Solved Malware blocks removal tools and antivirus sofware

Status
Not open for further replies.
OK, we'll do it in stages....

1. Click Start, click Run, type chkdsk /f /r, and then click OK.
2. At the command prompt, type Y to let the disk scanner run when you restart the computer.
3. Restart the computer.
4. Chkdsk will run.

Let me know, if "chkdsk" found any issues.

=======================================================================

Download BlitzBlank and save it to your desktop.
Double click on Blitzblank.exe

  • Click OK at the warning (and take note of it, this is a VERY powerful tool!).
  • Click the Script tab and copy/paste the following text there:
Code: 
DeleteFolder:
C:\Programmer\AVG
"C:\Documents and Settings\All Users\Application Data\AVG10"
DeleteFile:
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At29.job
C:\WINDOWS\Tasks\At28.job
C:\WINDOWS\Tasks\At27.job
C:\WINDOWS\Tasks\At26.job
C:\WINDOWS\Tasks\At25.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At38.job
C:\WINDOWS\Tasks\At37.job
C:\WINDOWS\Tasks\At36.job
C:\WINDOWS\Tasks\At35.job
C:\WINDOWS\Tasks\At34.job
C:\WINDOWS\Tasks\At33.job
C:\WINDOWS\Tasks\At32.job
C:\WINDOWS\Tasks\At31.job
C:\WINDOWS\Tasks\At30.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At39.job
C:\WINDOWS\Tasks\At9.job 
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At72.job
C:\WINDOWS\Tasks\At71.job
C:\WINDOWS\Tasks\At70.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At69.job
C:\WINDOWS\Tasks\At68.job
C:\WINDOWS\Tasks\At67.job
C:\WINDOWS\Tasks\At66.job
C:\WINDOWS\Tasks\At65.job
C:\WINDOWS\Tasks\At64.job
C:\WINDOWS\Tasks\At63.job
C:\WINDOWS\Tasks\At62.job
C:\WINDOWS\Tasks\At61.job
C:\WINDOWS\Tasks\At60.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At59.job
C:\WINDOWS\Tasks\At58.job
C:\WINDOWS\Tasks\At57.job
C:\WINDOWS\Tasks\At56.job
C:\WINDOWS\Tasks\At55.job
C:\WINDOWS\Tasks\At54.job
C:\WINDOWS\Tasks\At53.job
C:\WINDOWS\Tasks\At52.job
C:\WINDOWS\Tasks\At51.job
C:\WINDOWS\Tasks\At50.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At49.job
C:\WINDOWS\Tasks\At48.job
C:\WINDOWS\Tasks\At47.job
C:\WINDOWS\Tasks\At46.job
C:\WINDOWS\Tasks\At45.job
C:\WINDOWS\Tasks\At44.job
C:\WINDOWS\Tasks\At43.job
C:\WINDOWS\Tasks\At42.job
C:\WINDOWS\Tasks\At41.job
C:\WINDOWS\Tasks\At40.job


  • Click Execute Now. Your computer will need to reboot in order to replace the files.
  • When done, post the report created by Blitzblank.
    You can find it in the root of the drive, normally C:\
 
Sorry for the delay, but i had a hard time making chkdsk to work at the first place! Every time I accepted to restart the computer, it started in normal mode, and from there nothing more happened, except winxp logo and the running blue bar. I have tryed to run Chkdsk from the readytogo-x-pe cd, it stopped at 17%. Then I used the Winxp installation cd and it worked (tooks 3 hours!), exept that I couldnt use the /f parameter, I used the /p parameter instead. It reported a lot of corrupted and repaired sectors.

I have installed the BlitzBlank software. I must have done a mistake somewhere, because it only deleted the*.job files the first time.
So i ran it one more time with only the deletedir part of the script (about the AVG files), and we have a breakthrough!
The computer restarted, and the Blitz script was executed!
And now it runs fine! I know were not over yet, but at least I can now start the computer in normal mode, and MBAM works 100%. I have done a fresch scan with GMER and DDS as well.
All the scans have been done in normal mode.

But first the BlitzBlank logs.


DeleteFile:
c:\windows\tasks\at3.job
c:\windows\tasks\at29.job
c:\windows\tasks\at28.job
c:\windows\tasks\at27.job
c:\windows\tasks\at26.job
c:\windows\tasks\at25.job
c:\windows\tasks\at24.job
c:\windows\tasks\at23.job
c:\windows\tasks\at22.job
c:\windows\tasks\at21.job
c:\windows\tasks\at20.job
c:\windows\tasks\at2.job
c:\windows\tasks\at19.job
c:\windows\tasks\at18.job
c:\windows\tasks\at17.job
c:\windows\tasks\at16.job
c:\windows\tasks\at15.job
c:\windows\tasks\at14.job
c:\windows\tasks\at13.job
c:\windows\tasks\at12.job
c:\windows\tasks\at11.job
c:\windows\tasks\at10.job
c:\windows\tasks\at1.job
c:\windows\tasks\at38.job
c:\windows\tasks\at37.job
c:\windows\tasks\at36.job
c:\windows\tasks\at35.job
c:\windows\tasks\at34.job
c:\windows\tasks\at33.job
c:\windows\tasks\at32.job
c:\windows\tasks\at31.job
c:\windows\tasks\at30.job
c:\windows\tasks\at4.job
c:\windows\tasks\at39.job
c:\windows\tasks\at9.job
c:\windows\tasks\at8.job
c:\windows\tasks\at72.job
c:\windows\tasks\at71.job
c:\windows\tasks\at70.job
c:\windows\tasks\at7.job
c:\windows\tasks\at69.job
c:\windows\tasks\at68.job
c:\windows\tasks\at67.job
c:\windows\tasks\at66.job
c:\windows\tasks\at65.job
c:\windows\tasks\at64.job
c:\windows\tasks\at63.job
c:\windows\tasks\at62.job
c:\windows\tasks\at61.job
c:\windows\tasks\at60.job
c:\windows\tasks\at6.job
c:\windows\tasks\at59.job
c:\windows\tasks\at58.job
c:\windows\tasks\at57.job
c:\windows\tasks\at56.job
c:\windows\tasks\at55.job
c:\windows\tasks\at54.job
c:\windows\tasks\at53.job
c:\windows\tasks\at52.job
c:\windows\tasks\at51.job
c:\windows\tasks\at50.job
c:\windows\tasks\at5.job
c:\windows\tasks\at49.job
c:\windows\tasks\at48.job
c:\windows\tasks\at47.job
c:\windows\tasks\at46.job
c:\windows\tasks\at45.job
c:\windows\tasks\at44.job
c:\windows\tasks\at43.job
c:\windows\tasks\at42.job
c:\windows\tasks\at41.job
c:\windows\tasks\at40.job

and now the second one:


BlitzBlank 1.0.0.32

File/Registry Modification Engine native application
MoveDirectoryOnReboot: sourceDirectory = "\??\c:\programmer\avg", destinationDirectory = "(null)", replaceWithDummy = 0
MoveDirectoryOnReboot: sourceDirectory = "\??\c:\programmer\avg\AVG10", destinationDirectory = "(null)", replaceWithDummy = 0
MoveDirectoryOnReboot: sourceDirectory = "\??\c:\programmer\avg\AVG10\3rd_party", destinationDirectory = "(null)", replaceWithDummy = 0
MoveDirectoryOnReboot: sourceDirectory = "\??\c:\programmer\avg\AVG10\3rd_party\licenses", destinationDirectory = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\3rd_party\licenses\ace.txt", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\3rd_party\licenses\arabica.txt", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\3rd_party\licenses\boost.txt", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\3rd_party\licenses\bsdiff.txt", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\3rd_party\licenses\bzip.txt", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\3rd_party\licenses\carp.html", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\3rd_party\licenses\cryptopp.txt", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\3rd_party\licenses\curl.txt", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\3rd_party\licenses\dazukofs.txt", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\3rd_party\licenses\expat.txt", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\3rd_party\licenses\imagemagick.txt", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\3rd_party\licenses\infozip.txt", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\3rd_party\licenses\lua.txt", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\3rd_party\licenses\md4_md5_license.txt", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\3rd_party\licenses\milter.txt", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\3rd_party\licenses\minizip.txt", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\3rd_party\licenses\openssl_license.html", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\3rd_party\licenses\sasl.txt", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\3rd_party\licenses\tinyxml.txt", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\3rd_party\licenses\unrar.txt", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\3rd_party\licenses\untar.txt", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\3rd_party\licenses\xalan_xerces.txt", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\3rd_party\licenses\zlib.txt", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\3rd_party\readme.txt", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgar_us.chm", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgatend.stp", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgatupd.stp", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgcclix.dll", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgcertx.dll", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgcfgex.exe", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgcfgx.dll", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgchclx.dll", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgchjwx.dll", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgcmgr.exe", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgcorex.dll", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgcslx.dll", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgcsrvx.exe", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgdg_da.chm", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgdg_us.chm", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgdiagex.exe", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgdumpx.exe", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgemcx.exe", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgfree_da.mht", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgfree_us.mht", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgfree_zh.mht", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgfree_zt.mht", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgf_da.chm", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgf_us.chm", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgidpsdkx.dll", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgidp_da.chm", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgidp_us.chm", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avglngx.dll", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avglogx.dll", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avglscanx.exe", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgmfapx.exe", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgmfarx.dll", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgmtrapx.dll", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgmvflx.dll", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgmwdef_da.mht", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgmwdef_us.mht", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgnsx.exe", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgntdumpx.exe", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgpostinstx.dll", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgresf.dll", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgrktx.dll", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgsals_da.mht", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgsals_us.mht", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgsbfree_da.mht", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgsbfree_us.mht", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgscanx.dll", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgscanx.exe", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgsched.dll", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgse.dll", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgsrmax.exe", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgsrmx.dll", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgtrial_da.mht", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgtrial_us.mht", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgui.exe", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avguiadv.dll", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avguires.dll", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgupd.sig", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgupdx.dll", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgvvx.dll", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgwd.dll", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgwdwsc.dll", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgwebui.dll", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgwsc.exe", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avgxpl.dll", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avg_da.chm", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avg_da.lng", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avg_us.chm", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\avg_us.lng", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\axioo.dll", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\cf.dat", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\contacts_da.html", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\contacts_us.html", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\dfncfg.dat", destinationFile = "(null)", replaceWithDummy = 0
MoveDirectoryOnReboot: sourceDirectory = "\??\c:\programmer\avg\AVG10\Drivers", destinationDirectory = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\Drivers\avgld.cat", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\Drivers\avgld.inf", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\Drivers\avgmf.cat", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\Drivers\avgmf.inf", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\Drivers\avgrk.cat", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\Drivers\avgrk.inf", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\Drivers\avgtdi.cat", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\Drivers\avgtdi.inf", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\Drivers\avgtdix.sys", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\fixcfg.exe", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\HtmLayout.dll", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\imsdk32.dll", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\js.dat", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\license_da.htm", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\license_us.htm", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\mfada.lns", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\mfaus.lns", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\mfaverx.txt", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\ph.dat", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\sb.dat", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\sb.dat.xcd", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\sb2.dat", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\sc.dat", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\sc.dat.xcd", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\SearchProvider.exe", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\programmer\avg\AVG10\updatecomps.bak", destinationFile = "(null)", replaceWithDummy = 0
MoveDirectoryOnReboot: sourceDirectory = "\??\c:\documents and settings\all users\application data\avg10", destinationDirectory = "(null)", replaceWithDummy = 0
MoveDirectoryOnReboot: sourceDirectory = "\??\c:\documents and settings\all users\application data\avg10\log", destinationDirectory = "(null)", replaceWithDummy = 0

I have allready checked the harddive, these files (all of them) are gone.

MBAM log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6331

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11-04-2011 15:39:03
mbam-log-2011-04-11 (15-39-03).txt

Skanningstype: Hurtig skanning
Objekter skannet: 156325
Tid gået: 2 minut(ter), 21 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 1
Registreringsdatabaseværdier Inficeret: 1
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 0
Inficerede Filer: 1

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
HKEY_CURRENT_USER\SOFTWARE\mdnkso81qq2 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registreringsdatabaseværdier Inficeret:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
c:\WGASetup.exe (Hacktool.WPA) -> Quarantined and deleted successfully.

Gmer log

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit quick scan 2011-04-11 15:53:13
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\00000065 SAMSUNG_SP2504C rev.VT100-33
Running: zrckln5k.exe; Driver: C:\DOCUME~1\Matthias\LOKALE~1\Temp\kfqyquow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

DDS.txt

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Matthias at 15:57:45,90 on 11-04-2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.2047.1571 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Activ Software\ActivDriver\ActivControl2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
C:\Programmer\Activ Software\ActivDriver\activmgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
svchost.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Programmer\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Matthias\Skrivebord\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.dk/
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\programmer\avg\avg10\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\programmer\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Hjælp til tilmelding til Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programmer\fælles filer\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\programmer\softonic_english\tbSof0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmer\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\programmer\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmer\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\programmer\softonic_english\tbSof0.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\programmer\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\programmer\windows live\messenger\msnmsgr.exe" /background
uRun: [BitTorrent DNA] "c:\programmer\dna\btdna.exe"
uRun: [Skype] "c:\programmer\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SUPERAntiSpyware] c:\programmer\superantispyware\SUPERAntiSpyware.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\programmer\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [AVG_TRAY] c:\programmer\avg\avg10\avgtray.exe
mRun: [QuickTime Task] "c:\programmer\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\programmer\itunes\iTunesHelper.exe"
mRun: [ActivControl] c:\programmer\activ software\activdriver\ActivControl2.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\documents and settings\matthias\menuen start\programmer\start\CurseClientStartup.ccip
StartupFolder: c:\docume~1\matthias\menuen~1\progra~1\start\screen~1.lnk - c:\programmer\microsoft office\office12\ONENOTEM.EXE
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmer\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\programmer\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/DA-DK/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fllesf~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\programmer\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\programmer\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\matthias\applic~1\mozilla\firefox\profiles\po835jhi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\programmer\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\programmer\microsoft\office live\npOLW.dll
FF - plugin: c:\programmer\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmer\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programmer\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\programmer\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\programmer\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-5-4 54752]
R2 aawservice;Lavasoft Ad-Aware Service;c:\programmer\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\drivers\activhidsermini.sys [2010-5-26 74752]
R3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\drivers\activmouse.sys [2010-5-26 6144]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriver.sys --> c:\windows\system32\drivers\AVGIDSDriver.Sys [?]
S3 fsssvc;Windows Live-tjenesten Family Safety;c:\programmer\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2010-11-1 41984]
.
=============== Created Last 30 ================
.
2011-04-11 17:31:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-11 17:30:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-11 17:30:57 -------- d-----w- c:\programmer\Malwarebytes' Anti-Malware
2011-04-11 01:36:02 -------- d-sh--w- C:\found.000
2011-04-10 06:38:34 2234368 ----a-r- C:\OTLPE.exe
2011-04-10 06:38:31 -------- d-----w- C:\_OTL
2011-04-08 02:07:47 -------- d-----w- c:\docume~1\matthias\applic~1\SUPERAntiSpyware.com
2011-04-08 02:07:47 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-04-08 02:07:39 -------- d-----w- c:\programmer\SUPERAntiSpyware
2011-04-05 18:12:26 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
.
==================== Find3M ====================
.
2011-01-21 14:44:12 439808 ----a-w- c:\windows\system32\shimgvw.dll
.
============= FINISH: 15:58:24,60 ===============
 
Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 15-02-2008 19:16:25
System Uptime: 11-04-2011 15:41:28 (0 hours ago)
.
Motherboard: MSI | | MS-7250
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5600+ | CPU 1 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 98,837 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: Hændelsestimer med høj præcision
Device ID: ACPI\PNP0103\0
Manufacturer: (Standardsystemenheder)
Name: Hændelsestimer med høj præcision
PNP Device ID: ACPI\PNP0103\0
Service:
.
==== System Restore Points ===================
.
RP419: 03-12-2010 20:59:38 - Systemkontrolpunkt
RP420: 04-11-2010 22:15:27 - Systemkontrolpunkt
RP421: 08-11-2010 12:35:23 - Systemkontrolpunkt
RP422: 07-11-2010 17:21:03 - Systemkontrolpunkt
RP423: 08-11-2010 20:38:22 - Systemkontrolpunkt
RP424: 10-11-2010 17:03:41 - Systemkontrolpunkt
RP425: 10-11-2010 21:18:13 - Software Distribution Service 3.0
RP426: 11-11-2010 22:19:39 - Systemkontrolpunkt
RP427: 14-11-2010 22:08:45 - Systemkontrolpunkt
RP428: 16-11-2010 19:17:19 - Systemkontrolpunkt
RP429: 17-11-2010 20:24:00 - Systemkontrolpunkt
RP430: 18-11-2010 21:37:34 - Systemkontrolpunkt
RP431: 21-11-2010 16:51:07 - Systemkontrolpunkt
RP432: 22-11-2010 18:01:23 - Systemkontrolpunkt
RP433: 24-11-2010 17:44:20 - Systemkontrolpunkt
RP434: 25-11-2010 18:08:49 - Systemkontrolpunkt
RP435: 27-11-2010 10:25:11 - Systemkontrolpunkt
RP436: 28-11-2010 14:43:39 - Systemkontrolpunkt
RP437: 29-11-2010 18:31:28 - Systemkontrolpunkt
RP438: 30-11-2010 19:26:57 - Systemkontrolpunkt
RP439: 02-12-2010 18:33:50 - Systemkontrolpunkt
RP440: 05-12-2010 11:46:11 - Systemkontrolpunkt
RP441: 06-12-2010 18:48:08 - Systemkontrolpunkt
RP442: 08-12-2010 09:38:33 - Systemkontrolpunkt
RP443: 09-12-2010 10:11:11 - Systemkontrolpunkt
RP444: 10-12-2010 13:22:43 - Systemkontrolpunkt
RP445: 12-12-2010 14:30:09 - Systemkontrolpunkt
RP446: 14-12-2010 17:54:49 - Systemkontrolpunkt
RP447: 15-12-2010 18:44:19 - Systemkontrolpunkt
RP448: 16-12-2010 00:23:23 - Software Distribution Service 3.0
RP449: 17-12-2010 00:49:35 - Systemkontrolpunkt
RP450: 18-12-2010 01:46:13 - Systemkontrolpunkt
RP451: 18-12-2010 01:58:42 - Software Distribution Service 3.0
RP452: 19-12-2010 10:25:17 - Systemkontrolpunkt
RP453: 20-12-2010 10:32:25 - Systemkontrolpunkt
RP454: 23-12-2010 15:19:44 - Systemkontrolpunkt
RP455: 24-12-2010 16:03:25 - Systemkontrolpunkt
RP456: 25-12-2010 18:24:46 - Systemkontrolpunkt
RP457: 26-12-2010 21:24:26 - Systemkontrolpunkt
RP458: 29-12-2010 14:33:00 - Systemkontrolpunkt
RP459: 30-12-2010 16:08:49 - Systemkontrolpunkt
RP460: 01-01-2011 17:13:30 - Systemkontrolpunkt
RP461: 05-01-2011 20:18:32 - Systemkontrolpunkt
RP462: 07-01-2011 20:10:31 - Systemkontrolpunkt
RP463: 09-01-2011 10:21:32 - Systemkontrolpunkt
RP464: 10-01-2011 18:23:05 - Systemkontrolpunkt
RP465: 11-01-2011 18:23:16 - Systemkontrolpunkt
RP466: 13-01-2011 15:57:13 - Systemkontrolpunkt
RP467: 13-01-2011 23:52:54 - Software Distribution Service 3.0
RP468: 23-01-2011 17:09:48 - Systemkontrolpunkt
RP469: 26-01-2011 18:39:57 - Systemkontrolpunkt
RP470: 28-01-2011 20:14:43 - Systemkontrolpunkt
RP471: 30-01-2011 10:59:09 - Systemkontrolpunkt
RP472: 31-01-2011 16:39:36 - Systemkontrolpunkt
RP473: 01-02-2011 16:56:51 - Installeret ActivSoftware
RP474: 02-02-2011 17:56:15 - Systemkontrolpunkt
RP475: 03-02-2011 18:56:33 - Systemkontrolpunkt
RP476: 11-02-2011 23:16:09 - Software Distribution Service 3.0
RP477: 14-02-2011 16:51:15 - Systemkontrolpunkt
RP478: 15-02-2011 17:20:32 - Systemkontrolpunkt
RP479: 20-02-2011 11:40:53 - Systemkontrolpunkt
RP480: 21-02-2011 16:22:55 - Systemkontrolpunkt
RP481: 22-02-2011 17:53:15 - Systemkontrolpunkt
RP482: 23-02-2011 18:57:54 - Systemkontrolpunkt
RP483: 24-02-2011 19:01:05 - Systemkontrolpunkt
RP484: 24-02-2011 22:53:46 - Installed DirectX
.
==== Installed Programs ======================
.
.
ActivDriver x86 v5.5
ActivInspire Help (DNK) v1
ActivInspire HWR Resources (DNK) v1
ActivInspire v1
Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Afinstalleringsværktøj for software
ATI Display Driver
ATI Parental Control & Encoder
AVG 2011
Bonjour
CCleaner (remove only)
Curse Client
Dragon Age II Demo
Fremhævelsesvisning (Windows Live Toolbar)
Heroes of Newerth
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
Hotfix til Windows Internet Explorer 7 (KB947864)
Hotfix til Windows Media Player 11 (KB939683)
Hotfix til Windows XP (KB2158563)
Hotfix til Windows XP (KB2443685)
Hotfix til Windows XP (KB952287)
Hotfix til Windows XP (KB961118)
Hotfix til Windows XP (KB970653-v3)
Hotfix til Windows XP (KB976098-v2)
Hotfix til Windows XP (KB979306)
Hotfix til Windows XP (KB981793)
iTunes
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 15
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Junk Mail filter update
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (Danish) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (Danish) 2007
Microsoft Office PowerPoint MUI (Danish) 2007
Microsoft Office Proof (Danish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Danish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (Danish) 2007
Microsoft Office Word MUI (Danish) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (Danish) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.13)
MSVCRT
MSXML 6.0 Parser (KB933579)
NVIDIA Drivers
Opdatering til Windows Internet Explorer 8 (KB973874)
Opdatering til Windows Internet Explorer 8 (KB976662)
Opdatering til Windows Internet Explorer 8 (KB976749)
Opdatering til Windows Internet Explorer 8 (KB980182)
Opdatering til Windows XP (KB2141007)
Opdatering til Windows XP (KB2345886)
Opdatering til Windows XP (KB2467659)
Opdatering til Windows XP (KB951072-v2)
Opdatering til Windows XP (KB951978)
Opdatering til Windows XP (KB955759)
Opdatering til Windows XP (KB955839)
Opdatering til Windows XP (KB961503)
Opdatering til Windows XP (KB967715)
Opdatering til Windows XP (KB968389)
Opdatering til Windows XP (KB971737)
Opdatering til Windows XP (KB973687)
Opdatering til Windows XP (KB973815)
OpenOffice.org Installer 1.0
Overførselsværktøj til Windows Live
PDF Reader 3
QuickTime
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB938127)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB942615)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB944533)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB950759)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB953838)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB956390)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB958215)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB960714)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB961260)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB963027)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB969897)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB972260)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2183461)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2360131)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2416400)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2482017)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB971961)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB972260)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB974455)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB976325)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB978207)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB981332)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB982381)
Sikkerhedsopdatering til Windows Media Player (KB2378111)
Sikkerhedsopdatering til Windows Media Player (KB911564)
Sikkerhedsopdatering til Windows Media Player (KB952069)
Sikkerhedsopdatering til Windows Media Player (KB954155)
Sikkerhedsopdatering til Windows Media Player (KB968816)
Sikkerhedsopdatering til Windows Media Player (KB973540)
Sikkerhedsopdatering til Windows Media Player (KB975558)
Sikkerhedsopdatering til Windows Media Player (KB978695)
Sikkerhedsopdatering til Windows Media Player 11 (KB936782)
Sikkerhedsopdatering til Windows Media Player 11 (KB954154)
Sikkerhedsopdatering til Windows Media Player 6.4 (KB925398)
Sikkerhedsopdatering til Windows Media Player 9 (KB936782)
Sikkerhedsopdatering til Windows XP (KB2079403)
Sikkerhedsopdatering til Windows XP (KB2115168)
Sikkerhedsopdatering til Windows XP (KB2121546)
Sikkerhedsopdatering til Windows XP (KB2160329)
Sikkerhedsopdatering til Windows XP (KB2229593)
Sikkerhedsopdatering til Windows XP (KB2259922)
Sikkerhedsopdatering til Windows XP (KB2279986)
Sikkerhedsopdatering til Windows XP (KB2286198)
Sikkerhedsopdatering til Windows XP (KB2296011)
Sikkerhedsopdatering til Windows XP (KB2296199)
Sikkerhedsopdatering til Windows XP (KB2347290)
Sikkerhedsopdatering til Windows XP (KB2360937)
Sikkerhedsopdatering til Windows XP (KB2387149)
Sikkerhedsopdatering til Windows XP (KB2393802)
Sikkerhedsopdatering til Windows XP (KB2419632)
Sikkerhedsopdatering til Windows XP (KB2423089)
Sikkerhedsopdatering til Windows XP (KB2436673)
Sikkerhedsopdatering til Windows XP (KB2440591)
Sikkerhedsopdatering til Windows XP (KB2443105)
Sikkerhedsopdatering til Windows XP (KB2476687)
Sikkerhedsopdatering til Windows XP (KB2478960)
Sikkerhedsopdatering til Windows XP (KB2478971)
Sikkerhedsopdatering til Windows XP (KB2479628)
Sikkerhedsopdatering til Windows XP (KB2483185)
Sikkerhedsopdatering til Windows XP (KB2485376)
Sikkerhedsopdatering til Windows XP (KB923561)
Sikkerhedsopdatering til Windows XP (KB923789)
Sikkerhedsopdatering til Windows XP (KB938464-v2)
Sikkerhedsopdatering til Windows XP (KB938464)
Sikkerhedsopdatering til Windows XP (KB941569)
Sikkerhedsopdatering til Windows XP (KB946648)
Sikkerhedsopdatering til Windows XP (KB950760)
Sikkerhedsopdatering til Windows XP (KB950762)
Sikkerhedsopdatering til Windows XP (KB950974)
Sikkerhedsopdatering til Windows XP (KB951066)
Sikkerhedsopdatering til Windows XP (KB951376-v2)
Sikkerhedsopdatering til Windows XP (KB951376)
Sikkerhedsopdatering til Windows XP (KB951698)
Sikkerhedsopdatering til Windows XP (KB951748)
Sikkerhedsopdatering til Windows XP (KB952004)
Sikkerhedsopdatering til Windows XP (KB952954)
Sikkerhedsopdatering til Windows XP (KB953839)
Sikkerhedsopdatering til Windows XP (KB954211)
Sikkerhedsopdatering til Windows XP (KB954459)
Sikkerhedsopdatering til Windows XP (KB954600)
Sikkerhedsopdatering til Windows XP (KB955069)
Sikkerhedsopdatering til Windows XP (KB956391)
Sikkerhedsopdatering til Windows XP (KB956572)
Sikkerhedsopdatering til Windows XP (KB956744)
Sikkerhedsopdatering til Windows XP (KB956802)
Sikkerhedsopdatering til Windows XP (KB956803)
Sikkerhedsopdatering til Windows XP (KB956841)
Sikkerhedsopdatering til Windows XP (KB956844)
Sikkerhedsopdatering til Windows XP (KB957095)
Sikkerhedsopdatering til Windows XP (KB957097)
Sikkerhedsopdatering til Windows XP (KB958644)
Sikkerhedsopdatering til Windows XP (KB958687)
Sikkerhedsopdatering til Windows XP (KB958690)
Sikkerhedsopdatering til Windows XP (KB958869)
Sikkerhedsopdatering til Windows XP (KB959426)
Sikkerhedsopdatering til Windows XP (KB960225)
Sikkerhedsopdatering til Windows XP (KB960715)
Sikkerhedsopdatering til Windows XP (KB960803)
Sikkerhedsopdatering til Windows XP (KB960859)
Sikkerhedsopdatering til Windows XP (KB961371)
Sikkerhedsopdatering til Windows XP (KB961373)
Sikkerhedsopdatering til Windows XP (KB961501)
Sikkerhedsopdatering til Windows XP (KB968537)
Sikkerhedsopdatering til Windows XP (KB969059)
Sikkerhedsopdatering til Windows XP (KB969898)
Sikkerhedsopdatering til Windows XP (KB969947)
Sikkerhedsopdatering til Windows XP (KB970238)
Sikkerhedsopdatering til Windows XP (KB970430)
Sikkerhedsopdatering til Windows XP (KB971468)
Sikkerhedsopdatering til Windows XP (KB971486)
Sikkerhedsopdatering til Windows XP (KB971557)
Sikkerhedsopdatering til Windows XP (KB971633)
Sikkerhedsopdatering til Windows XP (KB971657)
Sikkerhedsopdatering til Windows XP (KB971961)
Sikkerhedsopdatering til Windows XP (KB972270)
Sikkerhedsopdatering til Windows XP (KB973346)
Sikkerhedsopdatering til Windows XP (KB973354)
Sikkerhedsopdatering til Windows XP (KB973507)
Sikkerhedsopdatering til Windows XP (KB973525)
Sikkerhedsopdatering til Windows XP (KB973869)
Sikkerhedsopdatering til Windows XP (KB973904)
Sikkerhedsopdatering til Windows XP (KB974112)
Sikkerhedsopdatering til Windows XP (KB974318)
Sikkerhedsopdatering til Windows XP (KB974392)
Sikkerhedsopdatering til Windows XP (KB974571)
Sikkerhedsopdatering til Windows XP (KB975025)
Sikkerhedsopdatering til Windows XP (KB975467)
Sikkerhedsopdatering til Windows XP (KB975560)
Sikkerhedsopdatering til Windows XP (KB975561)
Sikkerhedsopdatering til Windows XP (KB975562)
Sikkerhedsopdatering til Windows XP (KB975713)
Sikkerhedsopdatering til Windows XP (KB977165)
Sikkerhedsopdatering til Windows XP (KB977816)
Sikkerhedsopdatering til Windows XP (KB977914)
Sikkerhedsopdatering til Windows XP (KB978037)
Sikkerhedsopdatering til Windows XP (KB978251)
Sikkerhedsopdatering til Windows XP (KB978262)
Sikkerhedsopdatering til Windows XP (KB978338)
Sikkerhedsopdatering til Windows XP (KB978542)
Sikkerhedsopdatering til Windows XP (KB978601)
Sikkerhedsopdatering til Windows XP (KB978706)
Sikkerhedsopdatering til Windows XP (KB979309)
Sikkerhedsopdatering til Windows XP (KB979482)
Sikkerhedsopdatering til Windows XP (KB979559)
Sikkerhedsopdatering til Windows XP (KB979683)
Sikkerhedsopdatering til Windows XP (KB979687)
Sikkerhedsopdatering til Windows XP (KB980195)
Sikkerhedsopdatering til Windows XP (KB980218)
Sikkerhedsopdatering til Windows XP (KB980232)
Sikkerhedsopdatering til Windows XP (KB980436)
Sikkerhedsopdatering til Windows XP (KB981322)
Sikkerhedsopdatering til Windows XP (KB981852)
Sikkerhedsopdatering til Windows XP (KB981957)
Sikkerhedsopdatering til Windows XP (KB981997)
Sikkerhedsopdatering til Windows XP (KB982132)
Sikkerhedsopdatering til Windows XP (KB982214)
Sikkerhedsopdatering til Windows XP (KB982665)
Sikkerhedsopdatering til Windows XP (KB982802)
Skype™ 4.2
Smarte menuer (Windows Live Toolbar)
SUPERAntiSpyware
Tilmeldingsassistent til Windows Live
Udvidelser (Windows Live Toolbar)
Unreal Tournament 2003
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Ventrilo Client
Vigtig opdatering til Windows Media Player 11 (KB959772)
VLC media player 1.1.1
WebFldrs XP
Westwood Shared Internet Components
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Favorites til Windows Live Toolbar
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
World of Warcraft
.
==== End Of File ===========================

It looks much better doesnt it?
 
Very well done :)

Now, I want you to re-run OTL, but...

Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop
 
Ok, I know HJT but I havent used OTL before!

Heres the log:

OTL logfile created on: 12-04-2011 02:12:48 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Matthias\Skrivebord
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer
Drive C: | 232,88 Gb Total Space | 98,84 Gb Free Space | 42,44% Space Free | Partition Type: NTFS
Drive E: | 3,92 Gb Total Space | 3,88 Gb Free Space | 98,91% Space Free | Partition Type: FAT32

Computer Name: MATTHIAS-QYE257 | User Name: Matthias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-04-10 01:24:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthias\Skrivebord\OTL.exe
PRC - [2010-08-13 13:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010-06-10 15:54:26 | 000,493,336 | ---- | M] () -- C:\Programmer\Activ Software\ActivDriver\ActivMgr.exe
PRC - [2010-06-10 15:54:22 | 001,092,896 | ---- | M] (Promethean Technologies Group Ltd) -- C:\Programmer\Activ Software\ActivDriver\ActivControl2.exe
PRC - [2008-10-26 21:25:52 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008-04-14 18:05:49 | 001,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011-04-12 01:29:37 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Activ Software\ActivApplications\ActivFocusHook.dll
MOD - [2011-04-10 01:24:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthias\Skrivebord\OTL.exe
MOD - [2010-08-23 18:12:31 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008-05-13 19:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com) -- C:\Programmer\SUPERAntiSpyware\SASSEH.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010-08-13 13:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008-11-04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmer\Fælles filer\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008-10-26 21:25:52 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2006-10-26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmer\Fælles filer\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2010-05-26 16:21:00 | 000,006,144 | ---- | M] (Promethean Technologies Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\activmouse.sys -- (prmvmouse)
DRV - [2010-05-26 16:20:44 | 000,074,752 | ---- | M] (Promethean Technologies Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\activhidsermini.sys -- (ActivHidSerMini)
DRV - [2010-05-10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programmer\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010-02-17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programmer\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009-08-05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008-04-13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2006-08-23 03:53:14 | 001,723,904 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006-08-02 03:53:00 | 000,168,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW)
DRV - [2006-04-06 08:20:44 | 004,258,816 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006-03-22 07:24:02 | 000,018,944 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006-03-22 07:24:00 | 000,052,736 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006-03-16 12:51:32 | 000,099,840 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005-03-09 08:53:00 | 000,036,352 | R--- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://dk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = da
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A8 87 F5 EF ED 99 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: 930f1200-f5f1-4870-bac6-e233ec8e7023} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.dk/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?FORM=IEFM1&q="

FF - HKLM\software\mozilla\Firefox\extensions\\{EBDC7EC1-549E-48ee-96F7-C2252F5BBBED}: C:\Programmer\Comodo\HopSurfToolbar\hopsurfext_ff3
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programmer\AVG\AVG10\Firefox\
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Programmer\Mozilla Firefox\components [2010-12-12 14:52:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Programmer\Mozilla Firefox\plugins [2010-12-12 14:52:09 | 000,000,000 | ---D | M]

[2008-10-31 19:16:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Matthias\Application Data\Mozilla\Extensions
[2011-02-27 18:03:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Matthias\Application Data\Mozilla\Firefox\Profiles\po835jhi.default\extensions
[2010-07-25 11:41:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Matthias\Application Data\Mozilla\Firefox\Profiles\po835jhi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009-05-07 21:52:16 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Matthias\Application Data\Mozilla\Firefox\Profiles\po835jhi.default\searchplugins\live-search.xml
[2010-07-25 10:55:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programmer\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAMMER\AVG\AVG10\FIREFOX
[2009-03-17 17:08:21 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMMER\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010-10-26 10:32:55 | 000,001,525 | ---- | M] () -- C:\Programmer\Mozilla Firefox\searchplugins\amazon-co-uk.xml
[2010-10-26 10:32:55 | 000,001,178 | ---- | M] () -- C:\Programmer\Mozilla Firefox\searchplugins\wikipedia-da.xml
[2010-10-26 10:32:55 | 000,001,102 | ---- | M] () -- C:\Programmer\Mozilla Firefox\searchplugins\yahoo-dk.xml

O1 HOSTS File: ([2002-09-16 14:00:00 | 000,000,723 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (Hjælp til tilmelding til Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Programmer\Softonic_English\tbSof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Programmer\Softonic_English\tbSof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic English Toolbar) - {930F1200-F5F1-4870-BAC6-E233EC8E7023} - C:\Programmer\Softonic_English\tbSof0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ActivControl] C:\Programmer\Activ Software\ActivDriver\ActivControl2.exe (Promethean Technologies Group Ltd)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_TRAY] File not found
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Matthias\Menuen Start\Programmer\Start\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programmer\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/DA-DK/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmer\Fælles filer\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmer\Fælles filer\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Min aktuelle startside) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Matthias\Dokumenter\Billeder\The big bang.png
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Matthias\Lokale indstillinger\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programmer\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-02-15 20:15:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)

========== Files/Folders - Created Within 30 Days ==========

[2011-04-11 19:31:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011-04-11 19:31:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menuen Start\Programmer\Malwarebytes' Anti-Malware
[2011-04-11 19:30:57 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011-04-11 19:30:57 | 000,000,000 | ---D | C] -- C:\Programmer\Malwarebytes' Anti-Malware
[2011-04-11 19:15:54 | 001,153,912 | ---- | C] (Emsi Software GmbH) -- C:\Documents and Settings\Matthias\Skrivebord\BlitzBlank.exe
[2011-04-11 03:36:02 | 000,000,000 | -HSD | C] -- C:\found.000
[2011-04-10 08:38:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2011-04-10 04:33:08 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matthias\Skrivebord\OTL.exe
[2011-04-08 04:07:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthias\Application Data\SUPERAntiSpyware.com
[2011-04-08 04:07:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011-04-08 04:07:39 | 000,000,000 | ---D | C] -- C:\Programmer\SUPERAntiSpyware
[2011-04-08 01:45:58 | 006,238,248 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\Matthias\Skrivebord\AppRemover.exe
[2011-04-07 18:26:12 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matthias\Skrivebord\TFC.exe
[2011-04-06 15:36:17 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2011-04-06 14:02:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011-04-05 20:12:26 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0

========== Files - Modified Within 30 Days ==========

[2011-04-12 01:29:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-04-11 19:31:00 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Malwarebytes' Anti-Malware.lnk
[2011-04-11 19:27:35 | 000,449,232 | ---- | M] () -- C:\WINDOWS\System32\perfh006.dat
[2011-04-11 19:27:35 | 000,433,872 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-04-11 19:27:35 | 000,079,148 | ---- | M] () -- C:\WINDOWS\System32\perfc006.dat
[2011-04-11 19:27:35 | 000,068,444 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-04-11 15:56:42 | 000,000,631 | ---- | M] () -- C:\Documents and Settings\Matthias\Skrivebord\Genvej til notepad.lnk
[2011-04-11 15:41:49 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-04-11 15:10:26 | 001,153,912 | ---- | M] (Emsi Software GmbH) -- C:\Documents and Settings\Matthias\Skrivebord\BlitzBlank.exe
[2011-04-10 01:24:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthias\Skrivebord\OTL.exe
[2011-04-08 04:07:41 | 000,001,651 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\SUPERAntiSpyware Free Edition.lnk
[2011-04-08 01:36:54 | 006,238,248 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Matthias\Skrivebord\AppRemover.exe
[2011-04-07 12:51:46 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Matthias\Skrivebord\dds.scr
[2011-04-07 12:51:16 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Matthias\Skrivebord\zrckln5k.exe
[2011-04-07 12:50:24 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthias\Skrivebord\TFC.exe
[2011-04-06 16:52:47 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\Matthias\Skrivebord\Microsoft Office Excel 2007.lnk

========== Files Created - No Company Name ==========

[2011-04-11 19:31:00 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\Malwarebytes' Anti-Malware.lnk
[2011-04-11 15:56:42 | 000,000,631 | ---- | C] () -- C:\Documents and Settings\Matthias\Skrivebord\Genvej til notepad.lnk
[2011-04-10 08:38:34 | 002,234,368 | R--- | C] () -- C:\OTLPE.exe
[2011-04-08 04:07:41 | 000,001,651 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\SUPERAntiSpyware Free Edition.lnk
[2011-04-07 19:17:38 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Matthias\Skrivebord\dds.scr
[2011-04-07 18:40:27 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Matthias\Skrivebord\zrckln5k.exe
[2010-11-10 17:45:01 | 000,023,920 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010-10-31 21:22:26 | 000,075,776 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01e.exe
[2010-08-01 23:53:42 | 000,152,192 | ---- | C] () -- C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\FontCache3.0.0.0.dat
[2010-07-24 18:04:47 | 000,000,259 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010-06-10 15:54:42 | 000,227,624 | ---- | C] () -- C:\WINDOWS\libactivboardex.dll
[2010-06-10 15:54:24 | 000,256,280 | ---- | C] () -- C:\WINDOWS\ActivDRV.dll
[2010-05-01 01:20:21 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DToPcM40.dat
[2009-09-30 23:41:03 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2009-09-27 14:17:36 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\legitcheckcontrol.dll.bak
[2009-09-27 14:17:36 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\LegitCheckControl.dll
[2009-09-27 14:17:36 | 000,323,072 | ---- | C] () -- C:\WINDOWS\System32\wgatray.exe.bak
[2009-09-27 14:17:36 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\wgalogon.dll.bak
[2008-12-28 11:02:46 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008-12-28 10:59:48 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2008-10-31 19:17:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008-05-16 12:58:04 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2008-05-04 20:27:17 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Matthias\Lokale indstillinger\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-04-18 12:32:56 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008-02-21 21:50:59 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2008-02-21 19:27:21 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008-02-16 12:02:28 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2008-02-15 20:35:49 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008-02-15 20:32:36 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008-02-15 20:26:58 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008-02-15 20:26:58 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008-02-15 20:16:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008-02-15 20:14:05 | 000,021,644 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008-02-15 20:11:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008-02-15 20:10:41 | 000,149,200 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006-08-16 19:52:54 | 000,133,583 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004-08-02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003-03-24 07:03:00 | 000,279,552 | ---- | C] () -- C:\WINDOWS\System32\FGWVB32.DLL
[2002-09-16 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002-09-16 14:00:00 | 000,449,232 | ---- | C] () -- C:\WINDOWS\System32\perfh006.dat
[2002-09-16 14:00:00 | 000,433,872 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002-09-16 14:00:00 | 000,284,912 | ---- | C] () -- C:\WINDOWS\System32\perfi006.dat
[2002-09-16 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002-09-16 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002-09-16 14:00:00 | 000,079,148 | ---- | C] () -- C:\WINDOWS\System32\perfc006.dat
[2002-09-16 14:00:00 | 000,068,444 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002-09-16 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002-09-16 14:00:00 | 000,034,026 | ---- | C] () -- C:\WINDOWS\System32\perfd006.dat
[2002-09-16 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002-09-16 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002-09-16 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001-09-04 11:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001-09-04 11:10:20 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008-02-15 20:15:35 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011-04-11 19:25:35 | 000,033,780 | ---- | M] () -- C:\blitzblank.log
[2008-02-17 22:31:08 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2002-09-16 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2008-02-15 20:15:35 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008-02-15 20:15:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009-02-12 01:00:02 | 001,481,728 | ---- | M] () -- C:\LegitCheckControl.dll
[2008-02-15 20:15:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008-02-15 20:44:26 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009-09-27 13:13:16 | 000,250,576 | RHS- | M] () -- C:\ntldr
[2011-04-10 09:52:36 | 000,046,092 | ---- | M] () -- C:\OTL.Txt
[2011-03-07 00:12:59 | 002,234,368 | R--- | M] () -- C:\OTLPE.exe
[2011-04-12 01:29:29 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2001-01-10 13:23:58 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE
[2009-02-12 01:00:02 | 000,190,976 | ---- | M] () -- C:\WgaLogon.dll
[2009-02-12 01:00:02 | 000,323,072 | ---- | M] () -- C:\WgaTray.exe

< %systemroot%\Fonts\*.com >
[2006-04-18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006-06-29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006-04-18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006-06-29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008-02-15 20:15:24 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008-07-06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006-10-26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008-07-06 12:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010-04-17 01:53:08 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008-02-15 21:10:03 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008-02-15 21:10:03 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008-02-15 21:10:03 | 000,405,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008-02-15 20:48:18 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Matthias\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2008-02-15 20:17:55 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Matthias\Application Data\Microsoft\Internet Explorer\Quick Launch\Vis skrivebord.scf

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2008-10-31 19:03:57 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Matthias\Cookies\desktop.ini
[2011-04-12 01:34:48 | 000,049,152 | -HS- | M] () -- C:\Documents and Settings\Matthias\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007-06-27 16:34:24 | 000,317,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008-04-14 18:05:19 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Messenger\custsat.dll
[2002-09-16 14:00:00 | 000,004,821 | ---- | M] () -- C:\Programmer\Messenger\logowin.gif
[2002-08-20 13:32:18 | 000,007,047 | ---- | M] () -- C:\Programmer\Messenger\lvback.gif
[2002-04-11 12:56:56 | 000,000,937 | ---- | M] () -- C:\Programmer\Messenger\mailtmpl.txt
[2008-05-02 16:05:52 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Messenger\msgsc.dll
[2008-04-13 19:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Messenger\msgslang.dll
[2008-04-14 18:05:55 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Messenger\msmsgs.exe
[2002-08-20 16:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Messenger\msmsgsin.exe
[2002-09-16 14:00:00 | 000,002,882 | ---- | M] () -- C:\Programmer\Messenger\newalert.wav
[2002-09-16 14:00:00 | 000,006,156 | ---- | M] () -- C:\Programmer\Messenger\newemail.wav
[2002-09-16 14:00:00 | 000,006,160 | ---- | M] () -- C:\Programmer\Messenger\online.wav
[2002-08-20 13:32:20 | 000,004,454 | ---- | M] () -- C:\Programmer\Messenger\type.wav
[2004-07-17 12:37:16 | 000,121,026 | ---- | M] () -- C:\Programmer\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
IE - HKCU\..\URLSearchHook: 930f1200-f5f1-4870-bac6-e233ec8e7023} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programmer\AVG\AVG10\Firefox\
File not found (No name found) -- C:\PROGRAMMER\AVG\AVG10\FIREFOX
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] File not found
O4 - HKCU..\Run: [BitTorrent DNA] File not found
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found

:Files
C:\PROGRAMMER\AVG

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.
 
And here it is:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\930f1200-f5f1-4870-bac6-e233ec8e7023} deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3f963a5b-e555-4543-90e2-c3908898db71}\ not found.
File C:\Programmer\AVG\AVG10\Firefox not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AVG_TRAY deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BitTorrent DNA deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ deleted successfully.
File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart deleted successfully.
========== FILES ==========
File\Folder C:\PROGRAMMER\AVG not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Matthias
->Temp folder emptied: 19709946 bytes
->Temporary Internet Files folder emptied: 5850664 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 1712195 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32768 bytes
RecycleBin emptied: 278 bytes

Total Files Cleaned = 26,00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: Matthias
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04122011_024722

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
Well done :)

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Here it is, I hope you can read it, most of the comments are in danish.. :(


ComboFix 11-04-11.02 - Matthias 12-04-2011 3:10.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.2047.1555 [GMT 2:00]
Kører fra: c:\documents and settings\Matthias\Skrivebord\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Matthias\WINDOWS
c:\windows\system32\winlogon.bak
.
.
((((((((((((((((((((((((((((( Filer skabt fra 2011-03-12 til 2011-04-12 )))))))))))))))))))))))))))))))))))
.
.
2011-04-06 02:00 . 2011-04-06 02:00 -------- d-----w- c:\documents and settings\Administrator\Lokale indstillinger\Application Data\Mozilla
2011-04-06 00:31 . 2011-04-06 00:31 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-04-05 18:12 . 2011-04-05 18:18 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2002-09-16 12:00 439808 ----a-w- c:\windows\system32\shimgvw.dll
.
Code: 
<pre>
c:\programmer\DNA\btdna .exe
c:\programmer\Java\jre6\bin\jusched .exe
c:\programmer\Skype\Phone\Skype .exe
c:\programmer\Windows Live\Messenger\MsnMsgr .exe
</pre>
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
2010-04-21 19:10 2349080 ----a-w- c:\programmer\Softonic_English\tbSof0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\programmer\Softonic_English\tbSof0.dll" [2010-04-21 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{930F1200-F5F1-4870-BAC6-E233EC8E7023}"= "c:\programmer\Softonic_English\tbSof0.dll" [2010-04-21 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\programmer\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"Skype"="c:\programmer\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"SUPERAntiSpyware"="c:\programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-16 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 16120832]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Malwarebytes Anti-Malware (reboot)"="c:\programmer\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"QuickTime Task"="c:\programmer\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\programmer\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"ActivControl"="c:\programmer\Activ Software\ActivDriver\ActivControl2.exe" [2010-06-10 1092896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Matthias\Menuen Start\Programmer\Start\
CurseClientStartup.ccip [2010-2-19 0]
Screen Clipper and Launcher til OneNote 2007.lnk - c:\programmer\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmer\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\programmer\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\muBlinder]
c:\documents and settings\Matthias\Dokumenter\Modtagne filer\muBlinder\muBlinder.exe [N/A]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\Messenger\\msmsgs.exe"=
"c:\\Programmer\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmer\\Skype\\Phone\\Skype .exe"=
"c:\\Programmer\\Ventrilo\\Ventrilo.exe"=
"c:\\Programmer\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmer\\iTunes\\iTunes.exe"=
"c:\\Programmer\\Skype\\Phone\\Skype.exe"=
"c:\\Programmer\\World of Warcraft\\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe"=
"c:\\Documents and Settings\\Matthias\\Lokale indstillinger\\Apps\\2.0\\WGL9DQQ0.QTN\\W2LO8AVQ.CQL\\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\\CurseClient.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6112:TCP"= 6112:TCP:Blizzard dowloader
.
R1 SASDIFSV;SASDIFSV;c:\programmer\SUPERAntiSpyware\sasdifsv.sys [17-02-2010 20:25 12872]
R1 SASKUTIL;SASKUTIL;c:\programmer\SUPERAntiSpyware\SASKUTIL.SYS [10-05-2010 20:41 67656]
R3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\drivers\activhidsermini.sys [26-05-2010 16:20 74752]
R3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\drivers\activmouse.sys [26-05-2010 16:21 6144]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [01-11-2010 19:05 41984]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Matthias\Application Data\Mozilla\Firefox\Profiles\po835jhi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmer\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programmer\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - TOMME GENVEJE FJERNET - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-AVG - c:\programmer\AVG\AVG10\avgmfapx.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-12 03:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanner skjulte processer ...
.
scanner skjulte autostarter ...
.
scanner skjulte filer ...
.
scanning gennemført med succes
skjulte filer: 0
.
**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_USERS\S-1-5-21-1606980848-1645522239-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
[HKEY_USERS\S-1-5-21-1606980848-1645522239-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:5c,46,42,2f,9e,2c,43,23,bc,c3,27,a0,45,8d,43,52,23,97,c5,61,d9,18,fa,
64,3a,60,74,89,1d,f5,6d,d7,9c,4e,d4,96,2f,1a,2d,47,b7,0f,2a,b2,6b,c7,b9,92,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-1606980848-1645522239-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:e6,a7,fb,65,b5,b0,ba,7f,d6,f4,73,48,0e,41,dd,58,87,71,e0,d2,75,
e1,5a,b2,a3,d9,cf,51,60,73,cc,13,83,1e,fd,99,fd,a7,95,71,b4,55,3c,a6,f5,3c,\
"rkeysecu"=hex:6c,06,98,ee,38,29,de,54,a4,4f,6a,f4,39,6f,aa,95
.
--------------------- DLLs startet under kørende Processer ---------------------
.
- - - - - - - > 'winlogon.exe'(932)
c:\programmer\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\SYSTEM32\Ati2evxx.dll
.
Gennemført tid: 2011-04-12 03:14:47
ComboFix-quarantined-files.txt 2011-04-12 01:14
.
Pre-Kørsel: 106.068.172.800 byte ledig
Post-Kørsel: 106.082.877.440 byte ledig
.
- - End Of File - - 1A5AF1F9153B023481A7399C57A30410
 
I'm perfect in Danish :).........not...LOL

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
SecCenter::
{17DDD097-36FF-435F-9E1B-52D74245D6BF}

RenV::
c:\programmer\DNA\btdna .exe
c:\programmer\Java\jre6\bin\jusched .exe
c:\programmer\Skype\Phone\Skype .exe
c:\programmer\Windows Live\Messenger\MsnMsgr .exe

File::
c:\windows\system32\DRIVERS\AVGIDSDriver.Sys

Folder::

Driver::
AVGIDSDriver

Registry::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
this will be the last log fortoday, its pretty late here!

ComboFix 11-04-11.02 - Matthias 12-04-2011 4:04.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.2047.1552 [GMT 2:00]
Kører fra: c:\documents and settings\Matthias\Skrivebord\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\Matthias\Skrivebord\CFScript.txt
.
advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.
FILE ::
"c:\windows\system32\DRIVERS\AVGIDSDriver.Sys"
.
.
((((((((((((((((((((((((((((( Filer skabt fra 2011-03-12 til 2011-04-12 )))))))))))))))))))))))))))))))))))
.
.
2011-04-11 17:31 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-11 17:30 . 2011-04-11 17:31 -------- d-----w- c:\programmer\Malwarebytes' Anti-Malware
2011-04-11 17:30 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-11 01:36 . 2011-04-11 01:36 -------- d-----w- C:\found.000
2011-04-10 06:38 . 2011-03-06 22:12 2234368 ----a-r- C:\OTLPE.exe
2011-04-10 06:38 . 2011-04-10 06:38 -------- d-----w- C:\_OTL
2011-04-08 02:07 . 2011-04-08 02:07 -------- d-----w- c:\documents and settings\Matthias\Application Data\SUPERAntiSpyware.com
2011-04-08 02:07 . 2011-04-08 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-08 02:07 . 2011-04-08 02:07 -------- d-----w- c:\programmer\SUPERAntiSpyware
2011-04-06 02:00 . 2011-04-06 02:00 -------- d-----w- c:\documents and settings\Administrator\Lokale indstillinger\Application Data\Mozilla
2011-04-06 00:31 . 2011-04-06 00:31 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-04-05 18:12 . 2011-04-05 18:18 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2002-09-16 12:00 439808 ----a-w- c:\windows\system32\shimgvw.dll
.
Code: 
<pre>
c:\programmer\Skype\Phone\Skype .exe
</pre>
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
2010-04-21 19:10 2349080 ----a-w- c:\programmer\Softonic_English\tbSof0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\programmer\Softonic_English\tbSof0.dll" [2010-04-21 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{930F1200-F5F1-4870-BAC6-E233EC8E7023}"= "c:\programmer\Softonic_English\tbSof0.dll" [2010-04-21 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\programmer\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Skype"="c:\programmer\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"SUPERAntiSpyware"="c:\programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-16 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 16120832]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Malwarebytes Anti-Malware (reboot)"="c:\programmer\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"QuickTime Task"="c:\programmer\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\programmer\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"ActivControl"="c:\programmer\Activ Software\ActivDriver\ActivControl2.exe" [2010-06-10 1092896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Matthias\Menuen Start\Programmer\Start\
CurseClientStartup.ccip [2010-2-19 0]
Screen Clipper and Launcher til OneNote 2007.lnk - c:\programmer\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmer\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\programmer\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\muBlinder]
c:\documents and settings\Matthias\Dokumenter\Modtagne filer\muBlinder\muBlinder.exe [N/A]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\Messenger\\msmsgs.exe"=
"c:\\Programmer\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmer\\Skype\\Phone\\Skype .exe"=
"c:\\Programmer\\Ventrilo\\Ventrilo.exe"=
"c:\\Programmer\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmer\\iTunes\\iTunes.exe"=
"c:\\Programmer\\Skype\\Phone\\Skype.exe"=
"c:\\Programmer\\World of Warcraft\\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe"=
"c:\\Documents and Settings\\Matthias\\Lokale indstillinger\\Apps\\2.0\\WGL9DQQ0.QTN\\W2LO8AVQ.CQL\\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\\CurseClient.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6112:TCP"= 6112:TCP:Blizzard dowloader
.
R1 SASDIFSV;SASDIFSV;c:\programmer\SUPERAntiSpyware\sasdifsv.sys [17-02-2010 20:25 12872]
R1 SASKUTIL;SASKUTIL;c:\programmer\SUPERAntiSpyware\SASKUTIL.SYS [10-05-2010 20:41 67656]
R3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\drivers\activhidsermini.sys [26-05-2010 16:20 74752]
R3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\drivers\activmouse.sys [26-05-2010 16:21 6144]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [01-11-2010 19:05 41984]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Matthias\Application Data\Mozilla\Firefox\Profiles\po835jhi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmer\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programmer\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-12 04:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanner skjulte processer ...
.
scanner skjulte autostarter ...
.
scanner skjulte filer ...
.
scanning gennemført med succes
skjulte filer: 0
.
**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_USERS\S-1-5-21-1606980848-1645522239-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
[HKEY_USERS\S-1-5-21-1606980848-1645522239-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:5c,46,42,2f,9e,2c,43,23,bc,c3,27,a0,45,8d,43,52,23,97,c5,61,d9,18,fa,
64,3a,60,74,89,1d,f5,6d,d7,9c,4e,d4,96,2f,1a,2d,47,b7,0f,2a,b2,6b,c7,b9,92,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-1606980848-1645522239-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:e6,a7,fb,65,b5,b0,ba,7f,d6,f4,73,48,0e,41,dd,58,87,71,e0,d2,75,
e1,5a,b2,a3,d9,cf,51,60,73,cc,13,83,1e,fd,99,fd,a7,95,71,b4,55,3c,a6,f5,3c,\
"rkeysecu"=hex:6c,06,98,ee,38,29,de,54,a4,4f,6a,f4,39,6f,aa,95
.
--------------------- DLLs startet under kørende Processer ---------------------
.
- - - - - - - > 'winlogon.exe'(924)
c:\programmer\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1668)
c:\documents and settings\All Users\Application Data\ACTIV Software\ActivApplications\ActivFocusHook.dll
c:\windows\system32\msls31.dll
c:\windows\system32\ImgUtil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programmer\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
c:\programmer\Activ Software\ActivDriver\activmgr.exe
c:\programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programmer\Bonjour\mDNSResponder.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmer\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\programmer\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Gennemført tid: 2011-04-12 04:14:09 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2011-04-12 02:14
ComboFix2.txt 2011-04-12 01:14
.
Pre-Kørsel: 106.189.467.648 byte ledig
Post-Kørsel: 106.178.543.616 byte ledig
.
- - End Of File - - 5B17CF9614D78EDFE29BEACC6B5DA311


And I have a question:

Is it safe now to reconnect the computer to the internet?
 
It looks better, but we still have 1 trojan keftover.

You can reconnect, but...
1. Make sure Windows firewall is on.
2. Install one of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html


Now....

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
RenV::
c:\programmer\Skype\Phone\Skype .exe


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Heres the log:

ComboFix 11-04-12.01 - Matthias 12-04-2011 23:45:21.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.2047.1550 [GMT 2:00]
Kører fra: c:\documents and settings\Matthias\Skrivebord\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\Matthias\Skrivebord\CFScript.txt
.
.
((((((((((((((((((((((((((((( Filer skabt fra 2011-03-12 til 2011-04-12 )))))))))))))))))))))))))))))))))))
.
.
2011-04-11 17:31 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-11 17:30 . 2011-04-11 17:31 -------- d-----w- c:\programmer\Malwarebytes' Anti-Malware
2011-04-11 17:30 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-11 01:36 . 2011-04-11 01:36 -------- d-----w- C:\found.000
2011-04-10 06:38 . 2011-03-06 22:12 2234368 ----a-r- C:\OTLPE.exe
2011-04-10 06:38 . 2011-04-10 06:38 -------- d-----w- C:\_OTL
2011-04-08 02:07 . 2011-04-08 02:07 -------- d-----w- c:\documents and settings\Matthias\Application Data\SUPERAntiSpyware.com
2011-04-08 02:07 . 2011-04-08 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-08 02:07 . 2011-04-08 02:07 -------- d-----w- c:\programmer\SUPERAntiSpyware
2011-04-06 02:00 . 2011-04-06 02:00 -------- d-----w- c:\documents and settings\Administrator\Lokale indstillinger\Application Data\Mozilla
2011-04-06 00:31 . 2011-04-06 00:31 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-04-05 18:12 . 2011-04-05 18:18 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2002-09-16 12:00 439808 ----a-w- c:\windows\system32\shimgvw.dll
.
Code: 
<pre>
c:\programmer\Skype\Phone\Skype .exe
</pre>
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
2010-04-21 19:10 2349080 ----a-w- c:\programmer\Softonic_English\tbSof0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\programmer\Softonic_English\tbSof0.dll" [2010-04-21 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{930F1200-F5F1-4870-BAC6-E233EC8E7023}"= "c:\programmer\Softonic_English\tbSof0.dll" [2010-04-21 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\programmer\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Skype"="c:\programmer\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"SUPERAntiSpyware"="c:\programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-16 2423752]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 16120832]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Malwarebytes Anti-Malware (reboot)"="c:\programmer\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"QuickTime Task"="c:\programmer\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\programmer\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"ActivControl"="c:\programmer\Activ Software\ActivDriver\ActivControl2.exe" [2010-06-10 1092896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Matthias\Menuen Start\Programmer\Start\
Screen Clipper and Launcher til OneNote 2007.lnk - c:\programmer\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmer\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\programmer\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Matthias^Menuen Start^Programmer^Start^CurseClientStartup.ccip]
path=c:\documents and settings\Matthias\Menuen Start\Programmer\Start\CurseClientStartup.ccip
backup=c:\windows\pss\CurseClientStartup.ccipStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\muBlinder]
c:\documents and settings\Matthias\Dokumenter\Modtagne filer\muBlinder\muBlinder.exe [N/A]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\Messenger\\msmsgs.exe"=
"c:\\Programmer\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmer\\Skype\\Phone\\Skype .exe"=
"c:\\Programmer\\Ventrilo\\Ventrilo.exe"=
"c:\\Programmer\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmer\\iTunes\\iTunes.exe"=
"c:\\Programmer\\Skype\\Phone\\Skype.exe"=
"c:\\Programmer\\World of Warcraft\\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe"=
"c:\\Documents and Settings\\Matthias\\Lokale indstillinger\\Apps\\2.0\\WGL9DQQ0.QTN\\W2LO8AVQ.CQL\\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\\CurseClient.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6112:TCP"= 6112:TCP:Blizzard dowloader
.
R1 SASDIFSV;SASDIFSV;c:\programmer\SUPERAntiSpyware\sasdifsv.sys [17-02-2010 20:25 12872]
R1 SASKUTIL;SASKUTIL;c:\programmer\SUPERAntiSpyware\SASKUTIL.SYS [10-05-2010 20:41 67656]
R3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\drivers\activhidsermini.sys [26-05-2010 16:20 74752]
R3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\drivers\activmouse.sys [26-05-2010 16:21 6144]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [01-11-2010 19:05 41984]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Matthias\Application Data\Mozilla\Firefox\Profiles\po835jhi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmer\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programmer\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-12 23:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanner skjulte processer ...
.
scanner skjulte autostarter ...
.
scanner skjulte filer ...
.
scanning gennemført med succes
skjulte filer: 0
.
**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_USERS\S-1-5-21-1606980848-1645522239-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
[HKEY_USERS\S-1-5-21-1606980848-1645522239-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:5c,46,42,2f,9e,2c,43,23,bc,c3,27,a0,45,8d,43,52,23,97,c5,61,d9,18,fa,
64,3a,60,74,89,1d,f5,6d,d7,9c,4e,d4,96,2f,1a,2d,47,b7,0f,2a,b2,6b,c7,b9,92,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-1606980848-1645522239-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:e6,a7,fb,65,b5,b0,ba,7f,d6,f4,73,48,0e,41,dd,58,87,71,e0,d2,75,
e1,5a,b2,a3,d9,cf,51,60,73,cc,13,83,1e,fd,99,fd,a7,95,71,b4,55,3c,a6,f5,3c,\
"rkeysecu"=hex:6c,06,98,ee,38,29,de,54,a4,4f,6a,f4,39,6f,aa,95
.
--------------------- DLLs startet under kørende Processer ---------------------
.
- - - - - - - > 'winlogon.exe'(888)
c:\programmer\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3972)
c:\documents and settings\All Users\Application Data\ACTIV Software\ActivApplications\ActivFocusHook.dll
c:\windows\system32\msls31.dll
c:\windows\system32\ImgUtil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programmer\Lavasoft\Ad-Aware\aawservice.exe
c:\programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programmer\Bonjour\mDNSResponder.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\programmer\Activ Software\ActivDriver\activmgr.exe
c:\windows\system32\wscntfy.exe
c:\programmer\iPod\bin\iPodService.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\programmer\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Gennemført tid: 2011-04-12 23:57:45 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2011-04-12 21:57
ComboFix2.txt 2011-04-12 02:14
ComboFix3.txt 2011-04-12 01:14
.
Pre-Kørsel: 106.049.368.064 byte ledig
Post-Kørsel: 106.037.944.320 byte ledig
.
WindowsXP-KB310994-SP2-Home-BootDisk-DAN.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 49D4CF5954479DD71F296E91BDEAAB86
 
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\programmer\Skype\Phone\Skype .exe


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Sorry for the delay, my connection went down last night (second time in 3 days!) and wasnt repaired until this afternoon.... The wires outside must be rotten!

But here is the log:

ComboFix 11-04-12.01 - Matthias 13-04-2011 1:46.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.2047.1503 [GMT 2:00]
Kører fra: c:\documents and settings\Matthias\Skrivebord\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\Matthias\Skrivebord\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\programmer\Skype\Phone\Skype .exe"
.
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programmer\Skype\Phone\Skype .exe
.
.
((((((((((((((((((((((((((((( Filer skabt fra 2011-03-12 til 2011-04-12 )))))))))))))))))))))))))))))))))))
.
.
2011-04-12 23:40 . 2011-04-12 23:40 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B74C8870-2944-4700-BA42-2B4F70FB3648}\MpKslef18f5a6.sys
2011-04-12 22:13 . 2011-01-12 23:41 5890896 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-12 22:12 . 2011-03-14 19:05 6792528 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B74C8870-2944-4700-BA42-2B4F70FB3648}\mpengine.dll
2011-04-12 22:12 . 2011-02-02 16:11 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-12 22:09 . 2011-04-12 22:09 -------- d-----w- c:\programmer\Microsoft Security Client
2011-04-11 17:31 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-11 17:30 . 2011-04-11 17:31 -------- d-----w- c:\programmer\Malwarebytes' Anti-Malware
2011-04-11 17:30 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-11 01:36 . 2011-04-11 01:36 -------- d-----w- C:\found.000
2011-04-10 06:38 . 2011-03-06 22:12 2234368 ----a-r- C:\OTLPE.exe
2011-04-10 06:38 . 2011-04-10 06:38 -------- d-----w- C:\_OTL
2011-04-08 02:07 . 2011-04-08 02:07 -------- d-----w- c:\documents and settings\Matthias\Application Data\SUPERAntiSpyware.com
2011-04-08 02:07 . 2011-04-08 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-08 02:07 . 2011-04-08 02:07 -------- d-----w- c:\programmer\SUPERAntiSpyware
2011-04-06 02:00 . 2011-04-06 02:00 -------- d-----w- c:\documents and settings\Administrator\Lokale indstillinger\Application Data\Mozilla
2011-04-06 00:31 . 2011-04-06 00:31 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-04-05 18:12 . 2011-04-05 18:18 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2002-09-16 12:00 439808 ----a-w- c:\windows\system32\shimgvw.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-12_01.13.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-12 23:39 . 2011-04-12 23:39 16384 c:\windows\Temp\Perflib_Perfdata_680.dat
+ 2010-01-20 17:02 . 2008-07-08 13:00 17784 c:\windows\system32\spmsg.dll
- 2010-01-20 17:02 . 2010-02-22 14:21 17784 c:\windows\system32\spmsg.dll
+ 2011-04-12 21:29 . 2011-04-12 21:48 12982 c:\windows\SoftwareDistribution\EventCache\{BB63DA84-5EEC-45FB-9711-58DD6ACB5016}.bin
+ 2011-04-12 22:09 . 2011-04-12 22:09 47616 c:\windows\Installer\102bf6.msi
+ 2011-04-12 22:09 . 2011-04-12 22:09 27648 c:\windows\Installer\102be9.msi
+ 2010-09-29 21:45 . 2011-04-12 21:30 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-09-29 21:45 . 2010-12-18 00:59 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2002-09-16 12:00 . 2009-07-27 23:18 135168 c:\windows\system32\shsvcs.dll
- 2002-09-16 12:00 . 2008-04-14 16:05 135168 c:\windows\system32\shsvcs.dll
+ 2010-10-24 19:25 . 2010-10-24 19:25 165264 c:\windows\system32\drivers\MpFilter.sys
+ 2009-07-27 23:18 . 2009-07-27 23:18 135168 c:\windows\system32\dllcache\shsvcs.dll
+ 2011-04-12 22:09 . 2011-04-12 22:09 786432 c:\windows\Installer\102bee.msi
+ 2011-04-12 22:09 . 2011-04-12 22:09 479744 c:\windows\Installer\102be3.msi
+ 2011-04-12 22:09 . 2011-04-12 22:09 301056 c:\windows\Installer\102bde.msi
+ 2011-04-12 21:30 . 2011-04-12 21:30 20308992 c:\windows\Installer\22d78.msp
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
2010-04-21 19:10 2349080 ----a-w- c:\programmer\Softonic_English\tbSof0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\programmer\Softonic_English\tbSof0.dll" [2010-04-21 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{930F1200-F5F1-4870-BAC6-E233EC8E7023}"= "c:\programmer\Softonic_English\tbSof0.dll" [2010-04-21 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\programmer\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Skype"="c:\programmer\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"SUPERAntiSpyware"="c:\programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-16 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 16120832]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Malwarebytes Anti-Malware (reboot)"="c:\programmer\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"QuickTime Task"="c:\programmer\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\programmer\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"ActivControl"="c:\programmer\Activ Software\ActivDriver\ActivControl2.exe" [2010-06-10 1092896]
"MSC"="c:\programmer\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Matthias\Menuen Start\Programmer\Start\
Screen Clipper and Launcher til OneNote 2007.lnk - c:\programmer\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmer\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\programmer\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Matthias^Menuen Start^Programmer^Start^CurseClientStartup.ccip]
path=c:\documents and settings\Matthias\Menuen Start\Programmer\Start\CurseClientStartup.ccip
backup=c:\windows\pss\CurseClientStartup.ccipStartup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\Messenger\\msmsgs.exe"=
"c:\\Programmer\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmer\\Ventrilo\\Ventrilo.exe"=
"c:\\Programmer\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmer\\iTunes\\iTunes.exe"=
"c:\\Programmer\\Skype\\Phone\\Skype.exe"=
"c:\\Programmer\\World of Warcraft\\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe"=
"c:\\Documents and Settings\\Matthias\\Lokale indstillinger\\Apps\\2.0\\WGL9DQQ0.QTN\\W2LO8AVQ.CQL\\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\\CurseClient.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6112:TCP"= 6112:TCP:Blizzard dowloader
.
R1 MpKslef18f5a6;MpKslef18f5a6;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B74C8870-2944-4700-BA42-2B4F70FB3648}\MpKslef18f5a6.sys [13-04-2011 01:40 28752]
R1 SASDIFSV;SASDIFSV;c:\programmer\SUPERAntiSpyware\sasdifsv.sys [17-02-2010 20:25 12872]
R1 SASKUTIL;SASKUTIL;c:\programmer\SUPERAntiSpyware\SASKUTIL.SYS [10-05-2010 20:41 67656]
R3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\drivers\activhidsermini.sys [26-05-2010 16:20 74752]
R3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\drivers\activmouse.sys [26-05-2010 16:21 6144]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [01-11-2010 19:05 41984]
.
--- Andre Services/Drivers i Hukommelsen ---
.
*NewlyCreated* - MPKSLEF18F5A6
.
Indhold af mappen 'Planlagte Opgaver'
.
2011-04-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmer\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 10:26]
.
2011-04-12 c:\windows\Tasks\MpIdleTask.job
- c:\programmer\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 10:26]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Matthias\Application Data\Mozilla\Firefox\Profiles\po835jhi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmer\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programmer\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - TOMME GENVEJE FJERNET - - - -
.
MSConfigStartUp-muBlinder - c:\documents and settings\Matthias\Dokumenter\Modtagne filer\muBlinder\muBlinder.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-13 01:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanner skjulte processer ...
.
scanner skjulte autostarter ...
.
scanner skjulte filer ...
.
scanning gennemført med succes
skjulte filer: 0
.
**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_USERS\S-1-5-21-1606980848-1645522239-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
[HKEY_USERS\S-1-5-21-1606980848-1645522239-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:5c,46,42,2f,9e,2c,43,23,bc,c3,27,a0,45,8d,43,52,23,97,c5,61,d9,18,fa,
64,3a,60,74,89,1d,f5,6d,d7,9c,4e,d4,96,2f,1a,2d,47,b7,0f,2a,b2,6b,c7,b9,92,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-1606980848-1645522239-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:e6,a7,fb,65,b5,b0,ba,7f,d6,f4,73,48,0e,41,dd,58,87,71,e0,d2,75,
e1,5a,b2,a3,d9,cf,51,60,73,cc,13,83,1e,fd,99,fd,a7,95,71,b4,55,3c,a6,f5,3c,\
"rkeysecu"=hex:6c,06,98,ee,38,29,de,54,a4,4f,6a,f4,39,6f,aa,95
.
--------------------- DLLs startet under kørende Processer ---------------------
.
- - - - - - - > 'winlogon.exe'(880)
c:\programmer\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
.
Gennemført tid: 2011-04-13 01:52:54
ComboFix-quarantined-files.txt 2011-04-12 23:52
ComboFix2.txt 2011-04-12 21:57
ComboFix3.txt 2011-04-12 02:14
ComboFix4.txt 2011-04-12 01:14
.
Pre-Kørsel: 105.731.534.848 byte ledig
Post-Kørsel: 105.718.636.544 byte ledig
.
- - End Of File - - 9D6CF1CA73F584DD888A1AE333B60AB4

And there is a little problem:
The file PEV.exe (From the map World of Warcraft)) is corrupt and cannot be read... This error happened during the ComboFix scan.
 
PEV.exe is a part of Combofix, but we're done with it, so no worries there.
The log looks clean.

How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Well I have 3 small problems:
Chkdsk want to scan the harddrive after restart, but it only scans 17% and stops...
The program starts everytime I start the computer..

The boot.ini file has some strange entries:

[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

The harddrive blinks all the time (about a blink each seconds..)

Except these small things, the computer is now working fine and fast. I have installed Windows security essentials, and Im thinking about installing Online Armor as firewall, both applications are lightweight and work fine together...


And here is the OTL log:

OTL logfile created on: 13-04-2011 20:17:06 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Matthias\Skrivebord
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer
Drive C: | 232,88 Gb Total Space | 99,87 Gb Free Space | 42,89% Space Free | Partition Type: NTFS

Computer Name: MATTHIAS-QYE257 | User Name: Matthias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-04-10 01:24:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthias\Skrivebord\OTL.exe
PRC - [2011-03-17 00:24:21 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010-11-30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Microsoft Security Client\msseces.exe
PRC - [2010-11-11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Programmer\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010-08-13 13:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010-06-10 15:54:26 | 000,493,336 | ---- | M] () -- C:\Programmer\Activ Software\ActivDriver\ActivMgr.exe
PRC - [2010-06-10 15:54:22 | 001,092,896 | ---- | M] (Promethean Technologies Group Ltd) -- C:\Programmer\Activ Software\ActivDriver\ActivControl2.exe
PRC - [2008-10-26 21:25:52 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008-04-14 18:05:49 | 001,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011-04-13 17:07:32 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Activ Software\ActivApplications\ActivFocusHook.dll
MOD - [2011-04-10 01:24:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthias\Skrivebord\OTL.exe
MOD - [2010-08-23 18:12:31 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010-11-11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programmer\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010-08-13 13:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008-11-04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmer\Fælles filer\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008-10-26 21:25:52 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2006-10-26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmer\Fælles filer\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2011-04-13 17:08:12 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B74C8870-2944-4700-BA42-2B4F70FB3648}\MpKsl24e739b6.sys -- (MpKsl24e739b6)
DRV - [2010-05-26 16:21:00 | 000,006,144 | ---- | M] (Promethean Technologies Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\activmouse.sys -- (prmvmouse)
DRV - [2010-05-26 16:20:44 | 000,074,752 | ---- | M] (Promethean Technologies Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\activhidsermini.sys -- (ActivHidSerMini)
DRV - [2010-05-10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programmer\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010-02-17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programmer\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009-08-05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008-04-13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2006-08-23 03:53:14 | 001,723,904 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006-08-02 03:53:00 | 000,168,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW)
DRV - [2006-04-06 08:20:44 | 004,258,816 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006-03-22 07:24:02 | 000,018,944 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006-03-22 07:24:00 | 000,052,736 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006-03-16 12:51:32 | 000,099,840 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005-03-09 08:53:00 | 000,036,352 | R--- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1606980848-1645522239-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
IE - HKU\S-1-5-21-1606980848-1645522239-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = da
IE - HKU\S-1-5-21-1606980848-1645522239-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A8 87 F5 EF ED 99 CA 01 [binary data]
IE - HKU\S-1-5-21-1606980848-1645522239-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.dk/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?FORM=IEFM1&q="

FF - HKLM\software\mozilla\Firefox\extensions\\{EBDC7EC1-549E-48ee-96F7-C2252F5BBBED}: C:\Programmer\Comodo\HopSurfToolbar\hopsurfext_ff3
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Programmer\Mozilla Firefox\components [2010-12-12 14:52:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Programmer\Mozilla Firefox\plugins [2010-12-12 14:52:09 | 000,000,000 | ---D | M]

[2008-10-31 19:16:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Matthias\Application Data\Mozilla\Extensions
[2011-02-27 18:03:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Matthias\Application Data\Mozilla\Firefox\Profiles\po835jhi.default\extensions
[2010-07-25 11:41:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Matthias\Application Data\Mozilla\Firefox\Profiles\po835jhi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009-05-07 21:52:16 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Matthias\Application Data\Mozilla\Firefox\Profiles\po835jhi.default\searchplugins\live-search.xml
[2010-07-25 10:55:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programmer\Mozilla Firefox\extensions
[2009-03-17 17:08:21 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMMER\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010-10-26 10:32:55 | 000,001,525 | ---- | M] () -- C:\Programmer\Mozilla Firefox\searchplugins\amazon-co-uk.xml
[2010-10-26 10:32:55 | 000,001,178 | ---- | M] () -- C:\Programmer\Mozilla Firefox\searchplugins\wikipedia-da.xml
[2010-10-26 10:32:55 | 000,001,102 | ---- | M] () -- C:\Programmer\Mozilla Firefox\searchplugins\yahoo-dk.xml

O1 HOSTS File: ([2011-04-13 01:51:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Hjælp til tilmelding til Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Programmer\Softonic_English\tbSof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Programmer\Softonic_English\tbSof0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1606980848-1645522239-839522115-1004\..\Toolbar\WebBrowser: (Softonic English Toolbar) - {930F1200-F5F1-4870-BAC6-E233EC8E7023} - C:\Programmer\Softonic_English\tbSof0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ActivControl] C:\Programmer\Activ Software\ActivDriver\ActivControl2.exe (Promethean Technologies Group Ltd)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Programmer\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1606980848-1645522239-839522115-1004..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1606980848-1645522239-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1606980848-1645522239-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1606980848-1645522239-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1606980848-1645522239-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programmer\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/DA-DK/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmer\Fælles filer\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmer\Fælles filer\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Min aktuelle startside) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Matthias\Dokumenter\Billeder\The big bang.png
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Matthias\Lokale indstillinger\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programmer\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-02-15 20:15:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)

========== Files/Folders - Created Within 30 Days ==========

[2011-04-13 00:09:11 | 000,000,000 | ---D | C] -- C:\Programmer\Microsoft Security Client
[2011-04-12 23:44:26 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011-04-12 04:03:26 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011-04-12 03:59:06 | 001,090,912 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Matthias\Skrivebord\avg_remover_stf_x86_2011_1184.exe
[2011-04-12 03:07:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011-04-12 03:07:24 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011-04-12 03:07:24 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011-04-12 03:07:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011-04-11 19:31:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011-04-11 19:31:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menuen Start\Programmer\Malwarebytes' Anti-Malware
[2011-04-11 19:30:57 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011-04-11 19:30:57 | 000,000,000 | ---D | C] -- C:\Programmer\Malwarebytes' Anti-Malware
[2011-04-11 19:15:54 | 001,153,912 | ---- | C] (Emsi Software GmbH) -- C:\Documents and Settings\Matthias\Skrivebord\BlitzBlank.exe
[2011-04-11 03:36:02 | 000,000,000 | ---D | C] -- C:\found.000
[2011-04-10 08:38:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2011-04-10 04:33:08 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matthias\Skrivebord\OTL.exe
[2011-04-08 04:07:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthias\Application Data\SUPERAntiSpyware.com
[2011-04-08 04:07:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011-04-08 04:07:39 | 000,000,000 | ---D | C] -- C:\Programmer\SUPERAntiSpyware
[2011-04-08 01:45:58 | 006,238,248 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\Matthias\Skrivebord\AppRemover.exe
[2011-04-07 18:26:12 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matthias\Skrivebord\TFC.exe
[2011-04-06 14:02:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011-04-05 20:12:26 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0

========== Files - Modified Within 30 Days ==========

[2011-04-13 17:13:13 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011-04-13 17:06:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-04-13 01:51:48 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011-04-13 00:11:41 | 000,001,912 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011-04-13 00:09:01 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-04-12 23:44:30 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011-04-12 23:41:10 | 004,319,795 | R--- | M] () -- C:\Documents and Settings\Matthias\Skrivebord\ComboFix.exe
[2011-04-12 23:31:10 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011-04-11 19:31:00 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Malwarebytes' Anti-Malware.lnk
[2011-04-11 19:27:35 | 000,449,232 | ---- | M] () -- C:\WINDOWS\System32\perfh006.dat
[2011-04-11 19:27:35 | 000,433,872 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-04-11 19:27:35 | 000,079,148 | ---- | M] () -- C:\WINDOWS\System32\perfc006.dat
[2011-04-11 19:27:35 | 000,068,444 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-04-11 15:56:42 | 000,000,631 | ---- | M] () -- C:\Documents and Settings\Matthias\Skrivebord\Genvej til notepad.lnk
[2011-04-11 15:10:26 | 001,153,912 | ---- | M] (Emsi Software GmbH) -- C:\Documents and Settings\Matthias\Skrivebord\BlitzBlank.exe
[2011-04-10 01:24:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthias\Skrivebord\OTL.exe
[2011-04-08 04:07:41 | 000,001,651 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\SUPERAntiSpyware Free Edition.lnk
[2011-04-08 01:36:54 | 006,238,248 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Matthias\Skrivebord\AppRemover.exe
[2011-04-08 00:12:40 | 001,090,912 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Matthias\Skrivebord\avg_remover_stf_x86_2011_1184.exe
[2011-04-07 12:51:46 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Matthias\Skrivebord\dds.scr
[2011-04-07 12:51:16 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Matthias\Skrivebord\zrckln5k.exe
[2011-04-07 12:50:24 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthias\Skrivebord\TFC.exe
[2011-04-06 16:52:47 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\Matthias\Skrivebord\Microsoft Office Excel 2007.lnk

========== Files Created - No Company Name ==========

[2011-04-13 00:14:32 | 000,000,418 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011-04-13 00:11:41 | 000,001,912 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011-04-13 00:09:17 | 000,001,659 | ---- | C] () -- C:\Documents and Settings\All Users\Menuen Start\Programmer\Microsoft Security Essentials.lnk
[2011-04-12 23:44:30 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011-04-12 23:44:27 | 000,260,800 | RHS- | C] () -- C:\cmldr
[2011-04-12 03:07:24 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011-04-12 03:07:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011-04-12 03:07:24 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011-04-12 03:07:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011-04-12 03:07:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011-04-12 03:05:23 | 004,319,795 | R--- | C] () -- C:\Documents and Settings\Matthias\Skrivebord\ComboFix.exe
[2011-04-11 19:31:00 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\Malwarebytes' Anti-Malware.lnk
[2011-04-11 15:56:42 | 000,000,631 | ---- | C] () -- C:\Documents and Settings\Matthias\Skrivebord\Genvej til notepad.lnk
[2011-04-10 08:38:34 | 002,234,368 | R--- | C] () -- C:\OTLPE.exe
[2011-04-08 04:07:41 | 000,001,651 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\SUPERAntiSpyware Free Edition.lnk
[2011-04-07 19:17:38 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Matthias\Skrivebord\dds.scr
[2011-04-07 18:40:27 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Matthias\Skrivebord\zrckln5k.exe
[2010-11-10 17:45:01 | 000,023,920 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010-10-31 21:22:26 | 000,075,776 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01e.exe
[2010-08-01 23:53:42 | 000,152,192 | ---- | C] () -- C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\FontCache3.0.0.0.dat
[2010-07-24 18:04:47 | 000,000,259 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010-06-10 15:54:42 | 000,227,624 | ---- | C] () -- C:\WINDOWS\libactivboardex.dll
[2010-06-10 15:54:24 | 000,256,280 | ---- | C] () -- C:\WINDOWS\ActivDRV.dll
[2010-05-01 01:20:21 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DToPcM40.dat
[2009-09-30 23:41:03 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2009-09-27 14:17:36 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\legitcheckcontrol.dll.bak
[2009-09-27 14:17:36 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\LegitCheckControl.dll
[2009-09-27 14:17:36 | 000,323,072 | ---- | C] () -- C:\WINDOWS\System32\wgatray.exe.bak
[2009-09-27 14:17:36 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\wgalogon.dll.bak
[2008-12-28 11:02:46 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008-12-28 10:59:48 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2008-10-31 19:17:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008-05-16 12:58:04 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2008-05-04 20:27:17 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Matthias\Lokale indstillinger\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-04-18 12:32:56 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008-02-21 21:50:59 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2008-02-21 19:27:21 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008-02-16 12:02:28 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2008-02-15 20:35:49 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008-02-15 20:32:36 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008-02-15 20:26:58 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008-02-15 20:26:58 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008-02-15 20:16:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008-02-15 20:14:05 | 000,021,644 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008-02-15 20:11:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008-02-15 20:10:41 | 000,149,200 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006-08-16 19:52:54 | 000,133,583 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004-08-02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003-03-24 07:03:00 | 000,279,552 | ---- | C] () -- C:\WINDOWS\System32\FGWVB32.DLL
[2002-09-16 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002-09-16 14:00:00 | 000,449,232 | ---- | C] () -- C:\WINDOWS\System32\perfh006.dat
[2002-09-16 14:00:00 | 000,433,872 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002-09-16 14:00:00 | 000,284,912 | ---- | C] () -- C:\WINDOWS\System32\perfi006.dat
[2002-09-16 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002-09-16 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002-09-16 14:00:00 | 000,079,148 | ---- | C] () -- C:\WINDOWS\System32\perfc006.dat
[2002-09-16 14:00:00 | 000,068,444 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002-09-16 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002-09-16 14:00:00 | 000,034,026 | ---- | C] () -- C:\WINDOWS\System32\perfd006.dat
[2002-09-16 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002-09-16 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002-09-16 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001-09-04 11:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001-09-04 11:10:20 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2011-02-01 18:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Activ Software
[2010-07-24 15:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Backup
[2010-10-26 10:46:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010-10-26 10:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011-02-01 18:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Promethean
[2010-11-01 19:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011-02-01 17:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthias\Application Data\ACTIV Software
[2010-10-26 10:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthias\Application Data\AVG10
[2008-03-14 23:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthias\Application Data\Command & Conquer 3 Tiberium Wars
[2010-05-01 16:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthias\Application Data\DNA
[2009-01-19 18:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthias\Application Data\LimeWire
[2011-02-01 22:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthias\Application Data\Promethean
[2011-04-13 17:13:13 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008-02-15 20:15:35 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011-04-11 19:25:35 | 000,033,780 | ---- | M] () -- C:\blitzblank.log
[2011-04-12 23:31:10 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011-04-12 23:44:30 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2002-09-16 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2004-08-03 23:00:04 | 000,260,800 | RHS- | M] () -- C:\cmldr
[2011-04-13 01:52:55 | 000,013,157 | ---- | M] () -- C:\ComboFix.txt
[2008-02-15 20:15:35 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008-02-15 20:15:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009-02-12 01:00:02 | 001,481,728 | ---- | M] () -- C:\LegitCheckControl.dll
[2008-02-15 20:15:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008-02-15 20:44:26 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009-09-27 13:13:16 | 000,250,576 | RHS- | M] () -- C:\ntldr
[2011-04-10 09:52:36 | 000,046,092 | ---- | M] () -- C:\OTL.Txt
[2011-03-07 00:12:59 | 002,234,368 | R--- | M] () -- C:\OTLPE.exe
[2011-04-13 17:06:47 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2001-01-10 13:23:58 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE
[2009-02-12 01:00:02 | 000,190,976 | ---- | M] () -- C:\WgaLogon.dll
[2009-02-12 01:00:02 | 000,323,072 | ---- | M] () -- C:\WgaTray.exe

< %systemroot%\Fonts\*.com >
[2006-04-18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006-06-29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006-04-18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006-06-29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008-02-15 20:15:24 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008-07-06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006-10-26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008-07-06 12:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010-04-17 01:53:08 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008-02-15 21:10:03 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008-02-15 21:10:03 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008-02-15 21:10:03 | 000,405,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008-02-15 20:48:18 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Matthias\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2008-02-15 20:17:55 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Matthias\Application Data\Microsoft\Internet Explorer\Quick Launch\Vis skrivebord.scf

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2008-10-31 19:03:57 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Matthias\Cookies\desktop.ini
[2011-04-13 20:16:36 | 000,049,152 | -HS- | M] () -- C:\Documents and Settings\Matthias\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007-06-27 16:34:24 | 000,317,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008-04-14 18:05:19 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Messenger\custsat.dll
[2002-09-16 14:00:00 | 000,004,821 | ---- | M] () -- C:\Programmer\Messenger\logowin.gif
[2002-08-20 13:32:18 | 000,007,047 | ---- | M] () -- C:\Programmer\Messenger\lvback.gif
[2002-04-11 12:56:56 | 000,000,937 | ---- | M] () -- C:\Programmer\Messenger\mailtmpl.txt
[2008-05-02 16:05:52 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Messenger\msgsc.dll
[2008-04-13 19:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Messenger\msgslang.dll
[2008-04-14 18:05:55 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Messenger\msmsgs.exe
[2002-08-20 16:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Messenger\msmsgsin.exe
[2002-09-16 14:00:00 | 000,002,882 | ---- | M] () -- C:\Programmer\Messenger\newalert.wav
[2002-09-16 14:00:00 | 000,006,156 | ---- | M] () -- C:\Programmer\Messenger\newemail.wav
[2002-09-16 14:00:00 | 000,006,160 | ---- | M] () -- C:\Programmer\Messenger\online.wav
[2002-08-20 13:32:20 | 000,004,454 | ---- | M] () -- C:\Programmer\Messenger\type.wav
[2004-07-17 12:37:16 | 000,121,026 | ---- | M] () -- C:\Programmer\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

< End of report >
 
Reopen boot.ini, remove this line:
UnsupportedDebug="do not select this" /debug
Save the file.
Restart computer.
Let me know, if "chkdsk" is still bothering you.
 
Job done. And yes "Chkdsk" is still bothering me! Of course I want it to stop starting, but at the samme time Im worried about the possible fact that there is still something on the drive that stops Chkdsk in its work...
 
Click Start, then Run, type cmd, and click "Ok".
At the prompt in the command window that opens, type:
fsutil dirty query C:
and press "Enter".
Does the result of this indicate the drive is "Dirty"?
 
Yes, it does. I have tryied at disc scan test with HD Tune, and the program freezed after a few mn... And the computer was dead too. Keys and mouse didnt react at all.
 
Please, refrain from performing any steps I don't ask you to do.

* If you have Spyware Doctor installed, uninstall it.
* If you have ZoneAlarm installed, open it, click the "Overview" tab, then select "Preferences", and UNcheck the "Protect ZA Client" check box.


Click Start, then Run, type cmd in the Open box and click "OK".
At the prompt in the Command window, type the following commands, pressing "Enter" after each one:
Please, note the spaces.

* chkntfs /d <--- (This will reset autocheck options to default...will come back invalid on some installations)
* chkntfs /c C: <--- (This will allow checking the specified drive )
* chkntfs /x C: <--- (The x switch tells Windows to NOT check the specified drive on the next boot)


At this point, restart your computer, it will not do a chkdsk and will boot directly to Windows.


This next step is important as this is where the Dirty Bit will be unset.

Click Start, then Run, type cmd in the Open box and click "OK".
At the command prompt, type the following, pressing "Enter" after each one:
Again, note the spaces.

* chkdsk /f /r C: <--- (To manually run a full chkdsk operation on the specified drive)
* Y <--- (To accept having it run on the next boot)


This should take you through 5 stages of the scan and will unset the Dirty Bit.
Be patient...this is a very thorough check and will take quite a while.

Finally, when the chkdsk operation has completed, type:
fsutil dirty query C:
press "Enter", and Windows will confirm that the Dirty Bit is not set on that drive.

Reboot again and see if chkdsk still runs on startup.
 
I went through the differents steps and after the first reboot Chkdsk was disabled. But after I entered Chkdsk /f /r and rebooted the computer, Chkdsk started as planned, but still stopped at 17%... I let the computer on in 3 hours with no luck...
 
Status
Not open for further replies.

Similar threads

losdavos
Malware removal help, please and thank you!
Replies
1
Views
829
losdavos
losdavos
S
Dell Latitude E5470 Video Issues
Replies
1
Views
715
Mark Fuller
M
Tekman777
Problems with Windows Update and Defender
Replies
0
Views
497
Tekman777
Tekman777

Latest posts

Back