8151335CA6F28E ] WSWNA1100 C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
    22:36:13.0904 7744 WSWNA1100 - ok
    22:36:13.0916 7744 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    22:36:13.0918 7744 WudfPf - ok
    22:36:13.0961 7744 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    22:36:13.0964 7744 WUDFRd - ok
    22:36:13.0995 7744 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    22:36:13.0997 7744 wudfsvc - ok
    22:36:14.0018 7744 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    22:36:14.0022 7744 WwanSvc - ok
    22:36:14.0034 7744 ================ Scan global ===============================
    22:36:14.0068 7744 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    22:36:14.0140 7744 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    22:36:14.0160 7744 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    22:36:14.0182 7744 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    22:36:14.0213 7744 [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe
    22:36:14.0220 7744 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
    22:36:14.0221 7744 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
    22:36:14.0221 7744 ================ Scan MBR ==================================
    22:36:14.0241 7744 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
    22:36:14.0251 7744 \Device\Harddisk0\DR0 - ok
    22:36:14.0265 7744 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
    22:36:14.0933 7744 \Device\Harddisk1\DR1 - ok
    22:36:14.0937 7744 [ 23B571400A29918F5392F6E85EEB756E ] \Device\Harddisk2\DR2
    22:36:14.0957 7744 \Device\Harddisk2\DR2 - ok
    22:36:14.0958 7744 ================ Scan VBR ==================================
    22:36:14.0960 7744 [ E6C62B73566B67CB0F3C34D96451DB81 ] \Device\Harddisk0\DR0\Partition1
    22:36:14.0961 7744 \Device\Harddisk0\DR0\Partition1 - ok
    22:36:14.0981 7744 [ CEF84303FE6E9D3164D331FEE762C502 ] \Device\Harddisk1\DR1\Partition1
    22:36:14.0982 7744 \Device\Harddisk1\DR1\Partition1 - ok
    22:36:14.0998 7744 [ 618CF1468968E1E421C6DD23632C77B5 ] \Device\Harddisk1\DR1\Partition2
    22:36:14.0999 7744 \Device\Harddisk1\DR1\Partition2 - ok
    22:36:15.0001 7744 [ B5CCD02FBDF68C01FBFCAAB01D9BB80D ] \Device\Harddisk2\DR2\Partition1
    22:36:15.0003 7744 \Device\Harddisk2\DR2\Partition1 - ok
    22:36:15.0003 7744 ============================================================
    22:36:15.0003 7744 Scan finished
    22:36:15.0003 7744 ============================================================
    22:36:15.0011 8164 Detected object count: 1
    22:36:15.0011 8164 Actual detected object count: 1
    22:36:51.0881 8164 C:\Windows\system32\services.exe - copied to quarantine
    22:36:52.0174 8164 C:\Windows\installer\{15265e7a-c324-1e76-a261-d8fd3cb2775c}\@ - copied to quarantine
    22:36:53.0795 8164 Backup copy not found, trying to cure infected file..
    22:36:53.0795 8164 C:\Windows\system32\services.exe - Cure failed (FFFFFFFF)
    22:36:53.0795 8164 C:\Windows\system32\services.exe - processing error
    22:36:53.0795 8164 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Cure
  4. Dadajmond

    Dadajmond Newcomer, in training Topic Starter Posts: 38

    Will soon post the MBR log file.
  5. Dadajmond

    Dadajmond Newcomer, in training Topic Starter Posts: 38

    MBR log file:

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-29 22:38:11
    -----------------------------
    22:38:11.386 OS Version: Windows x64 6.1.7601 Service Pack 1
    22:38:11.386 Number of processors: 6 586 0xA00
    22:38:11.387 ComputerName: KRISTINA-PC UserName: Kristina
    22:38:12.382 Initialize success
    22:38:57.370 AVAST engine defs: 12102901
    22:39:14.264 Disk 0 \Device\Harddisk0\DR0 -> \Device\Scsi\JRAID1Port1Path0Target0Lun0
    22:39:14.266 Disk 0 Vendor: WDC_____ 150. Size: 1907729MB BusType: 8
    22:39:14.267 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Scsi\JRAID1Port1Path0Target1Lun0
    22:39:14.268 Disk 1 Vendor: SAMSUNG_ A10G Size: 476938MB BusType: 8
    22:39:14.277 Disk 1 MBR read successfully
    22:39:14.279 Disk 1 MBR scan
    22:39:14.282 Disk 1 Windows 7 default MBR code
    22:39:14.296 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    22:39:14.313 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 476836 MB offset 206848
    22:39:14.342 Disk 1 scanning C:\Windows\system32\drivers
    22:39:22.872 Service scanning
    22:39:40.664 Modules scanning
    22:39:40.669 Disk 1 trace - called modules:
    22:39:41.009 ntoskrnl.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll jraid.sys
    22:39:41.011 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80049c8790]
    22:39:41.014 3 CLASSPNP.SYS[fffff8800145143f] -> nt!IofCallDriver -> \Device\Scsi\JRAID1Port1Path0Target1Lun0[0xfffffa80049d5050]
    22:39:41.955 AVAST engine scan C:\Windows
    22:39:43.984 AVAST engine scan C:\Windows\system32
    22:40:45.996 File: C:\Windows\system32\services.exe **INFECTED** Win32:Sirefef-ZT [Trj]
    22:41:15.753 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
    22:41:18.064 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
    22:42:44.447 AVAST engine scan C:\Windows\system32\drivers
    22:43:02.432 AVAST engine scan C:\Users\Kristina
    22:49:17.758 File: C:\Users\Kristina\Documents\Hämtade filer\FrostWireSetup.exe **INFECTED** Win32:HotBar-BL [Adw]
    22:50:31.963 AVAST engine scan C:\ProgramData
    22:50:53.266 Scan finished successfully
    22:51:28.454 Disk 1 MBR has been saved successfully to "C:\Users\Kristina\Desktop\MBR.dat"
    22:51:28.457 The log file has been saved successfully to "C:\Users\Kristina\Desktop\aswMBR.txt"
  6. Dadajmond

    Dadajmond Newcomer, in training Topic Starter Posts: 38

    Only did a quickscan on the last one (it was default). was that correct to do??
  7. Dadajmond

    Dadajmond Newcomer, in training Topic Starter Posts: 38

    I will soon go to bed and might not reply again until tomorrow, just so you know. but just want to say thank you for helping again, I am very grateful. looking forward to hearing from you again soon =)
  8. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ===================================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  9. Dadajmond

    Dadajmond Newcomer, in training Topic Starter Posts: 38

    Okay I ran combofix, however I did a system restore after because I thought that I lost the log file. couldn't find it anywhere. so I did a system restore and ran combofix again. hope this doesn't matter.

    here is the logfile:

    ComboFix 12-10-29.05 - Kristina 2012-10-30 8:30.2.6 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.46.1053.18.4094.3197 [GMT 1:00]
    Körs från: c:\users\Kristina\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\TEMP
    .
    .
    (((((((((((((((((((((((( Filer skapade från 2012-09-28 till 2012-10-30 ))))))))))))))))))))))))))))))
    .
    .
    2012-10-29 21:36 . 2012-10-29 21:36--------d-----w-C:\TDSSKiller_Quarantine
    2012-10-27 15:04 . 2012-10-28 07:26--------d-----w-c:\program files (x86)\PC Tools Security
    2012-10-27 15:04 . 2012-10-28 07:26--------d-----w-c:\program files (x86)\Common Files\PC Tools
    2012-10-26 21:28 . 2012-10-30 06:12--------d-----w-c:\program files (x86)\Spybot - Search & Destroy
    2012-10-26 20:53 . 2012-10-26 20:53--------d-----w-C:\FRST
    2012-10-23 09:49 . 2012-10-23 09:49--------d-----w-c:\program files (x86)\Handelsbanken kortläsare
    2012-10-23 09:35 . 2012-10-28 07:26--------d-----w-c:\program files (x86)\Personal
    2012-10-21 17:55 . 2012-10-28 07:26--------d-----w-c:\program files (x86)\Google
    2012-10-18 09:09 . 2012-10-28 07:26--------d-----w-c:\program files (x86)\IZArc
    2012-10-18 09:06 . 2012-10-18 09:06--------d-----w-c:\program files (x86)\jZip
    2012-10-18 08:54 . 2012-10-18 08:54--------d-----w-c:\program files (x86)\7-Zip
    2012-10-17 20:00 . 2012-10-17 20:00283200----a-w-c:\windows\system32\drivers\dtsoftbus01.sys
    2012-10-17 20:00 . 2012-10-28 07:26--------d-----w-c:\program files (x86)\DAEMON Tools Lite
    2012-10-10 07:39 . 2012-06-02 05:411464320----a-w-c:\windows\system32\crypt32.dll
    2012-10-10 07:39 . 2012-06-02 04:361159680----a-w-c:\windows\SysWow64\crypt32.dll
    2012-10-10 07:39 . 2012-06-02 05:41184320----a-w-c:\windows\system32\cryptsvc.dll
    2012-10-10 07:39 . 2012-06-02 05:41140288----a-w-c:\windows\system32\cryptnet.dll
    2012-10-10 07:39 . 2012-06-02 04:36140288----a-w-c:\windows\SysWow64\cryptsvc.dll
    2012-10-10 07:39 . 2012-06-02 04:36103936----a-w-c:\windows\SysWow64\cryptnet.dll
    2012-10-10 07:37 . 2012-08-11 00:56715776----a-w-c:\windows\system32\kerberos.dll
    2012-10-10 07:37 . 2012-08-10 23:56542208----a-w-c:\windows\SysWow64\kerberos.dll
    2012-10-03 20:46 . 2006-03-31 10:413927248----a-w-c:\windows\system32\d3dx9_30.dll
    2012-10-03 18:42 . 2012-10-03 18:42--------d-----w-c:\windows\system32\appmgmt
    2012-10-03 18:41 . 2012-10-28 07:26--------d-----w-c:\program files (x86)\Steam
    2012-10-03 18:29 . 2011-07-22 08:3325056----a-w-c:\windows\system32\drivers\SCMNdisP.sys
    2012-10-03 18:29 . 2010-10-10 23:111924096----a-w-c:\windows\system32\drivers\athurx.sys
    2012-10-03 18:29 . 2008-05-15 00:2826624----a-w-c:\windows\system32\drivers\jswpslwfx.sys
    2012-10-03 18:29 . 2012-10-28 07:26--------d-----w-c:\program files (x86)\NETGEAR
    2012-10-03 16:54 . 2012-10-28 07:26--------d-----w-c:\program files (x86)\Microsoft Works
    2012-10-03 16:53 . 2012-10-28 07:26--------d-----w-c:\program files\Microsoft Office
    2012-10-03 16:52 . 2012-10-28 07:26--------d-----r-C:\MSOCache
    2012-10-03 16:49 . 2009-07-14 01:4084992----a-w-c:\windows\system32\Spool\prtprocs\x64\CNBPP4.DLL
    2012-10-03 16:39 . 2012-10-30 07:11--------d-----w-c:\users\UpdatusUser
    2012-10-03 16:38 . 2012-08-30 16:18891240----a-w-c:\windows\system32\nvvsvc.exe
    2012-10-03 16:38 . 2012-08-30 16:1863336----a-w-c:\windows\system32\nvshext.dll
    2012-10-03 16:38 . 2012-08-30 16:182557800----a-w-c:\windows\system32\nvsvcr.dll
    2012-10-03 16:38 . 2012-08-30 16:183487434----a-w-c:\windows\system32\nvcoproc.bin
    2012-10-03 16:38 . 2012-08-30 16:183266920----a-w-c:\windows\system32\nvsvc64.dll
    2012-10-03 16:38 . 2012-08-30 16:176198120----a-w-c:\windows\system32\nvcpl.dll
    2012-10-03 16:38 . 2012-08-30 16:18118120----a-w-c:\windows\system32\nvmctray.dll
    2012-10-03 16:35 . 2012-10-28 07:26--------d-----w-C:\NVIDIA
    2012-10-02 21:42 . 2012-10-02 21:42--------d-----w-c:\windows\SysWow64\XPSViewer
    2012-10-02 21:42 . 2012-10-02 21:42--------d-----w-c:\windows\SysWow64\wbem\sv-SE
    2012-10-02 21:42 . 2012-10-02 21:42--------d-----w-c:\windows\SysWow64\sv
    2012-10-02 21:42 . 2012-10-02 21:42--------d-----w-c:\windows\SysWow64\drivers\sv-SE
    2012-10-02 21:42 . 2012-10-02 21:42--------d-----w-c:\windows\system32\sv
    2012-10-02 21:42 . 2012-10-02 21:42--------d-----w-c:\windows\system32\drivers\UMDF\sv-SE
    2012-10-02 21:42 . 2012-10-02 21:42--------d-----w-c:\windows\system32\drivers\sv-SE
    2012-10-02 21:42 . 2012-10-02 21:42--------d-----w-c:\windows\system32\wbem\sv-SE
    2012-10-02 21:42 . 2012-10-02 21:42--------d-----w-c:\windows\sv-SE
    2012-10-02 21:41 . 2012-10-02 21:413584----a-w-c:\windows\system32\Spool\prtprocs\x64\sv-SE\LXKPTPRC.DLL.mui
    2012-10-02 21:04 . 2012-05-04 11:00366592----a-w-c:\windows\system32\qdvd.dll
    2012-10-02 21:04 . 2012-05-04 09:59514560----a-w-c:\windows\SysWow64\qdvd.dll
    2012-10-02 21:03 . 2012-08-21 21:01245760----a-w-c:\windows\system32\OxpsConverter.exe
    2012-10-02 21:03 . 2012-08-22 18:121913200----a-w-c:\windows\system32\drivers\tcpip.sys
    2012-10-02 21:03 . 2012-08-22 18:12376688----a-w-c:\windows\system32\drivers\netio.sys
    2012-10-02 21:03 . 2012-08-22 18:12288624----a-w-c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-10-02 21:03 . 2012-08-22 18:12950128----a-w-c:\windows\system32\drivers\ndis.sys
    2012-10-02 21:03 . 2012-07-04 20:2641472----a-w-c:\windows\system32\drivers\RNDISMP.sys
    2012-10-02 20:56 . 2012-10-02 20:56--------d-----w-c:\program files\GIGABYTE
    2012-10-02 20:56 . 2012-10-02 20:56--------d-----w-c:\program files (x86)\GIGABYTE
    2012-10-02 20:56 . 2010-04-27 09:5621544----a-w-c:\windows\system32\drivers\AppleCharger.sys
    2012-10-02 20:56 . 2010-04-06 14:3031272----a-w-c:\windows\system32\AppleChargerSrv.exe
    2012-10-02 20:56 . 2005-02-17 05:1573728----a-w-c:\windows\SysWow64\ISUSPM.cpl
    2012-10-02 20:55 . 2012-10-02 20:55--------d-----w-c:\program files (x86)\NEC Electronics
    2012-10-02 20:54 . 2012-10-02 20:54--------d-----w-c:\program files\ATI
    2012-10-02 20:54 . 2012-10-02 20:54--------d-----w-c:\program files\DIFX
    2012-10-02 20:54 . 2012-10-02 20:54--------dc----w-c:\windows\system32\DRVSTORE
    2012-10-02 20:54 . 2009-12-22 00:2638456----a-w-c:\windows\system32\drivers\usbfilter.sys
    2012-10-02 20:54 . 2012-10-02 20:54--------d-----w-c:\program files (x86)\AMD
    2012-10-02 20:54 . 2009-10-07 10:1370200----a-w-c:\windows\system32\drivers\amdsata.sys
    2012-10-02 20:54 . 2009-10-07 10:1328728----a-w-c:\windows\system32\drivers\amdxata.sys
    2012-10-02 20:54 . 2010-03-10 09:57158320------r-c:\windows\SysWow64\xRaidAPI.dll
    2012-10-02 20:54 . 2010-01-19 02:311976944------r-c:\windows\SysWow64\xRaidSetup.exe
    2012-10-02 20:54 . 2010-01-19 02:3172304------r-c:\windows\SysWow64\XSrvSetup.exe
    2012-10-02 20:53 . 2012-10-02 20:53--------d-----w-C:\RaidTool
    2012-10-02 20:53 . 2009-05-05 01:0016440----a-w-c:\windows\system32\drivers\AtiPcie.sys
    2012-10-02 20:53 . 2010-01-27 08:58115312----a-w-c:\windows\system32\drivers\jraid.sys
    2012-10-02 20:53 . 2012-10-02 21:13--------d-----w-c:\windows\RaidTool
    2012-10-02 20:52 . 2010-01-05 16:39107552----a-w-c:\windows\system32\RTNUninst64.dll
    2012-10-02 20:52 . 2010-03-22 09:57347680----a-w-c:\windows\system32\drivers\Rt64win7.sys
    2012-10-02 20:52 . 2009-12-03 09:2774272----a-w-c:\windows\system32\RtNicProp64.dll
    2012-10-02 20:27 . 2010-01-05 05:41474896----a-w-c:\windows\system32\DTSVoiceClarityDLL64.dll
    2012-10-02 16:50 . 2012-10-02 17:19--------d-----w-C:\Spara
    2012-10-02 16:50 . 2012-10-02 16:50--------d-----w-c:\windows\system32\SPReview
    2012-10-02 16:49 . 2012-10-02 16:49--------d-----w-c:\windows\system32\EventProviders
    2012-10-02 16:20 . 2010-11-05 01:5748976----a-w-c:\windows\system32\netfxperf.dll
    2012-10-02 16:20 . 2010-11-05 01:571942856----a-w-c:\windows\system32\dfshim.dll
    2012-10-02 16:20 . 2010-11-05 01:581130824----a-w-c:\windows\SysWow64\dfshim.dll
    2012-10-02 16:18 . 2010-11-20 13:27681472----a-w-c:\windows\system32\WUDFx.dll
    2012-10-02 16:01 . 2011-03-25 03:29343040----a-w-c:\windows\system32\drivers\usbhub.sys
    2012-10-02 15:59 . 2011-02-19 12:051139200----a-w-c:\windows\system32\FntCache.dll
    2012-10-02 15:59 . 2011-02-19 12:04902656----a-w-c:\windows\system32\d2d1.dll
    2012-10-02 15:59 . 2011-02-19 06:30739840----a-w-c:\windows\SysWow64\d2d1.dll
    2012-10-01 02:35 . 2012-10-01 02:35--------d-----w-c:\windows\SysWow64\Wat
    2012-10-01 02:35 . 2012-10-01 02:35--------d-----w-c:\windows\system32\Wat
    2012-10-01 02:15 . 2012-10-03 20:48--------d-----w-c:\program files (x86)\NVIDIA Corporation
    2012-10-01 02:15 . 2012-10-03 16:39--------d-----w-c:\program files\NVIDIA Corporation
    2012-10-01 01:28 . 2010-02-23 08:16294912----a-w-c:\windows\system32\browserchoice.exe
    2012-10-01 01:13 . 2012-10-10 10:3065309168----a-w-c:\windows\system32\MRT.exe
    2012-10-01 01:06 . 2012-03-01 06:4623408----a-w-c:\windows\system32\drivers\fs_rec.sys
    2012-10-01 01:06 . 2012-03-01 06:3381408----a-w-c:\windows\system32\imagehlp.dll
    2012-10-01 01:06 . 2012-03-01 06:285120----a-w-c:\windows\system32\wmi.dll
    2012-10-01 01:06 . 2012-03-01 05:33159232----a-w-c:\windows\SysWow64\imagehlp.dll
    2012-10-01 01:06 . 2012-03-01 05:295120----a-w-c:\windows\SysWow64\wmi.dll
    2012-09-30 23:28 . 2012-09-30 17:34--------d-----w-c:\windows\Panther
    2012-09-30 22:52 . 2012-05-01 05:40209920----a-w-c:\windows\system32\profsvc.dll
    2012-09-30 22:52 . 2010-11-20 13:2733792----a-w-c:\windows\system32\profprov.dll
    2012-09-30 22:52 . 2012-07-04 22:1673216----a-w-c:\windows\system32\netapi32.dll
    2012-09-30 22:52 . 2012-07-04 22:1359392----a-w-c:\windows\system32\browcli.dll
    2012-09-30 22:52 . 2012-07-04 22:13136704----a-w-c:\windows\system32\browser.dll
    2012-09-30 22:52 . 2012-07-04 21:1441984----a-w-c:\windows\SysWow64\browcli.dll
    2012-09-30 22:52 . 2011-05-24 11:42404480----a-w-c:\windows\system32\umpnpmgr.dll
    2012-09-30 22:52 . 2011-05-24 10:4064512----a-w-c:\windows\SysWow64\devobj.dll
    2012-09-30 22:52 . 2011-05-24 10:4044544----a-w-c:\windows\SysWow64\devrtl.dll
    2012-09-30 22:52 . 2011-05-24 10:39145920----a-w-c:\windows\SysWow64\cfgmgr32.dll
    2012-09-30 22:52 . 2011-05-24 10:37252928----a-w-c:\windows\SysWow64\drvinst.exe
    2012-09-30 22:52 . 2010-11-20 13:25207872----a-w-c:\windows\system32\cfgmgr32.dll
    2012-09-30 22:51 . 2012-08-02 17:58574464----a-w-c:\windows\system32\d3d10level9.dll
    2012-09-30 22:51 . 2012-08-02 16:57490496----a-w-c:\windows\SysWow64\d3d10level9.dll
    2012-09-30 22:51 . 2012-04-07 12:313216384----a-w-c:\windows\system32\msi.dll
    2012-09-30 22:51 . 2012-04-07 11:262342400----a-w-c:\windows\SysWow64\msi.dll
    2012-09-30 22:51 . 2011-05-03 05:29976896----a-w-c:\windows\system32\inetcomm.dll
    2012-09-30 22:51 . 2011-05-03 04:30741376----a-w-c:\windows\SysWow64\inetcomm.dll
    2012-09-30 22:50 . 2011-03-11 06:341359872----a-w-c:\windows\system32\mfc42u.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-02 21:41 . 2012-10-02 21:412560----a-w-c:\windows\SysWow64\drivers\sv-SE\qwavedrv.sys.mui
    2012-10-02 21:41 . 2012-10-02 21:415632----a-w-c:\windows\SysWow64\drivers\sv-SE\ndiscap.sys.mui
    2012-10-02 21:41 . 2012-10-02 21:412560----a-w-c:\windows\SysWow64\drivers\sv-SE\scfilter.sys.mui
    2012-10-02 21:41 . 2012-10-02 21:4147104----a-w-c:\windows\SysWow64\drivers\sv-SE\tcpip.sys.mui
    2012-10-02 21:41 . 2012-10-02 21:4115872----a-w-c:\windows\SysWow64\drivers\sv-SE\pacer.sys.mui
    2012-10-02 21:41 . 2012-10-02 21:4128672----a-w-c:\windows\SysWow64\drivers\sv-SE\bfe.dll.mui
    2012-10-02 20:39 . 2009-07-14 02:36152576----a-w-c:\windows\SysWow64\msclmd.dll
    2012-10-02 20:39 . 2009-07-14 02:36175616----a-w-c:\windows\system32\msclmd.dll
    2012-09-12 14:07 . 2012-09-12 14:0758368----a-w-c:\windows\SysWow64\sirenacm.dll
    2012-08-30 19:14 . 2012-02-09 20:431760104----a-w-c:\windows\system32\nvdispco64.dll
    2012-08-30 16:18 . 2012-10-03 16:38891240----a-w-c:\windows\system32\nvvsvc.exe
    2012-08-30 08:40 . 2012-08-30 08:40429416----a-w-c:\windows\SysWow64\nvStreaming.exe
    2012-08-20 17:38 . 2012-10-10 07:3844032----a-w-c:\windows\apppatch\acwow64.dll
    .
    .
    (((((((((((((((((((((((((((((((((( Startpunkter I registret )))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Not* tomma poster & legitima standardposter visas inte.
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-10-03 1353080]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
    "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
    "ROC_roc_ssl_v12"="c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer4"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "jswtrayutil"="c:\program files (x86)\NETGEAR\WNA1100\jswtrayutil.exe"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Tjänsten Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-21 116648]
    R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-10 250808]
    R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
    R3 gupdatem;Tjänsten Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-21 116648]
    R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2010-03-22 960992]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
    R3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\DRIVERS\shbecr.sys [2008-09-22 50176]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-01 1255736]
    S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2011-07-22 25056]
    S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-04-27 21544]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-10-17 283200]
    S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-05-15 26624]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-01-19 72304]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-08-30 1258856]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]
    S2 WSWNA1100;WSWNA1100;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2011-07-28 297440]
    S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-10-10 1924096]
    S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]
    S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-07-03 189288]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-22 347680]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
    .
    .
    Innehåll I mappen 'Schemalagda aktiviteter':
    .
    2012-10-29 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-30 16:47]
    .
    2012-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-21 17:55]
    .
    2012-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-21 17:55]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-06 10144288]
    .
    ------- Extra genomsökning -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xportera till Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\kehqrjrq.default\
    .
    - - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
    .
    AddRemove-Malwarebytes' Anti-Malware_is1 - c:\program files (x86)\Malwarebytes' Anti-Malware\unins000.exe
    .
    .
    .
    --------------------- LÅSTA REGISTERNYCKLAR ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Sluttid: 2012-10-30 08:38:38 - datorn startades om.
    ComboFix-quarantined-files.txt 2012-10-30 07:38
    ComboFix2.txt 2012-10-30 06:54
    .
    Före genomsökningen: 406 272 028 672 byte ledigt
    Efter genomsökningen: 406 022 520 832 byte ledigt
    .
    - - End Of File - - 29EC84D3BA3FAD91D0D9E980A0D1D68D
  10. Dadajmond

    Dadajmond Newcomer, in training Topic Starter Posts: 38

    Before I removed avg and malwarebytes I did not get any more popups with virus error messages. dunno if that means that they were gone????
  11. Dadajmond

    Dadajmond Newcomer, in training Topic Starter Posts: 38

    I reinstalled avg and malwarebytes after the combofix scan and I tried scanning with avg. it tells me there are no threats on my computer =) but will ofcourse be waiting for your confirmation before assuming anything ;)
  12. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    Good news :)

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  13. Dadajmond

    Dadajmond Newcomer, in training Topic Starter Posts: 38

    Extras log:

    OTL Extras logfile created on: 2012-10-30 19:17:56 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kristina\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

    4,00 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 65,41% Memory free
    7,99 Gb Paging File | 6,23 Gb Available in Paging File | 77,88% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465,66 Gb Total Space | 379,35 Gb Free Space | 81,46% Space Free | Partition Type: NTFS
    Drive D: | 3,09 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
    Drive E: | 1863,01 Gb Total Space | 1061,47 Gb Free Space | 56,98% Space Free | Partition Type: NTFS

    Computer Name: KRISTINA-PC | User Name: Kristina | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1014158507-211808931-2538166200-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1327AAF9-F2FF-47CA-9214-53D656291C47}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{19C9D675-F565-4462-B671-6EFBD41188DB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{1DFB5E8C-6490-4E5C-B258-09178F7F8A8B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{4E230C1C-5525-45FA-AB55-5D9CF054259B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{6AEA4C89-DB0F-4289-A75F-33613223E4AB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{7CD54A97-A90C-4F4C-BC06-FC8686582B1F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{82058638-DA4B-4F58-AAE7-9E8D217866DF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{B3D311B5-2E53-4FEE-BAE3-93F1B81ABCA7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{63BEA308-ADF8-4C90-8AE7-63C4A191146E}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "UDP Query User{46EC94DE-EA41-49CA-A610-856665F60CAA}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{18D5FAA9-D2A2-4291-AFBC-B9476A813BC1}" = AVG 2013
    "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
    "{4E04DB4D-CBE9-40C3-9906-723308D48EB0}" = AVG 2013
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-041D-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Swedish) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision drivrutin 306.23
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIAs kontrollpanel 306.23
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafikdrivrutin 306.23
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision drivrutin för styrenhet 306.23
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA-uppdatering 1.10.8
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD audiodrivrutin 1.3.18.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
    "{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "AVG" = AVG 2013
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "WinRAR archiver" = WinRAR 4.20 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
    "{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
    "{31846283-C955-4CE1-9297-8670BD0C9A7E}" = Windows Live Messenger
    "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
    "{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1
    "{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
    "{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
    "{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
    "{88809C3E-8C92-4454-AEB7-B26166E3D6CD}" = Windows Live UX Platform Language Pack
    "{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
    "{90120000-0015-041D-0000-0000000FF1CE}" = Microsoft Office Access MUI (Swedish) 2007
    "{90120000-0015-041D-0000-0000000FF1CE}_ENTERPRISE_{6DB23E19-BC1C-4C62-8158-391F65D84457}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-041D-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Swedish) 2007
    "{90120000-0016-041D-0000-0000000FF1CE}_ENTERPRISE_{6DB23E19-BC1C-4C62-8158-391F65D84457}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-041D-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Swedish) 2007
    "{90120000-0018-041D-0000-0000000FF1CE}_ENTERPRISE_{6DB23E19-BC1C-4C62-8158-391F65D84457}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-041D-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Swedish) 2007
    "{90120000-0019-041D-0000-0000000FF1CE}_ENTERPRISE_{6DB23E19-BC1C-4C62-8158-391F65D84457}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-041D-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Swedish) 2007
    "{90120000-001A-041D-0000-0000000FF1CE}_ENTERPRISE_{6DB23E19-BC1C-4C62-8158-391F65D84457}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-041D-0000-0000000FF1CE}" = Microsoft Office Word MUI (Swedish) 2007
    "{90120000-001B-041D-0000-0000000FF1CE}_ENTERPRISE_{6DB23E19-BC1C-4C62-8158-391F65D84457}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
    "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040B-0000-0000000FF1CE}" = Microsoft Office Proof (Finnish) 2007
    "{90120000-001F-040B-0000-0000000FF1CE}_ENTERPRISE_{C3B4672B-3FE7-4D6F-AFF3-80D290C1131E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-041D-0000-0000000FF1CE}" = Microsoft Office Proof (Swedish) 2007
    "{90120000-001F-041D-0000-0000000FF1CE}_ENTERPRISE_{4A960AFC-E28F-4233-953F-1903BE859B79}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-041D-1000-0000000FF1CE}_ENTERPRISE_{18651597-9190-4C03-902A-6F8F58A91A3E}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-041D-0000-0000000FF1CE}" = Microsoft Office Proofing (Swedish) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-041D-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Swedish) 2007
    "{90120000-0044-041D-0000-0000000FF1CE}_ENTERPRISE_{6DB23E19-BC1C-4C62-8158-391F65D84457}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-041D-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Swedish) 2007
    "{90120000-006E-041D-0000-0000000FF1CE}_ENTERPRISE_{18651597-9190-4C03-902A-6F8F58A91A3E}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-041D-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Swedish) 2007
    "{90120000-00A1-041D-0000-0000000FF1CE}_ENTERPRISE_{6DB23E19-BC1C-4C62-8158-391F65D84457}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-041D-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Swedish) 2007
    "{90120000-00BA-041D-0000-0000000FF1CE}_ENTERPRISE_{6DB23E19-BC1C-4C62-8158-391F65D84457}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.7
    "{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A2AE9709-283B-4B48-AA34-729C070A62FB}" = NETGEAR WNA1100 N150 Wireless USB Adapter
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
    "{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
    "{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
    "{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
    "{D4C30AE2-EAFE-4E28-A3BA-7CF7485E23C4}" = Handelsbanken kortläsare
    "{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
    "{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{EC33D375-5164-4374-9061-43F5C6073219}" = Photo Common
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F1CA7DAE-F998-499C-8CA5-FC58CA2416EC}" = Windows Live Essentials
    "{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
    "{FA7F689F-88EB-4946-B105-4C434CF5B07A}" = BankID säkerhetsprogram
    "{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
    "7-Zip" = 7-Zip 9.20
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Google Chrome" = Google Chrome
    "InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
    "King`s Bounty - Warriors of the North_is1" = «King`s Bounty - Warriors of the North» 1.0
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Secret Files 3 (c) Deep Silver_is1" = Secret Files 3 (c) Deep Silver version 1
    "Steam App 28050" = Deus Ex: Human Revolution
    "Torchlight II (c) Runic Games_is1" = Torchlight II (c) Runic Games version 1
    "uTorrent" = µTorrent
    "WinLiveSuite" = Windows Live Essentials
    "VLC media player" = VLC media player 2.0.3

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1014158507-211808931-2538166200-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "jZip" = jZip

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 2012-09-30 22:36:21 | Computer Name = Kristina-PC | Source = Application Error | ID = 1000
    Description = Felet uppstod I programmet med namn: armsvc.exe, version 1.6.5.0,
    tidsstämpel 0x4ffe7cf5 , felet uppstod I modulen med namn: unknown, version 0.0.0.0,
    tidsstämpel 0x00000000 Undantagskod: 0xc0000005 Felförskjutning: 0x74a76a34 Process-ID:
    0x690 Programmets starttid: 0x01cd9f7d47ebcd82 Sökväg till program: C:\Program Files
    (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe Sökväg till modul: unknown Rapport-ID:
    c86e7b85-0b70-11e2-9236-1c6f65374477

    Error - 2012-10-02 16:50:43 | Computer Name = Kristina-PC | Source = ESENT | ID = 215
    Description = WinMail (3564) WindowsMail0: Säkerhetskopieringen har stoppats eftersom
    den avbröts av klienten eller också har ett anslutningsfel med klienten uppstått.

    Error - 2012-10-02 16:50:51 | Computer Name = Kristina-PC | Source = ESENT | ID = 215
    Description = WinMail (3792) WindowsMail0: Säkerhetskopieringen har stoppats eftersom
    den avbröts av klienten eller också har ett anslutningsfel med klienten uppstått.

    Error - 2012-10-04 16:13:12 | Computer Name = Kristina-PC | Source = Windows Search Service | ID = 3007
    Description =

    Error - 2012-10-21 13:29:03 | Computer Name = Kristina-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
    Description = Det gick inte att avsluta programmet eller tjänsten "Windows Live
    Messenger".

    Error - 2012-10-26 16:18:52 | Computer Name = Kristina-PC | Source = System Restore | ID = 8210
    Description =

    Error - 2012-10-26 16:37:27 | Computer Name = Kristina-PC | Source = Application Error | ID = 1000
    Description = Felet uppstod I programmet med namn: avgidsagent.exe, version 13.0.0.2732,
    tidsstämpel 0x506a2d20 , felet uppstod I modulen med namn: ntdll.dll, version 6.1.7601.17725,
    tidsstämpel 0x4ec49b8f Undantagskod: 0xc0000374 Felförskjutning: 0x000ce6c3 Process-ID:
    0x764 Programmets starttid: 0x01cdb3b9aa8df6af Sökväg till program: C:\Program Files
    (x86)\AVG\AVG2013\avgidsagent.exe Sökväg till modul: C:\Windows\SysWOW64\ntdll.dll
    Rapport-ID:
    f45b5ea3-1fac-11e2-9570-1c6f65374477

    Error - 2012-10-26 18:43:24 | Computer Name = Kristina-PC | Source = SideBySide | ID = 16842815
    Description = Det gick inte att skapa aktiveringskontext för c:\program files (x86)\spybot
    - search & destroy\DelZip179.dll. Det finns ett fel I manifest- eller principfilen
    c:\program files (x86)\spybot - search & destroy\DelZip179.dll på rad 8. Värdet
    * I attributet language I elementet assemblyIdentity är felaktigt.

    Error - 2012-10-27 11:05:43 | Computer Name = Kristina-PC | Source = Application Error | ID = 1000
    Description = Felet uppstod I programmet med namn: services.exe, version 6.1.7600.16385,
    tidsstämpel 0x4a5bc10e , felet uppstod I modulen med namn: ntdll.dll, version 6.1.7601.17725,
    tidsstämpel 0x4ec4aa8e Undantagskod: 0xc0000374 Felförskjutning: 0x00000000000c40f2
    Process-ID:
    0x3b8 Programmets starttid: 0x01cdb45225b9fddd Sökväg till program: C:\Windows\system32\services.exe
    Sökväg
    till modul: C:\Windows\SYSTEM32\ntdll.dll Rapport-ID: c690daec-2047-11e2-aa8f-1c6f65374477

    Error - 2012-10-27 17:21:13 | Computer Name = Kristina-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
    Description = Tjänsten Cryptographic Services kunde inte initiera System Writer-objektet
    för VSS-säkerhetskopiering. Details: Could not query the status of the EventSystem
    service. System Error: Systemet håller på att avslutas. .

    [ System Events ]
    Error - 2012-10-30 03:54:18 | Computer Name = Kristina-PC | Source = Service Control Manager | ID = 7024
    Description = Tjänsten AVG Firewall avbröts med det tjänstspecifika felet %%-536805289.

    Error - 2012-10-30 03:54:19 | Computer Name = Kristina-PC | Source = Service Control Manager | ID = 7024
    Description = Tjänsten AVG Firewall avbröts med det tjänstspecifika felet %%-536805289.

    Error - 2012-10-30 03:54:20 | Computer Name = Kristina-PC | Source = Service Control Manager | ID = 7024
    Description = Tjänsten AVG Firewall avbröts med det tjänstspecifika felet %%-536805289.

    Error - 2012-10-30 03:54:21 | Computer Name = Kristina-PC | Source = Service Control Manager | ID = 7024
    Description = Tjänsten AVG Firewall avbröts med det tjänstspecifika felet %%-536805289.

    Error - 2012-10-30 03:54:23 | Computer Name = Kristina-PC | Source = Service Control Manager | ID = 7024
    Description = Tjänsten AVG Firewall avbröts med det tjänstspecifika felet %%-536805289.

    Error - 2012-10-30 03:57:14 | Computer Name = Kristina-PC | Source = Service Control Manager | ID = 7006
    Description = Anrop ScRegSetValueExW avbröts för FailureActions med följande fel:
    %%5.

    Error - 2012-10-30 03:57:19 | Computer Name = Kristina-PC | Source = Service Control Manager | ID = 7006
    Description = Anrop ScRegSetValueExW avbröts för FailureActions med följande fel:
    %%5.

    Error - 2012-10-30 06:26:43 | Computer Name = Kristina-PC | Source = SCardSvr | ID = 610
    Description =

    Error - 2012-10-30 08:26:43 | Computer Name = Kristina-PC | Source = Service Control Manager | ID = 7006
    Description = Anrop ScRegSetValueExW avbröts för FailureActions med följande fel:
    %%5.

    Error - 2012-10-30 13:54:28 | Computer Name = Kristina-PC | Source = Service Control Manager | ID = 7006
    Description = Anrop ScRegSetValueExW avbröts för FailureActions med följande fel:
    %%5.


    < End of report >
     
  14. Dadajmond

    Dadajmond Newcomer, in training Topic Starter Posts: 38

    OTL log part 1 of 2:

    OTL logfile created on: 2012-10-30 19:17:56 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kristina\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

    4,00 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 65,41% Memory free
    7,99 Gb Paging File | 6,23 Gb Available in Paging File | 77,88% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465,66 Gb Total Space | 379,35 Gb Free Space | 81,46% Space Free | Partition Type: NTFS
    Drive D: | 3,09 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
    Drive E: | 1863,01 Gb Total Space | 1061,47 Gb Free Space | 56,98% Space Free | Partition Type: NTFS

    Computer Name: KRISTINA-PC | User Name: Kristina | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012-10-30 19:17:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kristina\Desktop\OTL.exe
    PRC - [2012-10-30 08:50:43 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
    PRC - [2012-10-30 08:50:43 | 000,711,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    PRC - [2012-10-10 14:22:32 | 003,116,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    PRC - [2012-10-10 11:06:17 | 001,239,064 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    PRC - [2012-10-02 03:32:58 | 000,193,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    PRC - [2012-10-02 03:32:56 | 001,314,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
    PRC - [2012-10-02 03:32:04 | 005,783,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    PRC - [2012-09-29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012-09-29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012-09-29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012-08-30 20:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2012-08-30 09:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2012-07-27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012-04-17 13:44:12 | 001,333,144 | ---- | M] (Technology Nexus AB) -- C:\Program Files (x86)\Personal\bin\Personal.exe
    PRC - [2011-07-28 16:06:32 | 008,247,264 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
    PRC - [2011-07-28 16:06:20 | 000,297,440 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
    PRC - [2010-01-19 03:31:26 | 000,072,304 | R--- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe
    PRC - [2009-11-20 12:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012-10-30 08:50:43 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
    MOD - [2012-10-30 08:50:43 | 000,566,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll
    MOD - [2012-10-30 08:50:43 | 000,134,600 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll
    MOD - [2012-10-10 11:06:15 | 000,460,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
    MOD - [2012-10-10 11:06:13 | 012,435,992 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
    MOD - [2012-10-10 11:06:12 | 004,005,912 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll
    MOD - [2012-10-10 11:04:57 | 000,578,072 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\libglesv2.dll
    MOD - [2012-10-10 11:04:55 | 000,123,928 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\libegl.dll
    MOD - [2012-10-10 11:04:44 | 000,156,712 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\avutil-51.dll
    MOD - [2012-10-10 11:04:43 | 000,275,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\avformat-54.dll
    MOD - [2012-10-10 11:04:42 | 002,168,360 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll
    MOD - [2011-07-28 16:06:32 | 008,247,264 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
    MOD - [2009-08-28 15:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvcLib.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2010-04-06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
    SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
    SRV:64bit: - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2012-10-30 08:50:43 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
    SRV - [2012-10-10 17:47:12 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012-10-03 20:01:51 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012-10-02 03:32:58 | 000,193,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
    SRV - [2012-10-02 03:32:56 | 001,314,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
    SRV - [2012-10-02 03:32:04 | 005,783,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012-09-29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012-09-29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012-09-06 02:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012-08-30 20:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012-08-30 09:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012-07-27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011-07-28 16:06:20 | 000,297,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100)
    SRV - [2010-03-22 19:05:40 | 000,960,992 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi)
    SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010-01-19 03:31:26 | 000,072,304 | R--- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X)
    SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012-10-30 08:50:43 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
    DRV:64bit: - [2012-10-17 21:00:36 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2012-10-05 03:26:22 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2012-10-02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2012-09-29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012-09-21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2012-09-21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
    DRV:64bit: - [2012-09-21 03:45:50 | 000,061,792 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
    DRV:64bit: - [2012-09-14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2012-09-13 03:11:18 | 000,151,904 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
    DRV:64bit: - [2012-09-04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
    DRV:64bit: - [2012-07-03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011-07-22 09:33:48 | 000,025,056 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
    DRV:64bit: - [2010-11-20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010-11-20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010-10-11 00:11:00 | 001,924,096 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
    DRV:64bit: - [2010-04-27 10:56:38 | 000,021,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
    DRV:64bit: - [2010-03-22 10:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010-01-27 09:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
    DRV:64bit: - [2009-12-22 01:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV:64bit: - [2009-11-20 12:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2009-11-20 12:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2009-10-07 11:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009-10-07 11:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009-05-05 02:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
    DRV:64bit: - [2008-09-22 23:24:00 | 000,050,176 | ---- | M] (Todos Data System AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\shbecr.sys -- (Tdsshbecr)
    DRV:64bit: - [2008-05-15 01:28:00 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF)
    DRV:64bit: - [2007-10-30 08:59:30 | 000,028,672 | ---- | M] (Todos Data System AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nordecr.sys -- (TdsNordecr)
    DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1014158507-211808931-2538166200-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-1014158507-211808931-2538166200-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv-SE
    IE - HKU\S-1-5-21-1014158507-211808931-2538166200-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C D7 E3 CE 88 B6 CD 01 [binary data]
    IE - HKU\S-1-5-21-1014158507-211808931-2538166200-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKU\S-1-5-21-1014158507-211808931-2538166200-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1014158507-211808931-2538166200-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...1060a92194c&lang=en&ds=AVG&pr=pr&d=2012-10-30 08:50:46&v=13.2.0.4&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-1014158507-211808931-2538166200-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
    FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid={...1060a92194c&lang=en&ds=AVG&pr=pr&d=2012-10-30 08:50:46&v=13.2.0.4&sap=ku&q="
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program Files (x86)\Personal\bin\np_prsnl.dll (Technology Nexus AB)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.4 [2012-10-30 08:50:52 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-09-30 23:19:17 | 000,000,000 | ---D | M]

    [2012-10-02 21:01:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kristina\AppData\Roaming\mozilla\Extensions
    [2012-09-30 23:19:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
    [2012-09-06 02:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012-10-30 08:50:44 | 000,003,544 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
    [2012-09-06 02:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012-09-06 02:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage:
    CHR - default_search_provider: AVG Secure Search (Enabled)
    CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={...1060a92194c&lang=en&ds=AVG&pr=pr&d=2012-10-30 08:50:46&v=13.2.0.4&sap=dsp&q={searchTerms}
    CHR - default_search_provider: suggest_url =
    CHR - homepage:
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: S\u00F6k p\u00E5 Google = C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: AVG Secure Search = C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.4_0\
    CHR - Extension: AVG Secure Search = C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.4_0\.bak
    CHR - Extension: Gmail = C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012-10-30 08:35:41 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll ()
    O3 - HKU\S-1-5-21-1014158507-211808931-2538166200-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
    O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
    O4 - HKLM..\Run: [ROC_roc_ssl_v12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe ()
    O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
    O4 - HKU\S-1-5-21-1014158507-211808931-2538166200-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-1014158507-211808931-2538166200-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
    O4 - HKU\S-1-5-21-1014158507-211808931-2538166200-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1014158507-211808931-2538166200-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1014158507-211808931-2538166200-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1014158507-211808931-2538166200-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-1014158507-211808931-2538166200-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8:64bit: - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CD21730-B2CE-47A3-932F-02ADD69E4B05}: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
    O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011-04-12 10:38:58 | 000,000,122 | R--- | M] () - D:\autorun.inf -- [ UDF ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2013\avgrsa.exe /sync /restart)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
  15. Dadajmond

    Dadajmond Newcomer, in training Topic Starter Posts: 38

    OTL log part 2 of 2:

    ========== Files/Folders - Created Within 30 Days ==========

    [2012-10-30 19:17:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kristina\Desktop\OTL.exe
    [2012-10-30 08:53:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2012-10-30 08:51:32 | 000,000,000 | ---D | C] -- C:\Users\Kristina\AppData\Roaming\AVG2013
    [2012-10-30 08:50:56 | 000,000,000 | ---D | C] -- C:\Users\Kristina\AppData\Local\AVG Secure Search
    [2012-10-30 08:50:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
    [2012-10-30 08:50:45 | 000,030,568 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
    [2012-10-30 08:50:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
    [2012-10-30 08:50:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
    [2012-10-30 08:49:45 | 000,000,000 | -H-D | C] -- C:\$AVG
    [2012-10-30 08:49:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
    [2012-10-30 08:48:41 | 000,000,000 | ---D | C] -- C:\Users\Kristina\AppData\Local\Avg2013
    [2012-10-30 08:47:17 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012-10-30 08:47:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012-10-30 08:47:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012-10-30 08:47:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012-10-30 08:45:56 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Desktop\AVG Internet Security 2013 13.0 Build 2677a5774 incl.Serial-Gh0st
    [2012-10-30 08:38:40 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012-10-30 08:35:42 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012-10-30 07:27:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012-10-30 07:27:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012-10-30 07:27:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012-10-30 07:21:16 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012-10-30 07:20:46 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012-10-30 07:18:46 | 004,990,780 | R--- | C] (Swearware) -- C:\Users\Kristina\Desktop\ComboFix.exe
    [2012-10-29 22:38:01 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Kristina\Desktop\aswMBR.exe
    [2012-10-29 22:36:51 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012-10-29 22:35:18 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kristina\Desktop\TDSSKiller.exe
    [2012-10-29 22:31:20 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Desktop\RK_Quarantine
    [2012-10-29 21:52:55 | 000,687,724 | R--- | C] (Swearware) -- C:\Users\Kristina\Desktop\dds.com
    [2012-10-29 14:36:32 | 000,000,000 | ---D | C] -- C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
    [2012-10-29 14:36:32 | 000,000,000 | ---D | C] -- C:\Users\Kristina\AppData\Local\Apps
    [2012-10-29 13:20:53 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Desktop\AVG PC Tuneup 2011 10.0.0.20 Final + Crack [xk3nvel0x]
    [2012-10-29 13:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
    [2012-10-29 13:15:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
    [2012-10-29 12:55:39 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Desktop\Avg 2013 Keygen
    [2012-10-29 12:52:30 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Desktop\clean
    [2012-10-29 12:03:48 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Desktop\jobb
    [2012-10-27 22:28:33 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2012-10-27 16:06:13 | 000,000,000 | ---D | C] -- C:\Users\Kristina\AppData\Roaming\TestApp
    [2012-10-27 16:04:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
    [2012-10-27 16:04:42 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2012-10-27 16:04:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
    [2012-10-27 11:13:29 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2012-10-27 06:43:02 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Desktop\avg_arl_ffi_all_120_120823a5350
    [2012-10-26 22:28:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2012-10-26 22:28:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
    [2012-10-26 22:21:29 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Desktop\Malwarebytes Anti-Malware v1.60.0.1800 Final Incl. Keygen
    [2012-10-26 22:16:15 | 000,000,000 | ---D | C] -- C:\Users\Kristina\AppData\Roaming\Malwarebytes
    [2012-10-26 22:15:48 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Desktop\SpyBot+Search+Destroy+1.6.0.30+Fina
    [2012-10-26 22:15:16 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Desktop\Malwarebytes Anti-Malware PRO 1.65.0.1400 - Final - FULL with Key [h33t][iahq76]
    [2012-10-26 21:53:40 | 000,000,000 | ---D | C] -- C:\FRST
    [2012-10-26 19:34:37 | 000,000,000 | ---D | C] -- C:\Users\Kristina\AppData\Local\FLT
    [2012-10-26 19:17:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Catalyst
    [2012-10-26 18:35:24 | 000,000,000 | ---D | C] -- C:\Users\Kristina\AppData\Local\Programs
    [2012-10-23 10:49:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Handelsbanken kortläsare
    [2012-10-23 10:49:08 | 000,000,000 | ---D | C] -- C:\Users\Kristina\AppData\Roaming\InstallShield
    [2012-10-23 10:35:25 | 000,000,000 | ---D | C] -- C:\Users\Kristina\AppData\Roaming\Personal
    [2012-10-23 10:35:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BankID säkerhetsprogram
    [2012-10-23 10:35:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Personal
    [2012-10-21 18:55:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2012-10-21 18:55:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
    [2012-10-21 18:55:06 | 000,000,000 | ---D | C] -- C:\Users\Kristina\AppData\Local\Google
    [2012-10-18 10:09:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IZArc
    [2012-10-18 10:09:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IZArc
    [2012-10-18 10:06:22 | 000,000,000 | ---D | C] -- C:\Users\Kristina\AppData\Local\jZip
    [2012-10-18 10:06:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\jZip
    [2012-10-18 09:54:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    [2012-10-18 09:54:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
    [2012-10-18 09:24:19 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Tracing
    [2012-10-17 21:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
    [2012-10-17 21:02:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
    [2012-10-17 21:00:36 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
    [2012-10-17 21:00:32 | 000,000,000 | ---D | C] -- C:\Users\Kristina\AppData\Roaming\DAEMON Tools Lite
    [2012-10-17 21:00:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
    [2012-10-17 20:59:50 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
    [2012-10-13 12:31:58 | 000,000,000 | ---D | C] -- C:\Users\Kristina\AppData\Local\Adobe
    [2012-10-05 18:41:10 | 000,000,000 | ---D | C] -- C:\Users\Kristina\AppData\Roaming\vlc
    [2012-10-05 03:26:22 | 000,111,456 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
    [2012-10-03 21:49:23 | 000,000,000 | ---D | C] -- C:\Users\Kristina\AppData\Roaming\NVIDIA
    [2012-10-03 21:48:24 | 000,000,000 | ---D | C] -- C:\Users\Kristina\AppData\Roaming\Frogwares
    [2012-10-03 21:02:07 | 000,000,000 | ---D | C] -- C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    [2012-10-03 20:57:09 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\Guild Wars 2
    [2012-10-03 19:42:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
    [2012-10-03 19:41:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
    [2012-10-03 19:29:18 | 001,924,096 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athurx.sys
    [2012-10-03 19:29:18 | 000,025,056 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\SCMNdisP.sys
    [2012-10-03 19:29:17 | 000,026,624 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\jswpslwfx.sys
    [2012-10-03 19:29:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNA1100 Genie
    [2012-10-03 19:29:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NETGEAR
    [2012-10-03 19:18:52 | 000,000,000 | ---D | C] -- C:\Users\Kristina\AppData\Local\Diagnostics
    [2012-10-03 17:55:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
    [2012-10-03 17:54:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
    [2012-10-03 17:54:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
    [2012-10-03 17:54:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
    [2012-10-03 17:53:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
    [2012-10-03 17:52:54 | 000,000,000 | ---D | C] -- C:\Users\Kristina\AppData\Local\Microsoft Help
    [2012-10-03 17:52:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
    [2012-10-03 17:52:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
    [2012-10-03 17:52:22 | 000,000,000 | R--D | C] -- C:\MSOCache
    [2012-10-03 17:49:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
    [2012-10-03 17:38:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    [2012-10-03 17:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
    [2012-10-03 17:37:59 | 000,000,000 | ---D | C] -- C:\temp
    [2012-10-03 17:35:59 | 000,000,000 | ---D | C] -- C:\NVIDIA
    [2012-10-02 22:42:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer
    [2012-10-02 22:42:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\sv-SE
    [2012-10-02 22:42:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\sv
    [2012-10-02 22:42:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\sv-SE
    [2012-10-02 22:42:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\sv
    [2012-10-02 22:42:08 | 000,000,000 | ---D | C] -- C:\Windows\sv-SE
    [2012-10-02 22:41:45 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\sv-SE\pscr.sys.mui
    [2012-10-02 22:41:32 | 000,010,752 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\sv-SE\BrSerId.sys.mui
    [2012-10-02 22:41:32 | 000,010,752 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\sv-SE\BrSerIb.sys.mui
    [2012-10-02 22:41:29 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\sv-SE\BrParwdm.sys.mui
    [2012-10-02 21:56:54 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
    [2012-10-02 21:56:48 | 000,000,000 | ---D | C] -- C:\Program Files\GIGABYTE
    [2012-10-02 21:56:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIGABYTE
    [2012-10-02 21:55:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NEC Electronics
    [2012-10-02 21:55:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NEC Electronics
    [2012-10-02 21:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
    [2012-10-02 21:54:54 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
    [2012-10-02 21:54:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
    [2012-10-02 21:54:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
    [2012-10-02 21:54:03 | 001,976,944 | R--- | C] (Gigabyte Technology Corp.) -- C:\Windows\SysWow64\xRaidSetup.exe
    [2012-10-02 21:53:59 | 000,000,000 | ---D | C] -- C:\RaidTool
    [2012-10-02 21:53:13 | 000,000,000 | ---D | C] -- C:\Windows\RaidTool
    [2012-10-02 21:52:10 | 000,347,680 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
    [2012-10-02 21:28:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
    [2012-10-02 21:28:45 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
    [2012-10-02 21:28:26 | 002,719,504 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
    [2012-10-02 21:28:24 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
    [2012-10-02 21:28:24 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
    [2012-10-02 21:28:23 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
    [2012-10-02 21:28:23 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
    [2012-10-02 21:28:13 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
    [2012-10-02 21:28:13 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
    [2012-10-02 21:28:12 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
    [2012-10-02 21:28:12 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
    [2012-10-02 21:28:10 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
    [2012-10-02 21:28:10 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
    [2012-10-02 21:28:05 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
    [2012-10-02 21:28:04 | 000,325,904 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
    [2012-10-02 21:28:00 | 000,331,168 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
    [2012-10-02 21:27:59 | 000,489,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
    [2012-10-02 21:27:59 | 000,474,896 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
    [2012-10-02 21:27:58 | 001,325,328 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
    [2012-10-02 21:27:58 | 001,178,384 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
    [2012-10-02 21:27:57 | 000,315,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
    [2012-10-02 21:27:57 | 000,268,560 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
    [2012-10-02 21:27:56 | 000,265,488 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
    [2012-10-02 21:27:56 | 000,123,664 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
    [2012-10-02 21:27:56 | 000,123,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
    [2012-10-02 21:27:56 | 000,122,128 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
    [2012-10-02 21:27:55 | 001,110,800 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
    [2012-10-02 21:27:55 | 000,504,592 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
    [2012-10-02 21:27:52 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
    [2012-10-02 21:27:52 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
    [2012-10-02 21:27:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
    [2012-10-02 21:27:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
    [2012-10-02 21:22:53 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\Alpha Protocol
    [2012-10-02 21:22:44 | 000,000,000 | R--D | C] -- C:\Users\Kristina\Documents\Mina videoklipp
    [2012-10-02 21:22:44 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\Venetica
    [2012-10-02 21:22:44 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\My Digital Editions
    [2012-10-02 21:22:44 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\Drakensang_TRoT
    [2012-10-02 21:22:43 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\Tomb of the Lost Queen
    [2012-10-02 21:22:43 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\Might & Magic Heroes VI
    [2012-10-02 21:22:43 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\gothic3
    [2012-10-02 21:22:43 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\A Stroke Of Fate
    [2012-10-02 21:22:42 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\NCIS
    [2012-10-02 21:03:02 | 000,000,000 | ---D | C] -- C:\Users\Kristina\AppData\Roaming\Macromedia
    [2012-10-02 21:03:02 | 000,000,000 | ---D | C] -- C:\Users\Kristina\AppData\Local\Macromedia
    [2012-10-02 21:03:02 | 000,000,000 | ---D | C] -- C:\Users\Kristina\AppData\Roaming\Adobe
    [2012-10-02 21:01:25 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\Hämtade filer
    [2012-10-02 21:01:20 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\My Saved Games
    [2012-10-02 21:01:19 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\The Learning Company
    [2012-10-02 21:01:19 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\Remedy
    [2012-10-02 21:01:19 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\AVS4YOU
    [2012-10-02 21:01:19 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\ALI213
    [2012-10-02 21:01:18 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\Settlers7
    [2012-10-02 21:01:12 | 000,000,000 | ---D | C] -- C:\Users\Kristina\AppData\Roaming\Mozilla
    [2012-10-02 21:01:12 | 000,000,000 | ---D | C] -- C:\Users\Kristina\AppData\Local\Mozilla
    [2012-10-02 18:16:30 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\Downloads
    [2012-10-02 18:16:29 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\Secret Files 3
    [2012-10-02 18:16:21 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\PCSX2
    [2012-10-02 18:16:21 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\Games for Windows - LIVE Demos
    [2012-10-02 18:16:20 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\Dracula 3 Part 2
    [2012-10-02 18:16:20 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\Book of Unwritten Tales
    [2012-10-02 18:16:19 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\HeroBlade Logs
    [2012-10-02 18:16:19 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\FLiNGTrainer
    [2012-10-02 18:16:19 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\Dracula 3 Part 1
    [2012-10-02 18:16:19 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\Alibi in Ashes
    [2012-10-02 18:16:18 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\Trail of the Twister
    [2012-10-02 18:16:17 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\The Captive Curse
    [2012-10-02 18:16:17 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\Game of Thrones
    [2012-10-02 18:15:31 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\Witcher 2
    [2012-10-02 18:11:57 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\GOG.com Downloads
    [2012-10-02 18:11:53 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\Rockstar Games
    [2012-10-02 18:07:58 | 000,000,000 | R--D | C] -- C:\Users\Kristina\Documents\Min musik
    [2012-10-02 18:07:58 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\Carol Reed - Amber's Blood
    [2012-10-02 18:07:53 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\Telltale Games
    [2012-10-02 18:07:43 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\Mina mottagna filer
    [2012-10-02 18:07:38 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\ArcaniA - Gothic 4
    [2012-10-02 18:07:21 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\CaseBook
    [2012-10-02 18:07:20 | 000,000,000 | -H-D | C] -- C:\Users\Kristina\Documents\Runes of Magic
    [2012-10-02 18:06:13 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\Solar Fire User Files
    [2012-10-02 18:06:13 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\Leawo
    [2012-10-02 18:06:12 | 000,000,000 | R--D | C] -- C:\Users\Kristina\Documents\Mina bilder
    [2012-10-02 18:06:12 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\NBGI
    [2012-10-02 18:06:00 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\BlackMirrorIII
    [2012-10-02 18:05:59 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\Duke Nukem Forever
    [2012-10-02 18:05:59 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\Diablo III
    [2012-10-02 18:05:58 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\My eBooks
    [2012-10-02 18:05:52 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\Spiderweb Software
    [2012-10-02 18:05:06 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\TuneClone
    [2012-10-02 18:05:06 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\Solar Fire Demo User Files
    [2012-10-02 18:04:55 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\Drakensang
    [2012-10-02 18:04:05 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\My Games
    [2012-10-02 18:03:38 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Documents\BioWare
    [2012-10-02 17:50:54 | 000,000,000 | ---D | C] -- C:\Spara
    [2012-10-02 17:50:41 | 000,000,000 | ---D | C] -- C:\Users\Kristina\Desktop\Shortcuts
    [2012-10-02 17:50:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
    [2012-10-02 17:49:52 | 000,000,000 | R--D | C] -- C:\Users\Kristina\Favoriter
    [2012-10-02 17:49:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
    [2012-10-02 17:19:12 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
    [2012-10-02 17:19:05 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
    [2012-10-02 17:02:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    [2012-10-02 17:01:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
    [2012-10-02 17:01:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
    [2012-10-02 03:30:38 | 000,185,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
    [2012-10-01 03:40:00 | 000,000,000 | ---D | C] -- C:\Users\Kristina\AppData\Roaming\Skype
    [2012-10-01 03:35:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
    [2012-10-01 03:35:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
    [2012-10-01 03:15:09 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
    [2012-10-01 03:15:05 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
    [2012-10-01 03:15:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
    [2012-10-01 00:29:34 | 000,000,000 | -HSD | C] -- C:\System Volume Information
    [2012-10-01 00:28:29 | 000,000,000 | ---D | C] -- C:\Windows\Panther
    [2012-09-30 23:40:17 | 000,000,000 | ---D | C] -- C:\Users\Kristina\AppData\Roaming\TuneUp Software
    [2012-09-30 23:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
    [2012-09-30 23:37:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
    [2012-09-30 23:37:06 | 000,000,000 | ---D | C] -- C:\Users\Kristina\AppData\Local\MFAData
    [2012-09-30 23:37:06 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2012-09-30 23:35:20 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
    [2012-09-30 23:35:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
    [2012-09-30 23:31:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
    [2012-09-30 23:23:17 | 000,000,000 | ---D | C] -- C:\Users\Kristina\AppData\Local\Windows Live
    [2012-09-30 23:23:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
    [2012-09-30 23:21:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
    [2012-09-30 23:21:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
    [2012-09-30 23:21:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
    [2012-09-30 23:20:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    [2012-09-30 23:20:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
    [2012-09-30 23:19:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
    [2012-09-30 23:19:58 | 000,000,000 | ---D | C] -- C:\Users\Kristina\AppData\Roaming\WinRAR
    [2012-09-30 23:19:58 | 000,000,000 | ---D | C] -- C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2012-09-30 23:19:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2012-09-30 23:19:57 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
    [2012-09-30 23:19:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
    [2012-09-30 23:19:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
    [2012-09-30 23:19:49 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
    [2012-09-30 23:19:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
    [2012-09-30 23:19:35 | 000,000,000 | ---D | C] -- C:\Users\Kristina\AppData\Roaming\uTorrent
    [2012-09-30 23:19:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
    [2012-09-30 23:19:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
    [2012-09-30 23:19:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
    [2012-09-30 23:19:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2012-09-30 23:19:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

    ========== Files - Modified Within 30 Days ==========

    [2012-10-30 19:17:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kristina\Desktop\OTL.exe
    [2012-10-30 19:02:58 | 000,000,994 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012-10-30 19:01:32 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012-10-30 19:01:32 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012-10-30 19:00:00 | 000,000,998 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012-10-30 18:58:36 | 001,573,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012-10-30 18:58:36 | 000,661,494 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat
    [2012-10-30 18:58:36 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012-10-30 18:58:36 | 000,141,296 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat
    [2012-10-30 18:58:36 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012-10-30 18:54:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012-10-30 18:54:15 | 3219,296,256 | -HS- | M] () -- C:\hiberfil.sys
    [2012-10-30 12:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012-10-30 08:59:12 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012-10-30 08:53:33 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
    [2012-10-30 08:50:43 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
    [2012-10-30 08:35:41 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012-10-30 07:18:48 | 004,990,780 | R--- | M] (Swearware) -- C:\Users\Kristina\Desktop\ComboFix.exe
    [2012-10-29 22:51:28 | 000,000,512 | ---- | M] () -- C:\Users\Kristina\Desktop\MBR.dat
    [2012-10-29 22:38:07 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Kristina\Desktop\aswMBR.exe
    [2012-10-29 22:34:23 | 000,000,820 | ---- | M] () -- C:\Users\Kristina\Desktop\tdsskiller.zip
    [2012-10-29 22:30:56 | 001,584,640 | ---- | M] () -- C:\Users\Kristina\Desktop\RogueKiller.exe
    [2012-10-29 21:52:55 | 000,687,724 | R--- | M] (Swearware) -- C:\Users\Kristina\Desktop\dds.com
    [2012-10-29 14:36:33 | 000,002,536 | ---- | M] () -- C:\Users\Kristina\Desktop\Windows 7 USB DVD Download Tool.lnk
    [2012-10-27 22:27:54 | 232,482,615 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012-10-26 19:17:10 | 000,001,060 | ---- | M] () -- C:\Users\Kristina\Desktop\King`s Bounty - Warriors of the North.lnk
    [2012-10-23 10:35:22 | 000,001,165 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BankID säkerhetsprogram.lnk
    [2012-10-18 10:06:30 | 000,001,003 | ---- | M] () -- C:\Users\Kristina\Application Data\Microsoft\Internet Explorer\Quick Launch\jZip.lnk
    [2012-10-17 21:12:11 | 000,000,491 | ---- | M] () -- C:\Users\Public\Desktop\Secret Files 3.lnk
    [2012-10-17 21:05:28 | 000,000,493 | ---- | M] () -- C:\Users\Public\Desktop\Torchlight II.lnk
    [2012-10-17 21:00:36 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
    [2012-10-12 17:27:22 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kristina\Desktop\TDSSKiller.exe
    [2012-10-05 03:26:22 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
    [2012-10-04 05:57:22 | 000,412,048 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012-10-03 19:29:14 | 000,000,908 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Genie.lnk
    [2012-10-02 22:41:57 | 000,294,764 | ---- | M] () -- C:\Windows\SysNative\perfi01D.dat
    [2012-10-02 22:41:57 | 000,037,052 | ---- | M] () -- C:\Windows\SysNative\perfd01D.dat
    [2012-10-02 22:41:45 | 000,004,096 | ---- | M] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\sv-SE\pscr.sys.mui
    [2012-10-02 22:41:32 | 000,010,752 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\sv-SE\BrSerId.sys.mui
    [2012-10-02 22:41:32 | 000,010,752 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\sv-SE\BrSerIb.sys.mui
    [2012-10-02 22:41:29 | 000,002,560 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\sv-SE\BrParwdm.sys.mui
    [2012-10-02 22:37:20 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2012-10-02 21:50:33 | 000,000,010 | ---- | M] () -- C:\Windows\GSetup.ini
    [2012-10-02 16:58:47 | 000,000,000 | -H-- | M] () -- C:\Users\Kristina\Documents\Default.rdp
    [2012-10-02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
    [2012-10-01 03:39:37 | 000,001,437 | ---- | M] () -- C:\Users\Kristina\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012-10-01 02:47:40 | 000,763,958 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012-10-01 02:25:24 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
    [2012-10-01 02:25:21 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
    [2012-09-30 23:19:46 | 000,000,967 | ---- | M] () -- C:\Users\Kristina\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk

    ========== Files Created - No Company Name ==========

    [2012-10-30 08:50:53 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
    [2012-10-30 07:27:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012-10-30 07:27:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012-10-30 07:27:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012-10-30 07:27:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012-10-30 07:27:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012-10-29 22:51:28 | 000,000,512 | ---- | C] () -- C:\Users\Kristina\Desktop\MBR.dat
    [2012-10-29 22:34:22 | 000,000,820 | ---- | C] () -- C:\Users\Kristina\Desktop\tdsskiller.zip
    [2012-10-29 22:30:54 | 001,584,640 | ---- | C] () -- C:\Users\Kristina\Desktop\RogueKiller.exe
    [2012-10-29 21:08:33 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012-10-29 14:36:33 | 000,002,536 | ---- | C] () -- C:\Users\Kristina\Desktop\Windows 7 USB DVD Download Tool.lnk
    [2012-10-27 22:27:54 | 232,482,615 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2012-10-26 19:17:10 | 000,001,060 | ---- | C] () -- C:\Users\Kristina\Desktop\King`s Bounty - Warriors of the North.lnk
    [2012-10-23 10:35:22 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BankID säkerhetsprogram.lnk
    [2012-10-21 18:55:11 | 000,000,998 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012-10-21 18:55:11 | 000,000,994 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012-10-18 10:06:30 | 000,001,009 | ---- | C] () -- C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk
    [2012-10-18 10:06:30 | 000,001,003 | ---- | C] () -- C:\Users\Kristina\Application Data\Microsoft\Internet Explorer\Quick Launch\jZip.lnk
    [2012-10-17 21:12:11 | 000,000,491 | ---- | C] () -- C:\Users\Public\Desktop\Secret Files 3.lnk
    [2012-10-17 21:12:11 | 000,000,491 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secret Files 3.lnk
    [2012-10-17 21:05:28 | 000,000,493 | ---- | C] () -- C:\Users\Public\Desktop\Torchlight II.lnk
    [2012-10-17 21:05:28 | 000,000,493 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Torchlight II.lnk
    [2012-10-03 19:29:14 | 000,000,908 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Genie.lnk
    [2012-10-03 17:38:18 | 003,487,434 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
    [2012-10-02 22:42:55 | 000,294,764 | ---- | C] () -- C:\Windows\SysNative\perfi01D.dat
    [2012-10-02 22:42:54 | 000,661,494 | ---- | C] () -- C:\Windows\SysNative\perfh01D.dat
    [2012-10-02 22:42:54 | 000,141,296 | ---- | C] () -- C:\Windows\SysNative\perfc01D.dat
    [2012-10-02 22:42:54 | 000,037,052 | ---- | C] () -- C:\Windows\SysNative\perfd01D.dat
    [2012-10-02 22:37:20 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2012-10-02 21:56:48 | 000,031,272 | ---- | C] () -- C:\Windows\SysNative\AppleChargerSrv.exe
    [2012-10-02 21:56:48 | 000,021,544 | ---- | C] () -- C:\Windows\SysNative\drivers\AppleCharger.sys
    [2012-10-02 21:54:02 | 000,072,304 | R--- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe
    [2012-10-02 21:52:10 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
    [2012-10-02 21:26:36 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
    [2012-10-02 18:03:36 | 031,295,944 | ---- | C] () -- C:\Users\Kristina\Documents\yesterday-en-update-101.exe
    [2012-10-02 17:49:55 | 000,000,104 | ---- | C] () -- C:\Users\Kristina\Desktop\Genväg till Den här datorn.lnk
    [2012-10-02 17:19:44 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
    [2012-10-02 17:18:58 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
    [2012-10-02 17:18:55 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
    [2012-10-02 17:18:55 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
    [2012-10-02 17:18:50 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc
    [2012-10-02 17:18:50 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
    [2012-10-02 16:58:47 | 000,000,000 | -H-- | C] () -- C:\Users\Kristina\Documents\Default.rdp
    [2012-10-01 02:25:24 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
    [2012-10-01 02:25:21 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
    [2012-09-30 23:36:00 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
    [2012-09-30 23:34:20 | 000,763,958 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012-09-30 23:21:52 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    [2012-09-30 23:19:46 | 000,000,967 | ---- | C] () -- C:\Users\Kristina\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
    [2012-09-30 23:19:27 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012-09-30 23:19:21 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2012-09-30 23:17:37 | 000,001,437 | ---- | C] () -- C:\Users\Kristina\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012-08-30 09:40:14 | 000,429,416 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

    ========== ZeroAccess Check ==========

    [2012-10-29 22:32:13 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{15265e7a-c324-1e76-a261-d8fd3cb2775c}\U
    [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012-10-13 12:39:07 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
    [2012-10-13 12:39:07 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
    [2012-10-30 08:51:32 | 000,000,000 | ---D | M] -- C:\Users\Kristina\AppData\Roaming\AVG2013
    [2012-10-28 08:26:13 | 000,000,000 | ---D | M] -- C:\Users\Kristina\AppData\Roaming\DAEMON Tools Lite
    [2012-10-28 08:26:13 | 000,000,000 | ---D | M] -- C:\Users\Kristina\AppData\Roaming\Frogwares
    [2012-10-28 08:26:13 | 000,000,000 | ---D | M] -- C:\Users\Kristina\AppData\Roaming\Personal
    [2012-10-27 16:06:13 | 000,000,000 | ---D | M] -- C:\Users\Kristina\AppData\Roaming\TestApp
    [2012-09-30 23:40:17 | 000,000,000 | ---D | M] -- C:\Users\Kristina\AppData\Roaming\TuneUp Software
    [2012-10-30 11:21:12 | 000,000,000 | ---D | M] -- C:\Users\Kristina\AppData\Roaming\uTorrent

    ========== Purity Check ==========



    < End of report >
  16. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3 - HKU\S-1-5-21-1014158507-211808931-2538166200-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
      O4 - HKU\S-1-5-21-1014158507-211808931-2538166200-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O8:64bit: - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
      O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
      [2012-10-26 21:53:40 | 000,000,000 | ---D | C] -- C:\FRST
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ======================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  17. Dadajmond

    Dadajmond Newcomer, in training Topic Starter Posts: 38

    Thank you, I will go ahead and do this as soon as I have time, altho that will be in about four hours :p (im a stay at home mom with a one year old ;)
  18. Dadajmond

    Dadajmond Newcomer, in training Topic Starter Posts: 38

    OTL LOG:

    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\S-1-5-21-1014158507-211808931-2538166200-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-1014158507-211808931-2538166200-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xportera till Microsoft Excel\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xportera till Microsoft Excel\ not found.
    C:\FRST\Quarantine folder moved successfully.
    C:\FRST\Logs folder moved successfully.
    C:\FRST\Hives folder moved successfully.
    C:\FRST folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 402 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Kristina
    ->Temp folder emptied: 43727902 bytes
    ->Temporary Internet Files folder emptied: 13699718 bytes
    ->FireFox cache emptied: 1121631306 bytes
    ->Google Chrome cache emptied: 292230679 bytes
    ->Flash cache emptied: 492 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 402 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 287973 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46424151 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1 448,00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Kristina

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 0,00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Kristina
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser

    Total Flash Files Cleaned = 0,00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 10312012_114017

    Files\Folders moved on Reboot...
    C:\Users\Kristina\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.
    C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.
    C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.
    C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.
    C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  19. Dadajmond

    Dadajmond Newcomer, in training Topic Starter Posts: 38

    Security check log:

    Results of screen317's Security Check version 0.99.54
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    AVG Internet Security 2013
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.1.1000
    Adobe Flash Player 11.4.402.287
    Adobe Reader X (10.1.4)
    Mozilla Firefox 15.0.1 Firefox out of Date!
    Google Chrome 22.0.1229.94
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    AVG avgwdsvc.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0
    ````````````````````End of Log``````````````````````
  20. Dadajmond

    Dadajmond Newcomer, in training Topic Starter Posts: 38

    FSS log:

    Farbar Service Scanner Version: 27-10-2012
    Ran by Kristina (administrator) on 31-10-2012 at 11:52:31
    Running from "C:\Users\Kristina\Downloads"
    Microsoft Windows 7 Professional Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
  21. Dadajmond

    Dadajmond Newcomer, in training Topic Starter Posts: 38

    ADWcleaner log file:

    # AdwCleaner v2.006 - Logfile created 10/31/2012 at 11:54:10
    # Updated 30/10/2012 by Xplode
    # Operating system : Windows 7 Professional Service Pack 1 (64 bits)
    # User : Kristina - KRISTINA-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Kristina\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
    Folder Deleted : C:\Program Files (x86)\AVG Secure Search
    Folder Deleted : C:\ProgramData\AVG Secure Search
    Folder Deleted : C:\Users\Kristina\AppData\Local\AVG Secure Search
    Folder Deleted : C:\Users\Kristina\AppData\LocalLow\AVG Secure Search

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software
    Key Deleted : HKCU\Software\AVG Secure Search
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\S
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    [OK] Registry is clean.

    -\\ Mozilla Firefox v15.0.1 (en-US)

    Profile name : default
    File : C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\kehqrjrq.default\prefs.js

    Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
    Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
    Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={75A92222-4BC5-4B73-9F76-BAC8E76E335F}&m[...]

    -\\ Google Chrome v [Unable to get version]

    File : C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.31] : icon_url = "hxxp://isearch.avg.com/favicon.ico",
    Deleted [l.34] : keyword = "isearch.avg.com",
    Deleted [l.37] : search_url = "hxxp://isearch.avg.com/search?cid={75A92222-4BC5-4B73-9F76-BAC8E76E335F}&mid=8b1759fc3d5247d0b075cd2623d3ad84-6980d374a3f8e4a571d08a365bf2b1060a92194c&lang=en&ds=AVG&pr=pr&d=2012-10-30 08:50:46&v=13.2.0.4&sap=dsp&q={searchTerms}",

    *************************

    AdwCleaner[S1].txt - [5730 octets] - [31/10/2012 11:54:10]

    ########## EOF - C:\AdwCleaner[S1].txt - [5790 octets] ##########
  22. Dadajmond

    Dadajmond Newcomer, in training Topic Starter Posts: 38

    Temp file cleaner:

    Getting user folders.

    Stopping running processes.

    Emptying Temp folders.


    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Kristina
    ->Temp folder emptied: 35646 bytes
    ->Temporary Internet Files folder emptied: 33175 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 6590139 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 9686 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes

    Emptying RecycleBin. Do not interrupt.

    RecycleBin emptied: 0 bytes
    Process complete!

    Total Files Cleaned = 6,00 mb
  23. Dadajmond

    Dadajmond Newcomer, in training Topic Starter Posts: 38

    And finally the esetscan. it found and quarantined win64/patched.a....otherwise came up empty.

    C:\TDSSKiller_Quarantine\29.10.2012_22.35.52\zasubsys0000\file0000\tsk0000.dtaWin64/Patched.A.Gen trojandeleted - quarantined
  24. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    How is baby doing? :)

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    8. Run Temporary File Cleaner (TFC) weekly.

    9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    11. (Windows XP only) Run defrag at your convenience.

    12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    13. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    14. Please, let me know, how your computer is doing.
  25. Dadajmond

    Dadajmond Newcomer, in training Topic Starter Posts: 38

    OTL LOG:

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Kristina
    ->Temp folder emptied: 32128745 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 47933872 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 9514 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 14704213633 bytes

    Total Files Cleaned = 14 099,00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Kristina
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser

    Total Flash Files Cleaned = 0,00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Kristina

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 0,00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.69.0 log created on 11012012_210235

    Files\Folders moved on Reboot...
    C:\Users\Kristina\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.