TechSpot

Malware removaal issues, think Crypt.XPACK.Gen trojan/virus

Solved
By morteez
May 10, 2011
  1. Hello,

    I have issues with removing a trojan/virus on the computer, and would rather not want to reformat the computer so seeking help here.
    It all started 3-4 days ago, getting up pop-pops from AVG that things are trying to connect, and things like that and shows some names such as Downloader. Agent.
    I tried some different thing, and nothing has helped, so hopefully I can get some help here.

    Here is the requested logs
    Malware:
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6548

    Windows 6.1.7600
    Internet Explorer 9.0.8112.16421

    2011-05-10 22:27:28
    mbam-log-2011-05-10 (22-27-28).txt

    Scan type: Quick scan
    Objects scanned: 147857
    Time elapsed: 3 minute(s), 59 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    GMER:

    GMER 1.0.15.15627 - http://www.gmer.net
    Rootkit quick scan 2011-05-10 22:33:45
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 Hitachi_HTS542525K9SA00 rev.BBFOC31P
    Running: ry1fg1f1(1).exe; Driver: C:\Users\morteez\AppData\Local\Temp\uwriifow.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 859801F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3 859801F8
    Device \Driver\atapi \Device\Ide\IdePort0 859801F8
    Device \Driver\atapi \Device\Ide\IdePort1 859801F8
    Device \Driver\atapi \Device\Ide\IdePort2 859801F8
    Device \Driver\atapi \Device\Ide\IdePort3 859801F8
    Device \FileSystem\Ntfs \Ntfs 859821F8

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----


    and DDS Logs
    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by morteez at 22:47:10,98 on 2011-05-10
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_25
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.46.1033.18.3070.2240 [GMT 2:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\MIT\Kerberos\bin\krbcc32s.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\Windows\System32\WDBtnMgr.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\DAEMON Tools Lite\DTLite.exe
    C:\Program Files\Personal\bin\Personal.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Option\Telenor Mobilt Bredband\Telenor Mobilt Bredband.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Cirrato\cirratosrv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Option\Telenor Mobilt Bredband\GtDetectSc.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
    C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\morteez\Desktop\antivir\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = Preserve
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
    uRun: [Google Update] "c:\users\morteez\appdata\local\google\update\GoogleUpdate.exe" /c
    mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
    mRun: [<NO NAME>]
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
    mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
    mRun: [Live! Central 3] "c:\program files\creative\creative live! cam\live! central 3\CTLVCentral3.exe" /mode2
    mRun: [WD Button Manager] WDBtnMgr.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\users\morteez\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\morteez\appdata\roaming\dropbox\bin\Dropbox.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\teleno~1.lnk - c:\program files\option\telenor mobilt bredband\Telenor Mobilt Bredband.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {95B3F550-91C4-4627-BCC4-521288C52977} - c:\program files\pplive\pptv\PPLive.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: MIT_KFW - c:\windows\system32\kfwlogon.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\morteez\appdata\roaming\mozilla\firefox\profiles\a4ad5pf6.default\
    FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
    FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\personal\bin\np_prsnl.dll
    FF - plugin: c:\program files\veetle\player\npvlc.dll
    FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
    FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\morteez\appdata\local\google\update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: c:\users\morteez\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\morteez\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\windows\system32\wat\npWatWeb.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-3-27 218688]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
    R2 Cirrato;Cirrato;c:\program files\cirrato\cirratosrv.exe [2008-11-13 761856]
    R2 GtDetectSc;GtDetectSc;c:\program files\option\telenor mobilt bredband\GtDetectSc.exe [2007-12-18 196704]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 21072]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
    S2 gupdate;Tjänsten Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-9 136176]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-4-19 2146496]
    S2 SwOffScheduler;Airytec Switch Off - Task Scheduler;c:\program files\airytec\switch off\swoff.exe -service --> c:\program files\airytec\switch off\swoff.exe -service [?]
    S2 SwOffWeb;Airytec Switch Off - Web Interface;c:\program files\airytec\switch off\swoff.exe -service --> c:\program files\airytec\switch off\swoff.exe -service [?]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2011-3-9 147040]
    S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2008-2-18 106624]
    S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2008-2-8 59648]
    S3 gupdatem;Tjänsten Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-9 136176]
    S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2011-4-8 103040]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-17 1343400]
    .
    =============== Created Last 30 ================
    .
    2011-05-10 19:45:00 40960 ----a-r- c:\users\morteez\appdata\roaming\microsoft\installer\{0ab76f69-e761-4cfa-b9b0-a1906b4e9e4b}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe
    2011-05-10 19:45:00 -------- d-----w- c:\program files\Western Digital Technologies
    2011-05-10 19:44:58 339968 ----a-w- c:\windows\system32\WDBtnMgr.exe
    2011-05-10 19:43:21 -------- d-----w- c:\progra~2\RetroExp
    2011-05-10 19:43:11 -------- d-----w- c:\program files\Retrospect
    2011-05-09 08:40:34 -------- d-----w- c:\users\morteez\appdata\roaming\Malwarebytes
    2011-05-09 08:40:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-09 08:40:04 -------- d-----w- c:\progra~2\Malwarebytes
    2011-05-09 08:40:01 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-09 08:40:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-03 18:49:25 -------- d-----w- c:\program files\SopCast
    2011-04-29 12:37:01 16432 ----a-w- c:\windows\system32\lsdelete.exe
    2011-04-21 12:22:11 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-04-21 12:20:56 -------- d-----w- c:\users\morteez\appdata\local\Sunbelt Software
    2011-04-21 12:12:15 -------- dc-h--w- c:\progra~2\{AA5544E4-9BBC-419B-9204-40B5924D26AA}
    2011-04-21 12:11:38 -------- d-----w- c:\program files\Lavasoft
    2011-04-21 11:14:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-04-21 11:14:38 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
    2011-04-19 23:15:50 -------- d-----w- c:\program files\CONEXANT
    2011-04-19 23:14:01 740864 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-19 23:12:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll
    2011-04-19 23:12:40 1137664 ----a-w- c:\windows\system32\mfc42.dll
    2011-04-19 23:11:07 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-04-19 23:11:06 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-04-19 23:11:06 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
    2011-04-19 23:11:06 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-18 18:47:19 -------- d-----w- c:\program files\Core Temp
    2011-04-14 12:19:02 -------- d-----w- c:\users\morteez\appdata\roaming\.minecraft
    2011-04-14 01:39:02 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
    2011-04-14 01:39:02 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
    2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr
    .
    ==================== Find3M ====================
    .
    2011-04-14 03:07:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-03-03 05:29:23 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
    2011-03-03 05:27:30 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
    2011-03-03 03:31:32 2331136 ----a-w- c:\windows\system32\win32k.sys
    2011-02-24 05:32:52 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-02-19 05:33:11 802304 ----a-w- c:\windows\system32\FntCache.dll
    2011-02-19 05:32:48 1074176 ----a-w- c:\windows\system32\DWrite.dll
    2011-02-19 05:32:35 739840 ----a-w- c:\windows\system32\d2d1.dll
    2011-02-19 05:32:08 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-02-19 03:37:02 294912 ----a-w- c:\windows\system32\atmfd.dll
    2011-02-12 05:30:49 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
    .
    ============= FINISH: 22:48:12,84 ===============


    DDS attach:
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2010-02-28 17:13:28
    System Uptime: 2011-05-10 22:44:27 (0 hours ago)
    .
    Motherboard: Acer | | Columbia
    Processor: Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz | U2E1 | 1833/166mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 49 GiB total, 8,895 GiB free.
    D: is FIXED (NTFS) - 184 GiB total, 3,677 GiB free.
    E: is CDROM ()
    F: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP247: 2011-05-10 21:42:56 - Installed Retrospect Express HD 2.0.
    RP248: 2011-05-10 21:56:41 - Installed Java(TM) 6 Update 25
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    7-Zip 4.65
    Ad-Aware
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.4 - Svenska
    Airytec Switch Off
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    µTorrent
    AVG 2011
    AVG PC Tuneup 2011
    BankID Security Application 4.10.4
    Bonjour
    Cirrato 2.0.15
    Cirrato and Kerberos by LiU
    Core Temp version 0.99.8
    Creative Live! Central 3
    DAEMON Tools Lite
    Dropbox
    Football Manager 2011
    Google Chrome
    Google Earth Plug-in
    Google Talk Plugin
    Google Update Helper
    HDAUDIO Soft Data Fax Modem with SmartCP
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 25
    Logitech QuickCam
    Logitech QuickCam drivrutinspaket
    Malwarebytes' Anti-Malware
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proof (Swedish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    MIT Kerberos for Windows (32-bit) 3.2.2
    Mobile Partner
    Mozilla Firefox 4.0.1 (x86 sv-SE)
    MSVCRT
    NVIDIA PhysX
    OGA Notifier 2.0.0048.0
    Picasa 3
    PPTV V2.4.2.0010
    PrimoPDF -- by Nitro PDF Software
    QuickTime
    Retrospect Express HD 2.0
    Revo Uninstaller 1.89
    Safari
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2466156)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2464583)
    Security Update for Microsoft Office Groove 2007 (KB2494047)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Skype Toolbars
    Skype™ 5.1
    SopCast 3.3.2
    Spotify
    Spybot - Search & Destroy
    StarCraft II
    Synaptics Pointing Device Driver
    Tele2 Mobile Partner
    Telenor Mobilt Bredband
    Texas Instruments PCIxx21/x515/xx12 drivers.
    The Online Trader
    TIPCI
    TweakNow RegCleaner
    TVUPlayer 2.5.2.2
    Unibet
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2412171)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2522999)
    WD Diagnostics
    Veetle TV 0.9.18
    Winamp
    Winamp Detector Plug-in
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live inloggningsassistenten
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live OneCare safety scanner
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Upload Tool
    Windows Media Player Firefox Plugin
    WinRAR archiver
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VLC media player 1.0.5
    Yahoo! Messenger
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2011-05-10 22:45:01, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
    2011-05-10 22:45:01, Error: atikmdag [43029] - Display is not active
    2011-05-10 22:02:47, Error: Service Control Manager [7034] - The LVCOMSer service terminated unexpectedly. It has done this 1 time(s).
    2011-05-10 21:43:15, Error: Service Control Manager [7030] - The Retrospect Express HD Launcher service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    2011-05-10 19:34:24, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    2011-05-10 19:34:24, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
    2011-05-10 19:33:24, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
    2011-05-10 19:32:24, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2011-05-10 19:32:24, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2011-05-10 19:32:24, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2011-05-10 19:32:24, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2011-05-10 19:32:24, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2011-05-10 19:32:24, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2011-05-10 19:32:24, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2011-05-10 19:32:24, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2011-05-10 19:32:24, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2011-05-10 19:32:24, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2011-05-10 19:32:24, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2011-05-10 19:32:24, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2011-05-10 19:32:24, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2011-05-10 19:32:24, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2011-05-10 19:32:24, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2011-05-10 17:51:11, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x82e884a0, 0x8d51b864, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 051011-47876-01.
    2011-05-10 09:54:09, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The pipe has been ended.
    2011-05-10 02:21:49, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    2011-05-10 01:41:59, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
    2011-05-10 01:36:59, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s).
    2011-05-10 01:36:59, Error: Service Control Manager [7034] - The User Profile Service service terminated unexpectedly. It has done this 3 time(s).
    2011-05-10 01:36:59, Error: Service Control Manager [7034] - The Themes service terminated unexpectedly. It has done this 3 time(s).
    2011-05-10 01:36:59, Error: Service Control Manager [7034] - The Task Scheduler service terminated unexpectedly. It has done this 3 time(s).
    2011-05-10 01:36:59, Error: Service Control Manager [7034] - The System Event Notification Service service terminated unexpectedly. It has done this 3 time(s).
    2011-05-10 01:36:59, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 3 time(s).
    2011-05-10 01:36:59, Error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 3 time(s).
    2011-05-10 01:36:59, Error: Service Control Manager [7034] - The IP Helper service terminated unexpectedly. It has done this 3 time(s).
    2011-05-10 01:36:59, Error: Service Control Manager [7034] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 3 time(s).
    2011-05-10 01:36:59, Error: Service Control Manager [7034] - The Group Policy Client service terminated unexpectedly. It has done this 3 time(s).
    2011-05-10 01:36:59, Error: Service Control Manager [7034] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 3 time(s).
    2011-05-10 01:36:59, Error: Service Control Manager [7034] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 3 time(s).
    2011-05-10 01:36:59, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    2011-05-09 18:08:37, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running.
    2011-05-09 18:06:37, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).
    2011-05-09 18:06:37, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    2011-05-09 18:06:37, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    2011-05-09 18:06:37, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2011-05-09 18:06:37, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2011-05-09 18:06:37, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    2011-05-09 18:06:37, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2011-05-09 18:06:37, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    2011-05-09 18:06:37, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    2011-05-09 18:06:37, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    2011-05-09 18:06:37, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    2011-05-09 18:06:37, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2011-05-09 18:06:37, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2011-05-09 18:06:37, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2011-05-09 15:01:18, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2011-05-09 15:01:18, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2011-05-09 00:00:08, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
    2011-05-08 23:41:55, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
    2011-05-08 23:17:02, Error: Service Control Manager [7034] - The GtDetectSc service terminated unexpectedly. It has done this 1 time(s).
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ========================================================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  3. morteez

    morteez TS Rookie Topic Starter

    here is the log.
    It rebooted.
    2011/05/10 23:22:32.0128 8832 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
    2011/05/10 23:22:32.0388 8832 ================================================================================
    2011/05/10 23:22:32.0388 8832 SystemInfo:
    2011/05/10 23:22:32.0388 8832
    2011/05/10 23:22:32.0388 8832 OS Version: 6.1.7600 ServicePack: 0.0
    2011/05/10 23:22:32.0388 8832 Product type: Workstation
    2011/05/10 23:22:32.0388 8832 ComputerName: MORTEEZ-PC
    2011/05/10 23:22:32.0388 8832 UserName: morteez
    2011/05/10 23:22:32.0388 8832 Windows directory: C:\Windows
    2011/05/10 23:22:32.0388 8832 System windows directory: C:\Windows
    2011/05/10 23:22:32.0388 8832 Processor architecture: Intel x86
    2011/05/10 23:22:32.0388 8832 Number of processors: 2
    2011/05/10 23:22:32.0388 8832 Page size: 0x1000
    2011/05/10 23:22:32.0388 8832 Boot type: Normal boot
    2011/05/10 23:22:32.0388 8832 ================================================================================
    2011/05/10 23:22:32.0785 8832 Initialize success
    2011/05/10 23:22:40.0210 8892 ================================================================================
    2011/05/10 23:22:40.0210 8892 Scan started
    2011/05/10 23:22:40.0210 8892 Mode: Manual;
    2011/05/10 23:22:40.0210 8892 ================================================================================
    2011/05/10 23:22:41.0075 8892 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
    2011/05/10 23:22:41.0180 8892 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
    2011/05/10 23:22:41.0270 8892 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
    2011/05/10 23:22:41.0405 8892 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/05/10 23:22:41.0485 8892 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/05/10 23:22:41.0560 8892 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/05/10 23:22:41.0670 8892 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
    2011/05/10 23:22:41.0735 8892 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
    2011/05/10 23:22:41.0830 8892 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    2011/05/10 23:22:41.0985 8892 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
    2011/05/10 23:22:42.0245 8892 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
    2011/05/10 23:22:42.0310 8892 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
    2011/05/10 23:22:42.0410 8892 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/05/10 23:22:42.0470 8892 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/05/10 23:22:42.0575 8892 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
    2011/05/10 23:22:42.0645 8892 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/05/10 23:22:42.0735 8892 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
    2011/05/10 23:22:42.0790 8892 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
    2011/05/10 23:22:42.0950 8892 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    2011/05/10 23:22:43.0025 8892 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/05/10 23:22:43.0110 8892 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/05/10 23:22:43.0160 8892 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
    2011/05/10 23:22:43.0390 8892 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
    2011/05/10 23:22:43.0680 8892 AVGIDSDriver (1ca8e5fe74efd5826bbd76c0470e6ae4) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
    2011/05/10 23:22:43.0765 8892 AVGIDSEH (b9b6e535b9b49c463f68f4bcdd232944) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
    2011/05/10 23:22:43.0860 8892 AVGIDSFilter (32a76fd3fc12d09c586730ef63b4b20b) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
    2011/05/10 23:22:43.0935 8892 AVGIDSShim (84431da40330cdfd84a7b92bcf0d4a05) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
    2011/05/10 23:22:44.0075 8892 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\Windows\system32\DRIVERS\avgldx86.sys
    2011/05/10 23:22:44.0240 8892 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\Windows\system32\DRIVERS\avgmfx86.sys
    2011/05/10 23:22:44.0295 8892 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\Windows\system32\DRIVERS\avgrkx86.sys
    2011/05/10 23:22:44.0420 8892 Avgtdix (660788ec46f10ece80274d564fa8b4aa) C:\Windows\system32\DRIVERS\avgtdix.sys
    2011/05/10 23:22:44.0590 8892 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    2011/05/10 23:22:44.0710 8892 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    2011/05/10 23:22:44.0775 8892 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    2011/05/10 23:22:44.0870 8892 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/05/10 23:22:44.0965 8892 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
    2011/05/10 23:22:45.0065 8892 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/05/10 23:22:45.0120 8892 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/05/10 23:22:45.0215 8892 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    2011/05/10 23:22:45.0275 8892 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/05/10 23:22:45.0305 8892 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/05/10 23:22:45.0380 8892 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/05/10 23:22:45.0430 8892 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/05/10 23:22:45.0485 8892 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/05/10 23:22:45.0580 8892 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/05/10 23:22:45.0655 8892 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    2011/05/10 23:22:45.0740 8892 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    2011/05/10 23:22:45.0835 8892 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/05/10 23:22:45.0900 8892 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
    2011/05/10 23:22:46.0000 8892 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
    2011/05/10 23:22:46.0135 8892 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/05/10 23:22:46.0205 8892 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2011/05/10 23:22:46.0300 8892 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/05/10 23:22:46.0385 8892 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
    2011/05/10 23:22:46.0500 8892 CtClsFlt (a16641c293da0843a5673e450850f57a) C:\Windows\system32\DRIVERS\CtClsFlt.sys
    2011/05/10 23:22:46.0585 8892 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
    2011/05/10 23:22:46.0620 8892 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    2011/05/10 23:22:46.0740 8892 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    2011/05/10 23:22:46.0815 8892 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    2011/05/10 23:22:46.0910 8892 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    2011/05/10 23:22:47.0025 8892 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/05/10 23:22:47.0295 8892 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    2011/05/10 23:22:47.0530 8892 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/05/10 23:22:47.0640 8892 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
    2011/05/10 23:22:47.0720 8892 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    2011/05/10 23:22:47.0775 8892 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    2011/05/10 23:22:47.0875 8892 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    2011/05/10 23:22:47.0940 8892 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    2011/05/10 23:22:47.0975 8892 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    2011/05/10 23:22:48.0060 8892 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/05/10 23:22:48.0145 8892 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    2011/05/10 23:22:48.0195 8892 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    2011/05/10 23:22:48.0230 8892 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/05/10 23:22:48.0345 8892 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/05/10 23:22:48.0410 8892 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/05/10 23:22:48.0520 8892 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/05/10 23:22:48.0610 8892 GT72NDISIPXP (20a940d96e69be65f9b6e4695baac6dc) C:\Windows\system32\DRIVERS\Gt51Ip.sys
    2011/05/10 23:22:48.0710 8892 GT72UBUS (1678d49ea3e76ccabde89d7b26d5061c) C:\Windows\system32\DRIVERS\gt72ubus.sys
    2011/05/10 23:22:48.0765 8892 GTPTSER (346ddaefa04e49ad804ee12d4baa0ed3) C:\Windows\system32\DRIVERS\gtptser.sys
    2011/05/10 23:22:48.0910 8892 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    2011/05/10 23:22:48.0960 8892 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
    2011/05/10 23:22:49.0065 8892 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/05/10 23:22:49.0125 8892 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/05/10 23:22:49.0155 8892 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/05/10 23:22:49.0260 8892 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    2011/05/10 23:22:49.0340 8892 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/05/10 23:22:49.0440 8892 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
    2011/05/10 23:22:49.0570 8892 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
    2011/05/10 23:22:49.0710 8892 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
    2011/05/10 23:22:49.0805 8892 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
    2011/05/10 23:22:49.0945 8892 hwdatacard (92ca47da32009ccc00a5aded04abbd78) C:\Windows\system32\DRIVERS\ewusbmdm.sys
    2011/05/10 23:22:50.0020 8892 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
    2011/05/10 23:22:50.0145 8892 hwusbfake (1d4d6d24256f61e6b08a3cf8184a78b8) C:\Windows\system32\DRIVERS\ewusbfake.sys
    2011/05/10 23:22:50.0305 8892 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/05/10 23:22:50.0375 8892 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
    2011/05/10 23:22:50.0475 8892 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/05/10 23:22:50.0535 8892 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
    2011/05/10 23:22:50.0590 8892 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/05/10 23:22:50.0665 8892 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/05/10 23:22:50.0735 8892 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    2011/05/10 23:22:50.0780 8892 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    2011/05/10 23:22:50.0880 8892 irda (9f7e491fb0ba0f9e370163834fc1fe31) C:\Windows\system32\DRIVERS\irda.sys
    2011/05/10 23:22:50.0960 8892 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    2011/05/10 23:22:51.0060 8892 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
    2011/05/10 23:22:51.0130 8892 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/05/10 23:22:51.0230 8892 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/05/10 23:22:51.0295 8892 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/05/10 23:22:51.0340 8892 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
    2011/05/10 23:22:51.0410 8892 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/05/10 23:22:51.0565 8892 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/05/10 23:22:51.0660 8892 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/05/10 23:22:51.0685 8892 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/05/10 23:22:51.0770 8892 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/05/10 23:22:51.0820 8892 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/05/10 23:22:51.0925 8892 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    2011/05/10 23:22:52.0080 8892 LVcKap (8113133ec42dd6c566908008ce913edd) C:\Windows\system32\DRIVERS\LVcKap.sys
    2011/05/10 23:22:52.0315 8892 LVMVDrv (0dd5b8af4917a2821047450195c511b3) C:\Windows\system32\DRIVERS\LVMVDrv.sys
    2011/05/10 23:22:52.0505 8892 LVPr2Mon (406b1d186f75b4b4832d6237859e1b00) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
    2011/05/10 23:22:52.0605 8892 LVUSBSta (be5e104be263921d6842c555db6a5c23) C:\Windows\system32\drivers\LVUSBSta.sys
    2011/05/10 23:22:52.0820 8892 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    2011/05/10 23:22:53.0051 8892 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    2011/05/10 23:22:53.0112 8892 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/05/10 23:22:53.0244 8892 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    2011/05/10 23:22:53.0299 8892 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    2011/05/10 23:22:53.0384 8892 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/05/10 23:22:53.0434 8892 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/05/10 23:22:53.0469 8892 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
    2011/05/10 23:22:53.0559 8892 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
    2011/05/10 23:22:53.0609 8892 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    2011/05/10 23:22:53.0644 8892 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
    2011/05/10 23:22:53.0754 8892 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/05/10 23:22:53.0814 8892 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/05/10 23:22:53.0844 8892 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/05/10 23:22:53.0934 8892 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
    2011/05/10 23:22:53.0984 8892 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
    2011/05/10 23:22:54.0104 8892 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    2011/05/10 23:22:54.0149 8892 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/05/10 23:22:54.0174 8892 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
    2011/05/10 23:22:54.0284 8892 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/05/10 23:22:54.0334 8892 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/05/10 23:22:54.0364 8892 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    2011/05/10 23:22:54.0444 8892 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    2011/05/10 23:22:54.0504 8892 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/05/10 23:22:54.0614 8892 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    2011/05/10 23:22:54.0664 8892 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/05/10 23:22:54.0699 8892 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    2011/05/10 23:22:54.0814 8892 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/05/10 23:22:54.0884 8892 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
    2011/05/10 23:22:55.0029 8892 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/05/10 23:22:55.0154 8892 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/05/10 23:22:55.0209 8892 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/05/10 23:22:55.0304 8892 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/05/10 23:22:55.0349 8892 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
    2011/05/10 23:22:55.0444 8892 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    2011/05/10 23:22:55.0504 8892 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
    2011/05/10 23:22:55.0739 8892 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
    2011/05/10 23:22:55.0964 8892 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/05/10 23:22:56.0099 8892 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    2011/05/10 23:22:56.0189 8892 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
    2011/05/10 23:22:56.0249 8892 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    2011/05/10 23:22:56.0344 8892 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
    2011/05/10 23:22:56.0454 8892 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    2011/05/10 23:22:56.0509 8892 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
    2011/05/10 23:22:56.0609 8892 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
    2011/05/10 23:22:56.0654 8892 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
    2011/05/10 23:22:56.0754 8892 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/05/10 23:22:56.0914 8892 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    2011/05/10 23:22:56.0959 8892 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
    2011/05/10 23:22:56.0984 8892 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    2011/05/10 23:22:57.0094 8892 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
    2011/05/10 23:22:57.0134 8892 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
    2011/05/10 23:22:57.0169 8892 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/05/10 23:22:57.0259 8892 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    2011/05/10 23:22:57.0324 8892 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    2011/05/10 23:22:57.0494 8892 PID_PEPI (84b9084692fe00df09f20e516d831c57) C:\Windows\system32\DRIVERS\LV302V32.SYS
    2011/05/10 23:22:57.0679 8892 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/05/10 23:22:57.0734 8892 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    2011/05/10 23:22:57.0844 8892 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    2011/05/10 23:22:57.0939 8892 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/05/10 23:22:58.0114 8892 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/05/10 23:22:58.0174 8892 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    2011/05/10 23:22:58.0214 8892 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/05/10 23:22:58.0309 8892 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/05/10 23:22:58.0369 8892 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/05/10 23:22:58.0469 8892 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/05/10 23:22:58.0519 8892 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/05/10 23:22:58.0554 8892 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/05/10 23:22:58.0644 8892 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/05/10 23:22:58.0689 8892 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/05/10 23:22:58.0724 8892 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
    2011/05/10 23:22:58.0829 8892 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    2011/05/10 23:22:58.0864 8892 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    2011/05/10 23:22:58.0899 8892 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
    2011/05/10 23:22:59.0039 8892 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
    2011/05/10 23:22:59.0229 8892 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/05/10 23:22:59.0274 8892 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
    2011/05/10 23:22:59.0324 8892 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
    2011/05/10 23:22:59.0424 8892 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/05/10 23:22:59.0519 8892 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\DRIVERS\sdbus.sys
    2011/05/10 23:22:59.0609 8892 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/05/10 23:22:59.0699 8892 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    2011/05/10 23:22:59.0744 8892 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    2011/05/10 23:22:59.0809 8892 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/05/10 23:22:59.0899 8892 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
    2011/05/10 23:22:59.0919 8892 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    2011/05/10 23:22:59.0954 8892 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2011/05/10 23:23:00.0039 8892 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/05/10 23:23:00.0129 8892 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
    2011/05/10 23:23:00.0214 8892 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/05/10 23:23:00.0294 8892 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/05/10 23:23:00.0379 8892 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    2011/05/10 23:23:00.0474 8892 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    2011/05/10 23:23:00.0584 8892 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
    2011/05/10 23:23:00.0584 8892 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
    2011/05/10 23:23:00.0609 8892 sptd - detected LockedFile.Multi.Generic (1)
    2011/05/10 23:23:00.0694 8892 srv (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys
    2011/05/10 23:23:00.0774 8892 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys
    2011/05/10 23:23:00.0874 8892 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
    2011/05/10 23:23:00.0984 8892 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
    2011/05/10 23:23:01.0144 8892 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
    2011/05/10 23:23:01.0259 8892 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/05/10 23:23:01.0334 8892 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/05/10 23:23:01.0429 8892 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
    2011/05/10 23:23:01.0484 8892 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
    2011/05/10 23:23:01.0519 8892 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
    2011/05/10 23:23:01.0639 8892 SynTP (c5f25d490d0915732508fd421bf76d93) C:\Windows\system32\DRIVERS\SynTP.sys
    2011/05/10 23:23:01.0779 8892 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
    2011/05/10 23:23:01.0954 8892 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/05/10 23:23:02.0079 8892 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
    2011/05/10 23:23:02.0119 8892 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
    2011/05/10 23:23:02.0154 8892 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
    2011/05/10 23:23:02.0194 8892 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
    2011/05/10 23:23:02.0304 8892 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
    2011/05/10 23:23:02.0419 8892 tifm21 (78213f01ce781f93180bef5eb5b3ad81) C:\Windows\system32\drivers\tifm21.sys
    2011/05/10 23:23:02.0524 8892 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/05/10 23:23:02.0599 8892 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/05/10 23:23:02.0689 8892 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/05/10 23:23:02.0754 8892 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
    2011/05/10 23:23:02.0814 8892 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
    2011/05/10 23:23:02.0904 8892 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
    2011/05/10 23:23:02.0949 8892 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    2011/05/10 23:23:03.0034 8892 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
    2011/05/10 23:23:03.0154 8892 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
    2011/05/10 23:23:03.0219 8892 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/05/10 23:23:03.0304 8892 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
    2011/05/10 23:23:03.0354 8892 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/05/10 23:23:03.0399 8892 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/05/10 23:23:03.0484 8892 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/05/10 23:23:03.0534 8892 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/05/10 23:23:03.0569 8892 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/05/10 23:23:03.0604 8892 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/05/10 23:23:03.0694 8892 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\system32\Drivers\usbvideo.sys
    2011/05/10 23:23:03.0759 8892 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
    2011/05/10 23:23:03.0829 8892 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/05/10 23:23:03.0889 8892 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    2011/05/10 23:23:03.0949 8892 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
    2011/05/10 23:23:03.0989 8892 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
    2011/05/10 23:23:04.0094 8892 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    2011/05/10 23:23:04.0179 8892 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
    2011/05/10 23:23:04.0224 8892 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
    2011/05/10 23:23:04.0289 8892 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
    2011/05/10 23:23:04.0389 8892 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
    2011/05/10 23:23:04.0434 8892 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    2011/05/10 23:23:04.0474 8892 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
    2011/05/10 23:23:04.0549 8892 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/05/10 23:23:04.0634 8892 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
    2011/05/10 23:23:04.0689 8892 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/05/10 23:23:04.0754 8892 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/05/10 23:23:04.0784 8892 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/05/10 23:23:04.0914 8892 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    2011/05/10 23:23:04.0984 8892 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    2011/05/10 23:23:05.0129 8892 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/05/10 23:23:05.0174 8892 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    2011/05/10 23:23:05.0249 8892 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    2011/05/10 23:23:05.0409 8892 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
    2011/05/10 23:23:05.0484 8892 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/05/10 23:23:05.0549 8892 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/05/10 23:23:05.0664 8892 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
    2011/05/10 23:23:05.0744 8892 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/05/10 23:23:05.0859 8892 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
    2011/05/10 23:23:05.0969 8892 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/05/10 23:23:05.0974 8892 ================================================================================
    2011/05/10 23:23:05.0974 8892 Scan finished
    2011/05/10 23:23:05.0974 8892 ================================================================================
    2011/05/10 23:23:05.0989 8884 Detected object count: 2
    2011/05/10 23:23:31.0434 8884 LockedFile.Multi.Generic(sptd) - User select action: Skip
    2011/05/10 23:23:31.0444 8884 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
    2011/05/10 23:23:31.0449 8884 \HardDisk0 - ok
    2011/05/10 23:23:31.0449 8884 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2011/05/10 23:23:48.0849 8760 Deinitialize success
     
  4. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Good :)

    Download Bootkit Remover to your Desktop.

    • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
    • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.

    ==================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. morteez

    morteez TS Rookie Topic Starter

    before i do that, wondering since you said that I should uninstall AVG, i guess you mean all of it. Since its my only security program, there is nothing else to disable, right?
     
  6. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Right.......
     
  7. morteez

    morteez TS Rookie Topic Starter

    k, finally done.

    first, remover:
    Bootkit Remover
    (c) 2009 eSage Lab
    www.esagelab.com

    Program version: 1.2.0.0
    OS Version: Microsoft Windows 7 Ultimate Edition (build 7600), 32-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000
    Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...


    CF:
    ComboFix 11-05-09.04 - morteez 2011-05-11 0:14.1.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.46.1033.18.3070.1990 [GMT 2:00]
    Körs från: c:\users\morteez\Desktop\antivir\ComboFix.exe
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\system
    .
    .
    (((((((((((((((((((((((( Filer Skapade från 2011-04-10 till 2011-05-10 ))))))))))))))))))))))))))))))
    .
    .
    2011-05-10 19:58 . 2011-05-10 19:58 -------- d-----w- c:\program files\Common Files\Java
    2011-05-10 19:45 . 2011-05-10 19:45 40960 ----a-r- c:\users\morteez\AppData\Roaming\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe
    2011-05-10 19:45 . 2011-05-10 19:45 -------- d-----w- c:\program files\Western Digital Technologies
    2011-05-10 19:44 . 2011-05-10 19:44 339968 ----a-w- c:\windows\system32\WDBtnMgr.exe
    2011-05-10 19:43 . 2011-05-10 19:43 -------- d-----w- c:\programdata\RetroExp
    2011-05-10 19:43 . 2011-05-10 19:43 -------- d-----w- c:\program files\Retrospect
    2011-05-09 08:40 . 2011-05-09 08:40 -------- d-----w- c:\users\morteez\AppData\Roaming\Malwarebytes
    2011-05-09 08:40 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-09 08:40 . 2011-05-09 08:40 -------- d-----w- c:\programdata\Malwarebytes
    2011-05-09 08:40 . 2011-05-09 08:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-09 08:40 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-03 18:49 . 2011-05-03 18:49 -------- d-----w- c:\program files\SopCast
    2011-04-29 12:37 . 2011-04-18 10:23 16432 ----a-w- c:\windows\system32\lsdelete.exe
    2011-04-21 12:22 . 2011-04-21 12:22 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-04-21 12:20 . 2011-04-21 12:20 -------- d-----w- c:\users\morteez\AppData\Local\Sunbelt Software
    2011-04-21 12:12 . 2011-04-21 12:12 -------- dc-h--w- c:\programdata\{AA5544E4-9BBC-419B-9204-40B5924D26AA}
    2011-04-21 12:11 . 2011-04-21 12:20 -------- d-----w- c:\programdata\Lavasoft
    2011-04-21 12:11 . 2011-04-21 12:11 -------- d-----w- c:\program files\Lavasoft
    2011-04-21 11:14 . 2011-04-21 12:07 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-04-21 11:14 . 2011-04-21 11:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-04-19 23:15 . 2011-04-19 23:15 -------- d-----w- c:\program files\CONEXANT
    2011-04-19 23:14 . 2011-03-08 05:38 740864 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-19 23:12 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll
    2011-04-19 23:12 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll
    2011-04-19 23:11 . 2011-02-23 05:05 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-04-19 23:11 . 2011-02-23 05:05 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-04-19 23:11 . 2011-02-23 05:05 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-19 23:11 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
    2011-04-18 18:47 . 2011-04-18 18:47 -------- d-----w- c:\program files\Core Temp
    2011-04-14 12:19 . 2011-04-14 12:19 -------- d-----w- c:\users\morteez\AppData\Roaming\.minecraft
    2011-04-14 01:39 . 2011-04-14 01:39 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2011-04-14 01:39 . 2011-04-14 01:39 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
    2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-14 03:07 . 2010-04-29 08:57 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-03-27 12:33 . 2011-03-27 12:33 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2011-02-19 05:33 . 2011-03-10 09:32 802304 ----a-w- c:\windows\system32\FntCache.dll
    2011-02-19 05:32 . 2011-03-10 09:32 1074176 ----a-w- c:\windows\system32\DWrite.dll
    2011-02-19 05:32 . 2011-03-10 09:32 739840 ----a-w- c:\windows\system32\d2d1.dll
    2011-04-29 07:03 . 2011-03-23 13:43 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    (((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Not* Tomma poster & legitima standardposter visas inte.
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\morteez\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\morteez\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\morteez\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\morteez\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
    "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
    "Live! Central 3"="c:\program files\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe" [2010-12-07 503969]
    "WD Button Manager"="WDBtnMgr.exe" [2011-05-10 339968]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
    .
    c:\users\morteez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\morteez\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-4 24172208]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    BankID Security Application.lnk - c:\program files\Personal\bin\Personal.exe [2010-3-2 939920]
    Telenor Mobilt Bredband.lnk - c:\program files\Option\Telenor Mobilt Bredband\Telenor Mobilt Bredband.exe [2008-3-4 876544]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MIT_KFW]
    2007-10-22 08:32 23040 ----a-w- c:\windows\System32\kfwlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Network Identity Manager.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Network Identity Manager.lnk
    backup=c:\windows\pss\Network Identity Manager.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CirratoClient]
    2008-11-18 16:41 512000 ----a-w- c:\program files\Cirrato\CirratoClient.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2010-08-27 17:06 136176 ----atw- c:\users\morteez\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-06-15 14:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPAP]
    2010-03-03 18:57 173512 ----a-w- c:\program files\Common Files\PPLiveNetwork\ppap.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    2010-01-13 22:44 37888 ----a-w- c:\program files\Winamp\winampa.exe
    .
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [x]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [x]
    R2 gupdate;Tjänsten Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-20 136176]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-05-02 2146496]
    R2 SwOffScheduler;Airytec Switch Off - Task Scheduler;c:\program files\Airytec\Switch Off\swoff.exe [2010-10-31 135168]
    R2 SwOffWeb;Airytec Switch Off - Web Interface;c:\program files\Airytec\Switch Off\swoff.exe [2010-10-31 135168]
    R3 ALSysIO;ALSysIO;c:\users\morteez\AppData\Local\Temp\ALSysIO.sys [x]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-31 147040]
    R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2008-02-18 106624]
    R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2008-02-08 59648]
    R3 gupdatem;Tjänsten Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-20 136176]
    R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2008-12-30 103040]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-04-19 15232]
    R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x]
    R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-17 1343400]
    R4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
    R4 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
    R4 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
    R4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x]
    R4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
    R4 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-28 691696]
    S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2010-12-08 251728]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-03-27 218688]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
    S2 Cirrato;Cirrato;c:\program files\Cirrato\cirratosrv.exe [2008-11-13 761856]
    S2 GtDetectSc;GtDetectSc;c:\program files\Option\Telenor Mobilt Bredband\GtDetectSc.exe [2007-12-18 196704]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
    .
    .
    --- Övriga tjänster/drivrutiner i minnet ---
    .
    *NewlyCreated* - AVGLDX86
    .
    Innehållet i mappen 'Schemalagda aktiviteter':
    .
    2011-05-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-19 15:14]
    .
    2011-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-08 00:11]
    .
    2011-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-08 00:11]
    .
    2011-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2051500310-686183470-2952983569-1000Core.job
    - c:\users\morteez\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 17:06]
    .
    2011-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2051500310-686183470-2952983569-1000UA.job
    - c:\users\morteez\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 17:06]
    .
    .
    ------- Extra genomsökning -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    FF - ProfilePath - c:\users\morteez\AppData\Roaming\Mozilla\Firefox\Profiles\a4ad5pf6.default\
    .
    - - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
    .
    Toolbar-Locked - (no file)
    .
    .
    .
    --------------------- LÅSTA REGISTERNYCKLAR ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Sluttid: 2011-05-11 00:22:24
    ComboFix-quarantined-files.txt 2011-05-10 22:22
    .
    Före genomsökningen: 9*949*487*104 bytes free
    Efter genomsökningen: 9*717*600*256 bytes free
    .
    - - End Of File - - 74F42B98C57DB43A0A739135496A9731




    so, how are we doing, any progress? :)
     
  8. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Good job.
    Combofix log looks good :)

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  9. morteez

    morteez TS Rookie Topic Starter

    I seriously don't know exactly what you see in these logs, but here I have some more :)
    also, the computer is fine, but it has been before too, and then the next day i get virus warnings again.

    OTL:
    OTL logfile created on: 2011-05-11 01:08:20 - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\morteez\Desktop\antivir
    Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

    3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
    6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 48,73 Gb Total Space | 8,95 Gb Free Space | 18,37% Space Free | Partition Type: NTFS
    Drive D: | 184,05 Gb Total Space | 3,68 Gb Free Space | 2,00% Space Free | Partition Type: NTFS
    Drive F: | 2,53 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

    Computer Name: MORTEEZ-PC | User Name: morteez | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011-05-11 01:05:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\morteez\Desktop\antivir\OTL.exe
    PRC - [2011-05-10 21:44:58 | 000,339,968 | ---- | M] (Western Digital Technologies, Inc.) -- C:\Windows\System32\WDBtnMgr.exe
    PRC - [2011-04-18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
    PRC - [2011-04-18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    PRC - [2011-04-14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
    PRC - [2011-03-28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
    PRC - [2011-03-16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
    PRC - [2011-03-16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
    PRC - [2011-02-10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    PRC - [2011-02-08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
    PRC - [2011-02-08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
    PRC - [2011-01-20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
    PRC - [2010-03-02 21:23:52 | 000,939,920 | ---- | M] (Technology Nexus AB) -- C:\Program Files\Personal\bin\Personal.exe
    PRC - [2009-10-31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009-08-18 03:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
    PRC - [2009-08-18 03:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
    PRC - [2009-07-14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009-07-14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2008-11-13 13:25:04 | 000,761,856 | ---- | M] (Dipritec AB) -- C:\Program Files\Cirrato\cirratosrv.exe
    PRC - [2008-03-04 16:32:58 | 000,876,544 | ---- | M] (Telenor) -- C:\Program Files\Option\Telenor Mobilt Bredband\Telenor Mobilt Bredband.exe
    PRC - [2007-12-18 11:48:40 | 000,196,704 | ---- | M] (OptionNV) -- C:\Program Files\Option\Telenor Mobilt Bredband\GtDetectSc.exe
    PRC - [2007-10-25 17:33:22 | 000,563,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    PRC - [2007-10-25 17:32:58 | 000,407,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    PRC - [2007-10-22 10:24:44 | 000,241,664 | ---- | M] (Massachusetts Institute of Technology) -- C:\Program Files\MIT\Kerberos\bin\krbcc32s.exe
    PRC - [2007-10-19 14:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    PRC - [2007-09-07 12:35:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    PRC - [2006-09-11 17:32:12 | 000,094,208 | ---- | M] (EMC Corporation) -- C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe


    ========== Modules (SafeList) ==========

    MOD - [2011-05-11 01:05:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\morteez\Desktop\antivir\OTL.exe
    MOD - [2010-08-21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011-05-02 17:14:04 | 002,146,496 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
    SRV - [2011-04-18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2011-02-08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
    SRV - [2010-10-31 20:37:48 | 000,135,168 | ---- | M] (Airytec) [Auto | Stopped] -- C:\Program Files\Airytec\Switch Off\swoff.exe -- (SwOffWeb)
    SRV - [2010-10-31 20:37:48 | 000,135,168 | ---- | M] (Airytec) [Auto | Stopped] -- C:\Program Files\Airytec\Switch Off\swoff.exe -- (SwOffScheduler)
    SRV - [2010-06-17 10:37:00 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2009-08-18 03:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
    SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2008-11-13 13:25:04 | 000,761,856 | ---- | M] (Dipritec AB) [Auto | Running] -- C:\Program Files\Cirrato\cirratosrv.exe -- (Cirrato)
    SRV - [2007-12-18 11:48:40 | 000,196,704 | ---- | M] (OptionNV) [Auto | Running] -- C:\Program Files\Option\Telenor Mobilt Bredband\GtDetectSc.exe -- (GtDetectSc)
    SRV - [2007-10-19 14:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
    SRV - [2007-10-19 14:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
    SRV - [2007-10-19 14:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
    SRV - [2006-09-11 17:32:12 | 000,094,208 | ---- | M] (EMC Corporation) [Auto | Running] -- C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe -- (RetroExpLauncher)


    ========== Driver Services (SafeList) ==========

    DRV - [2011-04-19 02:00:28 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
    DRV - [2011-04-14 21:28:30 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2011-04-05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2011-03-27 14:33:29 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV - [2011-03-16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
    DRV - [2011-03-01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2011-02-22 08:12:50 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Stopped] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
    DRV - [2011-02-10 07:53:42 | 000,021,968 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
    DRV - [2011-02-10 07:53:40 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV - [2011-01-07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2010-08-31 12:28:56 | 000,147,040 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
    DRV - [2010-02-28 19:24:20 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2009-08-18 04:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2009-07-14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
    DRV - [2009-07-14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
    DRV - [2009-07-14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
    DRV - [2009-07-14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2009-07-14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
    DRV - [2009-07-14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
    DRV - [2009-07-14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
    DRV - [2008-12-30 11:57:52 | 000,103,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
    DRV - [2008-12-13 11:27:50 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2008-02-18 16:14:38 | 000,106,624 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
    DRV - [2008-02-08 12:00:22 | 000,059,648 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gt72ubus.sys -- (GT72UBUS)
    DRV - [2007-10-19 14:16:30 | 002,109,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
    DRV - [2007-10-12 04:00:42 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
    DRV - [2007-10-11 19:59:24 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
    DRV - [2007-10-11 19:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)
    DRV - [2007-05-02 04:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
    DRV - [2007-03-30 12:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtptser.sys -- (GTPTSER)
    DRV - [2007-02-03 11:27:28 | 000,938,272 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
    DRV - [2006-08-04 18:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2051500310-686183470-2952983569-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-2051500310-686183470-2952983569-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv-SE
    IE - HKU\S-1-5-21-2051500310-686183470-2952983569-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 02 BF D8 8A 61 0F CC 01 [binary data]
    IE - HKU\S-1-5-21-2051500310-686183470-2952983569-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2051500310-686183470-2952983569-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1
    FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.7
    FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
    FF - prefs.js..extensions.enabledItems: 5
    FF - prefs.js..extensions.enabledItems: 2
    FF - prefs.js..extensions.enabledItems: 2
    FF - prefs.js..extensions.enabledItems: {C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}:2.3.54
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: npfax@microgaming.co.uk:2.1.0.19
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178

    FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011-05-11 00:32:20 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-04-29 09:03:13 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-04-28 21:55:41 | 000,000,000 | ---D | M]

    [2010-02-28 19:01:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\morteez\AppData\Roaming\Mozilla\Extensions
    [2011-05-04 19:35:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\morteez\AppData\Roaming\Mozilla\Firefox\Profiles\a4ad5pf6.default\extensions
    [2010-11-18 22:45:09 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\morteez\AppData\Roaming\Mozilla\Firefox\Profiles\a4ad5pf6.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
    [2010-03-15 15:36:54 | 000,000,000 | ---D | M] (Answers) -- C:\Users\morteez\AppData\Roaming\Mozilla\Firefox\Profiles\a4ad5pf6.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
    [2010-09-29 15:00:08 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\morteez\AppData\Roaming\Mozilla\Firefox\Profiles\a4ad5pf6.default\extensions\en-US@dictionaries.addons.mozilla.org
    [2010-03-03 21:56:54 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\morteez\AppData\Roaming\Mozilla\Firefox\Profiles\a4ad5pf6.default\extensions\firefox@tvunetworks.com
    [2011-05-04 19:35:07 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\morteez\AppData\Roaming\Mozilla\Firefox\Profiles\a4ad5pf6.default\extensions\foxmarks@kei.com
    [2010-06-19 10:35:16 | 000,000,000 | ---D | M] (Flash AX Control) -- C:\Users\morteez\AppData\Roaming\Mozilla\Firefox\Profiles\a4ad5pf6.default\extensions\npfax@microgaming.co.uk
    [2011-05-10 21:57:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011-02-21 21:16:28 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2010-04-29 10:57:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010-09-10 00:22:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010-11-30 23:32:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011-05-10 21:57:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
    File not found (No name found) --
    [2011-05-11 00:32:20 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
    () (No name found) -- C:\USERS\MORTEEZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A4AD5PF6.DEFAULT\EXTENSIONS\ISREADITLATER@IDEASHOWER.COM.XPI
    [2011-04-29 09:03:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
    [2011-04-14 05:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2009-08-03 15:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
    [2010-01-14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
    [2010-01-01 10:00:00 | 000,001,470 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allaannonser-sv-SE.xml
    [2010-01-01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
    [2010-01-01 10:00:00 | 000,002,670 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\prisjakt-sv-SE.xml
    [2010-01-01 10:00:00 | 000,000,948 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\tyda-sv-SE.xml
    [2010-01-01 10:00:00 | 000,001,174 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-sv-SE.xml
    [2010-01-01 10:00:00 | 000,000,951 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-sv-SE.xml

    O1 HOSTS File: ([2011-05-11 00:20:22 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [Live! Central 3] C:\Program Files\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
    O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
    O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [WD Button Manager] C:\Windows\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
    O4 - HKU\S-1-5-21-2051500310-686183470-2952983569-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - Startup: C:\Users\morteez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\morteez\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2051500310-686183470-2952983569-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2051500310-686183470-2952983569-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2051500310-686183470-2952983569-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
    O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe ( )
    O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe ( )
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - Winlogon\Notify\MIT_KFW: DllName - C:\Windows\system32\kfwlogon.dll - C:\Windows\System32\kfwlogon.dll (Massachusetts Institute of Technology.)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2010-08-16 14:57:50 | 000,000,154 | R--- | M] () - F:\autorun.cfg -- [ UDF ]
    O32 - AutoRun File - [2010-10-05 16:53:16 | 000,214,344 | R--- | M] (Sports Interactive) - F:\autorun.exe -- [ UDF ]
    O32 - AutoRun File - [2006-09-11 15:26:42 | 000,000,027 | R--- | M] () - F:\autorun.inf -- [ UDF ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.I420 - C:\Windows\System32\LVCodec2.dll (Logitech Inc.)


    ========== Files/Folders - Created Within 30 Days ==========

    [2011-05-11 00:32:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
    [2011-05-11 00:22:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011-05-11 00:22:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011-05-11 00:22:25 | 000,000,000 | ---D | C] -- C:\Users\morteez\AppData\Local\temp
    [2011-05-11 00:12:45 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011-05-11 00:12:45 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011-05-11 00:12:45 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011-05-11 00:12:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011-05-11 00:09:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011-05-11 00:03:03 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011-05-10 22:14:11 | 000,000,000 | ---D | C] -- C:\Users\morteez\Desktop\antivir
    [2011-05-10 22:02:06 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\morteez\Desktop\TFC.exe
    [2011-05-10 21:58:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2011-05-10 21:45:00 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital Technologies
    [2011-05-10 21:45:00 | 000,000,000 | ---D | C] -- C:\Users\morteez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WD Diagnostics
    [2011-05-10 21:44:58 | 000,339,968 | ---- | C] (Western Digital Technologies, Inc.) -- C:\Windows\System32\WDBtnMgr.exe
    [2011-05-10 21:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\RetroExp
    [2011-05-10 21:43:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EMC Retrospect
    [2011-05-10 21:43:11 | 000,000,000 | ---D | C] -- C:\Program Files\Retrospect
    [2011-05-10 00:53:30 | 000,000,000 | ---D | C] -- C:\Users\morteez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2011-05-09 10:40:34 | 000,000,000 | ---D | C] -- C:\Users\morteez\AppData\Roaming\Malwarebytes
    [2011-05-09 10:40:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011-05-09 10:40:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011-05-09 10:40:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011-05-09 10:40:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011-05-09 10:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011-05-09 10:39:06 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\morteez\Desktop\mbam-setup-1.50.1.1100(1).exe
    [2011-05-09 10:36:24 | 001,914,496 | ---- | C] (Trend Micro Inc.) -- C:\Users\morteez\Desktop\HousecallLauncher.exe
    [2011-05-03 20:49:25 | 000,000,000 | ---D | C] -- C:\Users\morteez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast
    [2011-05-03 20:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast
    [2011-05-03 20:49:25 | 000,000,000 | ---D | C] -- C:\Program Files\SopCast
    [2011-05-03 20:38:45 | 000,000,000 | ---D | C] -- C:\Users\morteez\Desktop\SopCast
    [2011-04-26 19:27:12 | 000,000,000 | ---D | C] -- C:\Users\morteez\Desktop\ddd
    [2011-04-21 14:22:11 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
    [2011-04-21 14:20:56 | 000,000,000 | ---D | C] -- C:\Users\morteez\AppData\Local\Sunbelt Software
    [2011-04-21 14:12:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\{AA5544E4-9BBC-419B-9204-40B5924D26AA}
    [2011-04-21 14:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
    [2011-04-21 14:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
    [2011-04-21 14:11:38 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
    [2011-04-21 13:14:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2011-04-21 13:14:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2011-04-21 13:14:38 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2011-04-20 01:15:50 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
    [2011-04-18 20:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
    [2011-04-18 20:47:19 | 000,000,000 | ---D | C] -- C:\Program Files\Core Temp
    [2011-04-18 20:46:07 | 001,364,543 | ---- | C] (Arthur Liberman ) -- C:\Users\morteez\Desktop\Core-Temp-setup.exe
    [2011-04-18 20:45:39 | 000,041,984 | ---- | C] (hexmagic) -- C:\Users\morteez\Desktop\mobmeter.exe
    [2011-04-14 21:28:30 | 000,134,480 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSDriver.sys
    [2011-04-14 14:19:02 | 000,000,000 | ---D | C] -- C:\Users\morteez\AppData\Roaming\.minecraft

    ========== Files - Modified Within 30 Days ==========

    [2011-05-11 01:08:01 | 000,000,984 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011-05-11 00:37:00 | 000,001,012 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2051500310-686183470-2952983569-1000UA.job
    [2011-05-11 00:34:09 | 114,720,170 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
    [2011-05-11 00:32:53 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
    [2011-05-11 00:20:22 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011-05-11 00:15:13 | 000,012,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011-05-11 00:15:13 | 000,012,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011-05-11 00:13:12 | 000,610,094 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011-05-11 00:13:12 | 000,104,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011-05-11 00:08:11 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
    [2011-05-11 00:08:10 | 000,000,980 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011-05-11 00:08:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011-05-11 00:08:01 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys
    [2011-05-10 23:40:05 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
    [2011-05-10 23:40:05 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
    [2011-05-10 23:37:20 | 183,625,728 | ---- | M] () -- C:\Family.Guy.S09E11.HDTV.XviD-LOL.avi
    [2011-05-10 23:37:07 | 183,126,016 | ---- | M] () -- C:\Family.Guy.S09E12.HDTV.XviD-LOL.avi
    [2011-05-10 23:35:17 | 183,478,916 | ---- | M] () -- C:\Family.Guy.S09E06.HDTV.XviD-LOL.avi
    [2011-05-10 22:02:07 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\morteez\Desktop\TFC.exe
    [2011-05-10 21:44:58 | 000,339,968 | ---- | M] (Western Digital Technologies, Inc.) -- C:\Windows\System32\WDBtnMgr.exe
    [2011-05-10 21:18:18 | 000,004,806 | ---- | M] () -- C:\Users\morteez\Desktop\test.csv
    [2011-05-10 10:44:39 | 367,463,776 | ---- | M] () -- C:\Stargate.Universe.S02E20.Gauntlet.PROPER.HDTV.XviD-FQM.[VTV].avi
    [2011-05-10 10:41:01 | 366,774,680 | ---- | M] () -- C:\Castle.2009.S03E23.HDTV.XviD-LOL.avi
    [2011-05-10 10:19:58 | 182,595,936 | ---- | M] () -- C:\Mad.Love.S01E12.HDTV.XviD-LOL.avi
    [2011-05-10 10:08:57 | 183,728,020 | ---- | M] () -- C:\The.Colbert.Report.2011.05.09.Lupe.Fiasco.HDTV.XviD-FQM.[VTV].avi
    [2011-05-10 10:03:40 | 183,460,858 | ---- | M] () -- C:\The.Daily.Show.2011.05.09.Keira.Knightley.HDTV.XviD-FQM.[VTV].avi
    [2011-05-10 09:40:37 | 000,000,965 | ---- | M] () -- C:\Users\morteez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2011-05-10 00:53:35 | 000,002,284 | ---- | M] () -- C:\Users\morteez\Desktop\Google Chrome.lnk
    [2011-05-09 10:39:10 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\morteez\Desktop\mbam-setup-1.50.1.1100(1).exe
    [2011-05-09 10:36:57 | 000,000,036 | ---- | M] () -- C:\Users\morteez\AppData\Local\housecall.guid.cache
    [2011-05-09 10:36:30 | 001,914,496 | ---- | M] (Trend Micro Inc.) -- C:\Users\morteez\Desktop\HousecallLauncher.exe
    [2011-05-09 10:32:22 | 000,001,998 | ---- | M] () -- C:\Users\morteez\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011-05-08 10:54:30 | 000,000,960 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2051500310-686183470-2952983569-1000Core.job
    [2011-05-05 11:50:12 | 000,186,605 | ---- | M] () -- C:\Users\morteez\Documents\Joint Assistance Strategy for Zambia (JASZ) 2007-2010.pdf
    [2011-05-03 20:49:25 | 000,000,949 | ---- | M] () -- C:\Users\morteez\Desktop\SopCast.lnk
    [2011-05-03 20:48:48 | 005,390,580 | ---- | M] () -- C:\Users\morteez\Desktop\Setup-SopCast-3.3.2-2010-12-15(1).exe
    [2011-05-03 20:37:12 | 002,020,805 | ---- | M] () -- C:\Users\morteez\Desktop\installer_sopcast_3_3_2__Swedish.exe
    [2011-04-28 21:55:42 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2011-04-26 17:09:29 | 000,050,000 | ---- | M] () -- C:\Users\morteez\Desktop\sda.jpg
    [2011-04-26 02:11:05 | 000,015,626 | ---- | M] () -- C:\Windows\Aletta_Ocean_-_Anal_Drilled.6244727.TPB.torrent
    [2011-04-26 02:07:40 | 000,018,735 | ---- | M] () -- C:\Windows\My_Sisters_Hot_Friend_-_Aletta_Ocean.torrent
    [2011-04-26 02:05:44 | 000,011,624 | ---- | M] () -- C:\Windows\5414FB0724CC9D018AF648C58915B0978D1A58F6.torrent
    [2011-04-26 01:55:07 | 000,022,067 | ---- | M] () -- C:\Windows\Teens_Like_It_Big__-_****_You_Emo_-_Jennifer_White.wmv__.5904369.TPB.torrent
    [2011-04-26 01:43:26 | 000,012,903 | ---- | M] () -- C:\Windows\Marc_Dorcel_Alexia___Cie_[Split_Scenes_BTS].5735427.TPB.torrent
    [2011-04-21 14:22:10 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
    [2011-04-21 14:12:12 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
    [2011-04-21 13:14:48 | 000,001,216 | ---- | M] () -- C:\Users\morteez\Desktop\Spybot - Search & Destroy.lnk
    [2011-04-21 13:09:51 | 000,000,000 | ---- | M] () -- C:\Users\morteez\Desktop\Ad-Aware90Install_2011-04-19.exe
    [2011-04-21 01:42:40 | 000,102,644 | ---- | M] () -- C:\Users\morteez\Desktop\reservoir dogs.jpg
    [2011-04-20 08:47:57 | 000,001,407 | ---- | M] () -- C:\Users\morteez\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011-04-20 08:46:58 | 001,760,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011-04-20 01:25:18 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
    [2011-04-18 20:47:22 | 000,001,099 | ---- | M] () -- C:\Users\morteez\Desktop\Core Temp.lnk
    [2011-04-18 20:46:36 | 000,041,555 | ---- | M] () -- C:\Users\morteez\Desktop\mm0310.zip
    [2011-04-18 20:46:07 | 001,364,543 | ---- | M] (Arthur Liberman ) -- C:\Users\morteez\Desktop\Core-Temp-setup.exe
    [2011-04-18 12:23:39 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
    [2011-04-14 21:28:30 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSDriver.sys
    [2011-04-13 14:15:54 | 000,086,355 | ---- | M] () -- C:\Users\morteez\Documents\cv-katarina-bivald1.pdf

    ========== Files Created - No Company Name ==========

    [2011-05-11 00:32:53 | 000,000,923 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
    [2011-05-11 00:12:45 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011-05-11 00:12:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011-05-11 00:12:45 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011-05-11 00:12:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011-05-11 00:12:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011-05-11 00:08:11 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
    [2011-05-10 23:17:07 | 183,625,728 | ---- | C] () -- C:\Family.Guy.S09E11.HDTV.XviD-LOL.avi
    [2011-05-10 23:16:14 | 183,126,016 | ---- | C] () -- C:\Family.Guy.S09E12.HDTV.XviD-LOL.avi
    [2011-05-10 23:15:57 | 183,478,916 | ---- | C] () -- C:\Family.Guy.S09E06.HDTV.XviD-LOL.avi
    [2011-05-10 21:18:18 | 000,004,806 | ---- | C] () -- C:\Users\morteez\Desktop\test.csv
    [2011-05-10 10:08:25 | 367,463,776 | ---- | C] () -- C:\Stargate.Universe.S02E20.Gauntlet.PROPER.HDTV.XviD-FQM.[VTV].avi
    [2011-05-10 10:06:47 | 366,774,680 | ---- | C] () -- C:\Castle.2009.S03E23.HDTV.XviD-LOL.avi
    [2011-05-10 10:05:22 | 182,595,936 | ---- | C] () -- C:\Mad.Love.S01E12.HDTV.XviD-LOL.avi
    [2011-05-10 09:59:19 | 183,728,020 | ---- | C] () -- C:\The.Colbert.Report.2011.05.09.Lupe.Fiasco.HDTV.XviD-FQM.[VTV].avi
    [2011-05-10 09:58:24 | 183,460,858 | ---- | C] () -- C:\The.Daily.Show.2011.05.09.Keira.Knightley.HDTV.XviD-FQM.[VTV].avi
    [2011-05-10 00:53:35 | 000,002,284 | ---- | C] () -- C:\Users\morteez\Desktop\Google Chrome.lnk
    [2011-05-09 10:36:57 | 000,000,036 | ---- | C] () -- C:\Users\morteez\AppData\Local\housecall.guid.cache
    [2011-05-05 11:50:12 | 000,186,605 | ---- | C] () -- C:\Users\morteez\Documents\Joint Assistance Strategy for Zambia (JASZ) 2007-2010.pdf
    [2011-05-03 20:49:25 | 000,000,949 | ---- | C] () -- C:\Users\morteez\Desktop\SopCast.lnk
    [2011-05-03 20:48:45 | 005,390,580 | ---- | C] () -- C:\Users\morteez\Desktop\Setup-SopCast-3.3.2-2010-12-15(1).exe
    [2011-05-03 20:37:07 | 002,020,805 | ---- | C] () -- C:\Users\morteez\Desktop\installer_sopcast_3_3_2__Swedish.exe
    [2011-04-29 14:37:01 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
    [2011-04-26 17:09:29 | 000,050,000 | ---- | C] () -- C:\Users\morteez\Desktop\sda.jpg
    [2011-04-26 02:11:07 | 000,015,626 | ---- | C] () -- C:\Windows\Aletta_Ocean_-_Anal_Drilled.6244727.TPB.torrent
    [2011-04-26 02:07:41 | 000,018,735 | ---- | C] () -- C:\Windows\My_Sisters_Hot_Friend_-_Aletta_Ocean.torrent
    [2011-04-26 02:05:46 | 000,011,624 | ---- | C] () -- C:\Windows\5414FB0724CC9D018AF648C58915B0978D1A58F6.torrent
    [2011-04-26 01:55:09 | 000,022,067 | ---- | C] () -- C:\Windows\Teens_Like_It_Big__-_****_You_Emo_-_Jennifer_White.wmv__.5904369.TPB.torrent
    [2011-04-26 01:44:35 | 000,012,903 | ---- | C] () -- C:\Windows\Marc_Dorcel_Alexia___Cie_[Split_Scenes_BTS].5735427.TPB.torrent
    [2011-04-21 14:22:32 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
    [2011-04-21 14:22:32 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
    [2011-04-21 14:12:12 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
    [2011-04-21 13:14:48 | 000,001,216 | ---- | C] () -- C:\Users\morteez\Desktop\Spybot - Search & Destroy.lnk
    [2011-04-21 13:09:51 | 000,000,000 | ---- | C] () -- C:\Users\morteez\Desktop\Ad-Aware90Install_2011-04-19.exe
    [2011-04-21 01:42:38 | 000,102,644 | ---- | C] () -- C:\Users\morteez\Desktop\reservoir dogs.jpg
    [2011-04-20 01:25:18 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
    [2011-04-18 20:47:22 | 000,001,099 | ---- | C] () -- C:\Users\morteez\Desktop\Core Temp.lnk
    [2011-04-18 20:46:35 | 000,041,555 | ---- | C] () -- C:\Users\morteez\Desktop\mm0310.zip
    [2011-04-13 14:15:54 | 000,086,355 | ---- | C] () -- C:\Users\morteez\Documents\cv-katarina-bivald1.pdf
    [2011-03-13 18:16:48 | 000,004,608 | ---- | C] () -- C:\Users\morteez\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011-02-28 21:22:39 | 000,000,276 | ---- | C] () -- C:\Windows\_delis32.ini
    [2011-02-28 21:03:46 | 000,053,248 | R--- | C] () -- C:\Windows\System32\InstMed.exe
    [2011-02-28 21:03:43 | 001,317,152 | ---- | C] () -- C:\Windows\System32\drivers\lvcm.sys
    [2010-08-16 10:58:12 | 000,002,528 | ---- | C] () -- C:\Windows\FCIC.INI
    [2010-03-05 16:26:18 | 000,000,079 | ---- | C] () -- C:\Windows\ricdb.ini
    [2010-03-05 10:18:08 | 000,139,816 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
    [2010-03-04 11:28:51 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
    [2010-03-02 15:37:21 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
    [2010-02-28 19:00:59 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2010-02-28 18:05:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2009-08-03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009-08-03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
    [2009-07-31 03:58:42 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
    [2009-07-14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009-07-14 06:33:53 | 001,760,448 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2009-07-14 04:05:48 | 000,610,094 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2009-07-14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2009-07-14 04:05:48 | 000,104,412 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2009-07-14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2009-07-14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2009-07-14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2009-07-14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2009-07-14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009-07-14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2009-06-18 20:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2008-10-07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
    [2008-10-07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
    [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
    [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
    [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
    [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
    [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
    [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
    [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
    [2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
    [2008-05-06 17:18:20 | 000,000,306 | ---- | C] () -- C:\Windows\krb5.ini
    [2007-10-11 19:59:24 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
    [2007-02-03 09:59:04 | 000,050,127 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
    [2006-03-09 10:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

    ========== LOP Check ==========

    [2011-04-14 14:19:15 | 000,000,000 | ---D | M] -- C:\Users\morteez\AppData\Roaming\.minecraft
    [2011-02-17 02:20:07 | 000,000,000 | ---D | M] -- C:\Users\morteez\AppData\Roaming\Airytec
    [2010-12-04 17:12:27 | 000,000,000 | ---D | M] -- C:\Users\morteez\AppData\Roaming\AVG10
    [2010-04-04 20:58:38 | 000,000,000 | ---D | M] -- C:\Users\morteez\AppData\Roaming\AVG9
    [2010-08-17 15:44:35 | 000,000,000 | ---D | M] -- C:\Users\morteez\AppData\Roaming\DAEMON Tools Lite
    [2011-05-11 00:08:35 | 000,000,000 | ---D | M] -- C:\Users\morteez\AppData\Roaming\Dropbox
    [2011-02-28 20:14:40 | 000,000,000 | ---D | M] -- C:\Users\morteez\AppData\Roaming\Leadertech
    [2010-10-08 23:22:33 | 000,000,000 | ---D | M] -- C:\Users\morteez\AppData\Roaming\Microgaming
    [2010-03-02 21:23:59 | 000,000,000 | ---D | M] -- C:\Users\morteez\AppData\Roaming\Personal
    [2010-03-03 20:44:21 | 000,000,000 | ---D | M] -- C:\Users\morteez\AppData\Roaming\PPLive
    [2010-04-19 22:57:26 | 000,000,000 | ---D | M] -- C:\Users\morteez\AppData\Roaming\PPStream
    [2011-04-13 18:00:44 | 000,000,000 | ---D | M] -- C:\Users\morteez\AppData\Roaming\PrimoPDF
    [2011-02-17 23:00:26 | 000,000,000 | ---D | M] -- C:\Users\morteez\AppData\Roaming\Sports Interactive
    [2011-05-11 00:59:29 | 000,000,000 | ---D | M] -- C:\Users\morteez\AppData\Roaming\Spotify
    [2010-09-05 17:26:05 | 000,000,000 | ---D | M] -- C:\Users\morteez\AppData\Roaming\TweakNow RegCleaner
    [2011-05-11 00:59:26 | 000,000,000 | ---D | M] -- C:\Users\morteez\AppData\Roaming\uTorrent
    [2011-05-11 00:08:11 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
    [2011-05-10 19:32:24 | 000,023,924 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========
     
  10. morteez

    morteez TS Rookie Topic Starter

    it continues:


    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010-10-15 11:09:09 | 183,153,112 | ---- | M] () -- C:\30.Rock.S05E04.East.Live.Show.HDTV.XviD-2HD.avi
    [2011-04-10 21:18:12 | 183,477,340 | ---- | M] () -- C:\30.Rock.S05E18.HDTV.XviD-LOL.avi
    [2011-05-11 00:07:59 | 000,001,779 | ---- | M] () -- C:\aaw7boot.log
    [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2011-05-10 10:41:01 | 366,774,680 | ---- | M] () -- C:\Castle.2009.S03E23.HDTV.XviD-LOL.avi
    [2009-06-10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2010-03-23 01:37:01 | 000,000,227 | ---- | M] () -- C:\CtDrvIns.log
    [2010-03-23 01:38:01 | 000,005,527 | ---- | M] () -- C:\CtDrvStp.log
    [2011-01-16 20:38:38 | 000,145,457 | ---- | M] () -- C:\CV Morteza Pourdanandeh.pdf
    [2011-05-10 23:35:17 | 183,478,916 | ---- | M] () -- C:\Family.Guy.S09E06.HDTV.XviD-LOL.avi
    [2011-05-10 23:37:20 | 183,625,728 | ---- | M] () -- C:\Family.Guy.S09E11.HDTV.XviD-LOL.avi
    [2011-05-10 23:37:07 | 183,126,016 | ---- | M] () -- C:\Family.Guy.S09E12.HDTV.XviD-LOL.avi
    [2011-05-11 00:08:01 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys
    [2010-10-14 12:45:33 | 244,247,722 | ---- | M] () -- C:\Hung.S02E10.Even.Steven.or.Luckiest.Kid.in.Detroit.HDTV.XviD-FQM.avi
    [2010-03-01 13:07:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011-05-10 10:19:58 | 182,595,936 | ---- | M] () -- C:\Mad.Love.S01E12.HDTV.XviD-LOL.avi
    [2011-03-06 04:11:51 | 734,068,736 | ---- | M] () -- C:\MasterChef.Australia.s01e70.SDTV.xvid.avi
    [2011-03-06 13:54:54 | 735,764,480 | ---- | M] () -- C:\MasterChef.Australia.s01e72.SDTV.xvid.avi
    [2011-03-06 03:34:52 | 366,928,716 | ---- | M] () -- C:\masterchef_australia_s01e01_VeroVenlo.avi
    [2010-03-01 13:07:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2011-05-11 00:08:01 | 3219,578,880 | -HS- | M] () -- C:\pagefile.sys
    [2011-05-10 10:44:39 | 367,463,776 | ---- | M] () -- C:\Stargate.Universe.S02E20.Gauntlet.PROPER.HDTV.XviD-FQM.[VTV].avi
    [2011-05-10 23:23:48 | 000,072,232 | ---- | M] () -- C:\TDSSKiller.2.5.0.0_10.05.2011_23.22.32_log.txt
    [2011-05-10 10:08:57 | 183,728,020 | ---- | M] () -- C:\The.Colbert.Report.2011.05.09.Lupe.Fiasco.HDTV.XviD-FQM.[VTV].avi
    [2011-05-10 10:03:40 | 183,460,858 | ---- | M] () -- C:\The.Daily.Show.2011.05.09.Keira.Knightley.HDTV.XviD-FQM.[VTV].avi

    < %systemroot%\Fonts\*.com >
    [2009-07-14 06:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009-07-14 06:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009-07-14 06:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009-07-14 06:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009-06-10 23:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2009-07-14 03:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
    [2006-10-26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
    [2007-07-11 10:30:16 | 000,053,760 | ---- | M] (RICOH COMPANY, LTD.) -- C:\Windows\System32\spool\prtprocs\w32x86\RP317203.dll
    [2009-07-14 03:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010-04-17 00:21:16 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009-07-14 06:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011-04-20 08:47:57 | 000,000,221 | -HS- | M] () -- C:\Users\morteez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011-04-21 13:09:51 | 000,000,000 | ---- | M] () -- C:\Users\morteez\Desktop\Ad-Aware90Install_2011-04-19.exe
    [2010-12-04 17:15:56 | 007,461,144 | ---- | M] (AVG ) -- C:\Users\morteez\Desktop\avg_pct_stf_all_2011_23_c5(2).exe
    [2011-04-18 20:46:07 | 001,364,543 | ---- | M] (Arthur Liberman ) -- C:\Users\morteez\Desktop\Core-Temp-setup.exe
    [2011-03-23 15:38:06 | 012,716,648 | ---- | M] (Mozilla) -- C:\Users\morteez\Desktop\Firefox Setup 4.0(2).exe
    [2011-05-09 10:36:30 | 001,914,496 | ---- | M] (Trend Micro Inc.) -- C:\Users\morteez\Desktop\HousecallLauncher.exe
    [2011-05-03 20:37:12 | 002,020,805 | ---- | M] () -- C:\Users\morteez\Desktop\installer_sopcast_3_3_2__Swedish.exe
    [2011-05-10 21:56:02 | 000,886,560 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\morteez\Desktop\jxpiinstall(1).exe
    [2011-03-09 16:47:30 | 036,918,600 | ---- | M] (Creative Technology Ltd) -- C:\Users\morteez\Desktop\LC3L_PCAPP_17_3_00_35.exe
    [2011-05-09 10:39:10 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\morteez\Desktop\mbam-setup-1.50.1.1100(1).exe
    [2004-02-16 23:52:38 | 000,041,984 | ---- | M] (hexmagic) -- C:\Users\morteez\Desktop\mobmeter.exe
    [2011-05-03 20:48:48 | 005,390,580 | ---- | M] () -- C:\Users\morteez\Desktop\Setup-SopCast-3.3.2-2010-12-15(1).exe
    [2011-02-17 02:19:14 | 000,197,094 | ---- | M] () -- C:\Users\morteez\Desktop\swoff34.exe
    [2011-05-10 22:02:07 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\morteez\Desktop\TFC.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009-06-10 23:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010-08-04 20:12:42 | 000,000,402 | -HS- | M] () -- C:\Users\morteez\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0B4227B4

    < End of report >
     
  11. morteez

    morteez TS Rookie Topic Starter

    and here is the extra log:

    OTL Extras logfile created on: 2011-05-11 01:08:20 - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\morteez\Desktop\antivir
    Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

    3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
    6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 48,73 Gb Total Space | 8,95 Gb Free Space | 18,37% Space Free | Partition Type: NTFS
    Drive D: | 184,05 Gb Total Space | 3,68 Gb Free Space | 2,00% Space Free | Partition Type: NTFS
    Drive F: | 2,53 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

    Computer Name: MORTEEZ-PC | User Name: morteez | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2051500310-686183470-2952983569-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{005F78AF-110D-398A-8430-BE98950A1E22}" = Google Talk Plugin
    "{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
    "{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
    "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
    "{0E93710D-31E5-477C-8A4B-5032B484BE74}" = Windows Live inloggningsassistenten
    "{12CEE8C7-8983-4FEC-A046-3FB4AE3A691C}" = Windows Live Sync
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{230E8DDC-FB78-4F9F-8461-22ED20DBC3BA}" = AVG 2011
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 25
    "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
    "{30C4509E-2124-4743-83E8-2EDCBD39D3F7}" = Windows Live Photo Gallery
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{378809C3-3489-4BF7-8FFD-82097697502F}" = Cirrato 2.0.15
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5D652EC3-8AC0-41E7-B337-162BC7B01148}" = Retrospect Express HD 2.0
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-041D-0000-0000000FF1CE}" = Microsoft Office Proof (Swedish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9D71329D-95A5-4297-8F79-DCDBD156420A}" = Windows Live Essentials
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1053-7B44-A94000000001}" = Adobe Reader 9.4.4 - Svenska
    "{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
    "{BAFD0A0D-41E2-4238-8FD2-540D484B53E8}" = Telenor Mobilt Bredband
    "{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = TIPCI
    "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
    "{D2558EBB-1BE3-4673-8B83-A6C16CC7DB6B}" = MIT Kerberos for Windows (32-bit) 3.2.2
    "{D4E53304-1F6C-4111-9872-1BCD2CF5B642}" = AVG 2011
    "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
    "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F13225E2-6533-4923-A657-083A151E667E}" = Windows Live Messenger
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{FB4F9000-04FC-11E0-85D2-001AA037B01E}" = Google Earth Plug-in
    "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
    "{FF4E9560-6A50-478B-86D5-68D7DEFF10D1}" = Windows Live Movie Maker
    "7-Zip" = 7-Zip 4.65
    "Ad-Aware" = Ad-Aware
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Airytec Switch Off" = Airytec Switch Off
    "AVG" = AVG 2011
    "Cirrato and Kerberos by LiU_is1" = Cirrato and Kerberos by LiU
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
    "Creative Live! Central 2" = Creative Live! Central 3
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Football Manager 2011" = Football Manager 2011
    "InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = Texas Instruments PCIxx21/x515/xx12 drivers.
    "lvdrivers_11.50" = Logitech QuickCam drivrutinspaket
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Mobile Partner" = Mobile Partner
    "Mozilla Firefox 4.0.1 (x86 sv-SE)" = Mozilla Firefox 4.0.1 (x86 sv-SE)
    "Personal" = BankID Security Application 4.10.4
    "Picasa 3" = Picasa 3
    "PPLive" = PPTV V2.4.2.0010
    "PrimoPDF" = PrimoPDF -- by Nitro PDF Software
    "Revo Uninstaller" = Revo Uninstaller 1.89
    "SopCast" = SopCast 3.3.2
    "Spotify" = Spotify
    "StarCraft II" = StarCraft II
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "Tele2 Mobile Partner" = Tele2 Mobile Partner
    "The Online Trader" = The Online Trader
    "TweakNow RegCleaner_is1" = TweakNow RegCleaner
    "TVUPlayer" = TVUPlayer 2.5.2.2
    "unibetpoker (Poker)" = Unibet
    "uTorrent" = µTorrent
    "Veetle TV" = Veetle TV 0.9.18
    "Winamp" = Winamp
    "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "VLC media player" = VLC media player 1.0.5
    "Yahoo! Messenger" = Yahoo! Messenger

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2051500310-686183470-2952983569-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "Google Chrome" = Google Chrome
    "Winamp Detect" = Winamp Detector Plug-in

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 2011-05-08 07:17:11 | Computer Name = morteez-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: winamp.exe, version: 5.5.7.2830, time stamp:
    0x4b4e4d1e Faulting module name: ntdll.dll, version: 6.1.7600.16695, time stamp:
    0x4cc7ab44 Exception code: 0xc0000005 Fault offset: 0x00087e22 Faulting process id:
    0x64e4 Faulting application start time: 0x01cc0d7027af6e29 Faulting application path:
    C:\Program Files\Winamp\winamp.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: b7b5d79c-7964-11e0-bc0e-001d723782c1

    Error - 2011-05-09 09:00:53 | Computer Name = morteez-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: MSHTML.dll, version: 9.0.8112.16421, time
    stamp: 0x4d76266c Exception code: 0xc00000fd Fault offset: 0x000cb5be Faulting process
    id: 0x4ac Faulting application start time: 0x01cc0e1c8f01498c Faulting application
    path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\system32\MSHTML.dll
    Report
    Id: 5eb32eab-7a3c-11e0-bd38-001d723782c1

    Error - 2011-05-09 12:06:17 | Computer Name = morteez-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16695, time
    stamp: 0x4cc7ab44 Exception code: 0xc0000005 Fault offset: 0x0006aef7 Faulting process
    id: 0x94 Faulting application start time: 0x01cc0e4930261b82 Faulting application
    path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: 4525efa9-7a56-11e0-bd38-001d723782c1

    Error - 2011-05-09 18:49:45 | Computer Name = morteez-PC | Source = VSS | ID = 8194
    Description =

    Error - 2011-05-09 19:36:52 | Computer Name = morteez-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16695, time
    stamp: 0x4cc7ab44 Exception code: 0xc0000005 Fault offset: 0x0006aef7 Faulting process
    id: 0x1c50 Faulting application start time: 0x01cc0e6313f306f4 Faulting application
    path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: 376be480-7a95-11e0-bd38-001d723782c1

    Error - 2011-05-10 03:54:07 | Computer Name = morteez-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16695, time
    stamp: 0x4cc7ab44 Exception code: 0xc0000005 Fault offset: 0x0006aef7 Faulting process
    id: 0x4cc Faulting application start time: 0x01cc0ee53814fc93 Faulting application
    path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: ae38d218-7ada-11e0-bc03-001d723782c1

    Error - 2011-05-10 12:23:09 | Computer Name = morteez-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\program files\spybot
    - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
    - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
    in element "assemblyIdentity" is invalid.

    Error - 2011-05-10 13:32:23 | Computer Name = morteez-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16695, time
    stamp: 0x4cc7ab44 Exception code: 0xc0000005 Fault offset: 0x0006aef7 Faulting process
    id: 0x4b0 Faulting application start time: 0x01cc0f2a123fdffb Faulting application
    path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: 7661b65c-7b2b-11e0-ab37-001d723782c1

    Error - 2011-05-10 17:57:22 | Computer Name = morteez-PC | Source = VSS | ID = 8194
    Description =

    Error - 2011-05-10 17:58:54 | Computer Name = morteez-PC | Source = MsiInstaller | ID = 11306
    Description =

    [ System Events ]
    Error - 2011-05-10 18:02:45 | Computer Name = morteez-PC | Source = Service Control Manager | ID = 7034
    Description = The Process Monitor service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 2011-05-10 18:08:03 | Computer Name = morteez-PC | Source = atikmdag | ID = 52236
    Description = CPLIB :: General - Invalid Parameter

    Error - 2011-05-10 18:08:03 | Computer Name = morteez-PC | Source = atikmdag | ID = 43029
    Description = Display is not active

    Error - 2011-05-10 18:08:08 | Computer Name = morteez-PC | Source = Service Control Manager | ID = 7001
    Description = The AVGIDSAgent service depends on the AVGIDSDriver service which
    failed to start because of the following error: %%1058

    Error - 2011-05-10 18:08:08 | Computer Name = morteez-PC | Source = Service Control Manager | ID = 7000
    Description = The AVG WatchDog service failed to start due to the following error:
    %%2

    Error - 2011-05-10 18:09:22 | Computer Name = morteez-PC | Source = Service Control Manager | ID = 7034
    Description = The Process Monitor service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 2011-05-10 18:14:14 | Computer Name = morteez-PC | Source = Service Control Manager | ID = 7034
    Description = The XAudioService service terminated unexpectedly. It has done this
    1 time(s).

    Error - 2011-05-10 18:14:35 | Computer Name = morteez-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 2011-05-10 18:17:53 | Computer Name = morteez-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 2011-05-10 18:20:24 | Computer Name = morteez-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.


    < End of report >
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    That's why, you came to me :)

    We've been trying to make sure, it won't happen this time around....

    ========================================================================

    OTL log looks perfectly fine.

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  13. morteez

    morteez TS Rookie Topic Starter

    k, the eset scanner is taking a while, so I'll just post the other one now.
    also, I did the the file thing, and it was fine.
    I'll get back when the scanner is done.
    SC:

    Results of screen317's Security Check version 0.99.7
    Windows 7 (UAC is disabled!)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    AVG 2011
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Ad-Aware
    Malwarebytes' Anti-Malware
    TweakNow RegCleaner
    Java(TM) 6 Update 25
    Out of date Java installed!
    Adobe Flash Player 10.2.152.26
    Adobe Reader 9.4.4 - Svenska
    Out of date Adobe Reader installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Ad-Aware AAWService.exe is disabled!
    Ad-Aware AAWTray.exe is disabled!
    AVG avgwdsvc.exe
    AVG avgtray.exe
    AVG avgrsx.exe
    AVG avgnsx.exe
    AVG avgemc.exe
    ``````````End of Log````````````
     
  14. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    ====================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
  15. morteez

    morteez TS Rookie Topic Starter

    uninstalled adobe.
    i'm gonna do the OTL things soon, but i was wondering if I can do the rest tomorrow, since its 3:30 am and i'm sleepy :)
    so, can I do the number 2 and so on tomorrow or should I just finish it all tonight?
     
  16. morteez

    morteez TS Rookie Topic Starter

    here is the log from OTL

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: morteez
    ->Temp folder emptied: 988 bytes
    ->Temporary Internet Files folder emptied: 7058564 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 47652528 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 936 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    RecycleBin emptied: 7980 bytes

    Total Files Cleaned = 52,00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: morteez
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0,00 mb



    OTL by OldTimer - Version 3.2.22.3 log created on 05112011_033023

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  17. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Absolutely. Go to bed :)
     
  18. morteez

    morteez TS Rookie Topic Starter

    after the ESET scanner, nothing came up, so I didn't get a log, and nothing was found.
    i did the OTL removal thing as well, and also deleted everything else. also dl The Secunia PSI.
    the computer feels fine.
    I'll get back to you if I see anything else soon.
    Thanks alot for all the help.
     
  19. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Way to go!! [​IMG]
    Good luck and stay safe :)
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.