TechSpot

Difficult, very deep virus infection on legitimate Win 7

By Lokalaskurar
Apr 10, 2011
  1. Hello there! The title is more or less self-explanatory. We (me and my brother) need help with a very virus-infected PC. Before helping me and my brother, Please Read my original post in the BSOD-support forum:

    Please read it fully!

    http://www.techspot.com/vb/topic162863.html

    Please, Do not continue beyond this point unless you've read my original post.

    It is mandatory, as it explains the origins of the problem.

    I have read and performed all of the requested steps in the preliminary virus-removal thread. Yet, the BSOD problem is still unsolved.

    The computer in question is the same Toshiba Satellite C650D as mentioned in my original BSOD-post. It it currently running Kaspersky antivirus protection.

    Note: the text written in "ALL-CAPS" is not shouting, I'm not trying to be rude :D

    --------------------------------------------------------------------

    I have compiled a full log during the 8-step malware-removal process:

    STEPS PERFORMED BEFORE I BEGAN READING ON THE MALWARE REMOVAL FORUM:

    NOTE: "Line A" and "Line B" might have occured in reversed order.
    I.e. "Line B" occured before "Line A."

    "Line A:" Ran avast! 5, full scan, ran for 5 hours, result: 8 files infected. Removed all errors, resulted in BSOD, computer rendered unbootable, restored system to previous state.

    "Line B:" Ran Panda, full scan, ran for 1 hour, result: 23 files infected, all "cured". BSOD's still occuring.

    ------------------------------
    BEGAN READING ON THE 8-STEP MALWARE REMOVAL THREAD:

    Step 1:

    Ran Kaspersky, latest version (free).
    Ran 4 hours, result: 0 files infected.

    Continued with the 8-step guide.


    Step 2:

    Ran TFC: completed in 2 minutes.
    ~7230MbB was "cleaned."
    Prompted to restart, pressed ok = wild BSOD appeared.
    Physical memory was successfully dumped to disk.

    Re-ran TFC:
    ~3MbB was "cleaned."
    Prompted to restart, pressed ok = yet another BSOD appeared.
    Physical memory was successfully dumped to disk.

    Rebooted successfully.


    Continued with guide anyway.


    Step 3:

    Installed Malwarebyte's Anti-Malware
    Updated program after installation from database #5363 to #6322.
    Ran quick scan: ~30.000 objects scanned, 33 objects infected.
    All ticked, requested MB. to remove all.
    "Some posts could not be removed" - prompted to restart.
    Saved log-file to desktop.
    Restarted computer.


    Step 4:
    Downloaded GMER. Disconnected from the Internet, closed all running programs.
    Disabled Kaspersky's active protection.
    Ran GMER, several files were scanned, nothing appeared in the white box, NONE of the boxes were tick-/de-tickable.
    Saved log to desktop, resulted in an empty file, 0 bytes.

    RE-ran GMER, several files were scanned, nothing appeared in the white box, NONE of the boxes were tick-/de-tickable.
    Saved log to desktop, resulted in an empty file, 0 bytes.

    Rebooted into Safe Mode (plain Safe Mode, no network, no CMD).

    Disabled Kaspersky again.

    RE-ran GMER, several files were scanned, nothing appeared in the white box, NONE of the boxes were tick-/de-tickable.
    Saved log to desktop, resulted in an empty file, 0 bytes.

    Continued anyway.

    (Computer rebooted very slowly, took 5 minutes before log-in screen to appear, normally this takes about 1 minute)


    Step 5:

    Disabled Kaspersky again, disconnected from the Internet.

    Downloaded DDS (using other PC), ran DDS. Resulted in BSOD after 5 seconds, physical memory dumped to disk successfully.
    Rebooted computer.

    Prompted to log-in, typed password, pressed Enter - resulted in immidient BSOD. (like those mentioned in my original post)
    Rebooted computer.

    Logged in succesfully this time.


    RE-ran DDS. Resulted in BSOD after 5 seconds, physical memory dumped to disk successfully.

    RE-ran DDS yet again. Ran for 35 seconds, several " ::: " did appear in DDS, resulted in BSOD yet again.

    Tried logging in, computer froze.
    Rebooted, tried logging in, computer froze again.

    Rebooted successfully.


    Continued anyway.


    /* 8-step Preliminary Removal Completed */

    Idle BSOD randomly appeared. Rebooted.


    FINAL:

    Malwarebyte's log follows:
    NOTE: I have translated the log-entries (Marked red) into English from Swedish (my brother's native tounge).

    (

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6322

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    2011-04-10 12:55:06
    mbam-log-2011-04-10 (12-55-06).txt

    Scan-type: Quick scan
    Number of scanned objects: 164702
    Elapsed time: 3 minute(s), 24 second(s)

    Infected memory-processes: 1
    Infected memory-modules: 0
    Infected registry keys: 12
    Infected registry values: 1
    Infected registry data-posts: 1
    Infected folders: 3
    Infected files: 15

    Infected memory-processes:
    c:\Windows\Temp\Rrs.exe (Trojan.FraudPack.Gen) -> 2680 -> Unloaded process successfully.

    Infected memory-modules:
    (No "evil" posts were discovered)


    Infected registry keys:
    HKEY_CLASSES_ROOT\CLSID\{10F31E8B-528B-41C8-B7E2-3534E4D5CBA0} (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\chkavwsqhst.chkavwsqhst.1.0 (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\chkavwsqhst.chkavwsqhst (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{C348BB9A-995C-404A-8185-76325B4BED9F} (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\adfavwsqpr.adfavwsqpr.1.0 (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\adfavwsqpr.adfavwsqpr (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C348BB9A-995C-404A-8185-76325B4BED9F} (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$XNTUninstall643$ (Adware.AdRotator) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{F96A7C1E-38CA-4F0A-9D2D-A42C226BCDC8} (Adware.AdRotator) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\brumavwsqgrm.brumavwsqgrm.1.0 (Adware.AdRotator) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\brumavwsqgrm.brumavwsqgrm (Adware.AdRotator) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F96A7C1E-38CA-4F0A-9D2D-A42C226BCDC8} (Adware.AdRotator) -> Quarantined and deleted successfully.

    Infected registry values:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bipro (Trojan.Agent.Gen) -> Value: bipro -> Quarantined and deleted successfully.

    Infected registry data-posts
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Spyware.Passwords.XGen) -> Bad: (mgxgfnkg.dll) Good: () -> Quarantined and deleted successfully.

    Infected folders:
    c:\program files (x86)\relevantknowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.
    c:\Windows\$xntuninstall643$ (Adware.AdRotator) -> Delete on reboot.

    Infected files:
    c:\Windows\Temp\Rrs.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
    c:\Windows\System32\mgxgfnkg.dll (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
    c:\Windows\SysWOW64\mgxgfnkg.dll (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
    c:\Users\CENSORED\AppData\Roaming\adddefaultvaluefordevicepathkey.reg (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
    c:\program files (x86)\Cmprssh0.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.
    c:\Windows\$xntuninstall643$\mbdwt.dll (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\about relevantknowledge.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\privacy policy and user license agreement.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\Support.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\uninstall instructions.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
    c:\Windows\$xntuninstall643$\apuninstall.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
    c:\Windows\$xntuninstall643$\xgoir.dll (Adware.AdRotator) -> Quarantined and deleted successfully.
    c:\Windows\$xntuninstall643$\zrpt.xml (Adware.AdRotator) -> Quarantined and deleted successfully.


    )

    GMER log is NOT pasted due to error mentioned above.
    DDS log is NOT pasted due to error mentioned above.


    So, where will we go from here?
    The BSOD's seem to keep occurring like nothing happened.

    We do have patience with this machine, but we do not own the Win 7 disc. There is no super-crucial data stored on this PC.


    We welcome all helpful advice!
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================================================

    Download BlueScreenView (in Zip file)
    No installation required.
    Unzip downloaded file and double click on BlueScreenView.exe file to run the program.
    When scanning is done, go Edit>Select All.
    Go File>Save Selected Items, and save the report as BSOD.txt.
    Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

    =====================================================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ===================================================================

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =====================================================================

    Please download Rootkit Unhooker from one of the following links and save it to your desktop.
    In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

    • Double-click on RKUnhookerLE.exe to start the program.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • Click the Report tab, then click Scan.
    • Check Drivers, Stealth, and uncheck the rest.
    • Click OK.
    • Wait until it's finished and then go to File > Save Report.
    • Save the report to your Desktop.
    • Copy and paste the contents of the report into your next reply.
    -- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
     
  3. Lokalaskurar

    Lokalaskurar TS Enthusiast Topic Starter Posts: 544

    Downloaded BlueScreenView.
    Ran the program, scan completed.

    BSOD appeared.
    Rebooted.

    Re-ran the program.
    Saved selected items (all) in file.

    Computer froze.
    Did not display an image on reboot.
    Rebooted successfully.

    BSOD.txt;
    (
    ==================================================
    Dump File : 041211-23821-01.dmp
    Crash Time : 2011-04-12 16:11:29
    Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x000000d1
    Parameter 1 : fffff880`0572d728
    Parameter 2 : 00000000`00000002
    Parameter 3 : 00000000`00000001
    Parameter 4 : fffff880`00c6f0e4
    Caused By Driver : ataport.SYS
    Caused By Address : ataport.SYS+130e4
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\041211-23821-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 275*000
    ==================================================

    ==================================================
    Dump File : 041111-23134-01.dmp
    Crash Time : 2011-04-11 21:45:25
    Bug Check String : ATTEMPTED_WRITE_TO_READONLY_MEMORY
    Bug Check Code : 0x000000be
    Parameter 1 : fffff880`011443b0
    Parameter 2 : 80000000`06dc5121
    Parameter 3 : fffff880`07144100
    Parameter 4 : 00000000`0000000b
    Caused By Driver : msrpc.sys
    Caused By Address : msrpc.sys+113b0
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\041111-23134-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 275*000
    ==================================================

    ==================================================
    Dump File : 041011-37845-01.dmp
    Crash Time : 2011-04-10 23:25:38
    Bug Check String : IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x0000000a
    Parameter 1 : ffffffff`ffffffff
    Parameter 2 : 00000000`00000002
    Parameter 3 : 00000000`00000001
    Parameter 4 : fffff800`034eb5b6
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+80640
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\041011-37845-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 274*944
    ==================================================

    ==================================================
    Dump File : 041011-37955-01.dmp
    Crash Time : 2011-04-10 23:21:14
    Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x000000d1
    Parameter 1 : 00000000`00000000
    Parameter 2 : 00000000`00000002
    Parameter 3 : 00000000`00000001
    Parameter 4 : fffff880`04d7d654
    Caused By Driver : mouclass.sys
    Caused By Address : mouclass.sys+4654
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\041011-37955-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 318*072
    ==================================================

    ==================================================
    Dump File : 041011-37705-01.dmp
    Crash Time : 2011-04-10 23:11:06
    Bug Check String : IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x0000000a
    Parameter 1 : 00000000`00000008
    Parameter 2 : 00000000`00000002
    Parameter 3 : 00000000`00000000
    Parameter 4 : fffff800`034aa194
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+80640
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\041011-37705-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 275*000
    ==================================================

    ==================================================
    Dump File : 041011-19609-01.dmp
    Crash Time : 2011-04-10 22:53:56
    Bug Check String : IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x0000000a
    Parameter 1 : 00000000`00000000
    Parameter 2 : 00000000`00000002
    Parameter 3 : 00000000`00000000
    Parameter 4 : fffff800`034e0015
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+80640
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\041011-19609-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 275*000
    ==================================================

    ==================================================
    Dump File : 041011-20514-01.dmp
    Crash Time : 2011-04-10 19:56:49
    Bug Check String : IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x0000000a
    Parameter 1 : 00000000`00000000
    Parameter 2 : 00000000`00000002
    Parameter 3 : 00000000`00000000
    Parameter 4 : fffff800`034a1194
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+80640
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\041011-20514-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 274*944
    ==================================================

    ==================================================
    Dump File : 041011-20904-01.dmp
    Crash Time : 2011-04-10 19:48:41
    Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x000000d1
    Parameter 1 : fffff880`04bf5418
    Parameter 2 : 00000000`00000002
    Parameter 3 : 00000000`00000001
    Parameter 4 : fffff880`00d890e4
    Caused By Driver : ataport.SYS
    Caused By Address : ataport.SYS+130e4
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\041011-20904-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 275*000
    ==================================================

    ==================================================
    Dump File : 041011-20623-01.dmp
    Crash Time : 2011-04-10 19:41:28
    Bug Check String : IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x0000000a
    Parameter 1 : 00000000`00000000
    Parameter 2 : 00000000`00000002
    Parameter 3 : 00000000`00000000
    Parameter 4 : fffff800`034e8015
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+80640
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\041011-20623-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 275*000
    ==================================================

    ==================================================
    Dump File : 041011-19874-01.dmp
    Crash Time : 2011-04-10 19:34:33
    Bug Check String : IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x0000000a
    Parameter 1 : 00000000`00000000
    Parameter 2 : 00000000`00000002
    Parameter 3 : 00000000`00000000
    Parameter 4 : fffff800`034fe015
    Caused By Driver : ataport.SYS
    Caused By Address : ataport.SYS+beaa
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\041011-19874-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 275*000
    ==================================================

    ==================================================
    Dump File : 041011-32760-01.dmp
    Crash Time : 2011-04-10 19:05:16
    Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x000000d1
    Parameter 1 : fffff880`033a2778
    Parameter 2 : 00000000`00000002
    Parameter 3 : 00000000`00000001
    Parameter 4 : fffff880`00c130e4
    Caused By Driver : ataport.SYS
    Caused By Address : ataport.SYS+130e4
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\041011-32760-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 275*000
    ==================================================

    ==================================================
    Dump File : 041011-35708-01.dmp
    Crash Time : 2011-04-10 18:53:41
    Bug Check String : IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x0000000a
    Parameter 1 : 00000674`00000794
    Parameter 2 : 00000000`00000002
    Parameter 3 : 00000000`00000001
    Parameter 4 : fffff800`034961a6
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+80640
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\041011-35708-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 275*000
    ==================================================

    ==================================================
    Dump File : 041011-33852-01.dmp
    Crash Time : 2011-04-10 18:51:34
    Bug Check String : IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x0000000a
    Parameter 1 : 00000000`00000000
    Parameter 2 : 00000000`00000002
    Parameter 3 : 00000000`00000000
    Parameter 4 : fffff800`034ec015
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+80640
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\041011-33852-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 275*000
    ==================================================

    ==================================================
    Dump File : 041011-33899-01.dmp
    Crash Time : 2011-04-10 18:32:52
    Bug Check String : IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x0000000a
    Parameter 1 : ffffe097`47479c7d
    Parameter 2 : 00000000`00000002
    Parameter 3 : 00000000`00000000
    Parameter 4 : fffff800`034e7015
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+80640
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\041011-33899-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 275*000
    ==================================================

    ==================================================
    Dump File : 041011-27112-01.dmp
    Crash Time : 2011-04-10 18:25:43
    Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x000000d1
    Parameter 1 : fffff880`05c9c418
    Parameter 2 : 00000000`00000002
    Parameter 3 : 00000000`00000001
    Parameter 4 : fffff880`00d850e4
    Caused By Driver : ataport.SYS
    Caused By Address : ataport.SYS+130e4
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\041011-27112-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 275*000
    ==================================================

    ==================================================
    Dump File : 041011-28392-01.dmp
    Crash Time : 2011-04-10 18:18:42
    Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x000000d1
    Parameter 1 : 00000000`00000000
    Parameter 2 : 00000000`00000002
    Parameter 3 : 00000000`00000001
    Parameter 4 : fffff880`051d0654
    Caused By Driver : mouclass.sys
    Caused By Address : mouclass.sys+4654
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\041011-28392-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 318*072
    ==================================================

    ==================================================
    Dump File : 041011-25459-01.dmp
    Crash Time : 2011-04-10 18:07:18
    Bug Check String : IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x0000000a
    Parameter 1 : 00000000`00000000
    Parameter 2 : 00000000`00000002
    Parameter 3 : 00000000`00000000
    Parameter 4 : fffff800`034fd015
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+80640
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\041011-25459-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 275*000
    ==================================================

    ==================================================
    Dump File : 041011-16270-01.dmp
    Crash Time : 2011-04-10 15:06:40
    Bug Check String : IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x0000000a
    Parameter 1 : 00000000`09b3000c
    Parameter 2 : 00000000`00000002
    Parameter 3 : 00000000`00000001
    Parameter 4 : fffff800`034f91a9
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+80640
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\041011-16270-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 275*000
    ==================================================

    ==================================================
    Dump File : 041011-16582-01.dmp
    Crash Time : 2011-04-10 13:43:06
    Bug Check String : KMODE_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x0000001e
    Parameter 1 : ffffffff`c0000005
    Parameter 2 : fffff800`0348f0c1
    Parameter 3 : 00000000`00000000
    Parameter 4 : ffffffff`ffffffff
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+80640
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\041011-16582-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 275*000
    ==================================================

    ==================================================
    Dump File : 041011-29749-01.dmp
    Crash Time : 2011-04-10 13:31:50
    Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x000000d1
    Parameter 1 : fffff880`03355418
    Parameter 2 : 00000000`00000002
    Parameter 3 : 00000000`00000001
    Parameter 4 : fffff880`00d950e4
    Caused By Driver : ataport.SYS
    Caused By Address : ataport.SYS+130e4
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\041011-29749-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 275*000
    ==================================================

    ==================================================
    Dump File : 041011-23446-01.dmp
    Crash Time : 2011-04-10 13:27:54
    Bug Check String : SYSTEM_SERVICE_EXCEPTION
    Bug Check Code : 0x0000003b
    Parameter 1 : 00000000`c0000005
    Parameter 2 : fffff800`03489b9a
    Parameter 3 : fffff880`0546cd40
    Parameter 4 : 00000000`00000000
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+80640
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\041011-23446-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 275*000
    ==================================================

    ==================================================
    Dump File : 041011-23509-01.dmp
    Crash Time : 2011-04-10 13:21:08
    Bug Check String : IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x0000000a
    Parameter 1 : 00000000`00000001
    Parameter 2 : 00000000`00000002
    Parameter 3 : 00000000`00000000
    Parameter 4 : fffff800`034a2194
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+80640
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\041011-23509-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 275*000
    ==================================================

    ==================================================
    Dump File : 041011-22479-01.dmp
    Crash Time : 2011-04-10 13:19:20
    Bug Check String : KMODE_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x0000001e
    Parameter 1 : ffffffff`c0000005
    Parameter 2 : fffff800`034cb0c1
    Parameter 3 : 00000000`00000000
    Parameter 4 : ffffffff`ffffffff
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+80640
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\041011-22479-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 275*000
    ==================================================

    ==================================================
    Dump File : 041011-23914-01.dmp
    Crash Time : 2011-04-10 12:44:13
    Bug Check String : IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x0000000a
    Parameter 1 : 00000000`00000000
    Parameter 2 : 00000000`00000002
    Parameter 3 : 00000000`00000000
    Parameter 4 : fffff800`034a0194
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+80640
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\041011-23914-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 275*000
    ==================================================

    ==================================================
    Dump File : 041011-24850-01.dmp
    Crash Time : 2011-04-10 12:40:36
    Bug Check String : KMODE_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x0000001e
    Parameter 1 : ffffffff`c0000005
    Parameter 2 : 00000000`00000200
    Parameter 3 : 00000000`00000008
    Parameter 4 : 00000000`00000200
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+80640
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\041011-24850-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 275*000
    ==================================================

    ==================================================
    Dump File : 041011-41667-01.dmp
    Crash Time : 2011-04-10 10:56:50
    Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x000000d1
    Parameter 1 : fffff880`02c94418
    Parameter 2 : 00000000`00000002
    Parameter 3 : 00000000`00000001
    Parameter 4 : fffff880`00de50e4
    Caused By Driver : ataport.SYS
    Caused By Address : ataport.SYS+130e4
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\041011-41667-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 275*000
    ==================================================

    ==================================================
    Dump File : 041011-31637-01.dmp
    Crash Time : 2011-04-10 10:48:21
    Bug Check String : IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x0000000a
    Parameter 1 : 00000000`00000008
    Parameter 2 : 00000000`00000002
    Parameter 3 : 00000000`00000000
    Parameter 4 : fffff800`03484e99
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+80640
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\041011-31637-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 275*000
    ==================================================

    ==================================================
    Dump File : 041011-32432-01.dmp
    Crash Time : 2011-04-10 10:20:10
    Bug Check String : SYSTEM_SERVICE_EXCEPTION
    Bug Check Code : 0x0000003b
    Parameter 1 : 00000000`c0000005
    Parameter 2 : fffff800`03294898
    Parameter 3 : fffff880`05405a60
    Parameter 4 : 00000000`00000000
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+80640
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\041011-32432-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 275*000
    ==================================================

    ==================================================
    Dump File : 041011-29140-01.dmp
    Crash Time : 2011-04-10 10:05:58
    Bug Check String : KMODE_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x0000001e
    Parameter 1 : ffffffff`c0000005
    Parameter 2 : fffff800`0327e0c1
    Parameter 3 : 00000000`00000000
    Parameter 4 : ffffffff`ffffffff
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+80640
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\041011-29140-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 275*000
    ==================================================

    ==================================================
    Dump File : 041011-41121-01.dmp
    Crash Time : 2011-04-10 09:59:50
    Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x000000d1
    Parameter 1 : fffff880`056e4418
    Parameter 2 : 00000000`00000002
    Parameter 3 : 00000000`00000001
    Parameter 4 : fffff880`00db20e4
    Caused By Driver : ataport.SYS
    Caused By Address : ataport.SYS+130e4
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\041011-41121-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 275*000
    ==================================================

    ==================================================
    Dump File : 040911-22167-01.dmp
    Crash Time : 2011-04-09 15:48:28
    Bug Check String : KMODE_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x0000001e
    Parameter 1 : ffffffff`c0000005
    Parameter 2 : fffff800`032c70c1
    Parameter 3 : 00000000`00000000
    Parameter 4 : ffffffff`ffffffff
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+80640
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\040911-22167-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 275*000
    ==================================================

    ==================================================
    Dump File : 040511-17035-01.dmp
    Crash Time : 2011-04-05 17:26:06
    Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x000000d1
    Parameter 1 : fffff880`054b4728
    Parameter 2 : 00000000`00000002
    Parameter 3 : 00000000`00000001
    Parameter 4 : fffff880`00cd30e4
    Caused By Driver : ataport.SYS
    Caused By Address : ataport.SYS+130e4
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\040511-17035-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 275*000
    ==================================================

    ==================================================
    Dump File : 040511-18002-01.dmp
    Crash Time : 2011-04-05 17:20:15
    Bug Check String : IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x0000000a
    Parameter 1 : 00000000`00000000
    Parameter 2 : 00000000`00000002
    Parameter 3 : 00000000`00000000
    Parameter 4 : fffff800`032fa015
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+80640
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\040511-18002-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 275*000
    ==================================================

    ==================================================
    Dump File : 040211-26988-01.dmp
    Crash Time : 2011-04-02 21:50:38
    Bug Check String : KMODE_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x0000001e
    Parameter 1 : ffffffff`c0000005
    Parameter 2 : fffff800`032bf0c1
    Parameter 3 : 00000000`00000000
    Parameter 4 : ffffffff`ffffffff
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+80640
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\040211-26988-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 275*000
    ==================================================

    ==================================================
    Dump File : 040211-15771-01.dmp
    Crash Time : 2011-04-02 21:10:38
    Bug Check String : ATTEMPTED_WRITE_TO_READONLY_MEMORY
    Bug Check Code : 0x000000be
    Parameter 1 : 000007ff`fffd0001
    Parameter 2 : 82100000`5c8bc025
    Parameter 3 : fffff880`033e0600
    Parameter 4 : 00000000`0000000a
    Caused By Driver : ataport.SYS
    Caused By Address : ataport.SYS+bb53
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\040211-15771-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 275*000
    ==================================================

    ==================================================
    Dump File : 040211-17035-01.dmp
    Crash Time : 2011-04-02 12:26:23
    Bug Check String : KMODE_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x0000001e
    Parameter 1 : ffffffff`c0000005
    Parameter 2 : fffff800`032dc0c1
    Parameter 3 : 00000000`00000000
    Parameter 4 : ffffffff`ffffffff
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+80640
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\040211-17035-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 275*000
    ==================================================

    ==================================================
    Dump File : 040111-30966-01.dmp
    Crash Time : 2011-04-01 20:37:35
    Bug Check String : IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x0000000a
    Parameter 1 : 00000000`00000000
    Parameter 2 : 00000000`00000002
    Parameter 3 : 00000000`00000000
    Parameter 4 : fffff800`032e1194
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+80640
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\040111-30966-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 274*944
    ==================================================

    ==================================================
    Dump File : 040111-27034-01.dmp
    Crash Time : 2011-04-01 20:01:21
    Bug Check String : SYSTEM_SERVICE_EXCEPTION
    Bug Check Code : 0x0000003b
    Parameter 1 : 00000000`c0000005
    Parameter 2 : fffff960`0022652d
    Parameter 3 : fffff880`0671dab0
    Parameter 4 : 00000000`00000000
    Caused By Driver : win32k.sys
    Caused By Address : win32k.sys+1d652d
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\040111-27034-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 275*000
    ==================================================

    ==================================================
    Dump File : 032911-21840-01.dmp
    Crash Time : 2011-03-29 18:50:03
    Bug Check String : IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x0000000a
    Parameter 1 : 00000000`00000000
    Parameter 2 : 00000000`00000002
    Parameter 3 : 00000000`00000000
    Parameter 4 : fffff800`032f6015
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+80640
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\032911-21840-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 275*000
    ==================================================

    ==================================================
    Dump File : 032911-17815-01.dmp
    Crash Time : 2011-03-29 13:37:46
    Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
    Bug Check Code : 0x00000050
    Parameter 1 : fffff900`019772a4
    Parameter 2 : 00000000`00000000
    Parameter 3 : fffff960`000e5578
    Parameter 4 : 00000000`00000002
    Caused By Driver : win32k.sys
    Caused By Address : win32k.sys+c45ed
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\032911-17815-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 275*000
    ==================================================

    ==================================================
    Dump File : 032711-19219-01.dmp
    Crash Time : 2011-03-27 20:52:11
    Bug Check String : KMODE_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x0000001e
    Parameter 1 : ffffffff`c0000005
    Parameter 2 : 00000000`00000200
    Parameter 3 : 00000000`00000008
    Parameter 4 : 00000000`00000200
    Caused By Driver : ataport.SYS
    Caused By Address : ataport.SYS+f591
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\032711-19219-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 275*000
    ==================================================

    ==================================================
    Dump File : 032611-25786-01.dmp
    Crash Time : 2011-03-26 16:54:14
    Bug Check String : IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x0000000a
    Parameter 1 : 00000000`00000008
    Parameter 2 : 00000000`00000002
    Parameter 3 : 00000000`00000000
    Parameter 4 : fffff800`03284e99
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+80640
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\032611-25786-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 262*144
    ==================================================

    ==================================================
    Dump File : 032611-21106-01.dmp
    Crash Time : 2011-03-26 16:39:33
    Bug Check String : IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x0000000a
    Parameter 1 : 00000000`00000000
    Parameter 2 : 00000000`00000002
    Parameter 3 : 00000000`00000000
    Parameter 4 : fffff800`032ee015
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+80640
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\032611-21106-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 275*000
    ==================================================

    ==================================================
    Dump File : 032411-20170-01.dmp
    Crash Time : 2011-03-24 21:47:13
    Bug Check String : ATTEMPTED_WRITE_TO_READONLY_MEMORY
    Bug Check Code : 0x000000be
    Parameter 1 : fffff960`0023a008
    Parameter 2 : 5c500000`4ec3e021
    Parameter 3 : fffff880`06fd9df0
    Parameter 4 : 00000000`0000000a
    Caused By Driver : win32k.sys
    Caused By Address : win32k.sys+18a008
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\032411-20170-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 275*000
    ==================================================

    ==================================================
    Dump File : 032411-18798-01.dmp
    Crash Time : 2011-03-24 21:41:58
    Bug Check String : IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x0000000a
    Parameter 1 : 00000000`00000000
    Parameter 2 : 00000000`00000002
    Parameter 3 : 00000000`00000000
    Parameter 4 : fffff800`032f3015
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+80640
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\032411-18798-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 275*000
    ==================================================

    ==================================================
    Dump File : 032411-19234-01.dmp
    Crash Time : 2011-03-24 21:40:13
    Bug Check String : IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x0000000a
    Parameter 1 : 00000000`00000000
    Parameter 2 : 00000000`00000002
    Parameter 3 : 00000000`00000000
    Parameter 4 : fffff800`032f3015
    Caused By Driver : ataport.SYS
    Caused By Address : ataport.SYS+1c74
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\032411-19234-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 275*000
    ==================================================

    ==================================================
    Dump File : 032411-19936-01.dmp
    Crash Time : 2011-03-24 21:38:27
    Bug Check String : IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x0000000a
    Parameter 1 : 00000000`00000000
    Parameter 2 : 00000000`00000002
    Parameter 3 : 00000000`00000000
    Parameter 4 : fffff800`032ea015
    Caused By Driver : ataport.SYS
    Caused By Address : ataport.SYS+799a
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\032411-19936-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 275*000
    ==================================================

    ==================================================
    Dump File : 032411-21403-01.dmp
    Crash Time : 2011-03-24 15:56:27
    Bug Check String : REFERENCE_BY_POINTER
    Bug Check Code : 0x00000018
    Parameter 1 : 00000000`00000000
    Parameter 2 : fffffa80`00000030
    Parameter 3 : 00000000`00000002
    Parameter 4 : ffffffff`ffffffff
    Caused By Driver : fnetm64.SYS
    Caused By Address : fnetm64.SYS+4295
    File Description :
    Product Name :
    Company :
    File Version :
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\032411-21403-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 275*000
    ==================================================

    ==================================================
    Dump File : 032411-23181-01.dmp
    Crash Time : 2011-03-24 15:54:41
    Bug Check String : IRQL_NOT_LESS_OR_EQUAL
    Bug Check Code : 0x0000000a
    Parameter 1 : 00000000`00000000
    Parameter 2 : 00000000`00000002
    Parameter 3 : 00000000`00000000
    Parameter 4 : fffff800`032b0015
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+80640
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\032411-23181-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 274*944
    ==================================================

    ==================================================
    Dump File : 032411-23462-01.dmp
    Crash Time : 2011-03-24 15:53:02
    Bug Check String : KMODE_EXCEPTION_NOT_HANDLED
    Bug Check Code : 0x0000001e
    Parameter 1 : ffffffff`c0000005
    Parameter 2 : fffff800`032d40c1
    Parameter 3 : 00000000`00000000
    Parameter 4 : ffffffff`ffffffff
    Caused By Driver : ntoskrnl.exe
    Caused By Address : ntoskrnl.exe+80640
    File Description : NT Kernel & System
    Product Name : Microsoft® Windows® Operating System
    Company : Microsoft Corporation
    File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
    Processor : x64
    Computer Name :
    Full Path : C:\Windows\Minidump\032411-23462-01.dmp
    Processors Count : 2
    Major Version : 15
    Minor Version : 7601
    Dump File Size : 275*000
    ==================================================

    )

    Downloaded the program.
    Inserted USB mouse to computer, resulted in immidient BSOD.
    Rebooted.

    Ran TDSSKiller.exe - started scan.
    Found Rootkit, (default action was cure) clicked continue.
    Prompted to reboot, rebooted.
     
  4. Lokalaskurar

    Lokalaskurar TS Enthusiast Topic Starter Posts: 544

    Log was in C:\

    TDSSKiller log:
    (
    2011/04/12 16:24:23.0533 3948 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
    2011/04/12 16:24:23.0549 3948 ================================================================================
    2011/04/12 16:24:23.0549 3948 SystemInfo:
    2011/04/12 16:24:23.0549 3948
    2011/04/12 16:24:23.0549 3948 OS Version: 6.1.7601 ServicePack: 1.0
    2011/04/12 16:24:23.0549 3948 Product type: Workstation
    2011/04/12 16:24:23.0549 3948 ComputerName: EWA
    2011/04/12 16:24:23.0549 3948 UserName: CENSORED
    2011/04/12 16:24:23.0549 3948 Windows directory: C:\Windows
    2011/04/12 16:24:23.0549 3948 System windows directory: C:\Windows
    2011/04/12 16:24:23.0549 3948 Running under WOW64
    2011/04/12 16:24:23.0549 3948 Processor architecture: Intel x64
    2011/04/12 16:24:23.0549 3948 Number of processors: 2
    2011/04/12 16:24:23.0549 3948 Page size: 0x1000
    2011/04/12 16:24:23.0549 3948 Boot type: Normal boot
    2011/04/12 16:24:23.0549 3948 ================================================================================
    2011/04/12 16:24:23.0939 3948 Initialize success
    2011/04/12 16:25:21.0932 0472 ================================================================================
    2011/04/12 16:25:21.0932 0472 Scan started
    2011/04/12 16:25:21.0932 0472 Mode: Manual;
    2011/04/12 16:25:21.0932 0472 ================================================================================
    2011/04/12 16:25:24.0210 0472 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    2011/04/12 16:25:24.0553 0472 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    2011/04/12 16:25:24.0834 0472 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    2011/04/12 16:25:25.0161 0472 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/04/12 16:25:25.0411 0472 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/04/12 16:25:25.0536 0472 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/04/12 16:25:25.0785 0472 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
    2011/04/12 16:25:25.0926 0472 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    2011/04/12 16:25:26.0066 0472 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    2011/04/12 16:25:26.0222 0472 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    2011/04/12 16:25:26.0269 0472 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/04/12 16:25:26.0550 0472 amdkmdag (aefaf27f1b7e52c705df4fb6c96732f6) C:\Windows\system32\DRIVERS\atipmdag.sys
    2011/04/12 16:25:26.0893 0472 amdkmdap (8149db73be27950ec72767a1193153a6) C:\Windows\system32\DRIVERS\atikmpag.sys
    2011/04/12 16:25:27.0018 0472 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/04/12 16:25:27.0049 0472 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
    2011/04/12 16:25:27.0158 0472 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/04/12 16:25:27.0205 0472 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
    2011/04/12 16:25:27.0236 0472 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    2011/04/12 16:25:27.0361 0472 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    2011/04/12 16:25:27.0392 0472 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/04/12 16:25:27.0533 0472 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/04/12 16:25:27.0564 0472 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    2011/04/12 16:25:27.0751 0472 athr (d6cad7e5b05055bb8226bdcb1644da27) C:\Windows\system32\DRIVERS\athrx.sys
    2011/04/12 16:25:27.0923 0472 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
    2011/04/12 16:25:28.0079 0472 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    2011/04/12 16:25:28.0219 0472 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    2011/04/12 16:25:28.0375 0472 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    2011/04/12 16:25:28.0531 0472 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/04/12 16:25:28.0718 0472 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
    2011/04/12 16:25:28.0765 0472 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/04/12 16:25:28.0874 0472 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/04/12 16:25:28.0921 0472 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    2011/04/12 16:25:28.0952 0472 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/04/12 16:25:29.0061 0472 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/04/12 16:25:29.0093 0472 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/04/12 16:25:29.0217 0472 BthAvrcp (832b121e4532919cc49f2438f1dcaa21) C:\Windows\system32\DRIVERS\BthAvrcp.sys
    2011/04/12 16:25:29.0373 0472 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
    2011/04/12 16:25:29.0420 0472 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/04/12 16:25:29.0545 0472 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
    2011/04/12 16:25:29.0670 0472 BTHPORT (0d25b6d300ba26a5f2c3b2a8e96b158b) C:\Windows\System32\Drivers\BTHport.sys
    2011/04/12 16:25:29.0841 0472 BTHUSB (1f9912f8ec5bfa53432e71e150636a8a) C:\Windows\System32\Drivers\BTHUSB.sys
    2011/04/12 16:25:29.0966 0472 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/04/12 16:25:30.0107 0472 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/04/12 16:25:30.0138 0472 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    2011/04/12 16:25:30.0278 0472 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    2011/04/12 16:25:30.0387 0472 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/04/12 16:25:30.0481 0472 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    2011/04/12 16:25:30.0543 0472 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
    2011/04/12 16:25:30.0699 0472 CnxtHdAudService (7247a4d0875f5f28919e0787e11b7b57) C:\Windows\system32\drivers\CHDRT64.sys
    2011/04/12 16:25:30.0840 0472 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/04/12 16:25:30.0871 0472 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    2011/04/12 16:25:30.0996 0472 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/04/12 16:25:31.0167 0472 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    2011/04/12 16:25:31.0199 0472 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    2011/04/12 16:25:31.0433 0472 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    2011/04/12 16:25:31.0776 0472 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    2011/04/12 16:25:31.0979 0472 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/04/12 16:25:32.0181 0472 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    2011/04/12 16:25:32.0415 0472 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/04/12 16:25:32.0540 0472 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    2011/04/12 16:25:32.0712 0472 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    2011/04/12 16:25:32.0837 0472 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    2011/04/12 16:25:32.0977 0472 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    2011/04/12 16:25:33.0071 0472 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    2011/04/12 16:25:33.0180 0472 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    2011/04/12 16:25:33.0320 0472 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/04/12 16:25:33.0429 0472 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    2011/04/12 16:25:33.0570 0472 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    2011/04/12 16:25:33.0632 0472 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/04/12 16:25:33.0757 0472 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/04/12 16:25:33.0882 0472 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\Windows\system32\DRIVERS\FwLnk.sys
    2011/04/12 16:25:33.0913 0472 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/04/12 16:25:34.0053 0472 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    2011/04/12 16:25:34.0194 0472 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    2011/04/12 16:25:34.0225 0472 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    2011/04/12 16:25:34.0350 0472 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/04/12 16:25:34.0381 0472 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/04/12 16:25:34.0506 0472 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    2011/04/12 16:25:34.0631 0472 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
    2011/04/12 16:25:34.0693 0472 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    2011/04/12 16:25:34.0849 0472 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    2011/04/12 16:25:35.0021 0472 hwdatacard (8f9b0fc4ec3a8194bd4cbc5ed3e7abeb) C:\Windows\system32\DRIVERS\ewusbmdm.sys
    2011/04/12 16:25:35.0145 0472 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    2011/04/12 16:25:35.0301 0472 hwusbdev (b45b3647ba32749b94fa689175ec8c26) C:\Windows\system32\DRIVERS\ewusbdev.sys
    2011/04/12 16:25:35.0457 0472 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    2011/04/12 16:25:35.0598 0472 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
    2011/04/12 16:25:35.0723 0472 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/04/12 16:25:35.0785 0472 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    2011/04/12 16:25:35.0894 0472 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/04/12 16:25:35.0941 0472 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/04/12 16:25:36.0066 0472 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    2011/04/12 16:25:36.0206 0472 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    2011/04/12 16:25:36.0237 0472 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    2011/04/12 16:25:36.0362 0472 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    2011/04/12 16:25:36.0393 0472 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    2011/04/12 16:25:36.0503 0472 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    2011/04/12 16:25:36.0549 0472 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    2011/04/12 16:25:36.0737 0472 KL1 (8d7120743a0973ceab548b475c9d4289) C:\Windows\system32\DRIVERS\kl1.sys
    2011/04/12 16:25:36.0861 0472 kl2 (cd146d8e525d6eebdcaf24120a8ab9ce) C:\Windows\system32\DRIVERS\kl2.sys
    2011/04/12 16:25:37.0033 0472 KLIF (177505577604c94c4be7b9316a90ada1) C:\Windows\system32\DRIVERS\klif.sys
    2011/04/12 16:25:37.0189 0472 KLIM6 (2a64b3a9eed93a2e96537b67c079fc96) C:\Windows\system32\DRIVERS\klim6.sys
    2011/04/12 16:25:37.0345 0472 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
    2011/04/12 16:25:37.0392 0472 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
    2011/04/12 16:25:37.0439 0472 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/04/12 16:25:37.0563 0472 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    2011/04/12 16:25:37.0704 0472 L1C (48686c29856f46443952a831424f8d6f) C:\Windows\system32\DRIVERS\L1C62x64.sys
    2011/04/12 16:25:37.0860 0472 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/04/12 16:25:37.0907 0472 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/04/12 16:25:38.0016 0472 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/04/12 16:25:38.0047 0472 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/04/12 16:25:38.0063 0472 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/04/12 16:25:38.0203 0472 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    2011/04/12 16:25:38.0250 0472 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    2011/04/12 16:25:38.0390 0472 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/04/12 16:25:38.0406 0472 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    2011/04/12 16:25:38.0577 0472 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    2011/04/12 16:25:38.0609 0472 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
    2011/04/12 16:25:38.0718 0472 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/04/12 16:25:38.0749 0472 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    2011/04/12 16:25:38.0889 0472 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    2011/04/12 16:25:39.0014 0472 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    2011/04/12 16:25:39.0077 0472 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    2011/04/12 16:25:39.0201 0472 mrxsmb (faf015b07e3a2874a790a39b7d2c579f) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/04/12 16:25:39.0233 0472 mrxsmb10 (08e2345df129082bcdffdc1440f9c00d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/04/12 16:25:39.0264 0472 mrxsmb20 (108d87409c5812ef47d81e22843e8c9d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/04/12 16:25:39.0373 0472 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    2011/04/12 16:25:39.0404 0472 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    2011/04/12 16:25:39.0607 0472 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    2011/04/12 16:25:39.0638 0472 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/04/12 16:25:39.0747 0472 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    2011/04/12 16:25:39.0779 0472 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/04/12 16:25:39.0810 0472 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/04/12 16:25:39.0857 0472 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    2011/04/12 16:25:39.0981 0472 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    2011/04/12 16:25:40.0106 0472 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    2011/04/12 16:25:40.0137 0472 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    2011/04/12 16:25:40.0231 0472 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/04/12 16:25:40.0278 0472 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    2011/04/12 16:25:40.0356 0472 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/04/12 16:25:40.0481 0472 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    2011/04/12 16:25:40.0605 0472 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/04/12 16:25:40.0637 0472 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/04/12 16:25:40.0777 0472 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/04/12 16:25:40.0917 0472 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/04/12 16:25:41.0058 0472 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    2011/04/12 16:25:41.0120 0472 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    2011/04/12 16:25:41.0229 0472 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    2011/04/12 16:25:41.0385 0472 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/04/12 16:25:41.0526 0472 nmwcdx64 (ad8c3895155ee8d057f073856b2d5851) C:\Windows\system32\drivers\nmwcdx64.sys
    2011/04/12 16:25:41.0682 0472 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    2011/04/12 16:25:41.0713 0472 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    2011/04/12 16:25:41.0947 0472 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
    2011/04/12 16:25:42.0087 0472 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    2011/04/12 16:25:42.0134 0472 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
    2011/04/12 16:25:42.0259 0472 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
    2011/04/12 16:25:42.0290 0472 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    2011/04/12 16:25:42.0415 0472 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    2011/04/12 16:25:42.0633 0472 PAC207 (ad930193f413316f2b713b90f12ae767) C:\Windows\system32\DRIVERS\PFC027.SYS
    2011/04/12 16:25:42.0758 0472 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    2011/04/12 16:25:42.0789 0472 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    2011/04/12 16:25:42.0930 0472 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    2011/04/12 16:25:43.0055 0472 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    2011/04/12 16:25:43.0086 0472 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/04/12 16:25:43.0195 0472 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    2011/04/12 16:25:43.0242 0472 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    2011/04/12 16:25:43.0413 0472 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/04/12 16:25:43.0445 0472 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    2011/04/12 16:25:43.0616 0472 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    2011/04/12 16:25:43.0757 0472 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/04/12 16:25:43.0881 0472 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/04/12 16:25:43.0928 0472 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    2011/04/12 16:25:44.0053 0472 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/04/12 16:25:44.0100 0472 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/04/12 16:25:44.0225 0472 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/04/12 16:25:44.0271 0472 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/04/12 16:25:44.0396 0472 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/04/12 16:25:44.0568 0472 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/04/12 16:25:44.0693 0472 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/04/12 16:25:44.0817 0472 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/04/12 16:25:44.0864 0472 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    2011/04/12 16:25:45.0005 0472 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    2011/04/12 16:25:45.0145 0472 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    2011/04/12 16:25:45.0285 0472 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    2011/04/12 16:25:45.0426 0472 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
    2011/04/12 16:25:45.0473 0472 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/04/12 16:25:45.0613 0472 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\Windows\system32\Drivers\RtsUStor.sys
    2011/04/12 16:25:45.0753 0472 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    2011/04/12 16:25:45.0800 0472 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/04/12 16:25:45.0925 0472 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    2011/04/12 16:25:45.0972 0472 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    2011/04/12 16:25:46.0019 0472 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    2011/04/12 16:25:46.0143 0472 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/04/12 16:25:46.0190 0472 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    2011/04/12 16:25:46.0221 0472 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/04/12 16:25:46.0237 0472 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    2011/04/12 16:25:46.0268 0472 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/04/12 16:25:46.0393 0472 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/04/12 16:25:46.0440 0472 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/04/12 16:25:46.0471 0472 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    2011/04/12 16:25:46.0627 0472 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    2011/04/12 16:25:46.0705 0472 srv (2098b8556d1cec2aca9a29cd479e3692) C:\Windows\system32\DRIVERS\srv.sys
    2011/04/12 16:25:46.0845 0472 srv2 (d0f73a42040f21f92fd314b42ac5c9e7) C:\Windows\system32\DRIVERS\srv2.sys
    2011/04/12 16:25:46.0970 0472 srvnet (2ba8f3250828ccdb4204ecf2c6f40b6a) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/04/12 16:25:47.0017 0472 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/04/12 16:25:47.0142 0472 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    2011/04/12 16:25:47.0189 0472 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\Windows\system32\DRIVERS\SynTP.sys
    2011/04/12 16:25:47.0282 0472 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
    2011/04/12 16:25:47.0454 0472 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/04/12 16:25:47.0594 0472 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    2011/04/12 16:25:47.0641 0472 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\Windows\system32\DRIVERS\tdcmdpst.sys
    2011/04/12 16:25:47.0750 0472 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    2011/04/12 16:25:47.0797 0472 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    2011/04/12 16:25:47.0922 0472 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    2011/04/12 16:25:47.0953 0472 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    2011/04/12 16:25:48.0171 0472 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/04/12 16:25:48.0296 0472 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    2011/04/12 16:25:48.0327 0472 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/04/12 16:25:48.0468 0472 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
    2011/04/12 16:25:48.0499 0472 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/04/12 16:25:48.0639 0472 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    2011/04/12 16:25:48.0686 0472 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    2011/04/12 16:25:48.0795 0472 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    2011/04/12 16:25:48.0842 0472 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    2011/04/12 16:25:48.0983 0472 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/04/12 16:25:49.0014 0472 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    2011/04/12 16:25:49.0139 0472 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/04/12 16:25:49.0279 0472 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
    2011/04/12 16:25:49.0404 0472 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/04/12 16:25:49.0419 0472 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/04/12 16:25:49.0544 0472 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/04/12 16:25:49.0575 0472 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/04/12 16:25:49.0607 0472 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/04/12 16:25:49.0731 0472 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
    2011/04/12 16:25:49.0763 0472 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    2011/04/12 16:25:49.0887 0472 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/04/12 16:25:50.0012 0472 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    2011/04/12 16:25:50.0059 0472 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    2011/04/12 16:25:50.0184 0472 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    2011/04/12 16:25:50.0215 0472 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    2011/04/12 16:25:50.0340 0472 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    2011/04/12 16:25:50.0387 0472 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    2011/04/12 16:25:50.0496 0472 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/04/12 16:25:50.0605 0472 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    2011/04/12 16:25:50.0699 0472 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    2011/04/12 16:25:50.0777 0472 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/04/12 16:25:50.0870 0472 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/04/12 16:25:50.0886 0472 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/04/12 16:25:51.0042 0472 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    2011/04/12 16:25:51.0104 0472 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    2011/04/12 16:25:51.0276 0472 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/04/12 16:25:51.0354 0472 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    2011/04/12 16:25:51.0494 0472 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    2011/04/12 16:25:51.0635 0472 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    2011/04/12 16:25:51.0713 0472 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/04/12 16:25:51.0837 0472 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    2011/04/12 16:25:51.0884 0472 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/04/12 16:25:51.0962 0472 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/04/12 16:25:52.0368 0472 ================================================================================
    2011/04/12 16:25:52.0368 0472 Scan finished
    2011/04/12 16:25:52.0368 0472 ================================================================================
    2011/04/12 16:25:52.0384 2360 Detected object count: 1
    2011/04/12 16:26:13.0568 2360 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
    2011/04/12 16:26:13.0568 2360 \HardDisk0 - ok
    2011/04/12 16:26:13.0568 2360 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2011/04/12 16:26:49.0370 3928 Deinitialize success

    )

    Downloaded MBRCheck.exe, ran program as administrator.
    CMD-window appeared, displayed some system information.

    "Error: Program stopped working." prompted to close program.

    Re-ran program as administrator.
    Same results.

    (No log generated)


    Ok, so the program refused to "work," and as you told us to stop if anything unpredicted happened, we'll await further instructions.
     
  5. Lokalaskurar

    Lokalaskurar TS Enthusiast Topic Starter Posts: 544

    Oh, wait... there was actually a log generated. But it seems to be incomplete, though.

    MBRCheck log:
    (
    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: Service Pack 1 (build 7601), 64-bit
    Base Board Manufacturer: TOSHIBA
    BIOS Manufacturer: Insyde Corp.
    System Manufacturer: TOSHIBA
    System Product Name: Satellite C650D
    Logical Drives Mask: 0x0000003c

    Kernel Drivers (total 188):
    0x0345F000 \SystemRoot\system32\ntoskrnl.exe
    0x03416000 \SystemRoot\system32\hal.dll
    0x00BB0000 \SystemRoot\system32\kdcom.dll
    0x00C48000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    0x00C55000 \SystemRoot\system32\PSHED.dll
    0x00C69000 \SystemRoot\system32\CLFS.SYS
    0x00CC7000 \SystemRoot\system32\CI.dll
    0x00E5F000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00F03000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00F12000 \SystemRoot\system32\drivers\ACPI.sys
    0x00F69000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x00F72000 \SystemRoot\system32\drivers\msisadrv.sys
    0x00F7C000 \SystemRoot\system32\drivers\pci.sys
    0x00FAF000 \SystemRoot\system32\drivers\vdrvroot.sys
    0x00FBC000 \SystemRoot\System32\drivers\partmgr.sys
    0x00FD1000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x00FDA000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x00FE6000 \SystemRoot\system32\drivers\volmgr.sys
    0x00E00000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00D87000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00DA1000 \SystemRoot\system32\drivers\pciide.sys
    0x00DA8000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x00DB8000 \SystemRoot\system32\drivers\atapi.sys
    0x00DC1000 \SystemRoot\system32\drivers\ataport.SYS
    0x00DEB000 \SystemRoot\system32\drivers\msahci.sys
    0x00C00000 \SystemRoot\system32\drivers\amdxata.sys
    0x0109D000 \SystemRoot\system32\drivers\fltmgr.sys
    0x010E9000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01256000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x010FD000 \SystemRoot\System32\Drivers\msrpc.sys
    0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x0115B000 \SystemRoot\System32\Drivers\cng.sys
    0x0121B000 \SystemRoot\System32\drivers\pcw.sys
    0x0122C000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x0142D000 \SystemRoot\system32\drivers\ndis.sys
    0x01520000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01580000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x0169C000 \SystemRoot\System32\drivers\tcpip.sys
    0x018A0000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x018EA000 \SystemRoot\system32\drivers\volsnap.sys
    0x01936000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
    0x0193B000 \SystemRoot\System32\Drivers\spldr.sys
    0x01943000 \SystemRoot\System32\drivers\rdyboost.sys
    0x0197D000 \SystemRoot\System32\Drivers\mup.sys
    0x01A96000 \SystemRoot\system32\DRIVERS\kl1.sys
    0x021F5000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x01A00000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x01A3A000 \SystemRoot\system32\DRIVERS\disk.sys
    0x01A50000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x01A80000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
    0x019B9000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x01600000 \SystemRoot\system32\DRIVERS\klif.sys
    0x019E3000 \SystemRoot\System32\Drivers\Null.SYS
    0x019EC000 \SystemRoot\System32\Drivers\Beep.SYS
    0x015AB000 \SystemRoot\System32\drivers\vga.sys
    0x015B9000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x015DE000 \SystemRoot\System32\drivers\watchdog.sys
    0x019F3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x015EE000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x015F7000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x01400000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x0140B000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x011CD000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x0141C000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x01236000 \SystemRoot\system32\DRIVERS\kl2.sys
    0x01000000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x0429E000 \SystemRoot\system32\drivers\afd.sys
    0x04327000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x04330000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x04356000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x0436C000 \SystemRoot\system32\DRIVERS\klim6.sys
    0x04375000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x04384000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x0439F000 \SystemRoot\system32\drivers\termdd.sys
    0x04200000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x04251000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x0425D000 \SystemRoot\system32\drivers\mssmbios.sys
    0x04268000 \SystemRoot\System32\drivers\discache.sys
    0x04277000 \SystemRoot\System32\Drivers\dfsc.sys
    0x043B3000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x043C4000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x043EA000 \SystemRoot\system32\DRIVERS\FwLnk.sys
    0x0123D000 \SystemRoot\system32\DRIVERS\amdppm.sys
    0x01045000 \SystemRoot\system32\DRIVERS\atikmpag.sys
    0x044FF000 \SystemRoot\system32\DRIVERS\atipmdag.sys
    0x04400000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x04B6E000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x04C6F000 \SystemRoot\system32\DRIVERS\athrx.sys
    0x04DEE000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x04C00000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
    0x04C15000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
    0x04C1F000 \SystemRoot\SysWOW64\drivers\Afc.sys
    0x04C28000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x050EC000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x05142000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x05153000 \SystemRoot\system32\drivers\HDAudBus.sys
    0x05177000 \SystemRoot\system32\drivers\i8042prt.sys
    0x05195000 \SystemRoot\system32\drivers\kbdclass.sys
    0x051A4000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x051F6000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x05000000 \SystemRoot\system32\DRIVERS\klmouflt.sys
    0x0500A000 \SystemRoot\system32\drivers\mouclass.sys
    0x05019000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x0501E000 \SystemRoot\system32\drivers\CompositeBus.sys
    0x0502E000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x05044000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x05068000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x05074000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x050A3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x050BE000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x04C33000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x050DF000 \SystemRoot\system32\drivers\swenum.sys
    0x04BB4000 \SystemRoot\system32\drivers\ks.sys
    0x04C4D000 \SystemRoot\system32\drivers\umbus.sys
    0x0520A000 \SystemRoot\system32\drivers\usbhub.sys
    0x05264000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x05279000 \SystemRoot\system32\drivers\CHDRT64.sys
    0x0532C000 \SystemRoot\system32\drivers\portcls.sys
    0x05369000 \SystemRoot\system32\drivers\drmk.sys
    0x0538B000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x05399000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x053A5000 \SystemRoot\System32\Drivers\dump_msahci.sys
    0x053B0000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x000C0000 \SystemRoot\System32\win32k.sys
    0x053C3000 \SystemRoot\System32\drivers\Dxapi.sys
    0x053EA000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x00520000 \SystemRoot\System32\TSDDD.dll
    0x00760000 \SystemRoot\System32\cdd.dll
    0x0198F000 \SystemRoot\system32\drivers\luafv.sys
    0x01079000 \SystemRoot\system32\drivers\WudfPf.sys
    0x00C0B000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x0324E000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x032A1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x032B4000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x032CC000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x03302000 \SystemRoot\system32\drivers\HTTP.sys
    0x033CB000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x03200000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x03218000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x0408D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x040DA000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x040FE000 \SystemRoot\system32\drivers\peauth.sys
    0x041A4000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x041AF000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x041E0000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x04000000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x06EA4000 \SystemRoot\System32\DRIVERS\srv.sys
    0x06F3D000 \SystemRoot\system32\drivers\spsys.sys
    0x06FAE000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x76CB0000 \Windows\System32\ntdll.dll
    0x47F40000 \Windows\System32\smss.exe
    0xFEFD0000 \Windows\System32\apisetschema.dll
    0xFF870000
    )
     
  6. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Proceed with RootkitUnhooker.

    Then...

    Download Bootkit Remover to your Desktop.

    • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
    • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  7. Lokalaskurar

    Lokalaskurar TS Enthusiast Topic Starter Posts: 544

    Downloaded and ran Botkit remover:

    Report:
    (

    Bootkit Remover
    (c) 2009 eSage Lab
    www.esagelab.com

    Program version: 1.2.0.0
    OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
    , 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`19100000
    Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...

    )

    Downloaded RootkitUnhooker (haha, it has the Scrin emblem :3 )
    Ran program.

    "Rootkit unhooker has detected a virus within itself!" and so on, ignored (continue).

    Error:
    "Error loading driver, NTSTATUS code 0xC000036B"

    No report generated, program did not start...
     
  8. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    MBR looks fine.

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  9. Lokalaskurar

    Lokalaskurar TS Enthusiast Topic Starter Posts: 544

    Downloaded ComboFix (did not have it before).
    Disabled Kaspersky antivirus in accordance with "this link" instructions.

    A loading bar appeared beneath ComboFix, loaded to about 95%, and idly waited for about 5 minutes.
    The Internet-connection was not auto-disabled.

    I should mention that the internal "Fn-controls" stopped working from BSOD #1, one week ago. This includes internal controls for the wireless Internet-connection.
    Thus; Unplugged router, ComboFix moved up to 99% but sat there idly for 5 minutes.

    Rebooted computer into safe mode.
    (Checked if Kaspersky was de-activated - check)
    ComboFix still refused to run.


    Downloaded another ComboFix (from other link), renamed it to "some_els,"
    Downloaded RKill.exe -

    Ran rkill.exe as administrator.
    CMD-box appeared, stayed up for 1 full minute telling me to "be patient as RKill is running."

    RKill generated a log, saying that 2 processes were terminated.

    InfDefaultInstall.exe
    runonce.exe

    (Location provided by RKill but not posted by me.)


    Ran ComboFix ("some_els"), warning appeared saying: "Some installation files are corrupt. Please download a fresh copy of ComboFix."


    Rebooted into safe mode.
    Ran RKill as administrator, ran "some_els" (ComboFix),

    No change - same results.


    Posting RKill.log:
    (
    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 2011-04-13 at 9:24:04.
    Operating System: Windows 7 Home Premium


    Processes terminated by Rkill or while it was running:

    C:\Users\Joacquin BlacC:\Windows\SysWOW64\InfDefaultInstall.exe

    Rkill completed on 2011-04-13 at 9:24:06.

    )


    The name "Joaquin Black" is an alibi. There is no typo above, my brother's name did not appear in full, only the first 13 characters (name+half-surname) and the "C:\" was written directly after his surname without any punctuations nor spaces. The 14:th character in his name is a diacritical letter (like a ž or š).

    I did notice that the first time RKill ran, two files where deactivated, not just one- the other being this runonce.exe-file located in the C:\Windows-folder.

    Should I perhaps download another copy of ComboFix from a source other than those you've provided?

    Also, being an IT-technician myself, feel free to tell me what's going on during the process, if you like (provided you feel like it :) ).
     
  10. Broni

    Broni Malware Annihilator Posts: 52,898   +344

  11. Lokalaskurar

    Lokalaskurar TS Enthusiast Topic Starter Posts: 544

    Just a notice: I will not be able to perform any actions with the virus-infected PC for about 4 more days; probably shorter than that though. I will let you know when I'll be available again!

    Note that I'd still like to be "Active," it's just that I need to take a break as the PC is temporarily unavailable.
     
  12. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    No problem.
    Thanks for letting me know :)
     
  13. Lokalaskurar

    Lokalaskurar TS Enthusiast Topic Starter Posts: 544

    Hey, the PC's back! Resuming...

    Rebooted into Safe Mode.
    Ran RKill, no processes were terminated.

    Ran Broni.com (ComboFix).
    Loading bar appeared/disappeared.

    Disclaimer/Guide popped up - Accepted the terms.

    Blue CMD-box appeared, also a message box.
    I'll quote the exact message: (translated)

    "Today's date: 2011-04-18. ComboFix is too old."
    "Click 'Yes' to run in REDUCED FUNCTIONALITY MOD."
    "Click 'No' to exit."

    I pressed 'Yes' anyway.

    The blue CMD prompt printed 1 line of text in about 5 ms, then closed.
    Not enough time to read the printed line, but the first printed character was a '1'.
     
  14. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please, re-run TDSSKiller and post fresh log.

    Then....

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    userinit.exe
    explorer.exe
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  15. Lokalaskurar

    Lokalaskurar TS Enthusiast Topic Starter Posts: 544

    Ran TDSSKiller
    'System scan completed'
    'Duration: 00:00:35'
    'Processed: 261 objects'
    'Infection: not found'

    TDSSKiller log:
    (
    2011/04/19 11:03:55.0445 3780 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
    2011/04/19 11:03:55.0554 3780 ================================================================================
    2011/04/19 11:03:55.0554 3780 SystemInfo:
    2011/04/19 11:03:55.0554 3780
    2011/04/19 11:03:55.0554 3780 OS Version: 6.1.7601 ServicePack: 1.0
    2011/04/19 11:03:55.0554 3780 Product type: Workstation
    2011/04/19 11:03:55.0554 3780 ComputerName: EWA
    2011/04/19 11:03:55.0554 3780 UserName: CENSORED
    2011/04/19 11:03:55.0554 3780 Windows directory: C:\Windows
    2011/04/19 11:03:55.0554 3780 System windows directory: C:\Windows
    2011/04/19 11:03:55.0554 3780 Running under WOW64
    2011/04/19 11:03:55.0554 3780 Processor architecture: Intel x64
    2011/04/19 11:03:55.0554 3780 Number of processors: 2
    2011/04/19 11:03:55.0554 3780 Page size: 0x1000
    2011/04/19 11:03:55.0554 3780 Boot type: Normal boot
    2011/04/19 11:03:55.0554 3780 ================================================================================
    2011/04/19 11:03:56.0178 3780 Initialize success
    2011/04/19 11:04:08.0752 3872 ================================================================================
    2011/04/19 11:04:08.0752 3872 Scan started
    2011/04/19 11:04:08.0752 3872 Mode: Manual;
    2011/04/19 11:04:08.0752 3872 ================================================================================
    2011/04/19 11:04:10.0998 3872 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    2011/04/19 11:04:11.0170 3872 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    2011/04/19 11:04:11.0201 3872 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    2011/04/19 11:04:11.0310 3872 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/04/19 11:04:11.0435 3872 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/04/19 11:04:11.0560 3872 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/04/19 11:04:11.0747 3872 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
    2011/04/19 11:04:11.0872 3872 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    2011/04/19 11:04:12.0028 3872 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    2011/04/19 11:04:12.0153 3872 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    2011/04/19 11:04:12.0199 3872 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/04/19 11:04:12.0496 3872 amdkmdag (aefaf27f1b7e52c705df4fb6c96732f6) C:\Windows\system32\DRIVERS\atipmdag.sys
    2011/04/19 11:04:12.0870 3872 amdkmdap (8149db73be27950ec72767a1193153a6) C:\Windows\system32\DRIVERS\atikmpag.sys
    2011/04/19 11:04:13.0011 3872 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/04/19 11:04:13.0151 3872 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
    2011/04/19 11:04:13.0276 3872 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/04/19 11:04:13.0385 3872 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
    2011/04/19 11:04:13.0416 3872 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    2011/04/19 11:04:13.0557 3872 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    2011/04/19 11:04:13.0588 3872 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/04/19 11:04:13.0728 3872 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/04/19 11:04:13.0759 3872 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    2011/04/19 11:04:13.0931 3872 athr (d6cad7e5b05055bb8226bdcb1644da27) C:\Windows\system32\DRIVERS\athrx.sys
    2011/04/19 11:04:14.0087 3872 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
    2011/04/19 11:04:14.0259 3872 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    2011/04/19 11:04:14.0383 3872 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    2011/04/19 11:04:14.0493 3872 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    2011/04/19 11:04:14.0633 3872 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/04/19 11:04:14.0742 3872 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
    2011/04/19 11:04:14.0836 3872 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/04/19 11:04:14.0898 3872 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/04/19 11:04:14.0929 3872 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    2011/04/19 11:04:15.0023 3872 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/04/19 11:04:15.0070 3872 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/04/19 11:04:15.0101 3872 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/04/19 11:04:15.0226 3872 BthAvrcp (832b121e4532919cc49f2438f1dcaa21) C:\Windows\system32\DRIVERS\BthAvrcp.sys
    2011/04/19 11:04:15.0382 3872 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
    2011/04/19 11:04:15.0429 3872 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/04/19 11:04:15.0553 3872 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
    2011/04/19 11:04:15.0678 3872 BTHPORT (0d25b6d300ba26a5f2c3b2a8e96b158b) C:\Windows\system32\Drivers\BTHport.sys
    2011/04/19 11:04:15.0834 3872 BTHUSB (1f9912f8ec5bfa53432e71e150636a8a) C:\Windows\system32\Drivers\BTHUSB.sys
    2011/04/19 11:04:15.0975 3872 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/04/19 11:04:16.0021 3872 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/04/19 11:04:16.0146 3872 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    2011/04/19 11:04:16.0287 3872 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    2011/04/19 11:04:16.0411 3872 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/04/19 11:04:16.0489 3872 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    2011/04/19 11:04:16.0583 3872 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
    2011/04/19 11:04:16.0723 3872 CnxtHdAudService (7247a4d0875f5f28919e0787e11b7b57) C:\Windows\system32\drivers\CHDRT64.sys
    2011/04/19 11:04:16.0864 3872 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/04/19 11:04:16.0895 3872 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    2011/04/19 11:04:17.0051 3872 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/04/19 11:04:17.0254 3872 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    2011/04/19 11:04:17.0410 3872 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    2011/04/19 11:04:17.0550 3872 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    2011/04/19 11:04:17.0691 3872 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    2011/04/19 11:04:17.0831 3872 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/04/19 11:04:18.0034 3872 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    2011/04/19 11:04:18.0268 3872 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/04/19 11:04:18.0393 3872 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    2011/04/19 11:04:18.0533 3872 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    2011/04/19 11:04:18.0595 3872 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    2011/04/19 11:04:18.0720 3872 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    2011/04/19 11:04:18.0767 3872 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    2011/04/19 11:04:18.0876 3872 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    2011/04/19 11:04:18.0907 3872 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/04/19 11:04:19.0032 3872 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    2011/04/19 11:04:19.0173 3872 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    2011/04/19 11:04:19.0329 3872 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/04/19 11:04:19.0360 3872 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/04/19 11:04:19.0485 3872 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\Windows\system32\DRIVERS\FwLnk.sys
    2011/04/19 11:04:19.0516 3872 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/04/19 11:04:19.0672 3872 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    2011/04/19 11:04:19.0734 3872 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    2011/04/19 11:04:19.0859 3872 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    2011/04/19 11:04:19.0890 3872 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/04/19 11:04:20.0015 3872 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/04/19 11:04:20.0140 3872 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    2011/04/19 11:04:20.0265 3872 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/04/19 11:04:20.0311 3872 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    2011/04/19 11:04:20.0452 3872 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    2011/04/19 11:04:20.0639 3872 hwdatacard (8f9b0fc4ec3a8194bd4cbc5ed3e7abeb) C:\Windows\system32\DRIVERS\ewusbmdm.sys
    2011/04/19 11:04:20.0748 3872 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    2011/04/19 11:04:20.0904 3872 hwusbdev (b45b3647ba32749b94fa689175ec8c26) C:\Windows\system32\DRIVERS\ewusbdev.sys
    2011/04/19 11:04:21.0076 3872 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    2011/04/19 11:04:21.0216 3872 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
    2011/04/19 11:04:21.0357 3872 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/04/19 11:04:21.0388 3872 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    2011/04/19 11:04:21.0513 3872 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/04/19 11:04:21.0544 3872 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/04/19 11:04:21.0684 3872 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    2011/04/19 11:04:21.0778 3872 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    2011/04/19 11:04:21.0825 3872 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    2011/04/19 11:04:21.0903 3872 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    2011/04/19 11:04:21.0996 3872 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    2011/04/19 11:04:22.0059 3872 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    2011/04/19 11:04:22.0090 3872 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    2011/04/19 11:04:22.0246 3872 KL1 (8d7120743a0973ceab548b475c9d4289) C:\Windows\system32\DRIVERS\kl1.sys
    2011/04/19 11:04:22.0371 3872 kl2 (cd146d8e525d6eebdcaf24120a8ab9ce) C:\Windows\system32\DRIVERS\kl2.sys
    2011/04/19 11:04:22.0527 3872 KLIF (177505577604c94c4be7b9316a90ada1) C:\Windows\system32\DRIVERS\klif.sys
    2011/04/19 11:04:22.0698 3872 KLIM6 (2a64b3a9eed93a2e96537b67c079fc96) C:\Windows\system32\DRIVERS\klim6.sys
    2011/04/19 11:04:22.0885 3872 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
    2011/04/19 11:04:22.0932 3872 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
    2011/04/19 11:04:23.0026 3872 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/04/19 11:04:23.0182 3872 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    2011/04/19 11:04:23.0307 3872 L1C (48686c29856f46443952a831424f8d6f) C:\Windows\system32\DRIVERS\L1C62x64.sys
    2011/04/19 11:04:23.0447 3872 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/04/19 11:04:23.0494 3872 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/04/19 11:04:23.0619 3872 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/04/19 11:04:23.0650 3872 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/04/19 11:04:23.0821 3872 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/04/19 11:04:24.0102 3872 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    2011/04/19 11:04:24.0258 3872 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    2011/04/19 11:04:24.0305 3872 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/04/19 11:04:24.0414 3872 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    2011/04/19 11:04:24.0508 3872 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    2011/04/19 11:04:24.0648 3872 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/04/19 11:04:24.0742 3872 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/04/19 11:04:24.0867 3872 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    2011/04/19 11:04:24.0960 3872 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    2011/04/19 11:04:25.0101 3872 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    2011/04/19 11:04:25.0210 3872 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    2011/04/19 11:04:25.0350 3872 mrxsmb (faf015b07e3a2874a790a39b7d2c579f) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/04/19 11:04:25.0413 3872 mrxsmb10 (08e2345df129082bcdffdc1440f9c00d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/04/19 11:04:25.0459 3872 mrxsmb20 (108d87409c5812ef47d81e22843e8c9d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/04/19 11:04:25.0537 3872 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    2011/04/19 11:04:25.0600 3872 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    2011/04/19 11:04:25.0725 3872 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    2011/04/19 11:04:25.0990 3872 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/04/19 11:04:26.0271 3872 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    2011/04/19 11:04:27.0316 3872 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/04/19 11:04:27.0472 3872 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/04/19 11:04:27.0519 3872 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    2011/04/19 11:04:27.0597 3872 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    2011/04/19 11:04:27.0721 3872 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    2011/04/19 11:04:28.0049 3872 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    2011/04/19 11:04:28.0299 3872 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/04/19 11:04:28.0486 3872 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    2011/04/19 11:04:28.0907 3872 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/04/19 11:04:29.0110 3872 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    2011/04/19 11:04:29.0235 3872 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/04/19 11:04:29.0281 3872 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/04/19 11:04:29.0328 3872 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/04/19 11:04:29.0500 3872 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/04/19 11:04:29.0640 3872 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    2011/04/19 11:04:29.0843 3872 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    2011/04/19 11:04:30.0046 3872 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    2011/04/19 11:04:30.0202 3872 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/04/19 11:04:30.0280 3872 nmwcdx64 (ad8c3895155ee8d057f073856b2d5851) C:\Windows\system32\drivers\nmwcdx64.sys
    2011/04/19 11:04:30.0639 3872 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    2011/04/19 11:04:30.0795 3872 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    2011/04/19 11:04:30.0997 3872 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
    2011/04/19 11:04:31.0356 3872 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    2011/04/19 11:04:31.0746 3872 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
    2011/04/19 11:04:31.0996 3872 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
    2011/04/19 11:04:32.0152 3872 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    2011/04/19 11:04:32.0542 3872 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    2011/04/19 11:04:32.0901 3872 PAC207 (ad930193f413316f2b713b90f12ae767) C:\Windows\system32\DRIVERS\PFC027.SYS
    2011/04/19 11:04:33.0181 3872 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    2011/04/19 11:04:33.0322 3872 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    2011/04/19 11:04:33.0431 3872 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    2011/04/19 11:04:33.0587 3872 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    2011/04/19 11:04:33.0649 3872 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/04/19 11:04:33.0759 3872 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    2011/04/19 11:04:33.0837 3872 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    2011/04/19 11:04:34.0039 3872 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/04/19 11:04:34.0071 3872 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    2011/04/19 11:04:34.0320 3872 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    2011/04/19 11:04:34.0539 3872 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/04/19 11:04:34.0804 3872 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/04/19 11:04:35.0007 3872 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    2011/04/19 11:04:35.0225 3872 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/04/19 11:04:35.0521 3872 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/04/19 11:04:35.0755 3872 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/04/19 11:04:35.0927 3872 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/04/19 11:04:36.0130 3872 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/04/19 11:04:36.0364 3872 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/04/19 11:04:36.0489 3872 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/04/19 11:04:36.0629 3872 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/04/19 11:04:36.0738 3872 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    2011/04/19 11:04:36.0925 3872 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    2011/04/19 11:04:37.0081 3872 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    2011/04/19 11:04:37.0222 3872 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    2011/04/19 11:04:37.0409 3872 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
    2011/04/19 11:04:37.0487 3872 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/04/19 11:04:37.0627 3872 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\Windows\system32\Drivers\RtsUStor.sys
    2011/04/19 11:04:37.0721 3872 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    2011/04/19 11:04:37.0815 3872 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/04/19 11:04:37.0908 3872 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    2011/04/19 11:04:37.0939 3872 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    2011/04/19 11:04:38.0033 3872 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    2011/04/19 11:04:38.0111 3872 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/04/19 11:04:38.0173 3872 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    2011/04/19 11:04:38.0251 3872 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/04/19 11:04:38.0298 3872 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    2011/04/19 11:04:38.0345 3872 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/04/19 11:04:38.0470 3872 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/04/19 11:04:38.0548 3872 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/04/19 11:04:38.0610 3872 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    2011/04/19 11:04:38.0751 3872 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    2011/04/19 11:04:38.0844 3872 srv (2098b8556d1cec2aca9a29cd479e3692) C:\Windows\system32\DRIVERS\srv.sys
    2011/04/19 11:04:39.0000 3872 srv2 (d0f73a42040f21f92fd314b42ac5c9e7) C:\Windows\system32\DRIVERS\srv2.sys
    2011/04/19 11:04:39.0125 3872 srvnet (2ba8f3250828ccdb4204ecf2c6f40b6a) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/04/19 11:04:39.0172 3872 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/04/19 11:04:39.0281 3872 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    2011/04/19 11:04:39.0328 3872 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\Windows\system32\DRIVERS\SynTP.sys
    2011/04/19 11:04:39.0437 3872 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
    2011/04/19 11:04:39.0577 3872 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/04/19 11:04:39.0718 3872 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    2011/04/19 11:04:39.0780 3872 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\Windows\system32\DRIVERS\tdcmdpst.sys
    2011/04/19 11:04:39.0889 3872 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    2011/04/19 11:04:39.0921 3872 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    2011/04/19 11:04:40.0061 3872 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    2011/04/19 11:04:40.0092 3872 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    2011/04/19 11:04:40.0295 3872 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/04/19 11:04:40.0435 3872 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    2011/04/19 11:04:40.0482 3872 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/04/19 11:04:40.0607 3872 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
    2011/04/19 11:04:40.0638 3872 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/04/19 11:04:40.0685 3872 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    2011/04/19 11:04:40.0732 3872 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    2011/04/19 11:04:40.0857 3872 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    2011/04/19 11:04:40.0872 3872 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    2011/04/19 11:04:41.0028 3872 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/04/19 11:04:41.0059 3872 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    2011/04/19 11:04:41.0169 3872 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/04/19 11:04:41.0200 3872 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
    2011/04/19 11:04:41.0340 3872 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/04/19 11:04:41.0371 3872 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/04/19 11:04:41.0496 3872 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/04/19 11:04:41.0605 3872 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/04/19 11:04:41.0652 3872 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/04/19 11:04:41.0683 3872 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
    2011/04/19 11:04:41.0730 3872 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    2011/04/19 11:04:41.0855 3872 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/04/19 11:04:41.0886 3872 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    2011/04/19 11:04:41.0995 3872 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    2011/04/19 11:04:42.0027 3872 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    2011/04/19 11:04:42.0136 3872 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    2011/04/19 11:04:42.0183 3872 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    2011/04/19 11:04:42.0307 3872 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    2011/04/19 11:04:42.0354 3872 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/04/19 11:04:42.0495 3872 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    2011/04/19 11:04:42.0541 3872 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    2011/04/19 11:04:42.0713 3872 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    2011/04/19 11:04:42.0760 3872 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/04/19 11:04:42.0885 3872 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/04/19 11:04:42.0931 3872 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/04/19 11:04:43.0119 3872 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    2011/04/19 11:04:43.0165 3872 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    2011/04/19 11:04:43.0337 3872 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/04/19 11:04:43.0431 3872 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    2011/04/19 11:04:43.0587 3872 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    2011/04/19 11:04:43.0711 3872 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    2011/04/19 11:04:43.0789 3872 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/04/19 11:04:43.0883 3872 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    2011/04/19 11:04:43.0945 3872 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/04/19 11:04:44.0055 3872 ================================================================================
    2011/04/19 11:04:44.0055 3872 Scan finished
    2011/04/19 11:04:44.0055 3872 ================================================================================
    )
     
  16. Lokalaskurar

    Lokalaskurar TS Enthusiast Topic Starter Posts: 544

    Ticked 'Scan all users'.
    Pasted text into custom scan box, ran 'Quick Scan'.

    (Scan ran for ~50 minutes, some (~4) CMD-boxes flashed briefly at random times)

    OTL.txt:
    (
    OTL logfile created on: 2011-04-19 11:32:29 - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\CENSORED\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

    3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 68,00% Memory free
    5,00 Gb Paging File | 4,00 Gb Available in Paging File | 82,00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 148,81 Gb Total Space | 85,11 Gb Free Space | 57,20% Space Free | Partition Type: NTFS
    Drive D: | 148,88 Gb Total Space | 142,41 Gb Free Space | 95,65% Space Free | Partition Type: NTFS

    Computer Name: EWA | User Name: CENSORED | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011-04-19 11:12:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\CENSORED\Desktop\OTL.exe
    PRC - [2011-04-10 16:12:53 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
    PRC - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    PRC - [2010-03-18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    PRC - [2010-03-16 17:28:28 | 000,574,784 | ---- | M] (Tele2) -- C:\Program Files (x86)\Tele2 Connect\ATService.exe
    PRC - [2010-03-16 17:28:22 | 003,454,272 | ---- | M] (Tele2) -- C:\Program Files (x86)\Tele2 Connect\WVPNMonitor.exe
    PRC - [2010-03-16 17:28:16 | 001,780,544 | ---- | M] (Columbitech) -- C:\Program Files (x86)\Tele2 Connect\Connect.exe
    PRC - [2010-01-15 15:08:38 | 000,935,208 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe


    ========== Modules (SafeList) ==========

    MOD - [2011-04-19 11:12:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\CENSORED\Desktop\OTL.exe
    MOD - [2010-11-20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010-03-15 10:56:20 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2010-02-05 18:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
    SRV:64bit: - [2009-11-05 23:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV:64bit: - [2009-07-28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
    SRV - [2011-04-10 16:12:53 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -- (AVP)
    SRV - [2010-07-01 11:59:02 | 000,051,576 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
    SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010-03-18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2010-03-16 17:28:28 | 000,574,784 | ---- | M] (Tele2) [Auto | Running] -- C:\Program Files (x86)\Tele2 Connect\ATService.exe -- (CTATSvc)
    SRV - [2010-03-16 17:28:16 | 001,780,544 | ---- | M] (Columbitech) [Auto | Running] -- C:\Program Files (x86)\Tele2 Connect\Connect.exe -- (CTConnect)
    SRV - [2010-01-15 15:08:38 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
    SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011-04-10 16:12:53 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
    DRV:64bit: - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010-11-20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010-11-20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010-06-09 17:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
    DRV:64bit: - [2010-06-09 17:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
    DRV:64bit: - [2010-04-22 19:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
    DRV:64bit: - [2010-03-15 11:06:28 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
    DRV:64bit: - [2010-03-15 10:00:58 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2010-03-10 19:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010-03-04 18:53:00 | 000,075,816 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
    DRV:64bit: - [2010-02-01 11:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2010-01-18 18:45:50 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
    DRV:64bit: - [2009-11-06 13:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2009-11-02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
    DRV:64bit: - [2009-10-12 16:23:00 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
    DRV:64bit: - [2009-09-10 16:31:00 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV:64bit: - [2009-08-13 09:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp)
    DRV:64bit: - [2009-07-30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV:64bit: - [2009-07-14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
    DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009-07-07 09:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
    DRV:64bit: - [2009-06-10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009-05-05 10:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
    DRV:64bit: - [2007-06-29 17:31:54 | 000,677,376 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)
    DRV:64bit: - [2007-06-28 12:47:14 | 000,173,056 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdx64.sys -- (nmwcdx64)
    DRV - [2011-04-12 20:24:34 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\Normandy.sys -- (Normandy)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2380782889-1397881930-1277805853-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
    IE - HKU\S-1-5-21-2380782889-1397881930-1277805853-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://dp.kunskapsskolan.se/Citrix/MetaFrame/auth/login.aspx
    IE - HKU\S-1-5-21-2380782889-1397881930-1277805853-1000\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-2380782889-1397881930-1277805853-1000\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-2380782889-1397881930-1277805853-1000\..\URLSearchHook: {c44f9e21-d93f-490c-b41c-b3548bdd19fc} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-2380782889-1397881930-1277805853-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011-01-04 16:11:04 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011-01-04 16:11:15 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt [2011-04-10 10:14:44 | 000,000,000 | ---D | M]


    Hosts file not found
    O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
    O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
    O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)
    O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
    O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (@c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-2380782889-1397881930-1277805853-1000\..\Toolbar\WebBrowser: (no name) - {32B29DF0-2237-4370-9A29-37CEBB730E9B} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [HSON] C:\Program\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
    O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
    O4:64bit: - HKLM..\Run: [SmoothView] C:\Program\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
    O4 - HKLM..\Run: [ConnecteSupport] C:\Program Files (x86)\Tific\Tific Client G1\ConnecteSupport.exe (Tific)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
    O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\Toshiba\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)
    O4 - HKU\.DEFAULT..\Run: [W5E7SH31DG] File not found
    O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\Toshiba\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)
    O4 - HKU\S-1-5-18..\Run: [W5E7SH31DG] File not found
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2380782889-1397881930-1277805853-1000..\Run: [RESTART_STICKY_NOTES] File not found
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
    O4 - Startup: C:\Users\CENSORED\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SynTPEnh.exe - genväg.lnk = File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O7 - HKU\S-1-5-21-2380782889-1397881930-1277805853-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9:64bit: - Extra Button: &Virtuellt tangentbord - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
    O9:64bit: - Extra Button: K&ontroll av webbadresser - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
    O9 - Extra Button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
    O9 - Extra 'Tools' menuitem : Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
    O9 - Extra Button: &Virtuellt tangentbord - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: K&ontroll av webbadresser - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\avldr: DllName - Reg Error: Key error. - File not found
    O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010-11-18 00:40:52 | 000,000,000 | ---- | M] () - C:\Autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{0a1de0d6-52d6-11e0-8dc5-00266c76e510}\Shell - "" = AutoRun
    O33 - MountPoints2\{0a1de0d6-52d6-11e0-8dc5-00266c76e510}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    O33 - MountPoints2\{4e1f1cf2-190a-11e0-92a9-00266c76e510}\Shell - "" = AutoRun
    O33 - MountPoints2\{4e1f1cf2-190a-11e0-92a9-00266c76e510}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
    O33 - MountPoints2\{65d5bcb8-152e-11e0-8941-00266c76e510}\Shell - "" = AutoRun
    O33 - MountPoints2\{65d5bcb8-152e-11e0-8941-00266c76e510}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{dd78c48f-f4a6-11df-a528-00266c76e510}\Shell - "" = AutoRun
    O33 - MountPoints2\{dd78c48f-f4a6-11df-a528-00266c76e510}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{dd78c4a2-f4a6-11df-a528-00266c76e510}\Shell - "" = AutoRun
    O33 - MountPoints2\{dd78c4a2-f4a6-11df-a528-00266c76e510}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{dd78c4be-f4a6-11df-a528-00266c76e510}\Shell - "" = AutoRun
    O33 - MountPoints2\{dd78c4be-f4a6-11df-a528-00266c76e510}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{dd78c4f3-f4a6-11df-a528-00266c76e510}\Shell - "" = AutoRun
    O33 - MountPoints2\{dd78c4f3-f4a6-11df-a528-00266c76e510}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{f8517df7-5c89-11e0-9644-00266c76e510}\Shell - "" = AutoRun
    O33 - MountPoints2\{f8517df7-5c89-11e0-9644-00266c76e510}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{f8517e09-5c89-11e0-9644-00266c76e510}\Shell - "" = AutoRun
    O33 - MountPoints2\{f8517e09-5c89-11e0-9644-00266c76e510}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{f8517e16-5c89-11e0-9644-00266c76e510}\Shell - "" = AutoRun
    O33 - MountPoints2\{f8517e16-5c89-11e0-9644-00266c76e510}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{f8517e30-5c89-11e0-9644-00266c76e510}\Shell - "" = AutoRun
    O33 - MountPoints2\{f8517e30-5c89-11e0-9644-00266c76e510}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\H\Shell - "" = AutoRun
    O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FFDS - C:\Program Files (x86)\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
     
  17. Lokalaskurar

    Lokalaskurar TS Enthusiast Topic Starter Posts: 544

    CREATERESTOREPOINT
    Error creating restore point.

    ========== Files/Folders - Created Within 30 Days ==========

    [2011-04-19 11:11:49 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\CENSORED\Desktop\OTL.exe
    [2011-04-18 21:14:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011-04-18 21:08:48 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011-04-17 23:32:10 | 000,000,000 | ---D | C] -- C:\Users\CENSORED\AppData\Roaming\.minecraft
    [2011-04-14 15:05:38 | 000,000,000 | ---D | C] -- C:\Users\CENSORED\Documents\gegl-0.0
    [2011-04-13 17:43:33 | 000,000,000 | ---D | C] -- C:\Users\CENSORED\Desktop\SKIT!!!
    [2011-04-12 16:20:33 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\CENSORED\Desktop\TDSSKiller.exe
    [2011-04-10 12:47:28 | 000,000,000 | ---D | C] -- C:\Users\CENSORED\AppData\Roaming\Malwarebytes
    [2011-04-10 12:47:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2011-04-10 12:47:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011-04-10 12:46:59 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2011-04-10 12:46:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011-04-10 10:15:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2011
    [2011-04-10 10:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
    [2011-04-10 10:03:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
    [2011-04-10 10:03:39 | 000,556,120 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
    [2011-04-10 09:56:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
    [2011-04-09 17:03:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
    [2011-04-08 21:23:25 | 000,000,000 | ---D | C] -- C:\Windows\$XNTUninstall643$
    [2011-04-05 17:40:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Conexant
    [2011-04-05 17:40:25 | 000,000,000 | ---D | C] -- C:\Users\CENSORED\AppData\Local\Conexant
    [2011-04-02 21:43:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Registry Cleaner For Seven
    [2011-04-01 20:04:39 | 000,243,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys
    [2011-04-01 20:04:39 | 000,117,248 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
    [2011-04-01 20:04:39 | 000,114,304 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbdev.sys
    [2011-04-01 20:04:39 | 000,029,696 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys
    [2011-04-01 20:04:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tele2 Connect
    [2011-04-01 20:03:52 | 000,000,000 | ---D | C] -- C:\Users\CENSORED\AppData\Roaming\Tific
    [2011-04-01 20:03:52 | 000,000,000 | ---D | C] -- C:\Users\CENSORED\AppData\Local\Tific
    [2011-04-01 20:03:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tele2 Connect
    [2011-04-01 20:03:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tific
    [2011-04-01 20:03:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Tific
    [2011-03-29 14:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
    [2011-03-29 14:00:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0
    [2011-03-27 19:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2011-03-27 19:36:03 | 000,000,000 | ---D | C] -- C:\Program\AVAST Software
    [2011-03-24 15:51:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cracked Steam
    [2011-03-23 21:18:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
    [2011-03-23 17:42:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
    [2011-03-22 21:18:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
    [2011-03-22 21:16:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
    [2011-03-22 21:12:34 | 000,000,000 | ---D | C] -- C:\Program\Microsoft Office
    [2011-03-22 21:11:45 | 000,000,000 | ---D | C] -- C:\Users\CENSORED\AppData\Local\Microsoft Help
    [2011-03-22 21:11:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
    [2011-03-22 21:10:10 | 000,000,000 | RH-D | C] -- C:\MSOCache
    [2011-03-22 16:06:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Maxis
    [2011-03-21 22:44:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011-04-19 11:32:05 | 000,000,968 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011-04-19 11:18:14 | 001,493,154 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011-04-19 11:18:14 | 000,634,198 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat
    [2011-04-19 11:18:14 | 000,624,776 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011-04-19 11:18:14 | 000,128,418 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat
    [2011-04-19 11:18:14 | 000,110,414 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011-04-19 11:12:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\CENSORED\Desktop\OTL.exe
    [2011-04-19 11:09:36 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011-04-19 11:09:36 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011-04-19 11:02:33 | 000,000,964 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011-04-19 11:02:12 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
    [2011-04-19 11:02:11 | 000,000,312 | -HS- | M] () -- C:\Windows\tasks\bdlfhyt.job
    [2011-04-19 11:02:10 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\iMeshNAG.job
    [2011-04-19 11:02:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011-04-19 11:01:57 | 2210,578,432 | -HS- | M] () -- C:\hiberfil.sys
    [2011-04-15 21:50:40 | 000,270,142 | ---- | M] () -- C:\Users\CENSORED\Desktop\Minecraft.exe
    [2011-04-14 15:08:42 | 000,002,157 | ---- | M] () -- C:\Users\CENSORED\.recently-used.xbel
    [2011-04-12 20:24:34 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys
    [2011-04-12 19:34:12 | 000,000,023 | ---- | M] () -- C:\Windows\BlendSettings.ini
    [2011-04-12 16:22:14 | 365,247,080 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011-04-10 23:16:41 | 084,684,712 | ---- | M] () -- C:\Users\CENSORED\Desktop\Inspelningen.wav
    [2011-04-10 16:12:53 | 000,556,120 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
    [2011-04-10 16:12:53 | 000,151,619 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
    [2011-04-10 16:12:53 | 000,107,075 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
    [2011-04-10 09:58:18 | 000,002,122 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2011-04-10 09:56:38 | 001,519,158 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011-04-10 08:40:29 | 000,413,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2011-04-09 17:15:59 | 003,796,437 | ---- | M] () -- C:\Users\CENSORED\Desktop\WindShield Gets Hit By A Piece Of Wood.mp4
    [2011-04-08 21:23:38 | 000,135,168 | RHS- | M] () -- C:\Windows\SysWow64\wuapi7.dll
    [2011-04-06 22:31:17 | 000,001,476 | ---- | M] () -- C:\Users\CENSORED\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SynTPEnh.exe - genväg.lnk
    [2011-04-05 17:37:35 | 000,001,248 | ---- | M] () -- C:\Users\CENSORED\Desktop\Task Manager.lnk
    [2011-04-01 20:04:11 | 000,001,990 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Connect Monitor.lnk
    [2011-03-31 19:40:48 | 270,232,772 | ---- | M] () -- C:\Program Files (x86)\Dflw.pff
    [2011-03-31 13:32:22 | 000,001,788 | ---- | M] () -- C:\Users\CENSORED\Desktop\temporary downloads.lnk
    [2011-03-29 13:57:22 | 000,000,000 | ---- | M] () -- C:\Windows\ToDisc.INI
    [2011-03-27 19:12:06 | 000,000,136 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetAdapt.cfg.bck
    [2011-03-27 19:12:06 | 000,000,136 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetAdapt.cfg
    [2011-03-24 21:07:43 | 000,006,144 | ---- | M] () -- C:\Users\CENSORED\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011-03-22 16:06:29 | 000,001,189 | ---- | M] () -- C:\Windows\eReg.dat
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011-04-17 23:26:28 | 000,270,142 | ---- | C] () -- C:\Users\CENSORED\Desktop\Minecraft.exe
    [2011-04-14 15:08:42 | 000,002,157 | ---- | C] () -- C:\Users\CENSORED\.recently-used.xbel
    [2011-04-12 20:18:04 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys
    [2011-04-10 23:07:40 | 084,684,712 | ---- | C] () -- C:\Users\CENSORED\Desktop\Inspelningen.wav
    [2011-04-10 10:15:18 | 000,151,619 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
    [2011-04-10 10:15:18 | 000,107,075 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
    [2011-04-10 09:58:18 | 000,002,122 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2011-04-09 17:14:58 | 003,796,437 | ---- | C] () -- C:\Users\CENSORED\Desktop\WindShield Gets Hit By A Piece Of Wood.mp4
    [2011-04-08 21:23:38 | 000,135,168 | RHS- | C] () -- C:\Windows\SysWow64\wuapi7.dll
    [2011-04-08 21:23:38 | 000,000,312 | -HS- | C] () -- C:\Windows\tasks\bdlfhyt.job
    [2011-04-06 22:31:17 | 000,001,476 | ---- | C] () -- C:\Users\CENSORED\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SynTPEnh.exe - genväg.lnk
    [2011-04-05 17:37:35 | 000,001,248 | ---- | C] () -- C:\Users\CENSORED\Desktop\Task Manager.lnk
    [2011-04-01 20:04:11 | 000,001,990 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Connect Monitor.lnk
    [2011-03-31 19:40:20 | 270,232,772 | ---- | C] () -- C:\Program Files (x86)\Dflw.pff
    [2011-03-31 19:40:20 | 001,243,136 | ---- | C] () -- C:\Program Files (x86)\Dflw.exe
    [2011-03-31 19:40:20 | 000,000,049 | ---- | C] () -- C:\Program Files (x86)\Dflw.pff_0f4fb366_00000031.wav
    [2011-03-31 19:40:20 | 000,000,005 | ---- | C] () -- C:\Program Files (x86)\dflw.cd
    [2011-03-31 13:32:22 | 000,001,788 | ---- | C] () -- C:\Users\CENSORED\Desktop\temporary downloads.lnk
    [2011-03-29 13:57:22 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
    [2011-03-23 20:36:35 | 000,002,694 | ---- | C] () -- C:\Users\CENSORED\Desktop\Fis.amr
    [2011-03-23 17:35:19 | 000,354,072 | ---- | C] () -- C:\Windows\SysNative\xactengine2_2.dll
    [2011-03-23 17:35:16 | 000,083,664 | ---- | C] () -- C:\Windows\SysNative\xinput1_1.dll
    [2011-03-23 17:35:16 | 000,062,672 | ---- | C] () -- C:\Windows\SysWow64\xinput1_1.dll
    [2011-03-23 17:30:29 | 000,014,032 | ---- | C] () -- C:\Windows\SysWow64\x3daudio1_0.dll
    [2011-03-23 17:30:28 | 003,830,992 | ---- | C] () -- C:\Windows\SysNative\d3dx9_29.dll
    [2011-03-23 17:30:28 | 002,332,368 | ---- | C] () -- C:\Windows\SysWow64\d3dx9_29.dll
    [2011-03-23 17:30:27 | 003,815,120 | ---- | C] () -- C:\Windows\SysNative\d3dx9_28.dll
    [2011-03-23 17:30:27 | 002,323,664 | ---- | C] () -- C:\Windows\SysWow64\d3dx9_28.dll
    [2011-03-23 17:30:24 | 003,767,504 | ---- | C] () -- C:\Windows\SysNative\d3dx9_26.dll
    [2011-03-23 17:22:23 | 002,297,552 | ---- | C] () -- C:\Windows\SysWow64\d3dx9_26.dll
    [2011-03-23 17:22:22 | 003,823,312 | ---- | C] () -- C:\Windows\SysNative\d3dx9_25.dll
    [2011-03-23 17:22:22 | 002,337,488 | ---- | C] () -- C:\Windows\SysWow64\d3dx9_25.dll
    [2011-03-23 17:22:20 | 003,544,272 | ---- | C] () -- C:\Windows\SysNative\d3dx9_24.dll
    [2011-03-20 21:46:15 | 000,000,318 | ---- | C] () -- C:\Windows\tasks\iMeshNAG.job
    [2011-01-27 17:11:54 | 000,000,036 | ---- | C] () -- C:\Windows\mafosav.INI
    [2011-01-26 17:32:25 | 000,034,308 | ---- | C] () -- C:\ProgramData\mazuki.dll
    [2011-01-26 16:28:57 | 000,000,007 | ---- | C] () -- C:\Windows\treeskp.sys
    [2011-01-26 16:28:57 | 000,000,007 | ---- | C] () -- C:\Windows\sbacknt.bin
    [2011-01-13 16:27:51 | 000,000,103 | ---- | C] () -- C:\Users\CENSORED\AppData\Local\fusioncache.dat
    [2011-01-10 20:25:28 | 000,000,122 | ---- | C] () -- C:\Windows\Worms Armageddon.INI
    [2010-11-29 21:39:15 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
    [2010-11-29 21:27:32 | 000,000,195 | ---- | C] () -- C:\Windows\SISTool.INI
    [2010-11-29 19:21:50 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
    [2010-11-24 15:53:08 | 000,006,144 | ---- | C] () -- C:\Users\CENSORED\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010-11-15 16:26:49 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
    [2010-11-14 22:22:09 | 000,001,189 | ---- | C] () -- C:\Windows\eReg.dat
    [2010-11-14 20:56:59 | 000,000,392 | ---- | C] () -- C:\Users\CENSORED\AppData\Roaming\wklnhst.dat
    [2010-11-14 20:29:43 | 000,000,374 | ---- | C] () -- C:\Windows\ODBC.INI
    [2010-11-14 20:20:52 | 001,519,158 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010-11-11 20:34:08 | 000,000,566 | ---- | C] () -- C:\Windows\SysWow64\SP207.INI
    [2010-04-09 08:44:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2010-04-09 08:42:13 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2009-07-14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009-07-14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009-07-14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009-07-14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

    ========== LOP Check ==========

    [2011-04-17 23:32:10 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\.minecraft
    [2010-11-23 20:26:33 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\Aura4You
    [2011-03-19 15:33:35 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\Blender Foundation
    [2010-11-24 22:19:11 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\Cool Record Edit Pro
    [2010-12-22 13:09:17 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
    [2010-11-24 22:04:20 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\Free Sound Recorder
    [2011-03-10 17:04:27 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\GetRightToGo
    [2011-04-14 15:08:42 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\gtk-2.0
    [2011-01-12 23:00:27 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\ICAClient
    [2010-12-14 20:39:40 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\NCH Swift Sound
    [2011-03-27 19:21:22 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\Notepad++
    [2011-03-27 21:23:28 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\Opera
    [2011-03-10 17:55:57 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\PACE Anti-Piracy
    [2011-03-27 19:27:20 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\Panda Security
    [2010-11-23 20:16:10 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\Publish Providers
    [2011-03-13 00:39:47 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\Sony
    [2011-01-09 02:07:00 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\Spotify
    [2011-04-01 20:03:54 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\Tific
    [2011-01-04 12:09:44 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\Toshiba
    [2011-03-18 16:55:23 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\Uniblue
    [2011-04-09 16:51:22 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\uTorrent
    [2011-01-26 21:09:26 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\vghd
    [2010-12-03 21:57:12 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\WinBatch
    [2010-12-23 18:21:22 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\Windows Live Writer
    [2011-04-19 11:02:11 | 000,000,312 | -HS- | M] () -- C:\Windows\Tasks\bdlfhyt.job
    [2011-04-19 11:02:10 | 000,000,318 | ---- | M] () -- C:\Windows\Tasks\iMeshNAG.job
    [2011-04-17 23:05:26 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011-04-19 11:58:04 | 009,735,759 | ---- | M] () -- C:\ATsvcLog.txt
    [2011-03-22 00:04:27 | 010,000,009 | ---- | M] () -- C:\ATsvcLog.txt.old
    [2010-11-18 00:40:52 | 000,000,000 | ---- | M] () -- C:\Autoexec.bat
    [2010-12-01 16:00:12 | 000,682,976 | ---- | M] () -- C:\ConnectUpdate.log
    [2011-04-19 11:02:12 | 000,850,199 | ---- | M] () -- C:\DebugLog.txt
    [2011-04-02 21:10:51 | 009,999,937 | ---- | M] () -- C:\DebugLog.txt.old
    [2011-04-18 00:32:13 | 000,013,164 | ---- | M] () -- C:\graph.log
    [2011-04-19 11:01:57 | 2210,578,432 | -HS- | M] () -- C:\hiberfil.sys
    [2011-04-19 11:02:01 | 2947,440,640 | -HS- | M] () -- C:\pagefile.sys
    [2011-04-18 21:06:56 | 000,000,361 | ---- | M] () -- C:\rkill.log
    [2010-06-22 10:49:02 | 000,000,282 | -H-- | M] () -- C:\SWSTAMP.TXT
    [2011-04-19 11:09:02 | 000,065,818 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_19.04.2011_11.03.55_log.txt

    < %systemroot%\Fonts\*.com >
    [2009-07-14 07:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009-07-14 07:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009-07-14 07:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009-07-14 07:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009-06-10 22:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2011-02-07 12:24:10 | 000,016,952 | ---- | M] (Un4seen Developments) -- C:\Users\CENSORED\AppData\Roaming\Microsoft\1eaadjc.dll
    [2011-02-07 12:24:09 | 000,098,360 | ---- | M] (Un4seen Developments) -- C:\Users\CENSORED\AppData\Roaming\Microsoft\bass.dll
    [2011-02-07 12:24:12 | 000,014,392 | ---- | M] (Un4seen Developments) -- C:\Users\CENSORED\AppData\Roaming\Microsoft\kfgresk.dll
    [2011-02-07 12:24:14 | 000,013,984 | ---- | M] () -- C:\Users\CENSORED\AppData\Roaming\Microsoft\mjcriu.dll
    [2011-02-07 12:24:11 | 000,010,808 | ---- | M] (Un4seen Developments) -- C:\Users\CENSORED\AppData\Roaming\Microsoft\peaadje.dll
    [2011-02-07 12:24:10 | 000,026,200 | ---- | M] (:) JOBnik! :) [Arthur Aminov, ISRAEL]) -- C:\Users\CENSORED\AppData\Roaming\Microsoft\qwadjb.dll
    [2011-02-07 12:24:13 | 000,015,416 | ---- | M] (Un4seen Developments) -- C:\Users\CENSORED\AppData\Roaming\Microsoft\rsaadjd.dll

    < %PROGRAMFILES%\*.* >
    [2009-07-14 06:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
    [2000-11-08 23:29:56 | 000,000,005 | ---- | M] () -- C:\Program Files (x86)\dflw.cd
    [2000-11-08 10:57:58 | 001,243,136 | ---- | M] () -- C:\Program Files (x86)\Dflw.exe
    [2011-03-31 19:40:48 | 270,232,772 | ---- | M] () -- C:\Program Files (x86)\Dflw.pff
    [2000-11-09 00:28:06 | 000,000,049 | ---- | M] () -- C:\Program Files (x86)\Dflw.pff_0f4fb366_00000031.wav

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >
    [2010-11-20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\config\systemprofile\explorer.bak

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011-03-31 18:29:50 | 000,000,221 | -HS- | M] () -- C:\Users\CENSORED\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011-04-15 21:50:40 | 000,270,142 | ---- | M] () -- C:\Users\CENSORED\Desktop\Minecraft.exe
    [2011-04-19 11:12:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\CENSORED\Desktop\OTL.exe
    [2011-03-10 12:27:50 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\CENSORED\Desktop\TDSSKiller.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009-06-10 23:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011-02-25 15:15:20 | 000,000,402 | -HS- | M] () -- C:\Users\CENSORED\Favorites\desktop.ini
    [2011-02-25 21:16:44 | 000,001,312 | ---- | M] () -- C:\Users\CENSORED\Favorites\WildTangent Games.lnk

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011-01-26 17:32:25 | 000,034,308 | ---- | M] () -- C:\ProgramData\mazuki.dll

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
    No captured output from command...

    < dir /b "%systemroot%\*.exe" | find /i " " /c >
    No captured output from command...

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
     
  18. Lokalaskurar

    Lokalaskurar TS Enthusiast Topic Starter Posts: 544

    < MD5 for: AGP440.SYS >
    [2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
    [2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
    [2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
    [2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

    < MD5 for: ATAPI.SYS >
    [2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
    [2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
    [2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
    [2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

    < MD5 for: CNGAUDIT.DLL >
    [2009-07-14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
    [2009-07-14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
    [2009-07-14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
    [2009-07-14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

    < MD5 for: EXPLORER.EXE >
    [2009-07-14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
    [2009-10-31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
    [2011-01-16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\CENSORED\AppData\Local\Temp\RarSFX0\procs\explorer.exe
    [2011-01-16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\CENSORED\AppData\Local\Temp\RarSFX1\procs\explorer.exe
    [2011-01-16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\CENSORED\AppData\Local\Temp\RarSFX2\procs\explorer.exe
    [2011-01-16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\CENSORED\AppData\Local\Temp\RarSFX3\procs\explorer.exe
    [2011-01-16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\CENSORED\AppData\Local\Temp\RarSFX4\procs\explorer.exe
    [2010-11-20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
    [2010-11-20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
    [2009-08-03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
    [2009-10-31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
    [2009-08-03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
    [2011-03-16 12:58:35 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=A5FA3577D74335F150B73069608699C1 -- C:\Windows\explorer.exe
    [2005-08-16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\CENSORED\AppData\Local\Temp\RarSFX0\h\explorer.exe
    [2005-08-16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\CENSORED\AppData\Local\Temp\RarSFX1\h\explorer.exe
    [2005-08-16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\CENSORED\AppData\Local\Temp\RarSFX2\h\explorer.exe
    [2005-08-16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\CENSORED\AppData\Local\Temp\RarSFX3\h\explorer.exe
    [2005-08-16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\CENSORED\AppData\Local\Temp\RarSFX4\h\explorer.exe
    [2010-11-20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
    [2009-10-31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
    [2009-08-03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
    [2009-07-14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
    [2009-10-31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
    [2009-08-03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

    < MD5 for: IASTORV.SYS >
    [2010-11-20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\drivers\iaStorV.sys
    [2010-11-20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
    [2010-11-20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
    [2009-07-14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

    < MD5 for: NETLOGON.DLL >
    [2009-07-14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
    [2010-11-20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
    [2010-11-20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
    [2010-11-20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
    [2010-11-20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
    [2009-07-14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

    < MD5 for: NVSTOR.SYS >
    [2009-07-14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
    [2010-11-20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\drivers\nvstor.sys
    [2010-11-20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
    [2010-11-20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

    < MD5 for: SCECLI.DLL >
    [2009-07-14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
    [2009-07-14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
    [2010-11-20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
    [2010-11-20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
    [2010-11-20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
    [2010-11-20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

    < MD5 for: USERINIT.EXE >
    [2010-11-20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
    [2010-11-20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2009-07-14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
    [2009-07-14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
    [2009-05-26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\CENSORED\AppData\Local\Temp\RarSFX0\userinit.exe
    [2009-05-26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\CENSORED\AppData\Local\Temp\RarSFX1\userinit.exe
    [2009-05-26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\CENSORED\AppData\Local\Temp\RarSFX2\userinit.exe
    [2009-05-26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\CENSORED\AppData\Local\Temp\RarSFX3\userinit.exe
    [2009-05-26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\CENSORED\AppData\Local\Temp\RarSFX4\userinit.exe
    [2010-11-20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
    [2010-11-20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 1248 bytes -> C:\ProgramData\Microsoft:zhjHYV3MiNCERxvzx0eQePC7Jui7
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:9D1B94FD
    @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86
    @Alternate Data Stream - 1093 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:zBSDMHK5n0l2g3dkhshJ5q
    @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:C4F92751
    @Alternate Data Stream - 1068 bytes -> C:\ProgramData\Microsoft:jhBfLMSgddifzzzMb2

    < End of report >

    )

    Extras.txt:
    (
    OTL Extras logfile created on: 2011-04-19 11:32:29 - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\CENSORED\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

    3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 68,00% Memory free
    5,00 Gb Paging File | 4,00 Gb Available in Paging File | 82,00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 148,81 Gb Total Space | 85,11 Gb Free Space | 57,20% Space Free | Partition Type: NTFS
    Drive D: | 148,88 Gb Total Space | 142,41 Gb Free Space | 95,65% Space Free | Partition Type: NTFS

    Computer Name: EWA | User Name: CENSORED | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

    [HKEY_USERS\S-1-5-21-2380782889-1397881930-1277805853-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- Reg Error: Value error.
    http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
    https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- Reg Error: Value error.
    http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
    https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{21E2A283-1416-AF26-6DA1-92FDE02224EB}" = ccc-utility64
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5792CD64-61B4-C448-0D22-3C51DD73AB2A}" = ATI Catalyst Install Manager
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-041D-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Swedish) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{96CC6DCC-8EBA-3F85-899B-933F599C4142}" = Microsoft .NET Framework 4 Client Profile SVE Language Pack
    "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
    "{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{C9608300-11F5-11E0-A64B-0013D3D69929}" = MSVCRT Redists
    "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "{D81C035E-D0A5-11DF-9450-0013D3D69929}" = MSVCRT Redists
    "{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile SVE Language Pack" = Microsoft .NET Framework 4 Client Profile Language Pack - SVE
    "Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.3.8
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "WinRAR archiver" = WinRAR archiver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{02950E10-1AA3-DF62-FED5-42CBD4ADC5C1}" = CCC Help Dutch
    "{0420F95C-11FF-4E02-B967-6CC22B188F9F}" = Nero BackItUp
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
    "{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password
    "{08A247F5-E34F-4D17-8731-0906DF56947E}" = Windows Live Sync
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}" = SimCity™ Societies
    "{118F5964-DA03-7B46-BDEA-7C3FA203D293}" = CCC Help Spanish
    "{1246FF64-3035-4A92-8FE6-A968275495EB}" = Sony Vegas Pro 8.0
    "{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
    "{14C87AA7-08E6-419F-A165-998EBE5023D7}" = Oblivion - Knights of the Nine
    "{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
    "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7.1
    "{1AB80D06-778A-480C-A563-A2CF059FD4EB}" = ArcSoft MediaImpression for Kodak
    "{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
    "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
    "{1CF51B76-7485-410C-D06D-23D1060974D3}" = Catalyst Control Center Core Implementation
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
    "{21759FAC-AE5F-F171-EB4C-D2FBF66EDD04}" = CCC Help Czech
    "{219B4856-468A-F0BB-8249-E630AD4E86C2}" = ccc-core-static
    "{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
    "{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
    "{23D683DD-93C6-48E6-B84E-78B57778F126}" = Oblivion - Construction Set
    "{23EA31D7-28CD-F7B3-024C-6EB784F1BC79}" = CCC Help Russian
    "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
    "{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
    "{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower
    "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
    "{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
    "{3669F19D-D7C2-3240-C4EC-A57DECC124FC}" = CCC Help Japanese
    "{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}" = ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
    "{38A0161D-7CD3-51AD-0ACB-F46DD34D2FF6}" = CCC Help Greek
    "{39670BCD-6300-21D8-78A4-ECD68D0C4D95}" = CCC Help Chinese Standard
    "{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights
    "{3ABEBD00-299D-4DCA-967F-B912163AB5EA}" = Oblivion - Horse Armor Pack
    "{46A46830-50AA-3326-7A57-72BB03E6B3EC}" = CCC Help Hungarian
    "{47984ADB-54E9-BE8F-E39F-8B1FAAD4B192}" = CCC Help Polish
    "{49c71ef0-302d-431c-9acf-d2e82f2da34c}" = Nero 9 Essentials
    "{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent
    "{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
    "{5570C266-C606-85BC-6E23-C858566E02DB}" = CCC Help Swedish
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
    "{5E620377-939F-3E6B-F328-4A69D9CA0D1B}" = CCC Help French
    "{65F5F454-0029-045D-82ED-126F650B5C8F}" = Catalyst Control Center Graphics Previews Vista
    "{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
    "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
    "{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
    "{787E4869-4D11-49B4-8F3D-17FD32D7E2AA}" = Tele2 Connect Monitor
    "{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
    "{836775DC-DC27-BC0C-7770-68E2591F6CC6}" = CCC Help Norwegian
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{86236CB1-023D-82B2-A706-74ECFFA91A8E}" = Catalyst Control Center Graphics Previews Common
    "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B4BD0EF-A058-3F42-0AD8-763267A735D0}" = Catalyst Control Center Graphics Full New
    "{8BD785CF-30C7-4182-B250-0D5FCE78D4DD}" = Catalyst Control Center - Branding
    "{8BE504E9-0677-87AC-07D2-1A1428E17A92}" = Catalyst Control Center InstallProxy
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup
    "{8F66842A-B63E-4B86-85F5-F9D37A3BDC10}" = Panda Antivirus Pro 2011
    "{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
    "{90120000-0015-041D-0000-0000000FF1CE}" = Microsoft Office Access MUI (Swedish) 2007
    "{90120000-0015-041D-0000-0000000FF1CE}_ENTERPRISE_{1AEE207F-E4DC-4A6C-9ACD-D1218F08B442}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-041D-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Swedish) 2007
    "{90120000-0016-041D-0000-0000000FF1CE}_ENTERPRISE_{1AEE207F-E4DC-4A6C-9ACD-D1218F08B442}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0017-041D-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Swedish) 2007
    "{90120000-0017-041D-0000-0000000FF1CE}_OMUI.sv-se_{6BF69B6E-06EF-4761-B62E-663EF7C449B5}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
    "{90120000-0018-041D-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Swedish) 2007
    "{90120000-0018-041D-0000-0000000FF1CE}_ENTERPRISE_{1AEE207F-E4DC-4A6C-9ACD-D1218F08B442}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-041D-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Swedish) 2007
    "{90120000-0019-041D-0000-0000000FF1CE}_ENTERPRISE_{1AEE207F-E4DC-4A6C-9ACD-D1218F08B442}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-041D-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Swedish) 2007
    "{90120000-001A-041D-0000-0000000FF1CE}_ENTERPRISE_{1AEE207F-E4DC-4A6C-9ACD-D1218F08B442}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-041D-0000-0000000FF1CE}" = Microsoft Office Word MUI (Swedish) 2007
    "{90120000-001B-041D-0000-0000000FF1CE}_ENTERPRISE_{1AEE207F-E4DC-4A6C-9ACD-D1218F08B442}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
    "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040B-0000-0000000FF1CE}" = Microsoft Office Proof (Finnish) 2007
    "{90120000-001F-040B-0000-0000000FF1CE}_ENTERPRISE_{8C00DF3E-E8BD-4C6A-B86F-0135E11DAF1C}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-041D-0000-0000000FF1CE}" = Microsoft Office Proof (Swedish) 2007
    "{90120000-001F-041D-0000-0000000FF1CE}_ENTERPRISE_{43722AA8-ACEA-4F54-9B83-2467D376EF8A}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-041D-1000-0000000FF1CE}_ENTERPRISE_{8C2A0B2D-382B-428C-9E8D-247D31B22201}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002C-041D-0000-0000000FF1CE}" = Microsoft Office Proofing (Swedish) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-041D-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Swedish) 2007
    "{90120000-0044-041D-0000-0000000FF1CE}_ENTERPRISE_{1AEE207F-E4DC-4A6C-9ACD-D1218F08B442}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-041D-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Swedish) 2007
    "{90120000-006E-041D-0000-0000000FF1CE}_ENTERPRISE_{8C2A0B2D-382B-428C-9E8D-247D31B22201}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-041D-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Swedish) 2007
    "{90120000-00A1-041D-0000-0000000FF1CE}_ENTERPRISE_{1AEE207F-E4DC-4A6C-9ACD-D1218F08B442}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-041D-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Swedish) 2007
    "{90120000-00BA-041D-0000-0000000FF1CE}_ENTERPRISE_{1AEE207F-E4DC-4A6C-9ACD-D1218F08B442}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0100-041D-0000-0000000FF1CE}" = Microsoft Office O MUI (Swedish) 2007
    "{90120000-0100-041D-0000-0000000FF1CE}_OMUI.sv-se_{1AEE207F-E4DC-4A6C-9ACD-D1218F08B442}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0101-041D-0000-0000000FF1CE}" = Microsoft Office X MUI (Swedish) 2007
    "{90120000-0101-041D-0000-0000000FF1CE}_OMUI.sv-se_{1AEE207F-E4DC-4A6C-9ACD-D1218F08B442}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91D25D3C-A6D8-78D4-CDE7-F70B93389A03}" = CCC Help Italian
    "{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
    "{9CD5AC28-04E5-07A5-100D-953D2B3A8747}" = Catalyst Control Center Graphics Full Existing
    "{9DA0961E-FCFE-EEF2-04AA-32631F7CEC9E}" = Photo Service - powered by myphotobook
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}" = Amazon.co.uk
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
    "{AC76BA86-7AD7-1053-7B44-A94000000001}" = Adobe Reader 9.4.3 - Svenska
    "{AD8D84C3-D43A-776D-E4A8-2A4433BCBD32}" = CCC Help Korean
    "{B0402CE4-783A-773C-239B-FF45BDFB400E}" = Catalyst Control Center Localization All
    "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
    "{B32B60B9-C31B-3193-257A-2381305A0851}" = CCC Help German
    "{B3B66630-DA7C-BD66-DFA4-F37AC82873EE}" = CCC Help Danish
    "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
    "{B8615768-6D66-5E53-C4E1-6F7EC8D9BFFE}" = CCC Help English
    "{B86C9440-82D7-423C-9FEC-6CB3092D1AA4}" = Bing Bar Platform
    "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
    "{C289841E-5B5F-0198-F3FF-CB361D007DA3}" = CCC Help Thai
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
    "{C7BC4EBB-D88F-019D-8ED0-F42F89096B18}" = CCC Help Turkish
    "{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D10D079D-EFDA-9601-98F8-F935A2A411A0}" = CCC Help Chinese Traditional
    "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DFD723B7-1762-73EC-32BC-A7D9E838808D}" = Catalyst Control Center Graphics Light
    "{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
    "{E819AA87-4215-D35A-6872-BF97C32A9DB3}" = CCC Help Finnish
    "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
    "{E9618EB0-D09E-496B-A425-689271F5571B}" = Windows Live UX Platform Language Pack
    "{E9637CBC-A784-4E9E-973C-47D05868B7FD}" = Panda Antivirus Pro 2011
    "{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
    "{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
    "{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
    "{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
    "{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
    "{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
    "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
    "{FD1F254C-48B2-A188-0127-03855BA15D16}" = CCC Help Portuguese
    "{FDE58148-57E7-43BF-879A-29CCE818C078}" = eBay
    "{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Aura Video to Audio Converter_is1" = Aura Video to Audio Converter 1.3.2
    "AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1
    "AVS Update Manager_is1" = AVS Update Manager 1.0
    "AVS Video Editor_is1" = AVS Video Editor 5
    "AVS Video Recorder_is1" = AVS Video Recorder 2.4
    "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
    "Canon MP560 series användarregistrering" = Canon MP560 series användarregistrering
    "CanonMyPrinter" = Canon My Printer
    "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2010-10-10
    "ConnecteSupport" = Tele2 Connect
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Photo Service - powered by myphotobook
    "HUAWEI Generic Driver" = Huawei Generic Driver
    "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
    "InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
    "InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
    "InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
    "InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
    "Little Fighter 2 version 2.0a" = Little Fighter 2 version 2.0a
    "Little Fighter 2.5 - v2.0" = Little Fighter 2.5 - v2.0
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Mario Forever 5.01" = Mario Forever 5.01
    "MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
    "OMUI.sv-se" = Microsoft Office Language Pack 2007 - Swedish/svenska
    "Opera 11.01.1190" = Opera 11.01
    "Spotify" = Spotify
    "Super Mario Defence" = Super Mario Defence
    "uTorrent" = µTorrent
    "WaveLabPro" = WaveLab 6
    "WinGimp-2.0_is1" = GIMP 2.6.11
    "WinLiveSuite" = Windows Live Essentials
    "Works2006Setup" = Startprogram för installation av Microsoft Works Suite 2006m Files (x86)\Electronic Arts
    "Worms Armageddon Demo" = Worms Armageddon Demo

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >

    )


    Ran OTL
    Pasted text into custom fix box, clicked 'Run Fix'.

    Generated log:
    (
    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: CENSORED
    ->Temp folder emptied: 212296218 bytes
    ->Temporary Internet Files folder emptied: 2534739 bytes
    ->Java cache emptied: 0 bytes
    ->Opera cache emptied: 18792350 bytes
    ->Flash cache emptied: 1745 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 19243377 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 985868 bytes

    Total Files Cleaned = 242,00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: CENSORED
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0,00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 04192011_121803

    Files\Folders moved on Reboot...
    C:\Users\CENSORED\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File\Folder C:\Windows\temp\kls912E.tmp not found!

    Registry entries deleted on Reboot...

    )


    OTL prompted to reboot. Rebooted PC.


    Ran OTL, clicked 'Quick Scan'.
    Scan ran for ~45 minutes.

    Generated log:
    (
    OTL logfile created on: 2011-04-19 12:23:59 - Run 2
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\CENSORED\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

    3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
    5,00 Gb Paging File | 4,00 Gb Available in Paging File | 82,00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 148,81 Gb Total Space | 85,34 Gb Free Space | 57,35% Space Free | Partition Type: NTFS
    Drive D: | 148,88 Gb Total Space | 142,41 Gb Free Space | 95,65% Space Free | Partition Type: NTFS

    Computer Name: EWA | User Name: CENSORED | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011-04-19 11:12:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\CENSORED\Desktop\OTL.exe
    PRC - [2011-04-10 16:12:53 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
    PRC - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    PRC - [2010-03-18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    PRC - [2010-03-16 17:28:28 | 000,574,784 | ---- | M] (Tele2) -- C:\Program Files (x86)\Tele2 Connect\ATService.exe
    PRC - [2010-03-16 17:28:22 | 003,454,272 | ---- | M] (Tele2) -- C:\Program Files (x86)\Tele2 Connect\WVPNMonitor.exe
    PRC - [2010-03-16 17:28:16 | 001,780,544 | ---- | M] (Columbitech) -- C:\Program Files (x86)\Tele2 Connect\Connect.exe
    PRC - [2010-01-15 15:08:38 | 000,935,208 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe


    ========== Modules (SafeList) ==========

    MOD - [2011-04-19 11:12:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\CENSORED\Desktop\OTL.exe
    MOD - [2010-11-20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010-03-15 10:56:20 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2010-02-05 18:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
    SRV:64bit: - [2009-11-05 23:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV:64bit: - [2009-07-28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
    SRV - [2011-04-10 16:12:53 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -- (AVP)
    SRV - [2010-07-01 11:59:02 | 000,051,576 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
    SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010-03-18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2010-03-16 17:28:28 | 000,574,784 | ---- | M] (Tele2) [Auto | Running] -- C:\Program Files (x86)\Tele2 Connect\ATService.exe -- (CTATSvc)
    SRV - [2010-03-16 17:28:16 | 001,780,544 | ---- | M] (Columbitech) [Auto | Running] -- C:\Program Files (x86)\Tele2 Connect\Connect.exe -- (CTConnect)
    SRV - [2010-01-15 15:08:38 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
    SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011-04-10 16:12:53 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
    DRV:64bit: - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010-11-20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010-11-20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010-06-09 17:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
    DRV:64bit: - [2010-06-09 17:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
    DRV:64bit: - [2010-04-22 19:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
     
  19. Lokalaskurar

    Lokalaskurar TS Enthusiast Topic Starter Posts: 544

    DRV:64bit: - [2010-03-15 11:06:28 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
    DRV:64bit: - [2010-03-15 10:00:58 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2010-03-10 19:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010-03-04 18:53:00 | 000,075,816 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
    DRV:64bit: - [2010-02-01 11:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2010-01-18 18:45:50 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
    DRV:64bit: - [2009-11-06 13:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2009-11-02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
    DRV:64bit: - [2009-10-12 16:23:00 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
    DRV:64bit: - [2009-09-10 16:31:00 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV:64bit: - [2009-08-13 09:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp)
    DRV:64bit: - [2009-07-30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV:64bit: - [2009-07-14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
    DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009-07-07 09:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
    DRV:64bit: - [2009-06-10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009-05-05 10:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
    DRV:64bit: - [2007-06-29 17:31:54 | 000,677,376 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)
    DRV:64bit: - [2007-06-28 12:47:14 | 000,173,056 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdx64.sys -- (nmwcdx64)
    DRV - [2011-04-12 20:24:34 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\Normandy.sys -- (Normandy)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://dp.kunskapsskolan.se/Citrix/MetaFrame/auth/login.aspx
    IE - HKCU\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - Reg Error: Key error. File not found
    IE - HKCU\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - Reg Error: Key error. File not found
    IE - HKCU\..\URLSearchHook: {c44f9e21-d93f-490c-b41c-b3548bdd19fc} - Reg Error: Key error. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011-01-04 16:11:04 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011-01-04 16:11:15 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt [2011-04-10 10:14:44 | 000,000,000 | ---D | M]


    Hosts file not found
    O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
    O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
    O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)
    O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
    O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (@c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32B29DF0-2237-4370-9A29-37CEBB730E9B} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [HSON] C:\Program\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
    O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
    O4:64bit: - HKLM..\Run: [SmoothView] C:\Program\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
    O4 - HKLM..\Run: [ConnecteSupport] C:\Program Files (x86)\Tific\Tific Client G1\ConnecteSupport.exe (Tific)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
    O4 - HKCU..\Run: [RESTART_STICKY_NOTES] File not found
    O4 - Startup: C:\Users\CENSORED\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SynTPEnh.exe - genväg.lnk = File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9:64bit: - Extra Button: &Virtuellt tangentbord - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
    O9:64bit: - Extra Button: K&ontroll av webbadresser - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
    O9 - Extra Button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
    O9 - Extra 'Tools' menuitem : Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
    O9 - Extra Button: &Virtuellt tangentbord - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: K&ontroll av webbadresser - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\avldr: DllName - Reg Error: Key error. - File not found
    O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010-11-18 00:40:52 | 000,000,000 | ---- | M] () - C:\Autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{0a1de0d6-52d6-11e0-8dc5-00266c76e510}\Shell - "" = AutoRun
    O33 - MountPoints2\{0a1de0d6-52d6-11e0-8dc5-00266c76e510}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    O33 - MountPoints2\{4e1f1cf2-190a-11e0-92a9-00266c76e510}\Shell - "" = AutoRun
    O33 - MountPoints2\{4e1f1cf2-190a-11e0-92a9-00266c76e510}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
    O33 - MountPoints2\{65d5bcb8-152e-11e0-8941-00266c76e510}\Shell - "" = AutoRun
    O33 - MountPoints2\{65d5bcb8-152e-11e0-8941-00266c76e510}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{dd78c48f-f4a6-11df-a528-00266c76e510}\Shell - "" = AutoRun
    O33 - MountPoints2\{dd78c48f-f4a6-11df-a528-00266c76e510}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{dd78c4a2-f4a6-11df-a528-00266c76e510}\Shell - "" = AutoRun
    O33 - MountPoints2\{dd78c4a2-f4a6-11df-a528-00266c76e510}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{dd78c4be-f4a6-11df-a528-00266c76e510}\Shell - "" = AutoRun
    O33 - MountPoints2\{dd78c4be-f4a6-11df-a528-00266c76e510}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{dd78c4f3-f4a6-11df-a528-00266c76e510}\Shell - "" = AutoRun
    O33 - MountPoints2\{dd78c4f3-f4a6-11df-a528-00266c76e510}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{f8517df7-5c89-11e0-9644-00266c76e510}\Shell - "" = AutoRun
    O33 - MountPoints2\{f8517df7-5c89-11e0-9644-00266c76e510}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{f8517e09-5c89-11e0-9644-00266c76e510}\Shell - "" = AutoRun
    O33 - MountPoints2\{f8517e09-5c89-11e0-9644-00266c76e510}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{f8517e16-5c89-11e0-9644-00266c76e510}\Shell - "" = AutoRun
    O33 - MountPoints2\{f8517e16-5c89-11e0-9644-00266c76e510}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{f8517e30-5c89-11e0-9644-00266c76e510}\Shell - "" = AutoRun
    O33 - MountPoints2\{f8517e30-5c89-11e0-9644-00266c76e510}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\H\Shell - "" = AutoRun
    O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011-04-19 12:18:03 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011-04-19 11:11:49 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\CENSORED\Desktop\OTL.exe
    [2011-04-18 21:14:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011-04-18 21:08:48 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011-04-17 23:32:10 | 000,000,000 | ---D | C] -- C:\Users\CENSORED\AppData\Roaming\.minecraft
    [2011-04-14 15:05:38 | 000,000,000 | ---D | C] -- C:\Users\CENSORED\Documents\gegl-0.0
    [2011-04-13 17:43:33 | 000,000,000 | ---D | C] -- C:\Users\CENSORED\Desktop\SKIT!!!
    [2011-04-12 16:20:33 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\CENSORED\Desktop\TDSSKiller.exe
    [2011-04-10 12:47:28 | 000,000,000 | ---D | C] -- C:\Users\CENSORED\AppData\Roaming\Malwarebytes
    [2011-04-10 12:47:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2011-04-10 12:47:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011-04-10 12:46:59 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2011-04-10 12:46:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011-04-10 10:15:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2011
    [2011-04-10 10:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
    [2011-04-10 10:03:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
    [2011-04-10 10:03:39 | 000,556,120 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
    [2011-04-10 09:56:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
    [2011-04-09 17:03:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
    [2011-04-08 21:23:25 | 000,000,000 | ---D | C] -- C:\Windows\$XNTUninstall643$
    [2011-04-05 17:40:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Conexant
    [2011-04-05 17:40:25 | 000,000,000 | ---D | C] -- C:\Users\CENSORED\AppData\Local\Conexant
    [2011-04-02 21:43:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Registry Cleaner For Seven
    [2011-04-01 20:04:39 | 000,243,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys
    [2011-04-01 20:04:39 | 000,117,248 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
    [2011-04-01 20:04:39 | 000,114,304 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbdev.sys
    [2011-04-01 20:04:39 | 000,029,696 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys
    [2011-04-01 20:04:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tele2 Connect
    [2011-04-01 20:03:52 | 000,000,000 | ---D | C] -- C:\Users\CENSORED\AppData\Roaming\Tific
    [2011-04-01 20:03:52 | 000,000,000 | ---D | C] -- C:\Users\CENSORED\AppData\Local\Tific
    [2011-04-01 20:03:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tele2 Connect
    [2011-04-01 20:03:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tific
    [2011-04-01 20:03:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Tific
    [2011-03-29 14:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
    [2011-03-29 14:00:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0
    [2011-03-27 19:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2011-03-27 19:36:03 | 000,000,000 | ---D | C] -- C:\Program\AVAST Software
    [2011-03-24 15:51:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cracked Steam
    [2011-03-23 21:18:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
    [2011-03-23 17:42:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
    [2011-03-22 21:18:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
    [2011-03-22 21:16:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
    [2011-03-22 21:12:34 | 000,000,000 | ---D | C] -- C:\Program\Microsoft Office
    [2011-03-22 21:11:45 | 000,000,000 | ---D | C] -- C:\Users\CENSORED\AppData\Local\Microsoft Help
    [2011-03-22 21:11:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
    [2011-03-22 21:10:10 | 000,000,000 | RH-D | C] -- C:\MSOCache
    [2011-03-22 16:06:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Maxis
    [2011-03-21 22:44:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi

    ========== Files - Modified Within 30 Days ==========

    [2011-04-19 12:32:05 | 000,000,968 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011-04-19 12:26:57 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011-04-19 12:26:57 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011-04-19 12:23:54 | 001,493,154 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011-04-19 12:23:54 | 000,634,198 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat
    [2011-04-19 12:23:54 | 000,624,776 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011-04-19 12:23:54 | 000,128,418 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat
    [2011-04-19 12:23:54 | 000,110,414 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011-04-19 12:19:41 | 000,000,964 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011-04-19 12:19:34 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
    [2011-04-19 12:19:34 | 000,000,312 | -HS- | M] () -- C:\Windows\tasks\bdlfhyt.job
    [2011-04-19 12:19:33 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\iMeshNAG.job
    [2011-04-19 12:19:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011-04-19 12:19:19 | 2210,578,432 | -HS- | M] () -- C:\hiberfil.sys
    [2011-04-19 11:12:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\CENSORED\Desktop\OTL.exe
    [2011-04-15 21:50:40 | 000,270,142 | ---- | M] () -- C:\Users\CENSORED\Desktop\Minecraft.exe
    [2011-04-14 15:08:42 | 000,002,157 | ---- | M] () -- C:\Users\CENSORED\.recently-used.xbel
    [2011-04-12 20:24:34 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys
    [2011-04-12 19:34:12 | 000,000,023 | ---- | M] () -- C:\Windows\BlendSettings.ini
    [2011-04-12 16:22:14 | 365,247,080 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011-04-10 23:16:41 | 084,684,712 | ---- | M] () -- C:\Users\CENSORED\Desktop\Inspelningen.wav
    [2011-04-10 16:12:53 | 000,556,120 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
    [2011-04-10 16:12:53 | 000,151,619 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
    [2011-04-10 16:12:53 | 000,107,075 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
    [2011-04-10 09:58:18 | 000,002,122 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2011-04-10 09:56:38 | 001,519,158 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011-04-10 08:40:29 | 000,413,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2011-04-09 17:15:59 | 003,796,437 | ---- | M] () -- C:\Users\CENSORED\Desktop\WindShield Gets Hit By A Piece Of Wood.mp4
    [2011-04-08 21:23:38 | 000,135,168 | RHS- | M] () -- C:\Windows\SysWow64\wuapi7.dll
    [2011-04-06 22:31:17 | 000,001,476 | ---- | M] () -- C:\Users\CENSORED\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SynTPEnh.exe - genväg.lnk
    [2011-04-05 17:37:35 | 000,001,248 | ---- | M] () -- C:\Users\CENSORED\Desktop\Task Manager.lnk
    [2011-04-01 20:04:11 | 000,001,990 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Connect Monitor.lnk
    [2011-03-31 19:40:48 | 270,232,772 | ---- | M] () -- C:\Program Files (x86)\Dflw.pff
    [2011-03-31 13:32:22 | 000,001,788 | ---- | M] () -- C:\Users\CENSORED\Desktop\temporary downloads.lnk
    [2011-03-29 13:57:22 | 000,000,000 | ---- | M] () -- C:\Windows\ToDisc.INI
    [2011-03-27 19:12:06 | 000,000,136 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetAdapt.cfg.bck
    [2011-03-27 19:12:06 | 000,000,136 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetAdapt.cfg
    [2011-03-24 21:07:43 | 000,006,144 | ---- | M] () -- C:\Users\CENSORED\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011-03-22 16:06:29 | 000,001,189 | ---- | M] () -- C:\Windows\eReg.dat

    ========== Files Created - No Company Name ==========

    [2011-04-17 23:26:28 | 000,270,142 | ---- | C] () -- C:\Users\CENSORED\Desktop\Minecraft.exe
    [2011-04-14 15:08:42 | 000,002,157 | ---- | C] () -- C:\Users\CENSORED\.recently-used.xbel
    [2011-04-12 20:18:04 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys
    [2011-04-10 23:07:40 | 084,684,712 | ---- | C] () -- C:\Users\CENSORED\Desktop\Inspelningen.wav
    [2011-04-10 10:15:18 | 000,151,619 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
    [2011-04-10 10:15:18 | 000,107,075 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
    [2011-04-10 09:58:18 | 000,002,122 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2011-04-09 17:14:58 | 003,796,437 | ---- | C] () -- C:\Users\CENSORED\Desktop\WindShield Gets Hit By A Piece Of Wood.mp4
    [2011-04-08 21:23:38 | 000,135,168 | RHS- | C] () -- C:\Windows\SysWow64\wuapi7.dll
    [2011-04-08 21:23:38 | 000,000,312 | -HS- | C] () -- C:\Windows\tasks\bdlfhyt.job
    [2011-04-06 22:31:17 | 000,001,476 | ---- | C] () -- C:\Users\CENSORED\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SynTPEnh.exe - genväg.lnk
    [2011-04-05 17:37:35 | 000,001,248 | ---- | C] () -- C:\Users\CENSORED\Desktop\Task Manager.lnk
    [2011-04-01 20:04:11 | 000,001,990 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Connect Monitor.lnk
    [2011-03-31 19:40:20 | 270,232,772 | ---- | C] () -- C:\Program Files (x86)\Dflw.pff
    [2011-03-31 19:40:20 | 001,243,136 | ---- | C] () -- C:\Program Files (x86)\Dflw.exe
    [2011-03-31 19:40:20 | 000,000,049 | ---- | C] () -- C:\Program Files (x86)\Dflw.pff_0f4fb366_00000031.wav
    [2011-03-31 19:40:20 | 000,000,005 | ---- | C] () -- C:\Program Files (x86)\dflw.cd
    [2011-03-31 13:32:22 | 000,001,788 | ---- | C] () -- C:\Users\CENSORED\Desktop\temporary downloads.lnk
    [2011-03-29 13:57:22 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
    [2011-03-23 20:36:35 | 000,002,694 | ---- | C] () -- C:\Users\CENSORED\Desktop\Fis.amr
    [2011-03-23 17:35:19 | 000,354,072 | ---- | C] () -- C:\Windows\SysNative\xactengine2_2.dll
    [2011-03-23 17:35:16 | 000,083,664 | ---- | C] () -- C:\Windows\SysNative\xinput1_1.dll
    [2011-03-23 17:35:16 | 000,062,672 | ---- | C] () -- C:\Windows\SysWow64\xinput1_1.dll
    [2011-03-23 17:30:29 | 000,014,032 | ---- | C] () -- C:\Windows\SysWow64\x3daudio1_0.dll
    [2011-03-23 17:30:28 | 003,830,992 | ---- | C] () -- C:\Windows\SysNative\d3dx9_29.dll
    [2011-03-23 17:30:28 | 002,332,368 | ---- | C] () -- C:\Windows\SysWow64\d3dx9_29.dll
    [2011-03-23 17:30:27 | 003,815,120 | ---- | C] () -- C:\Windows\SysNative\d3dx9_28.dll
    [2011-03-23 17:30:27 | 002,323,664 | ---- | C] () -- C:\Windows\SysWow64\d3dx9_28.dll
    [2011-03-23 17:30:24 | 003,767,504 | ---- | C] () -- C:\Windows\SysNative\d3dx9_26.dll
    [2011-03-23 17:22:23 | 002,297,552 | ---- | C] () -- C:\Windows\SysWow64\d3dx9_26.dll
    [2011-03-23 17:22:22 | 003,823,312 | ---- | C] () -- C:\Windows\SysNative\d3dx9_25.dll
    [2011-03-23 17:22:22 | 002,337,488 | ---- | C] () -- C:\Windows\SysWow64\d3dx9_25.dll
    [2011-03-23 17:22:20 | 003,544,272 | ---- | C] () -- C:\Windows\SysNative\d3dx9_24.dll
    [2011-03-20 21:46:15 | 000,000,318 | ---- | C] () -- C:\Windows\tasks\iMeshNAG.job
    [2011-01-27 17:11:54 | 000,000,036 | ---- | C] () -- C:\Windows\mafosav.INI
    [2011-01-26 17:32:25 | 000,034,308 | ---- | C] () -- C:\ProgramData\mazuki.dll
    [2011-01-26 16:28:57 | 000,000,007 | ---- | C] () -- C:\Windows\treeskp.sys
    [2011-01-26 16:28:57 | 000,000,007 | ---- | C] () -- C:\Windows\sbacknt.bin
    [2011-01-13 16:27:51 | 000,000,103 | ---- | C] () -- C:\Users\CENSORED\AppData\Local\fusioncache.dat
    [2011-01-10 20:25:28 | 000,000,122 | ---- | C] () -- C:\Windows\Worms Armageddon.INI
    [2010-11-29 21:39:15 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
    [2010-11-29 21:27:32 | 000,000,195 | ---- | C] () -- C:\Windows\SISTool.INI
    [2010-11-29 19:21:50 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
    [2010-11-24 15:53:08 | 000,006,144 | ---- | C] () -- C:\Users\CENSORED\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010-11-15 16:26:49 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
    [2010-11-14 22:22:09 | 000,001,189 | ---- | C] () -- C:\Windows\eReg.dat
    [2010-11-14 20:56:59 | 000,000,392 | ---- | C] () -- C:\Users\CENSORED\AppData\Roaming\wklnhst.dat
    [2010-11-14 20:29:43 | 000,000,374 | ---- | C] () -- C:\Windows\ODBC.INI
    [2010-11-14 20:20:52 | 001,519,158 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010-11-11 20:34:08 | 000,000,566 | ---- | C] () -- C:\Windows\SysWow64\SP207.INI
    [2010-04-09 08:44:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2010-04-09 08:42:13 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2009-07-14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009-07-14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009-07-14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009-07-14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

    ========== LOP Check ==========

    [2011-04-17 23:32:10 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\.minecraft
    [2010-11-23 20:26:33 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\Aura4You
    [2011-03-19 15:33:35 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\Blender Foundation
    [2010-11-24 22:19:11 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\Cool Record Edit Pro
    [2010-12-22 13:09:17 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
    [2010-11-24 22:04:20 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\Free Sound Recorder
    [2011-03-10 17:04:27 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\GetRightToGo
    [2011-04-14 15:08:42 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\gtk-2.0
    [2011-01-12 23:00:27 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\ICAClient
    [2010-12-14 20:39:40 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\NCH Swift Sound
    [2011-03-27 19:21:22 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\Notepad++
    [2011-03-27 21:23:28 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\Opera
    [2011-03-10 17:55:57 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\PACE Anti-Piracy
    [2011-03-27 19:27:20 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\Panda Security
    [2010-11-23 20:16:10 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\Publish Providers
    [2011-03-13 00:39:47 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\Sony
    [2011-01-09 02:07:00 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\Spotify
    [2011-04-01 20:03:54 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\Tific
    [2011-01-04 12:09:44 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\Toshiba
    [2011-03-18 16:55:23 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\Uniblue
    [2011-04-09 16:51:22 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\uTorrent
    [2011-01-26 21:09:26 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\vghd
    [2010-12-03 21:57:12 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\WinBatch
    [2010-12-23 18:21:22 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\Windows Live Writer
    [2011-04-19 12:19:34 | 000,000,312 | -HS- | M] () -- C:\Windows\Tasks\bdlfhyt.job
    [2011-04-19 12:19:33 | 000,000,318 | ---- | M] () -- C:\Windows\Tasks\iMeshNAG.job
    [2011-04-17 23:05:26 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 1248 bytes -> C:\ProgramData\Microsoft:zhjHYV3MiNCERxvzx0eQePC7Jui7
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:9D1B94FD
    @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86
    @Alternate Data Stream - 1093 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:zBSDMHK5n0l2g3dkhshJ5q
    @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:C4F92751
    @Alternate Data Stream - 1068 bytes -> C:\ProgramData\Microsoft:jhBfLMSgddifzzzMb2

    < End of report >

    )
     
  20. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ====================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\S-1-5-21-2380782889-1397881930-1277805853-1000\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - Reg Error: Key error. File not found
      IE - HKU\S-1-5-21-2380782889-1397881930-1277805853-1000\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - Reg Error: Key error. File not found
      IE - HKU\S-1-5-21-2380782889-1397881930-1277805853-1000\..\URLSearchHook: {c44f9e21-d93f-490c-b41c-b3548bdd19fc} - Reg Error: Key error. File not found
      O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKU\S-1-5-21-2380782889-1397881930-1277805853-1000\..\Toolbar\WebBrowser: (no name) - {32B29DF0-2237-4370-9A29-37CEBB730E9B} - No CLSID value found.
      O4 - HKU\.DEFAULT..\Run: [W5E7SH31DG] File not found
      O4 - HKU\S-1-5-18..\Run: [W5E7SH31DG] File not found
      O4 - HKU\S-1-5-21-2380782889-1397881930-1277805853-1000..\Run: [RESTART_STICKY_NOTES] File not found
      O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
      O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
      O9 - Extra Button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
      O9 - Extra 'Tools' menuitem : Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
      O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
      O20:64bit: - Winlogon\Notify\avldr: DllName - Reg Error: Key error. - File not found
      O33 - MountPoints2\{0a1de0d6-52d6-11e0-8dc5-00266c76e510}\Shell - "" = AutoRun
      O33 - MountPoints2\{0a1de0d6-52d6-11e0-8dc5-00266c76e510}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
      O33 - MountPoints2\{4e1f1cf2-190a-11e0-92a9-00266c76e510}\Shell - "" = AutoRun
      O33 - MountPoints2\{4e1f1cf2-190a-11e0-92a9-00266c76e510}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
      O33 - MountPoints2\{65d5bcb8-152e-11e0-8941-00266c76e510}\Shell - "" = AutoRun
      O33 - MountPoints2\{65d5bcb8-152e-11e0-8941-00266c76e510}\Shell\AutoRun\command - "" = F:\AutoRun.exe
      O33 - MountPoints2\{dd78c48f-f4a6-11df-a528-00266c76e510}\Shell - "" = AutoRun
      O33 - MountPoints2\{dd78c48f-f4a6-11df-a528-00266c76e510}\Shell\AutoRun\command - "" = G:\AutoRun.exe
      O33 - MountPoints2\{dd78c4a2-f4a6-11df-a528-00266c76e510}\Shell - "" = AutoRun
      O33 - MountPoints2\{dd78c4a2-f4a6-11df-a528-00266c76e510}\Shell\AutoRun\command - "" = F:\AutoRun.exe
      O33 - MountPoints2\{dd78c4be-f4a6-11df-a528-00266c76e510}\Shell - "" = AutoRun
      O33 - MountPoints2\{dd78c4be-f4a6-11df-a528-00266c76e510}\Shell\AutoRun\command - "" = F:\AutoRun.exe
      O33 - MountPoints2\{dd78c4f3-f4a6-11df-a528-00266c76e510}\Shell - "" = AutoRun
      O33 - MountPoints2\{dd78c4f3-f4a6-11df-a528-00266c76e510}\Shell\AutoRun\command - "" = F:\AutoRun.exe
      O33 - MountPoints2\{f8517df7-5c89-11e0-9644-00266c76e510}\Shell - "" = AutoRun
      O33 - MountPoints2\{f8517df7-5c89-11e0-9644-00266c76e510}\Shell\AutoRun\command - "" = F:\AutoRun.exe
      O33 - MountPoints2\{f8517e09-5c89-11e0-9644-00266c76e510}\Shell - "" = AutoRun
      O33 - MountPoints2\{f8517e09-5c89-11e0-9644-00266c76e510}\Shell\AutoRun\command - "" = F:\AutoRun.exe
      O33 - MountPoints2\{f8517e16-5c89-11e0-9644-00266c76e510}\Shell - "" = AutoRun
      O33 - MountPoints2\{f8517e16-5c89-11e0-9644-00266c76e510}\Shell\AutoRun\command - "" = F:\AutoRun.exe
      O33 - MountPoints2\{f8517e30-5c89-11e0-9644-00266c76e510}\Shell - "" = AutoRun
      O33 - MountPoints2\{f8517e30-5c89-11e0-9644-00266c76e510}\Shell\AutoRun\command - "" = F:\AutoRun.exe
      O33 - MountPoints2\F\Shell - "" = AutoRun
      O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
      O33 - MountPoints2\H\Shell - "" = AutoRun
      O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
      [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
      [2011-04-19 11:02:11 | 000,000,312 | -HS- | M] () -- C:\Windows\tasks\bdlfhyt.job
      [2011-03-27 19:27:20 | 000,000,000 | ---D | M] -- C:\Users\CENSORED\AppData\Roaming\Panda Security
      @Alternate Data Stream - 1248 bytes -> C:\ProgramData\Microsoft:zhjHYV3MiNCERxvzx0eQePC7Jui7
      @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:9D1B94FD
      @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86
      @Alternate Data Stream - 1093 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:zBSDMHK5n0l2g3dkhshJ5q
      @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:C4F92751
      @Alternate Data Stream - 1068 bytes -> C:\ProgramData\Microsoft:jhBfLMSgddifzzzMb2
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
     
  21. Lokalaskurar

    Lokalaskurar TS Enthusiast Topic Starter Posts: 544

    I cannot update Java right now - I currently only have a USB-modem access which does not work on the virus-infected PC for some reason... it used to before the infection.

    Downloading Java on a USB-stick and trying to update it remotely also fails, due to: "Cannot update your Java version due to current Internet-settings."

    Ordinary Wi-Fi Internet-access for this computer will be accessible on Sunday, I will retry then.
     
  22. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    OK. Let me know....
     
  23. Lokalaskurar

    Lokalaskurar TS Enthusiast Topic Starter Posts: 544

    Right, Internet-access back online.

    Visited Java.com, did NOT have the recommended Java version.
    Downloaded latest Java version.

    Installed successfully.

    Unzipped JavaRa to seperate folder (on the desktop).
    Ran JavaRa as administrator.

    Removed older versions successfully, log was generated, not posting it as you did not request it.

    Ran OTL, pasted custom scan/fix, ran OTL.
    OTL ran successfully, prompted to reboot - rebooted PC.

    Log appeared, OTL log:
    (
    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\S-1-5-21-2380782889-1397881930-1277805853-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{32b29df0-2237-4370-9a29-37cebb730e9b} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32b29df0-2237-4370-9a29-37cebb730e9b}\ not found.
    Registry value HKEY_USERS\S-1-5-21-2380782889-1397881930-1277805853-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{51a86bb3-6602-4c85-92a5-130ee4864f13} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51a86bb3-6602-4c85-92a5-130ee4864f13}\ not found.
    Registry value HKEY_USERS\S-1-5-21-2380782889-1397881930-1277805853-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{c44f9e21-d93f-490c-b41c-b3548bdd19fc} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c44f9e21-d93f-490c-b41c-b3548bdd19fc}\ not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-2380782889-1397881930-1277805853-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32B29DF0-2237-4370-9A29-37CEBB730E9B} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32B29DF0-2237-4370-9A29-37CEBB730E9B}\ not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\W5E7SH31DG deleted successfully.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\W5E7SH31DG not found.
    Registry value HKEY_USERS\S-1-5-21-2380782889-1397881930-1277805853-1000\Software\Microsoft\Windows\CurrentVersion\Run\\RESTART_STICKY_NOTES deleted successfully.
    Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
    Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\http\0x00000001\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61}\ not found.
    File {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\https\0x00000001\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61}\ not found.
    File {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61}\ not found.
    File {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a1de0d6-52d6-11e0-8dc5-00266c76e510}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a1de0d6-52d6-11e0-8dc5-00266c76e510}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a1de0d6-52d6-11e0-8dc5-00266c76e510}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a1de0d6-52d6-11e0-8dc5-00266c76e510}\ not found.
    File F:\LaunchU3.exe -a not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e1f1cf2-190a-11e0-92a9-00266c76e510}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4e1f1cf2-190a-11e0-92a9-00266c76e510}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e1f1cf2-190a-11e0-92a9-00266c76e510}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4e1f1cf2-190a-11e0-92a9-00266c76e510}\ not found.
    H:\LaunchU3.exe moved successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65d5bcb8-152e-11e0-8941-00266c76e510}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65d5bcb8-152e-11e0-8941-00266c76e510}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65d5bcb8-152e-11e0-8941-00266c76e510}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65d5bcb8-152e-11e0-8941-00266c76e510}\ not found.
    File F:\AutoRun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd78c48f-f4a6-11df-a528-00266c76e510}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd78c48f-f4a6-11df-a528-00266c76e510}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd78c48f-f4a6-11df-a528-00266c76e510}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd78c48f-f4a6-11df-a528-00266c76e510}\ not found.
    File G:\AutoRun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd78c4a2-f4a6-11df-a528-00266c76e510}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd78c4a2-f4a6-11df-a528-00266c76e510}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd78c4a2-f4a6-11df-a528-00266c76e510}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd78c4a2-f4a6-11df-a528-00266c76e510}\ not found.
    File F:\AutoRun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd78c4be-f4a6-11df-a528-00266c76e510}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd78c4be-f4a6-11df-a528-00266c76e510}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd78c4be-f4a6-11df-a528-00266c76e510}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd78c4be-f4a6-11df-a528-00266c76e510}\ not found.
    File F:\AutoRun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd78c4f3-f4a6-11df-a528-00266c76e510}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd78c4f3-f4a6-11df-a528-00266c76e510}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd78c4f3-f4a6-11df-a528-00266c76e510}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd78c4f3-f4a6-11df-a528-00266c76e510}\ not found.
    File F:\AutoRun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8517df7-5c89-11e0-9644-00266c76e510}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8517df7-5c89-11e0-9644-00266c76e510}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8517df7-5c89-11e0-9644-00266c76e510}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8517df7-5c89-11e0-9644-00266c76e510}\ not found.
    File F:\AutoRun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8517e09-5c89-11e0-9644-00266c76e510}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8517e09-5c89-11e0-9644-00266c76e510}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8517e09-5c89-11e0-9644-00266c76e510}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8517e09-5c89-11e0-9644-00266c76e510}\ not found.
    File F:\AutoRun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8517e16-5c89-11e0-9644-00266c76e510}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8517e16-5c89-11e0-9644-00266c76e510}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8517e16-5c89-11e0-9644-00266c76e510}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8517e16-5c89-11e0-9644-00266c76e510}\ not found.
    File F:\AutoRun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8517e30-5c89-11e0-9644-00266c76e510}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8517e30-5c89-11e0-9644-00266c76e510}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8517e30-5c89-11e0-9644-00266c76e510}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8517e30-5c89-11e0-9644-00266c76e510}\ not found.
    File F:\AutoRun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
    File F:\AutoRun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
    File H:\LaunchU3.exe -a not found.
    File/Folder C:\Windows\SysWow64\*.tmp not found.
    File move failed. C:\Windows\Tasks\bdlfhyt.job scheduled to be moved on reboot.
    Folder C:\Users\CENSORED\AppData\Roaming\Panda Security\ not found.
    ADS C:\ProgramData\Microsoft:zhjHYV3MiNCERxvzx0eQePC7Jui7 deleted successfully.
    ADS C:\ProgramData\TEMP:9D1B94FD deleted successfully.
    ADS C:\ProgramData\TEMP:888AFB86 deleted successfully.
    ADS C:\Program Files (x86)\Common Files\microsoft shared:zBSDMHK5n0l2g3dkhshJ5q deleted successfully.
    ADS C:\ProgramData\TEMP:C4F92751 deleted successfully.
    ADS C:\ProgramData\Microsoft:jhBfLMSgddifzzzMb2 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: CENSORED
    ->Temp folder emptied: 13182449 bytes
    ->Temporary Internet Files folder emptied: 240443 bytes
    ->Java cache emptied: 2027 bytes
    ->Opera cache emptied: 27995080 bytes
    ->Flash cache emptied: 1353 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2956071 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 1424125816 bytes

    Total Files Cleaned = 1 401,00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: CENSORED
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0,00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 04262011_222739

    Files\Folders moved on Reboot...
    File move failed. C:\Windows\Tasks\bdlfhyt.job scheduled to be moved on reboot.
    C:\Users\CENSORED\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File\Folder C:\Windows\temp\klsC12E.tmp not found!

    Registry entries deleted on Reboot...

    )
     
  24. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    How is computer doing at the moment?

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  25. Lokalaskurar

    Lokalaskurar TS Enthusiast Topic Starter Posts: 544

    The BSOD's have completely disappeared.

    Generic Windows programs like the connection diagnostics, Windows security centre, Windows defender, does not work. (Does not start/respond)

    Although some programs/functions like the "Activity Handler" (Ctrl+Alt+Delete) does work.

    Programs relying on generic Windows programs does not work either. Like the connection manager we use for the USB-modem (which relies on the windows dial-up function/program to work).

    In a nutshell, so to speak.

    Oh, and the Fn-button stopped working ever since the first BSOD.


    Downloaded and ran SecurityCheck.exe
    (
    SecurityCheck report:
    Results of screen317's Security Check version 0.99.7
    Windows 7 (UAC is disabled!) Please note that having it turned on is a real pain in our backside...
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Security Center service is not running! This report may not be accurate!
    Kaspersky Anti-Virus 2011
    Panda Antivirus Pro 2011 This is funny, since we tried to uninstall Panda when the PC went BSOD during the uninstall process.
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 24
    Out of date Java installed!
    Adobe Flash Player 10.2.152.32
    Adobe Reader 9.4.3 - Svenska
    Out of date Adobe Reader installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Kaspersky Lab Kaspersky Anti-Virus 2011 avp.exe
    ``````````End of Log````````````
    )

    Downloaded and ran TFC.exe
    It did its job. Rebooted.

    Accessed eset.com/onlinescan.
    (If I would have followed the checklist step-by-step, then things might have been strange, as "Click Start" appears twice)
    Ran the online scanner in Internet Explorer 9.
    Had to 'Install ActiveX Add-On: Online Scanner' - choosed to install.
    Un-checked 'Remove found threats', checked 'Scan archives', clicked 'Start'.

    ESET ran for about 3 hours.
    ESETScan:
    (
    C:\Users\CENSORED\AppData\Local\Opera\Opera\temporary_downloads\Steam Cracked Build 06.10.09.rar a variant of Win32/TrojanDownloader.VB.OZA trojan
    C:\Windows\$XNTUninstall643$\xgoir.dll probably a variant of Win32/BHO.EHIZGPZ trojan
    )
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...