Malware blocks removal tools and antivirus sofware

Solved
By Maroan
Apr 6, 2011
Topic Status:
Not open for further replies.
  1. Hello,
    I have a computer that is infected, and at the beginning it couldnt start at all (black screen in safe mode and only start logo in normal start mode). I have tryied Dr.Web Live CD and it didnt help at all. Then Kaspersky Live CD and it founds 2 trojans and now I can start the computer in safe mode. The next step was to use Combofix, but it just stops after the accept/not accept window. I was able to install MBM, but coulnt update it, and it got stuck after it found 1 infection... A restart of the progamme trigger an error message... I was able to do a Hijakthis log, but I dont know how usefull it is when it has been done in safe mode?
    Thank you for your help! By the way I use Windows XP Home Edtion with SP3 installed.

    P.S:
    I forgot to write that I use a USB memory stick to be able to install software on the infected machine, the internet connection doesnt work either.
  2. Broni

    Broni Malware Annihilator Posts: 46,384   +252

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. Maroan

    Maroan Newcomer, in training Topic Starter Posts: 35

    First of all, thank you Broni for your help! It is greatly appreciated, believe me!
    I have read the 8-steps instructions, and I have some questions:
    I can only start the computer in safe mode. If I start it in normal mode, the computer never comes to the desktop, it just shows the start logo with the rolling XP blue bar running, and never comes further.
    Will it be ok to run the programs in safe mode so far?

    TFC looks like it will run fine, since it cleans all TEMP folders, but i have allready tryied to install and run Malwarebytes Anti-Malware,it just stops running. I have tryied to restart the computer (still in safe mode) and restart the program, but the computer returns an error message, and nothing more happens... Renaming the program doesnt help either.
    And I cant open the task managers window either.

    My last question for now is:
    Shall I run DDS and GMER in safe mode?
    I hope my english is ok, Im not so used to write in english!
  4. Broni

    Broni Malware Annihilator Posts: 46,384   +252

    Yes, safe mode will be fine for now.
    Complete as many steps, as you can.
  5. Maroan

    Maroan Newcomer, in training Topic Starter Posts: 35

    Ok, I couldnt get Malwarebytes to work, but the other programs ran fine.
    Here are the logs:

    GMER (Qick scan):

    GMER 1.0.15.15570 - http://www.gmer.net
    Rootkit quick scan 2011-04-07 18:44:41
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\00000067 SAMSUNG_SP2504C rev.VT100-33
    Running: zrckln5k.exe; Driver: C:\DOCUME~1\Matthias\LOKALE~1\Temp\kfqyquow.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----

    I found it a little bit short, so I did a complete scan as well, but it only shows 2 registry keys and cookies. I can post it as well if you wish.


    DDS logs:

    .
    DDS (Ver_11-03-05.01) - NTFSx86 MINIMAL
    Run by Matthias at 19:17:44,00 on 07-04-2011
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.2047.1796 [GMT 2:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\Documents and Settings\Matthias\Skrivebord\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.dk/
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = http=127.0.0.1:33440
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\programmer\avg\avg10\avgssie.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\programmer\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Hjælp til tilmelding til Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programmer\fælles filer\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\programmer\softonic_english\tbSof0.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmer\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\programmer\windows live\toolbar\wltcore.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmer\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\programmer\softonic_english\tbSof0.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\programmer\windows live\toolbar\wltcore.dll
    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    uRun: [MsnMsgr] "c:\programmer\windows live\messenger\msnmsgr.exe" /background
    uRun: [BitTorrent DNA] "c:\programmer\dna\btdna.exe"
    uRun: [Skype] "c:\programmer\skype\phone\Skype.exe" /nosplash /minimized
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\programmer\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [AVG_TRAY] c:\programmer\avg\avg10\avgtray.exe
    mRun: [QuickTime Task] "c:\programmer\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\programmer\itunes\iTunesHelper.exe"
    mRun: [ActivControl] c:\programmer\activ software\activdriver\ActivControl2.exe
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\documents and settings\matthias\menuen start\programmer\start\CurseClientStartup.ccip
    StartupFolder: c:\docume~1\matthias\menuen~1\progra~1\start\screen~1.lnk - c:\programmer\microsoft office\office12\ONENOTEM.EXE
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmer\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\programmer\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/DA-DK/a-UNO1/GAME_UNO1.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\programmer\avg\avg10\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fllesf~1\skype\SKYPE4~1.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    AppInit_DLLs:
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\docume~1\matthias\applic~1\mozilla\firefox\profiles\po835jhi.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
    FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk/
    FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
    FF - component: c:\programmer\avg\avg10\firefox\components\avgssff.dll
    FF - plugin: c:\programmer\microsoft\office live\npOLW.dll
    FF - plugin: c:\programmer\windows live\photo gallery\NPWLPG.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmer\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\programmer\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\programmer\avg\avg10\Firefox
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
    R2 aawservice;Lavasoft Ad-Aware Service;c:\programmer\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
    R3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\drivers\activhidsermini.sys [2010-5-26 74752]
    R3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\drivers\activmouse.sys [2010-5-26 6144]
    S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]
    S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
    S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984]
    S2 AVGIDSAgent;AVGIDSAgent;c:\programmer\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
    S2 avgwd;AVG WatchDog;c:\programmer\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
    S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-5-4 54752]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
    S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
    S3 fsssvc;Windows Live-tjenesten Family Safety;c:\programmer\windows live\family safety\fsssvc.exe [2010-4-28 704872]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2010-11-1 41984]
    .
    =============== Created Last 30 ================
    .
    2011-04-05 18:12:26 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
    .
    ==================== Find3M ====================
    .
    2011-01-21 14:44:12 439808 ----a-w- c:\windows\system32\shimgvw.dll
    .
    ============= FINISH: 19:18:30,54 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 15-02-2008 19:16:25
    System Uptime: 07-04-2011 19:16:11 (0 hours ago)
    .
    Motherboard: MSI | | MS-7250
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5600+ | CPU 1 | 2800/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 233 GiB total, 98,88 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
    Description: Hændelsestimer med høj præcision
    Device ID: ACPI\PNP0103\0
    Manufacturer: (Standardsystemenheder)
    Name: Hændelsestimer med høj præcision
    PNP Device ID: ACPI\PNP0103\0
    Service:
    .
    ==== System Restore Points ===================
    .
    RP419: 03-12-2010 20:59:38 - Systemkontrolpunkt
    RP420: 04-11-2010 22:15:27 - Systemkontrolpunkt
    RP421: 08-11-2010 12:35:23 - Systemkontrolpunkt
    RP422: 07-11-2010 17:21:03 - Systemkontrolpunkt
    RP423: 08-11-2010 20:38:22 - Systemkontrolpunkt
    RP424: 10-11-2010 17:03:41 - Systemkontrolpunkt
    RP425: 10-11-2010 21:18:13 - Software Distribution Service 3.0
    RP426: 11-11-2010 22:19:39 - Systemkontrolpunkt
    RP427: 14-11-2010 22:08:45 - Systemkontrolpunkt
    RP428: 16-11-2010 19:17:19 - Systemkontrolpunkt
    RP429: 17-11-2010 20:24:00 - Systemkontrolpunkt
    RP430: 18-11-2010 21:37:34 - Systemkontrolpunkt
    RP431: 21-11-2010 16:51:07 - Systemkontrolpunkt
    RP432: 22-11-2010 18:01:23 - Systemkontrolpunkt
    RP433: 24-11-2010 17:44:20 - Systemkontrolpunkt
    RP434: 25-11-2010 18:08:49 - Systemkontrolpunkt
    RP435: 27-11-2010 10:25:11 - Systemkontrolpunkt
    RP436: 28-11-2010 14:43:39 - Systemkontrolpunkt
    RP437: 29-11-2010 18:31:28 - Systemkontrolpunkt
    RP438: 30-11-2010 19:26:57 - Systemkontrolpunkt
    RP439: 02-12-2010 18:33:50 - Systemkontrolpunkt
    RP440: 05-12-2010 11:46:11 - Systemkontrolpunkt
    RP441: 06-12-2010 18:48:08 - Systemkontrolpunkt
    RP442: 08-12-2010 09:38:33 - Systemkontrolpunkt
    RP443: 09-12-2010 10:11:11 - Systemkontrolpunkt
    RP444: 10-12-2010 13:22:43 - Systemkontrolpunkt
    RP445: 12-12-2010 14:30:09 - Systemkontrolpunkt
    RP446: 14-12-2010 17:54:49 - Systemkontrolpunkt
    RP447: 15-12-2010 18:44:19 - Systemkontrolpunkt
    RP448: 16-12-2010 00:23:23 - Software Distribution Service 3.0
    RP449: 17-12-2010 00:49:35 - Systemkontrolpunkt
    RP450: 18-12-2010 01:46:13 - Systemkontrolpunkt
    RP451: 18-12-2010 01:58:42 - Software Distribution Service 3.0
    RP452: 19-12-2010 10:25:17 - Systemkontrolpunkt
    RP453: 20-12-2010 10:32:25 - Systemkontrolpunkt
    RP454: 23-12-2010 15:19:44 - Systemkontrolpunkt
    RP455: 24-12-2010 16:03:25 - Systemkontrolpunkt
    RP456: 25-12-2010 18:24:46 - Systemkontrolpunkt
    RP457: 26-12-2010 21:24:26 - Systemkontrolpunkt
    RP458: 29-12-2010 14:33:00 - Systemkontrolpunkt
    RP459: 30-12-2010 16:08:49 - Systemkontrolpunkt
    RP460: 01-01-2011 17:13:30 - Systemkontrolpunkt
    RP461: 05-01-2011 20:18:32 - Systemkontrolpunkt
    RP462: 07-01-2011 20:10:31 - Systemkontrolpunkt
    RP463: 09-01-2011 10:21:32 - Systemkontrolpunkt
    RP464: 10-01-2011 18:23:05 - Systemkontrolpunkt
    RP465: 11-01-2011 18:23:16 - Systemkontrolpunkt
    RP466: 13-01-2011 15:57:13 - Systemkontrolpunkt
    RP467: 13-01-2011 23:52:54 - Software Distribution Service 3.0
    RP468: 23-01-2011 17:09:48 - Systemkontrolpunkt
    RP469: 26-01-2011 18:39:57 - Systemkontrolpunkt
    RP470: 28-01-2011 20:14:43 - Systemkontrolpunkt
    RP471: 30-01-2011 10:59:09 - Systemkontrolpunkt
    RP472: 31-01-2011 16:39:36 - Systemkontrolpunkt
    RP473: 01-02-2011 16:56:51 - Installeret ActivSoftware
    RP474: 02-02-2011 17:56:15 - Systemkontrolpunkt
    RP475: 03-02-2011 18:56:33 - Systemkontrolpunkt
    RP476: 11-02-2011 23:16:09 - Software Distribution Service 3.0
    RP477: 14-02-2011 16:51:15 - Systemkontrolpunkt
    RP478: 15-02-2011 17:20:32 - Systemkontrolpunkt
    RP479: 20-02-2011 11:40:53 - Systemkontrolpunkt
    RP480: 21-02-2011 16:22:55 - Systemkontrolpunkt
    RP481: 22-02-2011 17:53:15 - Systemkontrolpunkt
    RP482: 23-02-2011 18:57:54 - Systemkontrolpunkt
    RP483: 24-02-2011 19:01:05 - Systemkontrolpunkt
    RP484: 24-02-2011 22:53:46 - Installed DirectX
    .
    ==== Installed Programs ======================
    .
    .
    ActivDriver x86 v5.5
    ActivInspire Help (DNK) v1
    ActivInspire HWR Resources (DNK) v1
    ActivInspire v1
    Ad-Aware
    Adobe Flash Player 10 Plugin
    Adobe Flash Player ActiveX
    Adobe Shockwave Player 11.5
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI - Afinstalleringsværktøj for software
    ATI Display Driver
    ATI Parental Control & Encoder
    AVG 2011
    Bonjour
    CCleaner (remove only)
    Curse Client
    Dragon Age II Demo
    Fremhævelsesvisning (Windows Live Toolbar)
    Heroes of Newerth
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix til Windows Internet Explorer 7 (KB947864)
    Hotfix til Windows Media Player 11 (KB939683)
    Hotfix til Windows XP (KB2158563)
    Hotfix til Windows XP (KB2443685)
    Hotfix til Windows XP (KB952287)
    Hotfix til Windows XP (KB961118)
    Hotfix til Windows XP (KB970653-v3)
    Hotfix til Windows XP (KB976098-v2)
    Hotfix til Windows XP (KB979306)
    Hotfix til Windows XP (KB981793)
    iTunes
    J2SE Runtime Environment 5.0 Update 9
    Java(TM) 6 Update 15
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Junk Mail filter update
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (Danish) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office Live Add-in 1.3
    Microsoft Office OneNote MUI (Danish) 2007
    Microsoft Office PowerPoint MUI (Danish) 2007
    Microsoft Office Proof (Danish) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (German) 2007
    Microsoft Office Proofing (Danish) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (Danish) 2007
    Microsoft Office Word MUI (Danish) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (Danish) 12
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox (3.6.13)
    MSVCRT
    MSXML 6.0 Parser (KB933579)
    NVIDIA Drivers
    Opdatering til Windows Internet Explorer 8 (KB973874)
    Opdatering til Windows Internet Explorer 8 (KB976662)
    Opdatering til Windows Internet Explorer 8 (KB976749)
    Opdatering til Windows Internet Explorer 8 (KB980182)
    Opdatering til Windows XP (KB2141007)
    Opdatering til Windows XP (KB2345886)
    Opdatering til Windows XP (KB2467659)
    Opdatering til Windows XP (KB951072-v2)
    Opdatering til Windows XP (KB951978)
    Opdatering til Windows XP (KB955759)
    Opdatering til Windows XP (KB955839)
    Opdatering til Windows XP (KB961503)
    Opdatering til Windows XP (KB967715)
    Opdatering til Windows XP (KB968389)
    Opdatering til Windows XP (KB971737)
    Opdatering til Windows XP (KB973687)
    Opdatering til Windows XP (KB973815)
    OpenOffice.org Installer 1.0
    Overførselsværktøj til Windows Live
    PDF Reader 3
    QuickTime
    Realtek High Definition Audio Driver
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Segoe UI
    Sikkerhedsopdatering til Windows Internet Explorer 7 (KB938127)
    Sikkerhedsopdatering til Windows Internet Explorer 7 (KB942615)
    Sikkerhedsopdatering til Windows Internet Explorer 7 (KB944533)
    Sikkerhedsopdatering til Windows Internet Explorer 7 (KB950759)
    Sikkerhedsopdatering til Windows Internet Explorer 7 (KB953838)
    Sikkerhedsopdatering til Windows Internet Explorer 7 (KB956390)
    Sikkerhedsopdatering til Windows Internet Explorer 7 (KB958215)
    Sikkerhedsopdatering til Windows Internet Explorer 7 (KB960714)
    Sikkerhedsopdatering til Windows Internet Explorer 7 (KB961260)
    Sikkerhedsopdatering til Windows Internet Explorer 7 (KB963027)
    Sikkerhedsopdatering til Windows Internet Explorer 7 (KB969897)
    Sikkerhedsopdatering til Windows Internet Explorer 7 (KB972260)
    Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2183461)
    Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2360131)
    Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2416400)
    Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2482017)
    Sikkerhedsopdatering til Windows Internet Explorer 8 (KB971961)
    Sikkerhedsopdatering til Windows Internet Explorer 8 (KB972260)
    Sikkerhedsopdatering til Windows Internet Explorer 8 (KB974455)
    Sikkerhedsopdatering til Windows Internet Explorer 8 (KB976325)
    Sikkerhedsopdatering til Windows Internet Explorer 8 (KB978207)
    Sikkerhedsopdatering til Windows Internet Explorer 8 (KB981332)
    Sikkerhedsopdatering til Windows Internet Explorer 8 (KB982381)
    Sikkerhedsopdatering til Windows Media Player (KB2378111)
    Sikkerhedsopdatering til Windows Media Player (KB911564)
    Sikkerhedsopdatering til Windows Media Player (KB952069)
    Sikkerhedsopdatering til Windows Media Player (KB954155)
    Sikkerhedsopdatering til Windows Media Player (KB968816)
    Sikkerhedsopdatering til Windows Media Player (KB973540)
    Sikkerhedsopdatering til Windows Media Player (KB975558)
    Sikkerhedsopdatering til Windows Media Player (KB978695)
    Sikkerhedsopdatering til Windows Media Player 11 (KB936782)
    Sikkerhedsopdatering til Windows Media Player 11 (KB954154)
    Sikkerhedsopdatering til Windows Media Player 6.4 (KB925398)
    Sikkerhedsopdatering til Windows Media Player 9 (KB936782)
    Sikkerhedsopdatering til Windows XP (KB2079403)
    Sikkerhedsopdatering til Windows XP (KB2115168)
    Sikkerhedsopdatering til Windows XP (KB2121546)
    Sikkerhedsopdatering til Windows XP (KB2160329)
    Sikkerhedsopdatering til Windows XP (KB2229593)
    Sikkerhedsopdatering til Windows XP (KB2259922)
    Sikkerhedsopdatering til Windows XP (KB2279986)
    Sikkerhedsopdatering til Windows XP (KB2286198)
    Sikkerhedsopdatering til Windows XP (KB2296011)
    Sikkerhedsopdatering til Windows XP (KB2296199)
    Sikkerhedsopdatering til Windows XP (KB2347290)
    Sikkerhedsopdatering til Windows XP (KB2360937)
    Sikkerhedsopdatering til Windows XP (KB2387149)
    Sikkerhedsopdatering til Windows XP (KB2393802)
    Sikkerhedsopdatering til Windows XP (KB2419632)
    Sikkerhedsopdatering til Windows XP (KB2423089)
    Sikkerhedsopdatering til Windows XP (KB2436673)
    Sikkerhedsopdatering til Windows XP (KB2440591)
    Sikkerhedsopdatering til Windows XP (KB2443105)
    Sikkerhedsopdatering til Windows XP (KB2476687)
    Sikkerhedsopdatering til Windows XP (KB2478960)
    Sikkerhedsopdatering til Windows XP (KB2478971)
    Sikkerhedsopdatering til Windows XP (KB2479628)
    Sikkerhedsopdatering til Windows XP (KB2483185)
    Sikkerhedsopdatering til Windows XP (KB2485376)
    Sikkerhedsopdatering til Windows XP (KB923561)
    Sikkerhedsopdatering til Windows XP (KB923789)
    Sikkerhedsopdatering til Windows XP (KB938464-v2)
    Sikkerhedsopdatering til Windows XP (KB938464)
    Sikkerhedsopdatering til Windows XP (KB941569)
    Sikkerhedsopdatering til Windows XP (KB946648)
    Sikkerhedsopdatering til Windows XP (KB950760)
    Sikkerhedsopdatering til Windows XP (KB950762)
    Sikkerhedsopdatering til Windows XP (KB950974)
    Sikkerhedsopdatering til Windows XP (KB951066)
    Sikkerhedsopdatering til Windows XP (KB951376-v2)
    Sikkerhedsopdatering til Windows XP (KB951376)
    Sikkerhedsopdatering til Windows XP (KB951698)
    Sikkerhedsopdatering til Windows XP (KB951748)
    Sikkerhedsopdatering til Windows XP (KB952004)
    Sikkerhedsopdatering til Windows XP (KB952954)
    Sikkerhedsopdatering til Windows XP (KB953839)
    Sikkerhedsopdatering til Windows XP (KB954211)
    Sikkerhedsopdatering til Windows XP (KB954459)
    Sikkerhedsopdatering til Windows XP (KB954600)
    Sikkerhedsopdatering til Windows XP (KB955069)
    Sikkerhedsopdatering til Windows XP (KB956391)
    Sikkerhedsopdatering til Windows XP (KB956572)
    Sikkerhedsopdatering til Windows XP (KB956744)
    Sikkerhedsopdatering til Windows XP (KB956802)
    Sikkerhedsopdatering til Windows XP (KB956803)
    Sikkerhedsopdatering til Windows XP (KB956841)
    Sikkerhedsopdatering til Windows XP (KB956844)
    Sikkerhedsopdatering til Windows XP (KB957095)
    Sikkerhedsopdatering til Windows XP (KB957097)
    Sikkerhedsopdatering til Windows XP (KB958644)
    Sikkerhedsopdatering til Windows XP (KB958687)
    Sikkerhedsopdatering til Windows XP (KB958690)
    Sikkerhedsopdatering til Windows XP (KB958869)
    Sikkerhedsopdatering til Windows XP (KB959426)
    Sikkerhedsopdatering til Windows XP (KB960225)
    Sikkerhedsopdatering til Windows XP (KB960715)
    Sikkerhedsopdatering til Windows XP (KB960803)
    Sikkerhedsopdatering til Windows XP (KB960859)
    Sikkerhedsopdatering til Windows XP (KB961371)
    Sikkerhedsopdatering til Windows XP (KB961373)
    Sikkerhedsopdatering til Windows XP (KB961501)
    Sikkerhedsopdatering til Windows XP (KB968537)
    Sikkerhedsopdatering til Windows XP (KB969059)
    Sikkerhedsopdatering til Windows XP (KB969898)
    Sikkerhedsopdatering til Windows XP (KB969947)
    Sikkerhedsopdatering til Windows XP (KB970238)
    Sikkerhedsopdatering til Windows XP (KB970430)
    Sikkerhedsopdatering til Windows XP (KB971468)
    Sikkerhedsopdatering til Windows XP (KB971486)
    Sikkerhedsopdatering til Windows XP (KB971557)
    Sikkerhedsopdatering til Windows XP (KB971633)
    Sikkerhedsopdatering til Windows XP (KB971657)
    Sikkerhedsopdatering til Windows XP (KB971961)
    Sikkerhedsopdatering til Windows XP (KB972270)
    Sikkerhedsopdatering til Windows XP (KB973346)
    Sikkerhedsopdatering til Windows XP (KB973354)
    Sikkerhedsopdatering til Windows XP (KB973507)
    Sikkerhedsopdatering til Windows XP (KB973525)
    Sikkerhedsopdatering til Windows XP (KB973869)
    Sikkerhedsopdatering til Windows XP (KB973904)
    Sikkerhedsopdatering til Windows XP (KB974112)
    Sikkerhedsopdatering til Windows XP (KB974318)
    Sikkerhedsopdatering til Windows XP (KB974392)
    Sikkerhedsopdatering til Windows XP (KB974571)
    Sikkerhedsopdatering til Windows XP (KB975025)
    Sikkerhedsopdatering til Windows XP (KB975467)
    Sikkerhedsopdatering til Windows XP (KB975560)
    Sikkerhedsopdatering til Windows XP (KB975561)
    Sikkerhedsopdatering til Windows XP (KB975562)
    Sikkerhedsopdatering til Windows XP (KB975713)
    Sikkerhedsopdatering til Windows XP (KB977165)
    Sikkerhedsopdatering til Windows XP (KB977816)
    Sikkerhedsopdatering til Windows XP (KB977914)
    Sikkerhedsopdatering til Windows XP (KB978037)
    Sikkerhedsopdatering til Windows XP (KB978251)
    Sikkerhedsopdatering til Windows XP (KB978262)
    Sikkerhedsopdatering til Windows XP (KB978338)
    Sikkerhedsopdatering til Windows XP (KB978542)
    Sikkerhedsopdatering til Windows XP (KB978601)
    Sikkerhedsopdatering til Windows XP (KB978706)
    Sikkerhedsopdatering til Windows XP (KB979309)
    Sikkerhedsopdatering til Windows XP (KB979482)
    Sikkerhedsopdatering til Windows XP (KB979559)
    Sikkerhedsopdatering til Windows XP (KB979683)
    Sikkerhedsopdatering til Windows XP (KB979687)
    Sikkerhedsopdatering til Windows XP (KB980195)
    Sikkerhedsopdatering til Windows XP (KB980218)
    Sikkerhedsopdatering til Windows XP (KB980232)
    Sikkerhedsopdatering til Windows XP (KB980436)
    Sikkerhedsopdatering til Windows XP (KB981322)
    Sikkerhedsopdatering til Windows XP (KB981852)
    Sikkerhedsopdatering til Windows XP (KB981957)
    Sikkerhedsopdatering til Windows XP (KB981997)
    Sikkerhedsopdatering til Windows XP (KB982132)
    Sikkerhedsopdatering til Windows XP (KB982214)
    Sikkerhedsopdatering til Windows XP (KB982665)
    Sikkerhedsopdatering til Windows XP (KB982802)
    Skype™ 4.2
    Smarte menuer (Windows Live Toolbar)
    Tilmeldingsassistent til Windows Live
    Udvidelser (Windows Live Toolbar)
    Unreal Tournament 2003
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Ventrilo Client
    Vigtig opdatering til Windows Media Player 11 (KB959772)
    VLC media player 1.1.1
    WebFldrs XP
    Westwood Shared Internet Components
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Favorites til Windows Live Toolbar
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Writer
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    World of Warcraft
    .
    ==== End Of File ===========================

    I hope its helpfull...
  6. Broni

    Broni Malware Annihilator Posts: 46,384   +252

    Restart computer in Safe Mode with Networking to perform following steps....

    Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/


    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Copy and paste the Scan Log results in your next reply.
    • Click Close to exit the program.

    Post SUPERAntiSpyware log.
  7. Maroan

    Maroan Newcomer, in training Topic Starter Posts: 35

    I have installed Superantispyware from my usb memory stick, because i cant start Explorer, nor Firefox. I applied the update and ran the program. But it stops at this file:
    C:\Programs Files\AVG\AVG10\avgchsvx.exe.
    But it did find 15 threats in the cookies map, before it stopped to work.

    If I try to stop the program or click Next, Superantispyware freezes. I cant do nothing else but restart the computer.

    Kaspersky Live CD had the same problem when reading this file, but at the same time it wrotes that all the AVG files were packed with password. Could it be an idea to delete the whole AVG map?
  8. Broni

    Broni Malware Annihilator Posts: 46,384   +252

  9. Maroan

    Maroan Newcomer, in training Topic Starter Posts: 35

    Well it didnt succed either, (Map corrupted) but I have something you might use, an OTL log:

    OTL logfile created on: 4/6/2011 10:57:43 PM - Run
    OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
    Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 88.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer
    Drive C: | 232.88 Gb Total Space | 98.39 Gb Free Space | 42.25% Space Free | Partition Type: NTFS
    Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: REATOGO | User Name: SYSTEM
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
    Using ControlSet: ControlSet001

    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand] -- -- (AppMgmt)
    SRV - [2011/01/06 10:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Programmer\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2010/10/21 23:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Programmer\AVG\AVG10\avgwdsvc.exe -- (avgwd)
    SRV - [2010/08/13 07:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto] -- C:\Programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2008/11/03 20:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programmer\Fælles filer\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
    SRV - [2008/10/26 15:25:52 | 000,611,664 | ---- | M] (Lavasoft) [Auto] -- C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
    SRV - [2006/10/26 08:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programmer\Fælles filer\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
    DRV - File not found [Kernel | System] -- -- (PCIDump)
    DRV - File not found [Kernel | System] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System] -- -- (i2omgmt)
    DRV - File not found [Kernel | On_Demand] -- -- (GMSIPCI)
    DRV - File not found [Kernel | System] -- -- (Changer)
    DRV - [2010/12/07 23:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2010/11/12 08:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2010/09/13 10:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
    DRV - [2010/09/06 21:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2010/09/06 21:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
    DRV - [2010/08/19 15:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV - [2010/08/19 15:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2010/08/19 15:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
    DRV - [2010/05/26 10:21:00 | 000,006,144 | ---- | M] (Promethean Technologies Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\activmouse.sys -- (prmvmouse)
    DRV - [2010/05/26 10:20:44 | 000,074,752 | ---- | M] (Promethean Technologies Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\activhidsermini.sys -- (ActivHidSerMini)
    DRV - [2010/04/29 09:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
    DRV - [2009/08/05 16:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
    DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
    DRV - [2006/08/22 21:53:14 | 001,723,904 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2006/08/01 21:53:00 | 000,168,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW)
    DRV - [2006/04/06 02:20:44 | 004,258,816 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2006/03/22 01:24:02 | 000,018,944 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2006/03/22 01:24:00 | 000,052,736 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2006/03/16 06:51:32 | 000,099,840 | R--- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
    DRV - [2005/03/09 02:53:00 | 000,036,352 | R--- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\Matthias_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
    IE - HKU\Matthias_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://dk.msn.com/?ocid=iehp
    IE - HKU\Matthias_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = da
    IE - HKU\Matthias_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A8 87 F5 EF ED 99 CA 01 [binary data]
    IE - HKU\Matthias_ON_C\..\URLSearchHook: 930f1200-f5f1-4870-bac6-e233ec8e7023} - Reg Error: Key error. File not found
    IE - HKU\Matthias_ON_C\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
    IE - HKU\Matthias_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\Matthias_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\Matthias_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:33440

    IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\software\mozilla\Firefox\extensions\\{EBDC7EC1-549E-48ee-96F7-C2252F5BBBED}: C:\Programmer\Comodo\HopSurfToolbar\hopsurfext_ff3
    FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programmer\AVG\AVG10\Firefox\ [2010/12/27 11:09:16 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Programmer\Mozilla Firefox\components [2010/12/12 08:52:09 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Programmer\Mozilla Firefox\plugins [2010/12/12 08:52:09 | 000,000,000 | ---D | M]

    [2010/07/25 04:55:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programmer\Mozilla Firefox\extensions
    [2010/10/26 04:32:55 | 000,001,525 | ---- | M] () -- C:\Programmer\Mozilla Firefox\searchplugins\amazon-co-uk.xml
    [2010/10/26 04:32:55 | 000,001,178 | ---- | M] () -- C:\Programmer\Mozilla Firefox\searchplugins\wikipedia-da.xml
    [2010/10/26 04:32:55 | 000,001,102 | ---- | M] () -- C:\Programmer\Mozilla Firefox\searchplugins\yahoo-dk.xml

    O1 HOSTS File: ([2002/09/16 08:00:00 | 000,000,723 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Hjælp til tilmelding til Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Programmer\Softonic_English\tbSof0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Programmer\Softonic_English\tbSof0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\Matthias_ON_C\..\Toolbar\WebBrowser: (Softonic English Toolbar) - {930F1200-F5F1-4870-BAC6-E233EC8E7023} - C:\Programmer\Softonic_English\tbSof0.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [ActivControl] C:\Programmer\Activ Software\ActivDriver\ActivControl2.exe (Promethean Technologies Group Ltd)
    O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Programmer\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKU\Matthias_ON_C..\Run: [BitTorrent DNA] File not found
    O4 - Startup: C:\Documents and Settings\Matthias\Menuen Start\Programmer\Start\CurseClientStartup.ccip ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\Matthias_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programmer\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/DA-DK/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmer\Fælles filer\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmer\Fælles filer\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/02/15 14:15:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Programmer\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Programmer\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/04/06 09:36:17 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
    [2011/04/06 09:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menuen Start\Programmer\Malwarebytes' Anti-Malware
    [2011/04/06 09:07:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/04/06 09:07:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/04/06 08:02:56 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/04/05 22:00:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Lokale indstillinger\Application Data\Mozilla
    [2011/04/05 20:31:30 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
    [2011/04/05 14:12:26 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/04/06 10:52:47 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\Matthias\Skrivebord\Microsoft Office Excel 2007.lnk
    [2011/04/06 09:45:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/04/06 09:07:56 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Malwarebytes' Anti-Malware.lnk
    [2011/04/06 09:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Menuen Start\Programmer\Malwarebytes' Anti-Malware
    [2011/04/06 04:58:50 | 004,315,129 | R--- | M] () -- C:\Documents and Settings\Administrator\Skrivebord\john.exe
    [2011/04/05 21:57:31 | 000,447,292 | ---- | M] () -- C:\WINDOWS\System32\perfh006.dat
    [2011/04/05 21:57:31 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/04/05 21:57:31 | 000,077,804 | ---- | M] () -- C:\WINDOWS\System32\perfc006.dat
    [2011/04/05 21:57:31 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/04/05 20:31:16 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/04/06 09:07:56 | 000,000,681 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\Malwarebytes' Anti-Malware.lnk
    [2011/04/06 08:02:36 | 004,315,129 | R--- | C] () -- C:\Documents and Settings\Administrator\Skrivebord\john.exe
    [2010/11/10 11:45:01 | 000,023,920 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/10/31 15:22:26 | 000,075,776 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01e.exe
    [2010/08/01 17:53:42 | 000,152,192 | ---- | C] () -- C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\FontCache3.0.0.0.dat
    [2010/07/24 12:04:47 | 000,000,259 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2010/07/24 09:18:07 | 000,008,627 | ---- | C] () -- C:\Documents and Settings\Matthias\PAV_FOG.OPC
    [2010/06/10 09:54:42 | 000,227,624 | ---- | C] () -- C:\WINDOWS\libactivboardex.dll
    [2010/06/10 09:54:24 | 000,256,280 | ---- | C] () -- C:\WINDOWS\ActivDRV.dll
    [2010/04/30 19:20:21 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DToPcM40.dat
    [2009/09/30 17:41:03 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
    [2009/09/27 08:17:36 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\legitcheckcontrol.dll.bak
    [2009/09/27 08:17:36 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\LegitCheckControl.dll
    [2009/09/27 08:17:36 | 000,323,072 | ---- | C] () -- C:\WINDOWS\System32\wgatray.exe.bak
    [2009/09/27 08:17:36 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\wgalogon.dll.bak
    [2008/12/28 05:02:46 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2008/12/28 04:59:48 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
    [2008/10/31 13:17:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2008/05/16 06:58:04 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
    [2008/05/04 14:27:17 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Matthias\Lokale indstillinger\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/04/18 06:32:56 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
    [2008/02/21 15:50:59 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
    [2008/02/21 13:27:21 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
    [2008/02/16 06:02:28 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
    [2008/02/15 14:35:49 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2008/02/15 14:32:36 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
    [2008/02/15 14:26:58 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
    [2008/02/15 14:26:58 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
    [2008/02/15 14:16:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2008/02/15 14:14:05 | 000,021,644 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2008/02/15 14:11:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2008/02/15 14:10:41 | 000,149,200 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2006/08/16 13:52:54 | 000,133,583 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
    [2004/08/02 09:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2003/03/24 01:03:00 | 000,279,552 | ---- | C] () -- C:\WINDOWS\System32\FGWVB32.DLL
    [2002/09/16 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2002/09/16 08:00:00 | 000,447,292 | ---- | C] () -- C:\WINDOWS\System32\perfh006.dat
    [2002/09/16 08:00:00 | 000,432,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2002/09/16 08:00:00 | 000,284,912 | ---- | C] () -- C:\WINDOWS\System32\perfi006.dat
    [2002/09/16 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2002/09/16 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2002/09/16 08:00:00 | 000,077,804 | ---- | C] () -- C:\WINDOWS\System32\perfc006.dat
    [2002/09/16 08:00:00 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2002/09/16 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2002/09/16 08:00:00 | 000,034,026 | ---- | C] () -- C:\WINDOWS\System32\perfd006.dat
    [2002/09/16 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2002/09/16 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2002/09/16 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2001/09/04 05:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2001/09/04 05:10:20 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

    ========== LOP Check ==========

    [2011/02/01 11:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthias\Application Data\ACTIV Software
    [2010/10/26 04:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthias\Application Data\AVG10
    [2008/03/14 17:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthias\Application Data\Command & Conquer 3 Tiberium Wars
    [2010/05/01 10:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthias\Application Data\DNA
    [2009/01/19 12:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthias\Application Data\LimeWire
    [2011/02/01 16:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthias\Application Data\Promethean
    [2011/02/01 12:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Activ Software
    [2010/10/26 04:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2010/07/24 09:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Backup
    [2010/10/26 04:46:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2010/10/26 04:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2011/02/01 12:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Promethean
    [2010/11/01 13:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2011/02/21 19:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
    [2010/11/30 04:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
    [2011/02/22 05:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
    [2011/02/22 06:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
    [2011/02/22 07:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
    [2011/02/22 08:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
    [2011/02/22 09:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
    [2011/02/23 10:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
    [2011/02/24 11:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
    [2011/02/27 12:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
    [2011/02/27 13:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
    [2011/02/19 20:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
    [2011/02/27 14:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
    [2011/02/27 15:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
    [2011/02/27 16:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
    [2011/02/24 17:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
    [2011/02/24 18:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
    [2011/02/21 19:18:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
    [2011/02/21 20:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
    [2011/01/02 21:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
    [2010/04/30 19:20:22 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
    [2010/04/30 19:20:22 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
    [2011/01/02 21:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
    [2010/04/30 19:20:22 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
    [2010/04/30 19:20:22 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
    [2010/04/30 19:20:22 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
    [2010/04/30 19:20:22 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
    [2010/11/30 04:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
    [2010/12/16 05:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
    [2011/02/22 06:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
    [2011/02/22 07:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
    [2011/02/22 08:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
    [2011/02/22 09:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
    [2010/04/30 12:41:52 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
    [2011/02/23 10:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
    [2011/02/24 11:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
    [2011/02/27 12:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
    [2011/02/27 13:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
    [2011/02/27 14:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
    [2011/02/27 15:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
    [2011/02/27 16:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
    [2011/02/24 17:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
    [2011/02/24 18:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
    [2011/02/21 19:23:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At49.job
    [2010/04/30 12:41:52 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
    [2011/02/21 20:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At50.job
    [2011/01/02 21:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At51.job
    [2010/05/01 04:23:44 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At52.job
    [2010/05/01 04:23:44 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At53.job
    [2010/05/01 04:23:44 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At54.job
    [2010/05/01 04:23:44 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At55.job
    [2010/05/01 04:23:44 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At56.job
    [2010/05/01 04:23:44 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At57.job
    [2010/11/30 04:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At58.job
    [2010/12/16 05:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At59.job
    [2010/04/30 12:41:52 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
    [2011/02/22 06:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At60.job
    [2011/02/22 07:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At61.job
    [2011/02/22 08:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At62.job
    [2011/02/22 09:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At63.job
    [2011/02/23 10:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At64.job
    [2011/02/24 11:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At65.job
    [2011/02/27 12:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At66.job
    [2011/02/27 13:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At67.job
    [2011/02/27 14:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At68.job
    [2011/02/27 15:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At69.job
    [2010/04/30 12:41:52 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
    [2011/02/27 16:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At70.job
    [2011/02/24 17:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At71.job
    [2011/02/24 18:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At72.job
    [2010/04/30 12:41:52 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
    [2010/04/30 12:41:52 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

    ========== Purity Check ==========


    < End of report >

    I hope it might give a clue about what is going on, I have never seen an infection like this before...
    And there must be a way to get rid of this AVG map? Delete function couldnt do it either...
  10. Broni

    Broni Malware Annihilator Posts: 46,384   +252

    I can see the infection, but before we go any further, please give me more details about this:
  11. Maroan

    Maroan Newcomer, in training Topic Starter Posts: 35

    I restarted the computer after the AVG removal tool stopped, and though I could see that it had troubles removing the files before it stopped, I thought it had at least deleted a lot of them, but it didnt. The AVG map was still there with all its files inside. I tryied a normal "mouse mark and delete" and I got the message "Cannot delete the map, map corrupted".
    Im translating from danish, I hope its correct...
     
  12. Broni

    Broni Malware Annihilator Posts: 46,384   +252

    Try this tool:
    Please click here to download AppRemover on your desktop.
    • Once done, double click on the icon of AppRemover.exe to run it.
      Vista users, right click on the icon and select "run as administrator"
    • Uncheck "Enable anonymous usage statistics. No personal data will be recorded."
    • Click on the Next button.
    • Click on "Remove Security Application" or "Clean Up a Failed Uninstall" depending on what you want to do.
    • Click on the Next button.
    • A scan begins, please wait. Once done, click on the Next button.
    • Now you should have a list of your security programs, choose the one you want to remove and click on the Next button.
    • Follow the last step and reboot if asked to do so.
  13. Maroan

    Maroan Newcomer, in training Topic Starter Posts: 35

    AppRemover seems to work, but its taking hours! And its late in Denmark now, Ill let you know the result as soon as I can,Im going to bed! (Time is 02.25 in the morning!)
  14. Broni

    Broni Malware Annihilator Posts: 46,384   +252

    Very good :)
    No rush with those things :)
  15. Maroan

    Maroan Newcomer, in training Topic Starter Posts: 35

    AppRemover doesnt seem to see the AVG10 map, but removed AVG 2011 up to 89 %... and stopped. I had to restart the computer.
    But at least a few new things have happened: The task manager is back (I had to use Ctrl-shift-Esc to call it, the normal key combination didnt work) and I could see the following application running:
    Wmprvse.exe.
    I checked the file on the net and found out it is one of the bad guys! But in the meantime, the application disappeared from the task manager...
    So, small steps, but its nice to see something is happening!

    I forgot something:
    I am able to run MBAM right after an installation, but as I wrote before it freezes, and I have to restart the computer. But when I try to restart MBAM, I get 2 error messages: "runtime err 0" and "runtime err 440"... Still bad luck there..
  16. Broni

    Broni Malware Annihilator Posts: 46,384   +252

    Please, give me fresh OTL log. We'll try to remove AVG leftovers manually.
  17. Maroan

    Maroan Newcomer, in training Topic Starter Posts: 35

    And here it is, with standard scan properties; If you want me to change some of the properties, just let me know.

    OTL logfile created on: 4/10/2011 1:48:52 AM - Run
    OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
    Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 88.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer
    Drive C: | 232.88 Gb Total Space | 98.77 Gb Free Space | 42.41% Space Free | Partition Type: NTFS
    Drive D: | 3.92 Gb Total Space | 3.88 Gb Free Space | 98.95% Space Free | Partition Type: FAT32
    Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: REATOGO | User Name: SYSTEM
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
    Using ControlSet: ControlSet001

    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand] -- -- (AppMgmt)
    SRV - [2011/01/06 10:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Programmer\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2010/10/21 23:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Programmer\AVG\AVG10\avgwdsvc.exe -- (avgwd)
    SRV - [2010/08/13 07:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto] -- C:\Programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2008/11/03 20:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programmer\Fælles filer\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
    SRV - [2008/10/26 15:25:52 | 000,611,664 | ---- | M] (Lavasoft) [Auto] -- C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
    SRV - [2006/10/26 08:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programmer\Fælles filer\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
    DRV - File not found [Kernel | System] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand] -- -- (MBAMSwissArmy)
    DRV - File not found [Kernel | System] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System] -- -- (i2omgmt)
    DRV - File not found [Kernel | On_Demand] -- -- (GMSIPCI)
    DRV - File not found [Kernel | System] -- -- (Changer)
    DRV - File not found [Kernel | System] -- -- (Avgtdix)
    DRV - File not found [File_System | Boot] -- -- (Avgrkx86)
    DRV - File not found [File_System | System] -- -- (Avgmfx86)
    DRV - File not found [Kernel | System] -- -- (Avgldx86)
    DRV - File not found [Kernel | On_Demand] -- -- (AVGIDSShim)
    DRV - File not found [Kernel | On_Demand] -- -- (AVGIDSFilter)
    DRV - File not found [Kernel | Boot] -- -- (AVGIDSEH)
    DRV - File not found [Kernel | On_Demand] -- -- (AVGIDSDriver)
    DRV - [2010/05/26 10:21:00 | 000,006,144 | ---- | M] (Promethean Technologies Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\activmouse.sys -- (prmvmouse)
    DRV - [2010/05/26 10:20:44 | 000,074,752 | ---- | M] (Promethean Technologies Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\activhidsermini.sys -- (ActivHidSerMini)
    DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Programmer\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Programmer\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2009/08/05 16:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
    DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
    DRV - [2006/08/22 21:53:14 | 001,723,904 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2006/08/01 21:53:00 | 000,168,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW)
    DRV - [2006/04/06 02:20:44 | 004,258,816 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2006/03/22 01:24:02 | 000,018,944 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2006/03/22 01:24:00 | 000,052,736 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2006/03/16 06:51:32 | 000,099,840 | R--- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
    DRV - [2005/03/09 02:53:00 | 000,036,352 | R--- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\software\mozilla\Firefox\extensions\\{EBDC7EC1-549E-48ee-96F7-C2252F5BBBED}: C:\Programmer\Comodo\HopSurfToolbar\hopsurfext_ff3
    FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programmer\AVG\AVG10\Firefox\ [2010/12/27 11:09:16 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Programmer\Mozilla Firefox\components [2010/12/12 08:52:09 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Programmer\Mozilla Firefox\plugins [2010/12/12 08:52:09 | 000,000,000 | ---D | M]

    [2010/07/25 04:55:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programmer\Mozilla Firefox\extensions
    [2010/10/26 04:32:55 | 000,001,525 | ---- | M] () -- C:\Programmer\Mozilla Firefox\searchplugins\amazon-co-uk.xml
    [2010/10/26 04:32:55 | 000,001,178 | ---- | M] () -- C:\Programmer\Mozilla Firefox\searchplugins\wikipedia-da.xml
    [2010/10/26 04:32:55 | 000,001,102 | ---- | M] () -- C:\Programmer\Mozilla Firefox\searchplugins\yahoo-dk.xml

    O1 HOSTS File: ([2002/09/16 08:00:00 | 000,000,723 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Hjælp til tilmelding til Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Programmer\Softonic_English\tbSof0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Programmer\Softonic_English\tbSof0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O4 - HKLM..\Run: [ActivControl] C:\Programmer\Activ Software\ActivDriver\ActivControl2.exe (Promethean Technologies Group Ltd)
    O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Programmer\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programmer\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/DA-DK/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmer\Fælles filer\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmer\Fælles filer\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programmer\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/02/15 14:15:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Programmer\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/04/07 22:07:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2011/04/07 22:07:39 | 000,000,000 | ---D | C] -- C:\Programmer\SUPERAntiSpyware
    [2011/04/06 09:36:17 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
    [2011/04/06 08:02:56 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/04/05 14:12:26 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0

    ========== Files - Modified Within 30 Days ==========

    [2011/04/09 07:24:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/04/07 22:07:41 | 000,001,651 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\SUPERAntiSpyware Free Edition.lnk
    [2011/04/07 19:42:32 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/04/05 21:57:31 | 000,447,292 | ---- | M] () -- C:\WINDOWS\System32\perfh006.dat
    [2011/04/05 21:57:31 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/04/05 21:57:31 | 000,077,804 | ---- | M] () -- C:\WINDOWS\System32\perfc006.dat
    [2011/04/05 21:57:31 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

    ========== Files Created - No Company Name ==========

    [2011/04/07 22:07:41 | 000,001,651 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\SUPERAntiSpyware Free Edition.lnk
    [2010/11/10 11:45:01 | 000,023,920 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/10/31 15:22:26 | 000,075,776 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01e.exe
    [2010/07/24 12:04:47 | 000,000,259 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2010/06/10 09:54:42 | 000,227,624 | ---- | C] () -- C:\WINDOWS\libactivboardex.dll
    [2010/06/10 09:54:24 | 000,256,280 | ---- | C] () -- C:\WINDOWS\ActivDRV.dll
    [2010/04/30 19:20:21 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DToPcM40.dat
    [2009/09/30 17:41:03 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
    [2009/09/27 08:17:36 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\legitcheckcontrol.dll.bak
    [2009/09/27 08:17:36 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\LegitCheckControl.dll
    [2009/09/27 08:17:36 | 000,323,072 | ---- | C] () -- C:\WINDOWS\System32\wgatray.exe.bak
    [2009/09/27 08:17:36 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\wgalogon.dll.bak
    [2008/12/28 05:02:46 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2008/12/28 04:59:48 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
    [2008/10/31 13:17:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2008/05/16 06:58:04 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
    [2008/04/18 06:32:56 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
    [2008/02/21 15:50:59 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
    [2008/02/21 13:27:21 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
    [2008/02/16 06:02:28 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
    [2008/02/15 14:35:49 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2008/02/15 14:32:36 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
    [2008/02/15 14:26:58 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
    [2008/02/15 14:26:58 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
    [2008/02/15 14:16:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2008/02/15 14:14:05 | 000,021,644 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2008/02/15 14:11:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2008/02/15 14:10:41 | 000,149,200 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2006/08/16 13:52:54 | 000,133,583 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
    [2004/08/02 09:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2003/03/24 01:03:00 | 000,279,552 | ---- | C] () -- C:\WINDOWS\System32\FGWVB32.DLL
    [2002/09/16 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2002/09/16 08:00:00 | 000,447,292 | ---- | C] () -- C:\WINDOWS\System32\perfh006.dat
    [2002/09/16 08:00:00 | 000,432,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2002/09/16 08:00:00 | 000,284,912 | ---- | C] () -- C:\WINDOWS\System32\perfi006.dat
    [2002/09/16 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2002/09/16 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2002/09/16 08:00:00 | 000,077,804 | ---- | C] () -- C:\WINDOWS\System32\perfc006.dat
    [2002/09/16 08:00:00 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2002/09/16 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2002/09/16 08:00:00 | 000,034,026 | ---- | C] () -- C:\WINDOWS\System32\perfd006.dat
    [2002/09/16 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2002/09/16 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2002/09/16 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2001/09/04 05:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2001/09/04 05:10:20 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

    ========== LOP Check ==========

    [2011/02/01 12:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Activ Software
    [2010/10/26 04:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2010/07/24 09:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Backup
    [2010/10/26 04:46:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2010/10/26 04:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2011/02/01 12:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Promethean
    [2010/11/01 13:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2011/02/21 19:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
    [2010/11/30 04:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
    [2011/02/22 05:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
    [2011/02/22 06:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
    [2011/02/22 07:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
    [2011/02/22 08:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
    [2011/02/22 09:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
    [2011/02/23 10:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
    [2011/02/24 11:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
    [2011/02/27 12:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
    [2011/02/27 13:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
    [2011/02/19 20:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
    [2011/02/27 14:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
    [2011/02/27 15:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
    [2011/02/27 16:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
    [2011/02/24 17:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
    [2011/02/24 18:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
    [2011/02/21 19:18:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
    [2011/02/21 20:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
    [2011/01/02 21:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
    [2010/04/30 19:20:22 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
    [2010/04/30 19:20:22 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
    [2011/01/02 21:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
    [2010/04/30 19:20:22 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
    [2010/04/30 19:20:22 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
    [2010/04/30 19:20:22 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
    [2010/04/30 19:20:22 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
    [2010/11/30 04:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
    [2010/12/16 05:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
    [2011/02/22 06:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
    [2011/02/22 07:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
    [2011/02/22 08:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
    [2011/02/22 09:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
    [2010/04/30 12:41:52 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
    [2011/02/23 10:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
    [2011/02/24 11:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
    [2011/02/27 12:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
    [2011/02/27 13:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
    [2011/02/27 14:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
    [2011/02/27 15:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
    [2011/02/27 16:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
    [2011/02/24 17:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
    [2011/02/24 18:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
    [2011/02/21 19:23:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At49.job
    [2010/04/30 12:41:52 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
    [2011/02/21 20:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At50.job
    [2011/01/02 21:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At51.job
    [2010/05/01 04:23:44 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At52.job
    [2010/05/01 04:23:44 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At53.job
    [2010/05/01 04:23:44 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At54.job
    [2010/05/01 04:23:44 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At55.job
    [2010/05/01 04:23:44 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At56.job
    [2010/05/01 04:23:44 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At57.job
    [2010/11/30 04:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At58.job
    [2010/12/16 05:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At59.job
    [2010/04/30 12:41:52 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
    [2011/02/22 06:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At60.job
    [2011/02/22 07:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At61.job
    [2011/02/22 08:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At62.job
    [2011/02/22 09:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At63.job
    [2011/02/23 10:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At64.job
    [2011/02/24 11:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At65.job
    [2011/02/27 12:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At66.job
    [2011/02/27 13:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At67.job
    [2011/02/27 14:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At68.job
    [2011/02/27 15:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At69.job
    [2010/04/30 12:41:52 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
    [2011/02/27 16:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At70.job
    [2011/02/24 17:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At71.job
    [2011/02/24 18:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At72.job
    [2010/04/30 12:41:52 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
    [2010/04/30 12:41:52 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

    ========== Purity Check ==========


    < End of report >

    i use OTLP from the reatogo-x-pe cd, it boots and works fine so far.
  18. Broni

    Broni Malware Annihilator Posts: 46,384   +252

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - [2011/01/06 10:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Programmer\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
      SRV - [2010/10/21 23:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Programmer\AVG\AVG10\avgwdsvc.exe -- (avgwd)
      DRV - File not found [Kernel | System] -- -- (Avgtdix)
      DRV - File not found [File_System | Boot] -- -- (Avgrkx86)
      DRV - File not found [File_System | System] -- -- (Avgmfx86)
      DRV - File not found [Kernel | System] -- -- (Avgldx86)
      DRV - File not found [Kernel | On_Demand] -- -- (AVGIDSShim)
      DRV - File not found [Kernel | On_Demand] -- -- (AVGIDSFilter)
      DRV - File not found [Kernel | Boot] -- -- (AVGIDSEH)
      DRV - File not found [Kernel | On_Demand] -- -- (AVGIDSDriver)
      IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
      FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programmer\AVG\AVG10\Firefox\ [2010/12/27 11:09:16 | 000,000,000 | ---D | M]
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
      O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
      O4 - HKLM..\Run: [AVG_TRAY] C:\Programmer\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
      O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
      O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
      O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
      O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
      O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
      O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Programmer\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
      [2010/10/26 04:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
      [2011/02/21 19:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
      [2010/11/30 04:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
      [2011/02/22 05:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
      [2011/02/22 06:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
      [2011/02/22 07:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
      [2011/02/22 08:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
      [2011/02/22 09:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
      [2011/02/23 10:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
      [2011/02/24 11:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
      [2011/02/27 12:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
      [2011/02/27 13:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
      [2011/02/19 20:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
      [2011/02/27 14:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
      [2011/02/27 15:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
      [2011/02/27 16:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
      [2011/02/24 17:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
      [2011/02/24 18:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
      [2011/02/21 19:18:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
      [2011/02/21 20:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
      [2011/01/02 21:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
      [2010/04/30 19:20:22 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
      [2010/04/30 19:20:22 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
      [2011/01/02 21:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
      [2010/04/30 19:20:22 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
      [2010/04/30 19:20:22 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
      [2010/04/30 19:20:22 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
      [2010/04/30 19:20:22 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
      [2010/11/30 04:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
      [2010/12/16 05:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
      [2011/02/22 06:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
      [2011/02/22 07:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
      [2011/02/22 08:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
      [2011/02/22 09:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
      [2010/04/30 12:41:52 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
      [2011/02/23 10:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
      [2011/02/24 11:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
      [2011/02/27 12:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
      [2011/02/27 13:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
      [2011/02/27 14:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
      [2011/02/27 15:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
      [2011/02/27 16:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
      [2011/02/24 17:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
      [2011/02/24 18:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
      [2011/02/21 19:23:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At49.job
      [2010/04/30 12:41:52 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
      [2011/02/21 20:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At50.job
      [2011/01/02 21:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At51.job
      [2010/05/01 04:23:44 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At52.job
      [2010/05/01 04:23:44 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At53.job
      [2010/05/01 04:23:44 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At54.job
      [2010/05/01 04:23:44 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At55.job
      [2010/05/01 04:23:44 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At56.job
      [2010/05/01 04:23:44 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At57.job
      [2010/11/30 04:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At58.job
      [2010/12/16 05:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At59.job
      [2010/04/30 12:41:52 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
      [2011/02/22 06:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At60.job
      [2011/02/22 07:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At61.job
      [2011/02/22 08:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At62.job
      [2011/02/22 09:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At63.job
      [2011/02/23 10:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At64.job
      [2011/02/24 11:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At65.job
      [2011/02/27 12:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At66.job
      [2011/02/27 13:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At67.job
      [2011/02/27 14:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At68.job
      [2011/02/27 15:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At69.job
      [2010/04/30 12:41:52 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
      [2011/02/27 16:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At70.job
      [2011/02/24 17:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At71.job
      [2011/02/24 18:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At72.job
      [2010/04/30 12:41:52 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
      [2010/04/30 12:41:52 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
      
      :Services
      
      :Reg
      
      :Files
      C:\Programmer\AVG
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.
  19. Maroan

    Maroan Newcomer, in training Topic Starter Posts: 35

    The computer freezed after the custom scan, so I was not able to save any log. I rebooted the computer and did a quick scan, and here is the log:

    OTL logfile created on: 4/10/2011 3:50:56 AM - Run
    OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
    Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 88.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer
    Drive C: | 232.88 Gb Total Space | 98.76 Gb Free Space | 42.41% Space Free | Partition Type: NTFS
    Drive D: | 3.92 Gb Total Space | 3.88 Gb Free Space | 98.95% Space Free | Partition Type: FAT32
    Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: REATOGO | User Name: SYSTEM
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
    Using ControlSet: ControlSet001

    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto] -- -- (AVGIDSAgent)
    SRV - File not found [On_Demand] -- -- (AppMgmt)
    SRV - [2010/10/21 23:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Programmer\AVG\AVG10\avgwdsvc.exe -- (avgwd)
    SRV - [2010/08/13 07:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto] -- C:\Programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2008/11/03 20:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programmer\Fælles filer\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
    SRV - [2008/10/26 15:25:52 | 000,611,664 | ---- | M] (Lavasoft) [Auto] -- C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
    SRV - [2006/10/26 08:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programmer\Fælles filer\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
    DRV - File not found [Kernel | System] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand] -- -- (MBAMSwissArmy)
    DRV - File not found [Kernel | System] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System] -- -- (i2omgmt)
    DRV - File not found [Kernel | On_Demand] -- -- (GMSIPCI)
    DRV - File not found [Kernel | System] -- -- (Changer)
    DRV - File not found [Kernel | System] -- -- (Avgtdix)
    DRV - File not found [File_System | Boot] -- -- (Avgrkx86)
    DRV - File not found [File_System | System] -- -- (Avgmfx86)
    DRV - File not found [Kernel | System] -- -- (Avgldx86)
    DRV - File not found [Kernel | On_Demand] -- -- (AVGIDSShim)
    DRV - File not found [Kernel | On_Demand] -- -- (AVGIDSFilter)
    DRV - File not found [Kernel | Boot] -- -- (AVGIDSEH)
    DRV - File not found [Kernel | On_Demand] -- -- (AVGIDSDriver)
    DRV - [2010/05/26 10:21:00 | 000,006,144 | ---- | M] (Promethean Technologies Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\activmouse.sys -- (prmvmouse)
    DRV - [2010/05/26 10:20:44 | 000,074,752 | ---- | M] (Promethean Technologies Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\activhidsermini.sys -- (ActivHidSerMini)
    DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Programmer\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Programmer\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2009/08/05 16:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
    DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
    DRV - [2006/08/22 21:53:14 | 001,723,904 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2006/08/01 21:53:00 | 000,168,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW)
    DRV - [2006/04/06 02:20:44 | 004,258,816 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2006/03/22 01:24:02 | 000,018,944 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2006/03/22 01:24:00 | 000,052,736 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2006/03/16 06:51:32 | 000,099,840 | R--- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
    DRV - [2005/03/09 02:53:00 | 000,036,352 | R--- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\software\mozilla\Firefox\extensions\\{EBDC7EC1-549E-48ee-96F7-C2252F5BBBED}: C:\Programmer\Comodo\HopSurfToolbar\hopsurfext_ff3
    FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programmer\AVG\AVG10\Firefox\ [2010/12/27 11:09:16 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Programmer\Mozilla Firefox\components [2010/12/12 08:52:09 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Programmer\Mozilla Firefox\plugins [2010/12/12 08:52:09 | 000,000,000 | ---D | M]

    [2010/07/25 04:55:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programmer\Mozilla Firefox\extensions
    [2010/10/26 04:32:55 | 000,001,525 | ---- | M] () -- C:\Programmer\Mozilla Firefox\searchplugins\amazon-co-uk.xml
    [2010/10/26 04:32:55 | 000,001,178 | ---- | M] () -- C:\Programmer\Mozilla Firefox\searchplugins\wikipedia-da.xml
    [2010/10/26 04:32:55 | 000,001,102 | ---- | M] () -- C:\Programmer\Mozilla Firefox\searchplugins\yahoo-dk.xml

    O1 HOSTS File: ([2002/09/16 08:00:00 | 000,000,723 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Hjælp til tilmelding til Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Programmer\Softonic_English\tbSof0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Programmer\Softonic_English\tbSof0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O4 - HKLM..\Run: [ActivControl] C:\Programmer\Activ Software\ActivDriver\ActivControl2.exe (Promethean Technologies Group Ltd)
    O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Programmer\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programmer\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/DA-DK/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmer\Fælles filer\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmer\Fælles filer\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programmer\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/02/15 14:15:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Programmer\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    File not found -- C:\WINDOWS\tasks\At24.job
    File not found -- C:\WINDOWS\tasks\At23.job
    File not found -- C:\WINDOWS\tasks\At22.job
    File not found -- C:\WINDOWS\tasks\At21.job
    File not found -- C:\WINDOWS\tasks\At20.job
    File not found -- C:\WINDOWS\tasks\At2.job
    File not found -- C:\WINDOWS\tasks\At19.job
    File not found -- C:\WINDOWS\tasks\At18.job
    File not found -- C:\WINDOWS\tasks\At17.job
    File not found -- C:\WINDOWS\tasks\At16.job
    File not found -- C:\WINDOWS\tasks\At15.job
    File not found -- C:\WINDOWS\tasks\At14.job
    File not found -- C:\WINDOWS\tasks\At13.job
    File not found -- C:\WINDOWS\tasks\At12.job
    File not found -- C:\WINDOWS\tasks\At11.job
    File not found -- C:\WINDOWS\tasks\At10.job
    File not found -- C:\WINDOWS\tasks\At1.job
    [2011/04/10 02:38:31 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011/04/07 22:07:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2011/04/07 22:07:39 | 000,000,000 | ---D | C] -- C:\Programmer\SUPERAntiSpyware
    [2011/04/06 09:36:17 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
    [2011/04/06 08:02:56 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/04/05 14:12:26 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0

    ========== Files - Modified Within 30 Days ==========

    File not found -- C:\WINDOWS\tasks\At24.job
    File not found -- C:\WINDOWS\tasks\At23.job
    File not found -- C:\WINDOWS\tasks\At22.job
    File not found -- C:\WINDOWS\tasks\At21.job
    File not found -- C:\WINDOWS\tasks\At20.job
    File not found -- C:\WINDOWS\tasks\At2.job
    File not found -- C:\WINDOWS\tasks\At19.job
    File not found -- C:\WINDOWS\tasks\At18.job
    File not found -- C:\WINDOWS\tasks\At17.job
    File not found -- C:\WINDOWS\tasks\At16.job
    File not found -- C:\WINDOWS\tasks\At15.job
    File not found -- C:\WINDOWS\tasks\At14.job
    File not found -- C:\WINDOWS\tasks\At13.job
    File not found -- C:\WINDOWS\tasks\At12.job
    File not found -- C:\WINDOWS\tasks\At11.job
    File not found -- C:\WINDOWS\tasks\At10.job
    File not found -- C:\WINDOWS\tasks\At1.job
    [2011/04/09 07:24:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/04/07 22:07:41 | 000,001,651 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\SUPERAntiSpyware Free Edition.lnk
    [2011/04/07 19:42:32 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/04/05 21:57:31 | 000,447,292 | ---- | M] () -- C:\WINDOWS\System32\perfh006.dat
    [2011/04/05 21:57:31 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/04/05 21:57:31 | 000,077,804 | ---- | M] () -- C:\WINDOWS\System32\perfc006.dat
    [2011/04/05 21:57:31 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

    ========== Files Created - No Company Name ==========

    [2011/04/10 02:38:34 | 002,234,368 | R--- | C] () -- C:\OTLPE.exe
    [2011/04/07 22:07:41 | 000,001,651 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\SUPERAntiSpyware Free Edition.lnk
    [2010/11/10 11:45:01 | 000,023,920 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/10/31 15:22:26 | 000,075,776 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01e.exe
    [2010/07/24 12:04:47 | 000,000,259 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2010/06/10 09:54:42 | 000,227,624 | ---- | C] () -- C:\WINDOWS\libactivboardex.dll
    [2010/06/10 09:54:24 | 000,256,280 | ---- | C] () -- C:\WINDOWS\ActivDRV.dll
    [2010/04/30 19:20:21 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DToPcM40.dat
    [2009/09/30 17:41:03 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
    [2009/09/27 08:17:36 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\legitcheckcontrol.dll.bak
    [2009/09/27 08:17:36 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\LegitCheckControl.dll
    [2009/09/27 08:17:36 | 000,323,072 | ---- | C] () -- C:\WINDOWS\System32\wgatray.exe.bak
    [2009/09/27 08:17:36 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\wgalogon.dll.bak
    [2008/12/28 05:02:46 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2008/12/28 04:59:48 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
    [2008/10/31 13:17:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2008/05/16 06:58:04 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
    [2008/04/18 06:32:56 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
    [2008/02/21 15:50:59 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
    [2008/02/21 13:27:21 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
    [2008/02/16 06:02:28 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
    [2008/02/15 14:35:49 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2008/02/15 14:32:36 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
    [2008/02/15 14:26:58 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
    [2008/02/15 14:26:58 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
    [2008/02/15 14:16:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2008/02/15 14:14:05 | 000,021,644 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2008/02/15 14:11:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2008/02/15 14:10:41 | 000,149,200 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2006/08/16 13:52:54 | 000,133,583 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
    [2004/08/02 09:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2003/03/24 01:03:00 | 000,279,552 | ---- | C] () -- C:\WINDOWS\System32\FGWVB32.DLL
    [2002/09/16 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2002/09/16 08:00:00 | 000,447,292 | ---- | C] () -- C:\WINDOWS\System32\perfh006.dat
    [2002/09/16 08:00:00 | 000,432,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2002/09/16 08:00:00 | 000,284,912 | ---- | C] () -- C:\WINDOWS\System32\perfi006.dat
    [2002/09/16 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2002/09/16 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2002/09/16 08:00:00 | 000,077,804 | ---- | C] () -- C:\WINDOWS\System32\perfc006.dat
    [2002/09/16 08:00:00 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2002/09/16 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2002/09/16 08:00:00 | 000,034,026 | ---- | C] () -- C:\WINDOWS\System32\perfd006.dat
    [2002/09/16 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2002/09/16 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2002/09/16 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2001/09/04 05:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2001/09/04 05:10:20 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

    ========== LOP Check ==========

    [2011/02/01 12:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Activ Software
    [2011/04/10 02:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2010/07/24 09:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Backup
    [2010/10/26 04:46:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2010/10/26 04:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2011/02/01 12:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Promethean
    [2010/11/01 13:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    File not found --
    File not found --
    File not found --
    File not found --
    File not found --
    File not found --
    File not found --
    File not found --
    File not found --
    File not found --
    File not found --
    File not found --
    File not found --
    File not found --
    File not found --
    File not found --
    File not found --
    [2011/02/22 08:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At62.job
    [2011/02/22 09:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At63.job
    [2011/02/23 10:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At64.job
    [2011/02/24 11:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At65.job
    [2011/02/27 12:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At66.job
    [2011/02/27 13:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At67.job
    [2011/02/27 14:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At68.job
    [2011/02/27 15:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At69.job
    [2010/04/30 12:41:52 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
    [2011/02/27 16:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At70.job
    [2011/02/24 17:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At71.job
    [2011/02/24 18:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At72.job
    [2010/04/30 12:41:52 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
    [2010/04/30 12:41:52 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

    ========== Purity Check ==========


    < End of report >

    And I still get messages about files that are corrupted in the AVG10 map...
  20. Broni

    Broni Malware Annihilator Posts: 46,384   +252

    You're supposed to click on "Run Fix" button, not on "Quick scan" button.
    We need to remove those items.
  21. Maroan

    Maroan Newcomer, in training Topic Starter Posts: 35

    I pasted the script and ran "run fix". it did the job and then the computer freezed..
    I rebooted and did the quick scan, as you wrote!
  22. Broni

    Broni Malware Annihilator Posts: 46,384   +252

    Restart in Safe Mode, run the fix one more time, post its log and then "Quick scan" from NORMAL mode.
  23. Maroan

    Maroan Newcomer, in training Topic Starter Posts: 35

    I have run OTL from a boot cd so far, does that mean I have to install OTL to the harddrive?
  24. Broni

    Broni Malware Annihilator Posts: 46,384   +252

    I see.
    Yeah...
    Download OTL to your Desktop.
  25. Maroan

    Maroan Newcomer, in training Topic Starter Posts: 35

    Well still no luck: I have installed OTL to the desktop, and ran the script. It stops with the following message:
    "File or map: C:\documents and settings\all users\aplications data\Avg10\log is corrupt and cannot be read. Run Chkdsk"

    I get the same message with C:\programs\AVG10\identity Protection file...

    And I still cant boot in normal mode...
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.