TechSpot

Need help removing rootkit

By jakobdk
Nov 8, 2010
  1. Hi,

    I am currently visiting my parents and have noticed that they seem to have a rootkit installed on their computer. I need help removing this.

    The rootkit seems to occasionally produce popups, although it doesn't happen often. They have not noticed anything else.

    I have updated all programs using Secunia PSI. I then ran a complete scan using ESET online scanner - it found two threats in Windows' temporary folder (both were deleted).

    I have read this thread: http://www.techspot.com/vb/topic155164.html
    Here it is suggested to use the Bootkit Remover program, and (if it fails) to run TDSSkiller and then once again run Bootkit Remover. I ran Bootkit Remover and it detected a rootkit. I tried using the approact from the thread mentioned above, but the fix file will not work. Bootkit Remover reports:
    CreateFile() ERROR 2
    Error: Can't open physical disc device.
    I then ran TDSSkiller, but it reports that everything is ok, and did not find any infection(s).

    So... I think I need expert help on this one. I have therefore followed the six step preliminary removal instructions.

    My parents' computer has AVG (free edition) installed.

    I will post the logs below and hope that someone more skilled than me is able to help. I will be visiting my parents until Sunday, so any solution must be found during this week (I live far from my parents, so I can't visit them often).

    ---

    MBAM log:

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5074

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    08-11-2010 16:45:23
    mbam-log-2010-11-08 (16-45-23).txt

    Scan type: Quick scan
    Objects scanned: 137918
    Time elapsed: 3 minute(s), 10 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    ----

    GMER log:

    This log was empty, as GMER did not find anything. I did press save after GMER reported that everything was OK, but the log was empty.

    ----

    DDS logs (DDS and Attach):


    DDS (Ver_10-11-08.01) - NTFS_AMD64
    Run by Schmidt at 17:18:14,06 on 08-11-2010
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.45.1030.18.1791.768 [GMT 1:00]


    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
    C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
    C:\Windows\system32\lsm.exe
    C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\SysWOW64\ezSharedSvcHost.exe
    C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\AVG\AVG9\avgemc.exe
    C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Schmidt\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.houseofmagic.dk/
    mWinlogon: Userinit=userinit.exe
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
    BHO: Hjælp til logon til Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
    mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
    mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
    mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\Users\Schmidt\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Google Sidewiki ... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    Trusted Zone: danid.dk
    Trusted Zone: danid.dk
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
    {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    {9030D464-4C02-4ABF-8ECC-5164760863C6}
    {AA58ED58-01DD-4d91-8333-CF10577473F7}
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
    {2318C2B1-4965-11d4-9B18-009027A5CD4F}
    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    mRun-x64: [FullScreen] C:\BLOCK\CFG\flexbuild\FullScreen\launchFS.cmd
    mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    mRun-x64: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    mRun-x64: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
    AppInit_DLLs-X64: avgrssta.dll

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\Schmidt\AppData\Roaming\Mozilla\Firefox\Profiles\4wv6w9o3.default\
    FF - component: C:\Program Files (x86)\AVG\AVG9\Firefox\components\avgssff.dll
    FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npmidas.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
    C:\Program Files (x86)\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");

    ============= SERVICES / DRIVERS ===============

    R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2010-8-2 269904]
    R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2010-8-2 35536]
    R1 AvgTdiA;AVG Free Network Redirector x64;C:\Windows\System32\drivers\avgtdia.sys [2010-8-2 317520]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-5-10 202752]
    R2 avg9emc;AVG Free E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2010-8-2 921952]
    R2 avg9wd;AVG Free WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-8-2 308136]
    R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
    R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-6-8 635416]
    R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atipmdag.sys [2010-5-10 6366720]
    R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-5-10 186880]
    R3 lvpepf64;Volume Adapter;C:\Windows\System32\drivers\lv302a64.sys [2007-5-9 16032]
    R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2007-5-9 50208]
    R3 netr28ux;Driver til trådløst RT2870 USB LAN-kort til Vista;C:\Windows\System32\drivers\netr28ux.sys [2009-6-10 867328]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-5-10 346144]
    S2 gupdate;Tjenesten Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-30 136176]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-31 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-7-7 17464]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-5-10 243744]
    S3 WatAdminSvc;Tjenesten Windows Aktivering;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-2 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

    =============== Created Last 30 ================

    2010-11-08 15:57:20 -------- d-----w- C:\Users\Schmidt\AppData\Roaming\AVG9
    2010-11-08 15:41:35 -------- d-----w- C:\Users\Schmidt\AppData\Roaming\Malwarebytes
    2010-11-08 15:41:29 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2010-11-08 15:41:28 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2010-11-08 15:41:28 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2010-11-08 15:41:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2010-11-08 13:50:30 -------- d-----w- C:\Program Files (x86)\ESET
    2010-11-06 15:32:08 -------- d-----w- C:\Windows\System32\drivers\NSSx64\0207030.022
    2010-11-06 15:32:08 -------- d-----w- C:\Windows\System32\drivers\NSSx64
    2010-11-06 15:32:08 -------- d-----w- C:\Program Files (x86)\Norton Security Scan
    2010-11-06 15:32:08 -------- d-----w- C:\PROGRA~3\Symantec
    2010-11-06 15:32:07 -------- d-----w- C:\Program Files (x86)\NortonInstaller
    2010-11-06 12:32:23 -------- d-----w- C:\Windows\SysWow64\Adobe
    2010-10-31 08:11:56 -------- d-----w- C:\Users\Schmidt\AppData\Roaming\Windows Live Writer
    2010-10-31 08:11:56 -------- d-----w- C:\Users\Schmidt\AppData\Local\Windows Live Writer
    2010-10-31 04:57:50 -------- d-----w- C:\Windows\da
    2010-10-31 04:57:11 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2010-10-31 04:56:08 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
    2010-10-31 04:55:23 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
    2010-10-31 04:55:23 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
    2010-10-31 04:55:23 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
    2010-10-31 04:55:23 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
    2010-10-31 04:55:20 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
    2010-10-31 04:55:20 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
    2010-10-31 04:53:49 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9a9e01c31cb78b72d\InstallManager_WLE_WLE.exe
    2010-10-31 04:53:20 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8a23fb611cb78b724\MeshBetaRemover.exe
    2010-10-31 04:52:55 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7ae42aa31cb78b71c\DSETUP.dll
    2010-10-31 04:52:55 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7ae42aa31cb78b71c\DXSETUP.exe
    2010-10-31 04:52:55 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7ae42aa31cb78b71c\dsetup32.dll
    2010-10-31 04:52:43 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\736a58491cb78b71a\DSETUP.dll
    2010-10-31 04:52:43 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\736a58491cb78b71a\DXSETUP.exe
    2010-10-31 04:52:43 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\736a58491cb78b71a\dsetup32.dll
    2010-10-31 04:51:16 -------- d-----w- C:\Users\Schmidt\AppData\Local\Windows Live
    2010-10-31 04:50:43 206848 ----a-w- C:\Windows\System32\mfps.dll
    2010-10-31 04:50:42 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
    2010-10-31 04:50:42 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
    2010-10-31 04:50:42 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
    2010-10-31 04:50:42 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
    2010-10-31 04:50:41 4068864 ----a-w- C:\Windows\System32\mf.dll
    2010-10-31 04:50:41 3181568 ----a-w- C:\Windows\SysWow64\mf.dll
    2010-10-27 03:49:53 961024 ----a-w- C:\Windows\System32\CPFilters.dll
    2010-10-27 03:49:53 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
    2010-10-27 03:49:53 552960 ----a-w- C:\Windows\System32\msdri.dll
    2010-10-27 03:49:53 288256 ----a-w- C:\Windows\System32\MSNP.ax
    2010-10-27 03:49:53 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
    2010-10-27 03:49:53 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
    2010-10-27 03:49:53 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
    2010-10-27 03:49:48 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
    2010-10-22 11:43:18 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2010-10-22 11:43:18 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2010-10-14 03:56:47 171880 ----a-w- C:\PROGRA~3\Microsoft\Windows\Sqm\Manifest\Sqm10134.bin
    2010-10-13 19:42:27 -------- d-----w- C:\06794359eaf334fa119af69407d87e

    ==================== Find3M ====================

    2010-09-22 23:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
    2010-09-22 23:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR
    2010-09-21 13:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL
    2010-09-21 13:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
    2010-09-15 03:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
    2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
    2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
    2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
    2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
    2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
    2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
    2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
    2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
    2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
    2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll
    2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
    2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
    2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll
    2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll
    2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
    2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
    2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
    2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll

    ============= FINISH: 17:18:33,45 ===============




    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-11-08.01)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 02-08-2010 13:18:46
    System Uptime: 11-08-2010 16:38:32 (2137 hours ago)

    Motherboard: FOXCONN | | 2AAF
    Processor: AMD Athlon(tm) II X2 215 Processor | CPU 1 | 2700/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 289 GiB total, 224,511 GiB free.
    D: is FIXED (NTFS) - 9 GiB total, 0,95 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP38: 08-10-2010 20:44:45 - Windows Update
    RP39: 13-10-2010 21:41:47 - Windows Update
    RP40: 21-10-2010 07:57:25 - Planlagt kontrolpunkt
    RP41: 27-10-2010 09:14:44 - Avg Update
    RP42: 27-10-2010 22:01:57 - Windows Update
    RP43: 31-10-2010 05:50:19 - Windows Update
    RP44: 31-10-2010 10:20:56 - HPSF Restore Point
    RP45: 03-11-2010 17:44:38 - HPSF Restore Point
    RP46: 08-11-2010 13:39:51 - Installed Java(TM) 6 Update 22
    RP47: 08-11-2010 14:46:01 - Removed Adobe Reader 9.4.0 - Dansk.
    RP48: 08-11-2010 16:07:27 - Installed 7-Zip 4.65 (x64 edition)

    ==== Installed Programs ======================


    ActiveCheck component for HP Active Support Library
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Shockwave Player 11.5
    Agatha Christie - Death on the Nile
    AVG Free 9.0
    Bejeweled 2 Deluxe
    Blasterball 3
    Bus Driver
    Canon IJ Network Scan Utility
    Canon IJ Network Tool
    Canon Inkjet Printer/Scanner/Fax Extended Survey Program
    Canon MP Navigator EX 3.0
    Canon MP640 series Brugerregistrering
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities My Printer
    Canon Utilities Solution Menu
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CD-LabelPrint
    Chuzzle Deluxe
    csp
    D3DX10
    Digital Signatur
    Diner Dash 2 Restaurant Rescue
    Dream Chronicles
    ESET Online Scanner v3
    FATE
    Foxit Reader
    Gem Shop
    Google Chrome
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    HP Customer Experience Enhancements
    HP Game Console
    HP Games
    HP Odometer
    HP Support Assistant
    HP Support Information
    HP Update
    HPAsset component for HP Active Support Library
    Insaniquarium Deluxe
    Java Auto Updater
    Java(TM) 6 Update 22
    Jewel Quest II
    Jewel Quest Solitaire
    Junk Mail filter update
    king.com (remove only)
    Kompatibilitetspakke til Office 2007-systemet
    LabelPrint
    LightScribe System Software
    Magic Desktop
    Mahjongg Artifacts
    Malwarebytes' Anti-Malware
    Mesh Runtime
    Messenger Companion
    Microsoft Office PowerPoint Viewer 2007 (Danish)
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Mozilla Firefox (3.6.12)
    MSVCRT
    MSVCRT_amd64
    Mystery P.I. - The Vegas Heist
    Norton Security Scan
    OpenOffice.org 3.2
    PDF Complete Special Edition
    Penguins!
    Photoshop 7
    Pixeline
    Polar Bowler
    Power2Go
    Prøveversion af Microsoft Office Home and Student 2007
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Recovery Manager
    Secunia PSI
    Silke
    Skype™ 4.2
    Slingo Deluxe
    Virtual Villagers - The Secret City
    Visual C++ 8.0 Runtime Setup Package (x64)
    VLC media player 1.1.4
    Wedding Dash
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX-objekt til fjernforbindelser
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    Zuma Deluxe

    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Welcome aboard [​IMG]

    Never attempt to follow any advice from other topics, because every computer is unique.

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.
     
  3. jakobdk

    jakobdk TS Rookie Topic Starter

    Thanks for the reply :)

    I ran the program as administrator and have attached the log file here:


    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: FOXCONN
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer: Hewlett-Packard
    System Product Name: SG3-110SC
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 176):
    0x02A55000 \SystemRoot\system32\ntoskrnl.exe
    0x02A0C000 \SystemRoot\system32\hal.dll
    0x00B89000 \SystemRoot\system32\kdcom.dll
    0x00C8B000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    0x00C98000 \SystemRoot\system32\PSHED.dll
    0x00CAC000 \SystemRoot\system32\CLFS.SYS
    0x00D0A000 \SystemRoot\system32\CI.dll
    0x00EAB000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00F4F000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00F5E000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x00FB5000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x00FBE000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x00FC8000 \SystemRoot\system32\DRIVERS\pci.sys
    0x00E00000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00E0D000 \SystemRoot\System32\drivers\partmgr.sys
    0x00E22000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00E37000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00DCA000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00E93000 \SystemRoot\system32\DRIVERS\amdsata.sys
    0x00C00000 \SystemRoot\system32\DRIVERS\storport.sys
    0x00C62000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x01045000 \SystemRoot\system32\drivers\fltmgr.sys
    0x01091000 \SystemRoot\system32\drivers\fileinfo.sys
    0x0123E000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x010A5000 \SystemRoot\System32\Drivers\msrpc.sys
    0x013E1000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x01103000 \SystemRoot\System32\Drivers\cng.sys
    0x01200000 \SystemRoot\System32\drivers\pcw.sys
    0x01211000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x01467000 \SystemRoot\system32\drivers\ndis.sys
    0x01559000 \SystemRoot\system32\drivers\NETIO.SYS
    0x015B9000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01602000 \SystemRoot\System32\drivers\tcpip.sys
    0x01400000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01176000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x0144A000 \SystemRoot\System32\Drivers\spldr.sys
    0x011C2000 \SystemRoot\System32\drivers\rdyboost.sys
    0x01452000 \SystemRoot\System32\Drivers\mup.sys
    0x015E4000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x01000000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x0121B000 \SystemRoot\system32\DRIVERS\disk.sys
    0x0185D000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x018CC000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x018F6000 \SystemRoot\System32\Drivers\Null.SYS
    0x018FF000 \SystemRoot\System32\Drivers\Beep.SYS
    0x01906000 \SystemRoot\System32\drivers\vga.sys
    0x01914000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x01939000 \SystemRoot\System32\drivers\watchdog.sys
    0x01949000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x01952000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x0195B000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x01964000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x0196F000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x01980000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x0199E000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x019AB000 \SystemRoot\System32\Drivers\avgtdia.sys
    0x01800000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x03A4D000 \SystemRoot\system32\drivers\afd.sys
    0x03AD7000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x03AE0000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x03B06000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x03B1C000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x03B2B000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x03B46000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x03B5A000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x03BAB000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x03BB7000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x03BC2000 \SystemRoot\System32\drivers\discache.sys
    0x03BD1000 \SystemRoot\System32\Drivers\dfsc.sys
    0x03BEF000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x03A00000 \SystemRoot\System32\Drivers\avgmfx64.sys
    0x03C58000 \SystemRoot\System32\Drivers\avgldx64.sys
    0x03C9F000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x03CC5000 \SystemRoot\system32\DRIVERS\amdppm.sys
    0x03CDA000 \SystemRoot\system32\DRIVERS\atikmpag.sys
    0x03E8D000 \SystemRoot\system32\DRIVERS\atipmdag.sys
    0x044F1000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x03E00000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x03D0E000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
    0x03E46000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x03D65000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x03E51000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x03E62000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x045E5000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x045EE000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x03DBB000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x03DD1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x03C00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x03C0C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x03C3B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x03A08000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x03A29000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x01845000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x015ED000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x045FE000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x0487E000 \SystemRoot\system32\DRIVERS\ks.sys
    0x048C1000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x048D3000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x0492D000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x04CFC000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x04F34000 \SystemRoot\system32\drivers\portcls.sys
    0x04F71000 \SystemRoot\system32\drivers\drmk.sys
    0x04F93000 \SystemRoot\system32\drivers\ksthunk.sys
    0x00000000 \SystemRoot\System32\win32k.sys
    0x04F99000 \SystemRoot\System32\drivers\Dxapi.sys
    0x04FA5000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x04FB3000 \SystemRoot\System32\Drivers\dump_diskdump.sys
    0x04FBD000 \SystemRoot\System32\Drivers\dump_amdsata.sys
    0x04FD1000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x04FE4000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x04C00000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x04C19000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x04C22000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x04C24000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x0245B000 \SystemRoot\system32\DRIVERS\netr28ux.sys
    0x02537000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x02544000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x02551000 \SystemRoot\system32\DRIVERS\LVUSBS64.sys
    0x0267D000 \SystemRoot\system32\DRIVERS\LV302V64.SYS
    0x0278F000 \SystemRoot\system32\DRIVERS\lv302a64.sys
    0x02792000 \SystemRoot\system32\drivers\usbaudio.sys
    0x027AD000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x027BB000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x00530000 \SystemRoot\System32\TSDDD.dll
    0x006D0000 \SystemRoot\System32\cdd.dll
    0x027C9000 \SystemRoot\system32\drivers\luafv.sys
    0x02600000 \SystemRoot\system32\drivers\WudfPf.sys
    0x02621000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x0255C000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x02636000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x02649000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x04649000 \SystemRoot\system32\drivers\HTTP.sys
    0x04711000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x0472F000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x04747000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x04774000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x047C2000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x04C41000 \SystemRoot\system32\drivers\peauth.sys
    0x047E5000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x04600000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x0462D000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x0494F000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x05602000 \SystemRoot\System32\DRIVERS\srv.sys
    0x0573A000 \??\C:\Users\Schmidt\AppData\Local\Temp\esihdrv.sys
    0x77090000 \Windows\System32\ntdll.dll
    0x484C0000 \Windows\System32\smss.exe
    0xFF3B0000 \Windows\System32\apisetschema.dll
    0xFFBD0000 \Windows\System32\autochk.exe
    0xFE610000 \Windows\System32\shell32.dll
    0xFE570000 \Windows\System32\msvcrt.dll
    0xFE550000 \Windows\System32\sechost.dll
    0xFE540000 \Windows\System32\nsi.dll
    0xFE2E0000 \Windows\System32\iertutil.dll
    0xFE270000 \Windows\System32\gdi32.dll
    0xFE140000 \Windows\System32\rpcrt4.dll
    0xFE130000 \Windows\System32\lpk.dll
    0x77260000 \Windows\System32\psapi.dll
    0xFE020000 \Windows\System32\msctf.dll
    0xFDF50000 \Windows\System32\usp10.dll
    0x76F90000 \Windows\System32\user32.dll
    0xFDE70000 \Windows\System32\oleaut32.dll
    0xFDCF0000 \Windows\System32\urlmon.dll
    0xFDC70000 \Windows\System32\difxapi.dll
    0xFDB90000 \Windows\System32\advapi32.dll
    0xFDB40000 \Windows\System32\Wldap32.dll
    0xFDA10000 \Windows\System32\wininet.dll
    0x77250000 \Windows\System32\normaliz.dll
    0xFD970000 \Windows\System32\comdlg32.dll
    0xFD790000 \Windows\System32\setupapi.dll
    0xFD740000 \Windows\System32\ws2_32.dll
    0xFD530000 \Windows\System32\ole32.dll
    0xFD490000 \Windows\System32\clbcatq.dll
    0xFD470000 \Windows\System32\imagehlp.dll
    0x76E70000 \Windows\System32\kernel32.dll
    0xFD3F0000 \Windows\System32\shlwapi.dll
    0xFD3C0000 \Windows\System32\imm32.dll

    Processes (total 60):
    0 System Idle Process
    4 System
    272 C:\Windows\System32\smss.exe
    404 csrss.exe
    484 C:\Windows\System32\wininit.exe
    504 csrss.exe
    512 C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
    520 C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
    584 C:\Windows\System32\services.exe
    604 C:\Windows\System32\lsass.exe
    612 C:\Windows\System32\lsm.exe
    640 C:\Windows\System32\winlogon.exe
    720 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    816 C:\Windows\System32\svchost.exe
    108 C:\Windows\System32\svchost.exe
    380 C:\Windows\System32\atiesrxx.exe
    964 C:\Windows\System32\svchost.exe
    1052 C:\Windows\System32\svchost.exe
    1084 C:\Windows\System32\svchost.exe
    1196 C:\Windows\System32\svchost.exe
    1292 C:\Windows\System32\svchost.exe
    1416 C:\Windows\System32\atieclxx.exe
    1524 C:\Windows\System32\spoolsv.exe
    1552 C:\Windows\System32\svchost.exe
    1736 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    1896 C:\Windows\System32\taskhost.exe
    2012 C:\Windows\SysWOW64\ezSharedSvcHost.exe
    1148 C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
    1240 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    1484 C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    1852 C:\Windows\System32\svchost.exe
    2136 C:\Windows\System32\dwm.exe
    2168 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2176 C:\Windows\explorer.exe
    2416 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    2580 C:\Program Files (x86)\AVG\AVG9\avgemc.exe
    2636 C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
    2888 C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
    2392 C:\Windows\System32\svchost.exe
    3084 C:\Windows\System32\svchost.exe
    3352 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    3512 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    3544 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    3624 C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    3684 C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    3692 C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
    3708 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    4056 C:\Windows\System32\SearchIndexer.exe
    3180 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3156 C:\Windows\System32\svchost.exe
    4216 dllhost.exe
    4548 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    4664 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    1860 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    5048 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    4208 C:\Windows\System32\SearchProtocolHost.exe
    6140 C:\Windows\System32\SearchFilterHost.exe
    6096 C:\Users\Schmidt\Desktop\MBRCheck.exe
    1596 C:\Windows\System32\conhost.exe
    4140 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06507e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000048`28600000 (NTFS)

    PhysicalDrive0 Model Number: WDCWD3200AAJS-60Z0A0, Rev: 03.03E03

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: FD32BFBB6B937A8EE2C6B7CF9EDBB28988C59346


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!
     
  4. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    It looks like there is something wrong with your MBR...

    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)

    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.
    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 2 to overwrite the infected MBR Code with the Windows 7 MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.
    Once rebooted, run MBRCheck again and post its log.
     
  5. jakobdk

    jakobdk TS Rookie Topic Starter

    Thanks for the instructions.

    I burned the CD-ROM and booted from it, but I get an error message:
    EMM386:no XMS handler found, required
    something failed - driver aborted

    Please advice as to what I should do.
     
  6. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    OK, we'll try different way...

    If you have Vista/7 DVD...

    start with step 2

    If you don't have Vista/7 DVD...

    1. Create Vista/7 Recovery Disc.

    Option 1 :
    Vista: http://www.c4consulting.com.au/soluctions/vista/VISTA SOLUCTIONS.htm
    Windows 7: http://www.guidingtech.com/3816/system-repair-recovery-disc-windows-7/

    Option 2:
    Download Vista Recovery Disc iso image: http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/
    Download Windows 7 Recovery Disc iso image: http://neosmart.net/blog/2009/windows-7-system-repair-discs/
    Burn it to CD, or DVD: http://neosmart.net/wiki/display/G/Burning+ISO+Images+to+a+CD+or+DVD

    2. Boot from created disk.

    Vista users. At first screen click on Repair your computer:
    [​IMG]

    Windows 7 users. At first screen click on Install now:
    [​IMG]
    Select your language and click next:
    [​IMG]
    Click the button for "Use recovery tools":
    [​IMG]

    The following applies to both, Vista and Windows 7 users.

    This will bring you to a new screen where the repair process will look for all Windows Vista/7 installations on your computer. When done you will be presented with the System Recovery Options dialog box:
    [​IMG]
    After this, it will present you with a list of options including startup repair, system restore and command prompt:
    [​IMG]
    Select Command Prompt

    Type in:
    bootrec /FixMbr (<--- there is a "space" after "bootrec")
    and then press Enter

    Once completed then type Exit, press Enter and restart computer.

    Post fresh MBRCheck log.
     
  7. jakobdk

    jakobdk TS Rookie Topic Starter

    Thank you for taking the time to help me :)

    I created a recovery disc (Windows 7) using option 1 from your list.

    I booted from it and followed your instructions. I was told that the operation completed succesfully. I then rebooted the computer and ran MBRCheck. I have copied the log here:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: FOXCONN
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer: Hewlett-Packard
    System Product Name: SG3-110SC
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 183):
    0x02A18000 \SystemRoot\system32\ntoskrnl.exe
    0x02FF4000 \SystemRoot\system32\hal.dll
    0x00BB8000 \SystemRoot\system32\kdcom.dll
    0x00C53000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    0x00C60000 \SystemRoot\system32\PSHED.dll
    0x00C74000 \SystemRoot\system32\CLFS.SYS
    0x00CD2000 \SystemRoot\system32\CI.dll
    0x00EA5000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00F49000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00F58000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x00FAF000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x00FB8000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x00FC2000 \SystemRoot\system32\DRIVERS\pci.sys
    0x00E00000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00E0D000 \SystemRoot\System32\drivers\partmgr.sys
    0x00E22000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00E37000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00D92000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00DAC000 \SystemRoot\system32\DRIVERS\amdsata.sys
    0x01058000 \SystemRoot\system32\DRIVERS\storport.sys
    0x010BA000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x010C5000 \SystemRoot\system32\drivers\fltmgr.sys
    0x01111000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01259000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x01125000 \SystemRoot\System32\Drivers\msrpc.sys
    0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x01183000 \SystemRoot\System32\Drivers\cng.sys
    0x0121A000 \SystemRoot\System32\drivers\pcw.sys
    0x0122B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x01412000 \SystemRoot\system32\drivers\ndis.sys
    0x01504000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01564000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01602000 \SystemRoot\System32\drivers\tcpip.sys
    0x0158F000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01000000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x015D9000 \SystemRoot\System32\Drivers\spldr.sys
    0x00DC0000 \SystemRoot\System32\drivers\rdyboost.sys
    0x015E1000 \SystemRoot\System32\Drivers\mup.sys
    0x015F3000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x00C00000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x01235000 \SystemRoot\system32\DRIVERS\disk.sys
    0x0184B000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x018BA000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x018E4000 \SystemRoot\System32\Drivers\Null.SYS
    0x018ED000 \SystemRoot\System32\Drivers\Beep.SYS
    0x018F4000 \SystemRoot\System32\drivers\vga.sys
    0x01902000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x01927000 \SystemRoot\System32\drivers\watchdog.sys
    0x01937000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x01940000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x01949000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x01952000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x0195D000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x0196E000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x0198C000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x01999000 \SystemRoot\System32\Drivers\avgtdia.sys
    0x01800000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x03A57000 \SystemRoot\system32\drivers\afd.sys
    0x03AE1000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x03AEA000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x03B10000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x03B26000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x03B35000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x03B50000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x03B64000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x03BB5000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x03BC1000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x03BCC000 \SystemRoot\System32\drivers\discache.sys
    0x03BDB000 \SystemRoot\System32\Drivers\dfsc.sys
    0x03A00000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x03A11000 \SystemRoot\System32\Drivers\avgmfx64.sys
    0x03E23000 \SystemRoot\System32\Drivers\avgldx64.sys
    0x03E6A000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x03E90000 \SystemRoot\system32\DRIVERS\amdppm.sys
    0x03EA5000 \SystemRoot\system32\DRIVERS\atikmpag.sys
    0x0484E000 \SystemRoot\system32\DRIVERS\atipmdag.sys
    0x04EB2000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x04FA6000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x03ED9000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
    0x04FEC000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x03F30000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x04800000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x04811000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x04835000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x0483E000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x03F86000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x03F9C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x03FC0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x03FCC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x03E00000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x03A19000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x03A3A000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x019EA000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x01400000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x04FF7000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x03C2D000 \SystemRoot\system32\DRIVERS\ks.sys
    0x03C70000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x03C82000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x03CDC000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x0406E000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x042A6000 \SystemRoot\system32\drivers\portcls.sys
    0x042E3000 \SystemRoot\system32\drivers\drmk.sys
    0x04305000 \SystemRoot\system32\drivers\ksthunk.sys
    0x000F0000 \SystemRoot\System32\win32k.sys
    0x0430B000 \SystemRoot\System32\drivers\Dxapi.sys
    0x04317000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x04325000 \SystemRoot\System32\Drivers\dump_diskdump.sys
    0x0432F000 \SystemRoot\System32\Drivers\dump_amdsata.sys
    0x04343000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x04356000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x04364000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x0437D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x04386000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x04388000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x03CFE000 \SystemRoot\system32\DRIVERS\netr28ux.sys
    0x043A5000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x043B2000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x043BF000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x043CD000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x0403F000 \SystemRoot\system32\DRIVERS\LVUSBS64.sys
    0x0246C000 \SystemRoot\system32\DRIVERS\LV302V64.SYS
    0x0257E000 \SystemRoot\system32\DRIVERS\lv302a64.sys
    0x02581000 \SystemRoot\system32\drivers\usbaudio.sys
    0x005B0000 \SystemRoot\System32\TSDDD.dll
    0x007C0000 \SystemRoot\System32\cdd.dll
    0x0259C000 \SystemRoot\system32\drivers\luafv.sys
    0x025BF000 \SystemRoot\system32\drivers\WudfPf.sys
    0x025E0000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x02400000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x02453000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x0404A000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x038FA000 \SystemRoot\system32\drivers\HTTP.sys
    0x039C2000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x039E0000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x03800000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x0382D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x0387B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x0521B000 \SystemRoot\system32\drivers\peauth.sys
    0x052C1000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x052CC000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x052F9000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x0530B000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x05855000 \SystemRoot\System32\DRIVERS\srv.sys
    0x77500000 \Windows\System32\ntdll.dll
    0x47E60000 \Windows\System32\smss.exe
    0xFF820000 \Windows\System32\apisetschema.dll
    0xFFD20000 \Windows\System32\autochk.exe
    0xFF770000 \Windows\System32\msvcrt.dll
    0xFF720000 \Windows\System32\Wldap32.dll
    0xFF6A0000 \Windows\System32\difxapi.dll
    0xFF670000 \Windows\System32\imm32.dll
    0x773E0000 \Windows\System32\kernel32.dll
    0xFF620000 \Windows\System32\ws2_32.dll
    0xFF4A0000 \Windows\System32\urlmon.dll
    0xFF490000 \Windows\System32\nsi.dll
    0xFF410000 \Windows\System32\shlwapi.dll
    0xFF330000 \Windows\System32\advapi32.dll
    0xFF0D0000 \Windows\System32\iertutil.dll
    0xFF060000 \Windows\System32\gdi32.dll
    0xFF050000 \Windows\System32\lpk.dll
    0xFF030000 \Windows\System32\sechost.dll
    0xFEE20000 \Windows\System32\ole32.dll
    0xFEC40000 \Windows\System32\setupapi.dll
    0x772E0000 \Windows\System32\user32.dll
    0xFEBA0000 \Windows\System32\clbcatq.dll
    0xFEAD0000 \Windows\System32\usp10.dll
    0xFEAB0000 \Windows\System32\imagehlp.dll
    0xFE980000 \Windows\System32\rpcrt4.dll
    0xFE8A0000 \Windows\System32\oleaut32.dll
    0x776D0000 \Windows\System32\psapi.dll
    0xFDB10000 \Windows\System32\shell32.dll
    0xFDA70000 \Windows\System32\comdlg32.dll
    0xFD960000 \Windows\System32\msctf.dll
    0xFD830000 \Windows\System32\wininet.dll
    0x776C0000 \Windows\System32\normaliz.dll
    0xFD7F0000 \Windows\System32\wintrust.dll
    0xFD7D0000 \Windows\System32\devobj.dll
    0xFD660000 \Windows\System32\crypt32.dll
    0xFD5F0000 \Windows\System32\KernelBase.dll
    0xFD5B0000 \Windows\System32\cfgmgr32.dll
    0xFD510000 \Windows\System32\comctl32.dll
    0xFD500000 \Windows\System32\msasn1.dll
    0x776B0000 \Windows\SysWOW64\normaliz.dll

    Processes (total 61):
    0 System Idle Process
    4 System
    272 C:\Windows\System32\smss.exe
    404 csrss.exe
    500 C:\Windows\System32\wininit.exe
    520 C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
    528 csrss.exe
    536 C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
    600 C:\Windows\System32\services.exe
    624 C:\Windows\System32\lsass.exe
    632 C:\Windows\System32\lsm.exe
    656 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    712 C:\Windows\System32\winlogon.exe
    936 C:\Windows\System32\svchost.exe
    1008 C:\Windows\System32\svchost.exe
    468 C:\Windows\System32\atiesrxx.exe
    868 C:\Windows\System32\svchost.exe
    352 C:\Windows\System32\svchost.exe
    1048 C:\Windows\System32\svchost.exe
    1128 C:\Windows\System32\audiodg.exe
    1204 C:\Windows\System32\svchost.exe
    1236 C:\Windows\System32\atieclxx.exe
    1360 C:\Windows\System32\svchost.exe
    1608 C:\Windows\System32\spoolsv.exe
    1620 C:\Windows\System32\taskeng.exe
    1676 C:\Windows\System32\svchost.exe
    1760 C:\Windows\System32\taskhost.exe
    1848 C:\Windows\System32\dwm.exe
    1952 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    1992 C:\Windows\explorer.exe
    1264 C:\Windows\SysWOW64\ezSharedSvcHost.exe
    1256 C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
    1148 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    2080 C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    2144 C:\Windows\System32\svchost.exe
    2180 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2372 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    2476 C:\Program Files (x86)\AVG\AVG9\avgemc.exe
    2552 C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
    2928 C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
    2328 C:\Windows\servicing\TrustedInstaller.exe
    2620 C:\Windows\System32\svchost.exe
    2840 C:\Windows\System32\svchost.exe
    3292 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    3356 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    3376 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    3388 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    3460 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    3480 C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    3496 C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    3512 C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
    3528 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    4036 C:\Windows\System32\SearchIndexer.exe
    3056 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3452 C:\Windows\System32\SearchProtocolHost.exe
    3400 C:\Windows\System32\SearchFilterHost.exe
    1140 C:\Windows\System32\svchost.exe
    2000 WmiPrvSE.exe
    3920 C:\Users\Schmidt\Desktop\MBRCheck.exe
    3908 C:\Windows\System32\conhost.exe
    3956 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06507e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000048`28600000 (NTFS)

    PhysicalDrive0 Model Number: WDCWD3200AAJS-60Z0A0, Rev: 03.03E03

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


    Done!
     
  8. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Excellent job :)

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  9. jakobdk

    jakobdk TS Rookie Topic Starter

    I followed your instructions. TDSSKiller reported no infections. I have copied the report here:

    2010/11/08 23:52:38.0827 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
    2010/11/08 23:52:38.0827 ================================================================================
    2010/11/08 23:52:38.0827 SystemInfo:
    2010/11/08 23:52:38.0827
    2010/11/08 23:52:38.0827 OS Version: 6.1.7600 ServicePack: 0.0
    2010/11/08 23:52:38.0827 Product type: Workstation
    2010/11/08 23:52:38.0827 ComputerName: STATIONAER
    2010/11/08 23:52:38.0827 UserName: Schmidt
    2010/11/08 23:52:38.0827 Windows directory: C:\Windows
    2010/11/08 23:52:38.0827 System windows directory: C:\Windows
    2010/11/08 23:52:38.0827 Running under WOW64
    2010/11/08 23:52:38.0827 Processor architecture: Intel x64
    2010/11/08 23:52:38.0827 Number of processors: 2
    2010/11/08 23:52:38.0827 Page size: 0x1000
    2010/11/08 23:52:38.0827 Boot type: Normal boot
    2010/11/08 23:52:38.0827 ================================================================================
    2010/11/08 23:52:38.0827 Utility is running under WOW64
    2010/11/08 23:52:39.0076 Initialize success
    2010/11/08 23:52:45.0051 ================================================================================
    2010/11/08 23:52:45.0051 Scan started
    2010/11/08 23:52:45.0051 Mode: Manual;
    2010/11/08 23:52:45.0051 ================================================================================
    2010/11/08 23:52:45.0878 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
    2010/11/08 23:52:45.0940 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
    2010/11/08 23:52:45.0987 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
    2010/11/08 23:52:46.0018 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    2010/11/08 23:52:46.0081 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    2010/11/08 23:52:46.0127 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    2010/11/08 23:52:46.0190 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
    2010/11/08 23:52:46.0237 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
    2010/11/08 23:52:46.0283 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
    2010/11/08 23:52:46.0330 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
    2010/11/08 23:52:46.0361 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    2010/11/08 23:52:46.0517 amdkmdag (1147f8816d4ddc9fc43a40df52f40500) C:\Windows\system32\DRIVERS\atipmdag.sys
    2010/11/08 23:52:46.0673 amdkmdap (ebc963d8f5b04c98f5ef597aae79cddd) C:\Windows\system32\DRIVERS\atikmpag.sys
    2010/11/08 23:52:46.0705 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    2010/11/08 23:52:46.0736 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
    2010/11/08 23:52:46.0783 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    2010/11/08 23:52:46.0814 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
    2010/11/08 23:52:46.0861 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    2010/11/08 23:52:46.0923 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    2010/11/08 23:52:46.0939 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    2010/11/08 23:52:46.0970 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    2010/11/08 23:52:47.0017 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    2010/11/08 23:52:47.0126 AvgLdx64 (b447db072bf939db9e07bef2adf4ecbd) C:\Windows\system32\Drivers\avgldx64.sys
    2010/11/08 23:52:47.0173 AvgMfx64 (405baabbb48f9176e220020b1a77c47b) C:\Windows\system32\Drivers\avgmfx64.sys
    2010/11/08 23:52:47.0204 AvgTdiA (ce90aec358a809e7bce6bb0f1da84622) C:\Windows\system32\Drivers\avgtdia.sys
    2010/11/08 23:52:47.0251 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    2010/11/08 23:52:47.0313 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    2010/11/08 23:52:47.0375 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    2010/11/08 23:52:47.0438 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    2010/11/08 23:52:47.0453 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
    2010/11/08 23:52:47.0500 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2010/11/08 23:52:47.0516 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2010/11/08 23:52:47.0563 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    2010/11/08 23:52:47.0609 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    2010/11/08 23:52:47.0656 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2010/11/08 23:52:47.0687 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    2010/11/08 23:52:47.0719 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    2010/11/08 23:52:47.0765 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    2010/11/08 23:52:47.0797 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
    2010/11/08 23:52:47.0843 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    2010/11/08 23:52:47.0984 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    2010/11/08 23:52:48.0046 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    2010/11/08 23:52:48.0077 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
    2010/11/08 23:52:48.0109 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
    2010/11/08 23:52:48.0140 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    2010/11/08 23:52:48.0171 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2010/11/08 23:52:48.0233 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    2010/11/08 23:52:48.0296 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
    2010/11/08 23:52:48.0327 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    2010/11/08 23:52:48.0358 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    2010/11/08 23:52:48.0405 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    2010/11/08 23:52:48.0452 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
    2010/11/08 23:52:48.0545 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    2010/11/08 23:52:48.0717 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    2010/11/08 23:52:48.0764 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
    2010/11/08 23:52:48.0951 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    2010/11/08 23:52:48.0998 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    2010/11/08 23:52:49.0060 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    2010/11/08 23:52:49.0091 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    2010/11/08 23:52:49.0123 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    2010/11/08 23:52:49.0138 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    2010/11/08 23:52:49.0169 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    2010/11/08 23:52:49.0201 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    2010/11/08 23:52:49.0247 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
    2010/11/08 23:52:49.0279 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    2010/11/08 23:52:49.0310 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
    2010/11/08 23:52:49.0341 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2010/11/08 23:52:49.0403 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    2010/11/08 23:52:49.0435 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2010/11/08 23:52:49.0466 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    2010/11/08 23:52:49.0481 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    2010/11/08 23:52:49.0513 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    2010/11/08 23:52:49.0544 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    2010/11/08 23:52:49.0669 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
    2010/11/08 23:52:49.0731 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    2010/11/08 23:52:49.0778 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    2010/11/08 23:52:49.0825 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    2010/11/08 23:52:49.0856 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
    2010/11/08 23:52:49.0903 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    2010/11/08 23:52:49.0981 IntcAzAudAddService (c0ae19e528afef42d22e00e20bb1d1f7) C:\Windows\system32\drivers\RTKVHD64.sys
    2010/11/08 23:52:50.0012 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
    2010/11/08 23:52:50.0043 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    2010/11/08 23:52:50.0090 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2010/11/08 23:52:50.0121 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    2010/11/08 23:52:50.0137 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    2010/11/08 23:52:50.0152 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    2010/11/08 23:52:50.0183 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
    2010/11/08 23:52:50.0215 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
    2010/11/08 23:52:50.0246 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    2010/11/08 23:52:50.0277 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
    2010/11/08 23:52:50.0308 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
    2010/11/08 23:52:50.0339 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
    2010/11/08 23:52:50.0371 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    2010/11/08 23:52:50.0433 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    2010/11/08 23:52:50.0480 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2010/11/08 23:52:50.0511 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2010/11/08 23:52:50.0542 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2010/11/08 23:52:50.0573 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2010/11/08 23:52:50.0605 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    2010/11/08 23:52:50.0651 lvpepf64 (4cb64d7458abd8396bcd389a69c8fc80) C:\Windows\system32\DRIVERS\lv302a64.sys
    2010/11/08 23:52:50.0683 LVUSBS64 (0034f69d0007d3f77f6b96fa51228e85) C:\Windows\system32\DRIVERS\LVUSBS64.sys
    2010/11/08 23:52:50.0729 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    2010/11/08 23:52:50.0761 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    2010/11/08 23:52:50.0792 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    2010/11/08 23:52:50.0823 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    2010/11/08 23:52:50.0870 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    2010/11/08 23:52:50.0901 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    2010/11/08 23:52:50.0917 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    2010/11/08 23:52:50.0963 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
    2010/11/08 23:52:50.0979 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    2010/11/08 23:52:51.0010 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    2010/11/08 23:52:51.0041 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2010/11/08 23:52:51.0057 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2010/11/08 23:52:51.0073 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2010/11/08 23:52:51.0104 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
    2010/11/08 23:52:51.0119 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
    2010/11/08 23:52:51.0166 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    2010/11/08 23:52:51.0182 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    2010/11/08 23:52:51.0213 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
    2010/11/08 23:52:51.0244 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    2010/11/08 23:52:51.0260 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    2010/11/08 23:52:51.0275 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    2010/11/08 23:52:51.0307 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    2010/11/08 23:52:51.0353 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    2010/11/08 23:52:51.0369 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    2010/11/08 23:52:51.0400 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    2010/11/08 23:52:51.0431 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    2010/11/08 23:52:51.0463 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    2010/11/08 23:52:51.0509 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    2010/11/08 23:52:51.0572 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    2010/11/08 23:52:51.0603 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    2010/11/08 23:52:51.0634 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    2010/11/08 23:52:51.0650 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2010/11/08 23:52:51.0681 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    2010/11/08 23:52:51.0697 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    2010/11/08 23:52:51.0728 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    2010/11/08 23:52:51.0790 netr28ux (618c55b392238b9467f9113e13525c49) C:\Windows\system32\DRIVERS\netr28ux.sys
    2010/11/08 23:52:51.0853 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    2010/11/08 23:52:51.0884 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    2010/11/08 23:52:51.0899 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    2010/11/08 23:52:51.0946 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
    2010/11/08 23:52:51.0993 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    2010/11/08 23:52:52.0040 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
    2010/11/08 23:52:52.0055 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
    2010/11/08 23:52:52.0102 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
    2010/11/08 23:52:52.0133 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
    2010/11/08 23:52:52.0165 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    2010/11/08 23:52:52.0211 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
    2010/11/08 23:52:52.0227 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
    2010/11/08 23:52:52.0258 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
    2010/11/08 23:52:52.0289 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    2010/11/08 23:52:52.0321 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    2010/11/08 23:52:52.0352 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    2010/11/08 23:52:52.0430 PID_PEPI (37ea62238e17ae88e4713d9246ca1c1c) C:\Windows\system32\DRIVERS\LV302V64.SYS
    2010/11/08 23:52:52.0523 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    2010/11/08 23:52:52.0555 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    2010/11/08 23:52:52.0586 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    2010/11/08 23:52:52.0633 PSI (b490d659791ab9dd83328541ebc4ef33) C:\Windows\system32\DRIVERS\psi_mf.sys
    2010/11/08 23:52:52.0679 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    2010/11/08 23:52:52.0773 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    2010/11/08 23:52:52.0804 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    2010/11/08 23:52:52.0835 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    2010/11/08 23:52:52.0867 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2010/11/08 23:52:52.0898 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2010/11/08 23:52:52.0929 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    2010/11/08 23:52:52.0945 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    2010/11/08 23:52:52.0976 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    2010/11/08 23:52:53.0069 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    2010/11/08 23:52:53.0085 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2010/11/08 23:52:53.0132 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    2010/11/08 23:52:53.0163 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    2010/11/08 23:52:53.0179 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
    2010/11/08 23:52:53.0210 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    2010/11/08 23:52:53.0257 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    2010/11/08 23:52:53.0303 RSUSBSTOR (79bad3e977966af21df982def5a99c76) C:\Windows\system32\Drivers\RtsUStor.sys
    2010/11/08 23:52:53.0350 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
    2010/11/08 23:52:53.0397 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
    2010/11/08 23:52:53.0428 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    2010/11/08 23:52:53.0475 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    2010/11/08 23:52:53.0506 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    2010/11/08 23:52:53.0537 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    2010/11/08 23:52:53.0569 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    2010/11/08 23:52:53.0615 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
    2010/11/08 23:52:53.0631 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    2010/11/08 23:52:53.0647 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2010/11/08 23:52:53.0662 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    2010/11/08 23:52:53.0709 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2010/11/08 23:52:53.0787 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    2010/11/08 23:52:53.0881 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    2010/11/08 23:52:53.0912 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    2010/11/08 23:52:53.0959 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
    2010/11/08 23:52:54.0005 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
    2010/11/08 23:52:54.0052 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
    2010/11/08 23:52:54.0083 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    2010/11/08 23:52:54.0130 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    2010/11/08 23:52:54.0224 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
    2010/11/08 23:52:54.0302 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
    2010/11/08 23:52:54.0349 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    2010/11/08 23:52:54.0380 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    2010/11/08 23:52:54.0395 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    2010/11/08 23:52:54.0442 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    2010/11/08 23:52:54.0473 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
    2010/11/08 23:52:54.0536 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2010/11/08 23:52:54.0583 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    2010/11/08 23:52:54.0614 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    2010/11/08 23:52:54.0645 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
    2010/11/08 23:52:54.0692 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
    2010/11/08 23:52:54.0739 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
    2010/11/08 23:52:54.0785 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    2010/11/08 23:52:54.0848 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
    2010/11/08 23:52:54.0879 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
    2010/11/08 23:52:54.0910 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
    2010/11/08 23:52:54.0926 usbehci (df9f9afc9aaabd8ed47975d44e38169a) C:\Windows\system32\DRIVERS\usbehci.sys
    2010/11/08 23:52:54.0973 usbhub (372a91bc3c6603080a793880b0873785) C:\Windows\system32\DRIVERS\usbhub.sys
    2010/11/08 23:52:54.0988 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    2010/11/08 23:52:55.0035 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    2010/11/08 23:52:55.0051 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2010/11/08 23:52:55.0082 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    2010/11/08 23:52:55.0129 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
    2010/11/08 23:52:55.0160 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    2010/11/08 23:52:55.0191 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    2010/11/08 23:52:55.0222 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
    2010/11/08 23:52:55.0238 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
    2010/11/08 23:52:55.0269 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
    2010/11/08 23:52:55.0300 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    2010/11/08 23:52:55.0331 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
    2010/11/08 23:52:55.0363 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    2010/11/08 23:52:55.0394 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    2010/11/08 23:52:55.0409 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    2010/11/08 23:52:55.0456 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    2010/11/08 23:52:55.0487 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/11/08 23:52:55.0503 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/11/08 23:52:55.0565 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    2010/11/08 23:52:55.0597 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    2010/11/08 23:52:55.0659 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    2010/11/08 23:52:55.0690 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    2010/11/08 23:52:55.0768 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2010/11/08 23:52:55.0831 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    2010/11/08 23:52:55.0862 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
    2010/11/08 23:52:55.0893 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2010/11/08 23:52:55.0940 ================================================================================
    2010/11/08 23:52:55.0940 Scan finished
    2010/11/08 23:52:55.0940 ================================================================================
     
  10. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Very good :)

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  11. jakobdk

    jakobdk TS Rookie Topic Starter

    OK :)

    I ran OTL quick scan with the lines you wrote in red copied to the Custom Scans/Fixes box (I did not touch anything else). The first report is copied here (I post the second report in a separate post as the combined text was too long for one post):

    The OTL.txt report:

    OTL logfile created on: 08/11/2010 23:58:28 - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Schmidt\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000809 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
    3.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 288.53 Gb Total Space | 223.74 Gb Free Space | 77.54% Space Free | Partition Type: NTFS
    Drive D: | 9.46 Gb Total Space | 0.95 Gb Free Space | 10.04% Space Free | Partition Type: NTFS

    Computer Name: STATIONAER | User Name: Schmidt | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/08 23:57:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Schmidt\Desktop\OTL.exe
    PRC - [2010/10/05 07:05:55 | 002,067,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    PRC - [2010/08/30 09:29:12 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2010/08/03 08:36:15 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
    PRC - [2010/08/02 13:16:23 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
    PRC - [2010/08/02 13:15:53 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    PRC - [2010/01/25 11:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
    PRC - [2009/10/14 14:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    PRC - [2009/05/19 17:39:44 | 000,136,544 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
    PRC - [2009/02/10 08:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    PRC - [2008/11/20 09:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/11/08 23:57:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Schmidt\Desktop\OTL.exe
    MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\ezSharedSvcHost.exe -- (ezSharedSvc)
    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/02/02 00:17:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
    SRV - [2010/08/03 08:36:15 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
    SRV - [2010/08/02 13:15:53 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
    SRV - [2010/07/28 22:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2009/10/14 14:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
    SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/02/10 08:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2010/08/02 13:17:01 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
    DRV:64bit: - [2010/08/02 13:16:57 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
    DRV:64bit: - [2010/08/02 13:16:56 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
    DRV:64bit: - [2010/07/07 15:05:32 | 000,017,464 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
    DRV:64bit: - [2010/04/09 00:12:00 | 000,243,744 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2010/03/04 14:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/02/02 00:55:20 | 006,366,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
    DRV:64bit: - [2010/02/01 23:24:00 | 000,186,880 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2009/10/08 01:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/10/08 01:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 21:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
    DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2007/05/09 20:50:48 | 000,050,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
    DRV:64bit: - [2007/05/09 20:46:48 | 001,127,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
    DRV:64bit: - [2007/05/09 20:46:36 | 000,016,032 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQCON/5
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/CQCON/5
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQCON/5
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/CQCON/5

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQCON/5
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.houseofmagic.dk/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.863
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
    FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.73
    FF - prefs.js..extensions.enabledItems: omiazad@msn.com:1.0.5
    FF - prefs.js..extensions.enabledItems: {FFA36170-80B1-4535-B0E3-A4569E497DD0}:3.0.3
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

    FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/10/27 08:15:27 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/08 14:30:48 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/08 14:46:32 | 000,000,000 | ---D | M]

    [2010/08/02 13:54:36 | 000,000,000 | ---D | M] -- C:\Users\Schmidt\AppData\Roaming\mozilla\Extensions
    [2010/11/08 16:39:58 | 000,000,000 | ---D | M] -- C:\Users\Schmidt\AppData\Roaming\mozilla\Firefox\Profiles\4wv6w9o3.default\extensions
    [2010/09/12 19:39:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schmidt\AppData\Roaming\mozilla\Firefox\Profiles\4wv6w9o3.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
    [2010/09/12 19:39:11 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Schmidt\AppData\Roaming\mozilla\Firefox\Profiles\4wv6w9o3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/08/03 20:20:28 | 000,000,000 | ---D | M] (Mouse Gestures Redox) -- C:\Users\Schmidt\AppData\Roaming\mozilla\Firefox\Profiles\4wv6w9o3.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
    [2010/08/03 20:16:40 | 000,000,000 | ---D | M] -- C:\Users\Schmidt\AppData\Roaming\mozilla\Firefox\Profiles\4wv6w9o3.default\extensions\omiazad@msn.com
    [2010/08/13 21:30:16 | 000,004,855 | ---- | M] () -- C:\Users\Schmidt\AppData\Roaming\Mozilla\FireFox\Profiles\4wv6w9o3.default\searchplugins\google-images.xml
    [2010/08/13 16:00:47 | 000,001,504 | ---- | M] () -- C:\Users\Schmidt\AppData\Roaming\Mozilla\FireFox\Profiles\4wv6w9o3.default\searchplugins\imdb.xml
    [2010/08/13 16:00:17 | 000,004,140 | ---- | M] () -- C:\Users\Schmidt\AppData\Roaming\Mozilla\FireFox\Profiles\4wv6w9o3.default\searchplugins\youtube.xml
    [2010/11/08 16:34:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
    [2010/08/02 15:05:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/11/08 13:41:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2010/09/11 14:47:19 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
    [2010/03/08 11:24:04 | 000,103,168 | ---- | M] (Midasplayer Ltd) -- C:\Program Files (x86)\mozilla firefox\plugins\npmidas.dll
    [2010/11/08 14:30:44 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-co-uk.xml
    [2010/11/08 14:30:45 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-da.xml
    [2010/11/08 14:30:45 | 000,001,102 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-dk.xml

    O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
    O4:64bit: - HKLM..\Run: [FullScreen] C:\BLOCK\CFG\flexbuild\FullScreen\launchFS.cmd File not found
    O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
    O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
    O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
    O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - Startup: C:\Users\Schmidt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8:64bit: - Extra context menu item: Google Sidewiki ... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
    O8 - Extra context menu item: Google Sidewiki ... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15:64bit: - ..Trusted Domains: danid.dk ([]http in Trusted sites)
    O15:64bit: - ..Trusted Domains: danid.dk ([]https in Trusted sites)
    O15 - HKLM\..Trusted Domains: danid.dk ([]http in Trusted sites)
    O15 - HKLM\..Trusted Domains: danid.dk ([]https in Trusted sites)
    O15 - HKCU\..Trusted Domains: danid.dk ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: danid.dk ([]https in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.162.153.164 192.168.0.1
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/08 23:57:01 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Schmidt\Desktop\OTL.exe
    [2010/11/08 23:51:44 | 001,330,776 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Schmidt\Desktop\TDSSKiller.exe
    [2010/11/08 17:40:12 | 000,000,000 | ---D | C] -- C:\Users\Schmidt\Desktop\jakob
    [2010/11/08 16:57:20 | 000,000,000 | ---D | C] -- C:\Users\Schmidt\AppData\Roaming\AVG9
    [2010/11/08 16:41:35 | 000,000,000 | ---D | C] -- C:\Users\Schmidt\AppData\Roaming\Malwarebytes
    [2010/11/08 16:41:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/11/08 16:41:28 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/11/08 16:41:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/11/08 16:41:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2010/11/08 16:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
    [2010/11/08 14:50:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2010/11/08 14:46:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2010/11/06 16:32:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
    [2010/11/06 16:32:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64
    [2010/11/06 16:32:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan
    [2010/11/06 16:32:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64\0207030.022
    [2010/11/06 16:32:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
    [2010/11/06 13:32:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
    [2010/10/31 09:11:56 | 000,000,000 | ---D | C] -- C:\Users\Schmidt\AppData\Roaming\Windows Live Writer
    [2010/10/31 09:11:56 | 000,000,000 | ---D | C] -- C:\Users\Schmidt\AppData\Local\Windows Live Writer
    [2010/10/31 05:57:50 | 000,000,000 | ---D | C] -- C:\Windows\da
    [2010/10/31 05:57:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    [2010/10/31 05:56:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
    [2010/10/31 05:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
    [2010/10/31 05:51:16 | 000,000,000 | ---D | C] -- C:\Users\Schmidt\AppData\Local\Windows Live
    [2010/10/24 16:42:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
    [2010/10/13 20:42:27 | 000,000,000 | ---D | C] -- C:\06794359eaf334fa119af69407d87e

    ========== Files - Modified Within 30 Days ==========

    [2010/11/08 23:57:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Schmidt\Desktop\OTL.exe
    [2010/11/08 23:51:32 | 001,215,581 | ---- | M] () -- C:\Users\Schmidt\Desktop\tdsskiller.zip
    [2010/11/08 23:46:00 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010/11/08 23:39:30 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/11/08 23:39:30 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/11/08 23:36:29 | 001,240,086 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/11/08 23:36:29 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/11/08 23:36:29 | 000,461,038 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat
    [2010/11/08 23:36:29 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/11/08 23:36:29 | 000,076,536 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat
    [2010/11/08 23:32:21 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010/11/08 23:32:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/11/08 23:32:10 | 1408,720,896 | -HS- | M] () -- C:\hiberfil.sys
    [2010/11/08 23:05:28 | 000,000,007 | ---- | M] () -- C:\Users\Schmidt\Desktop\Nyt RTF-dokument.rtf
    [2010/11/08 22:29:06 | 000,080,384 | ---- | M] () -- C:\Users\Schmidt\Desktop\MBRCheck.exe
    [2010/11/08 19:01:11 | 000,000,502 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Schmidt.job
    [2010/11/08 13:39:02 | 067,359,366 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
    [2010/11/08 10:55:10 | 001,330,776 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Schmidt\Desktop\TDSSKiller.exe
    [2010/11/06 18:18:54 | 000,002,350 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2010/11/06 16:32:08 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NSSx64\0207030.022\isolate.ini
    [2010/11/01 13:53:33 | 000,000,000 | ---- | M] () -- C:\Users\Schmidt\temp.dat
    [2010/10/31 11:04:52 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
    [2010/10/14 04:45:16 | 000,341,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

    ========== Files Created - No Company Name ==========

    [2010/11/08 23:51:29 | 001,215,581 | ---- | C] () -- C:\Users\Schmidt\Desktop\tdsskiller.zip
    [2010/11/08 23:05:28 | 000,000,007 | ---- | C] () -- C:\Users\Schmidt\Desktop\Nyt RTF-dokument.rtf
    [2010/11/08 22:29:06 | 000,080,384 | ---- | C] () -- C:\Users\Schmidt\Desktop\MBRCheck.exe
    [2010/11/06 16:32:12 | 000,000,502 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Schmidt.job
    [2010/11/06 16:32:08 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSSx64\0207030.022\isolate.ini
    [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

    ========== LOP Check ==========

    [2010/11/08 16:57:20 | 000,000,000 | ---D | M] -- C:\Users\Schmidt\AppData\Roaming\AVG9
    [2010/08/03 12:52:24 | 000,000,000 | ---D | M] -- C:\Users\Schmidt\AppData\Roaming\Canon
    [2010/08/02 17:35:40 | 000,000,000 | ---D | M] -- C:\Users\Schmidt\AppData\Roaming\Cryptomathic
    [2010/09/11 14:48:45 | 000,000,000 | ---D | M] -- C:\Users\Schmidt\AppData\Roaming\Foxit Software
    [2010/08/02 15:03:31 | 000,000,000 | ---D | M] -- C:\Users\Schmidt\AppData\Roaming\OpenOffice.org
    [2010/10/06 13:26:57 | 000,000,000 | ---D | M] -- C:\Users\Schmidt\AppData\Roaming\Template
    [2010/08/14 11:12:33 | 000,000,000 | ---D | M] -- C:\Users\Schmidt\AppData\Roaming\WildTangent
    [2010/08/03 16:08:04 | 000,000,000 | ---D | M] -- C:\Users\Schmidt\AppData\Roaming\WinBatch
    [2010/11/03 11:14:48 | 000,000,000 | ---D | M] -- C:\Users\Schmidt\AppData\Roaming\Windows Live Writer
    [2010/10/31 11:04:52 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
    [2010/11/07 05:56:00 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/05/10 02:42:38 | 000,002,492 | RHS- | M] () -- C:\DPC10PNSUMW661.INI
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2010/11/08 23:32:10 | 1408,720,896 | -HS- | M] () -- C:\hiberfil.sys
    [2010/08/03 16:13:27 | 000,004,797 | ---- | M] () -- C:\HPSA.log
    [2007/11/07 07:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe
    [2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 07:44:20 | 000,075,280 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 07:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 07:44:20 | 000,090,128 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 07:44:20 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 07:44:20 | 000,094,224 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 07:44:20 | 000,080,400 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 07:44:20 | 000,078,864 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 07:44:20 | 000,074,768 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 07:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2010/11/08 23:32:10 | 1878,298,624 | -HS- | M] () -- C:\pagefile.sys
    [2010/11/08 16:28:55 | 000,059,182 | ---- | M] () -- C:\TDSSKiller.2.4.7.0_08.11.2010_16.28.02_log.txt
    [2010/11/08 23:57:51 | 000,059,182 | ---- | M] () -- C:\TDSSKiller.2.4.7.0_08.11.2010_23.52.38_log.txt
    [2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 07:50:40 | 001,927,956 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 07:53:12 | 000,242,176 | ---- | M] () -- C:\VC_RED.MSI

    < %systemroot%\Fonts\*.com >
    [2009/07/14 06:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 06:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 06:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 06:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 21:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/09/23 00:32:56 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/08/02 12:52:13 | 000,000,221 | -HS- | M] () -- C:\Users\Schmidt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/11/08 22:29:06 | 000,080,384 | ---- | M] () -- C:\Users\Schmidt\Desktop\MBRCheck.exe
    [2010/11/08 23:57:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Schmidt\Desktop\OTL.exe
    [2010/11/08 10:55:10 | 001,330,776 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Schmidt\Desktop\TDSSKiller.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 22:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/08/03 12:29:54 | 000,000,402 | -HS- | M] () -- C:\Users\Schmidt\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  12. jakobdk

    jakobdk TS Rookie Topic Starter

    The Extras.txt report:

    OTL Extras logfile created on: 08/11/2010 23:58:28 - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Schmidt\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000809 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
    3.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 288.53 Gb Total Space | 223.74 Gb Free Space | 77.54% Space Free | Partition Type: NTFS
    Drive D: | 9.46 Gb Total Space | 0.95 Gb Free Space | 10.04% Space Free | Partition Type: NTFS

    Computer Name: STATIONAER | User Name: Schmidt | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series" = Canon MP640 series MP Drivers
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
    "{8BADD53C-3A6D-4D22-B8C5-56ACD699C17D}" = Digital Signatur
    "{948B1FD6-9F98-47EE-AABF-8697F2FD44B0}" = ccc-utility64
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{D0F8B50E-0D86-4E49-9540-DF785CCAC5A5}" = Windows Live Family Safety
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{E50A5077-1654-BEAE-986B-7B7133DA7C48}" = ATI Catalyst Install Manager
    "{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
    "PC-Doctor for Windows" = Hardware Diagnostic Tools

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{08235411-48C8-A293-8642-D9575891E7D9}" = Catalyst Control Center InstallProxy
    "{08548558-3EC9-BD0B-3D09-632500268F59}" = CCC Help Portuguese
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
    "{137B2CE7-30A2-4836-0830-707F1010F517}" = CCC Help English
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1E87F5D4-3502-4F8E-86A5-61DE5AAD1060}" = Windows Live UX Platform Language Pack
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{25F2A86D-E2E2-C2AD-8173-86C18632F214}" = CCC Help Chinese Traditional
    "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 22
    "{2842077A-7895-5310-4F0C-42C83501E770}" = CCC Help Thai
    "{2ACAB850-69A5-8090-08B7-D27CC6D8652C}" = CCC Help German
    "{2BAD00A4-7FD1-61C5-10C3-8275723943AD}" = CCC Help Danish
    "{2BF943D5-1468-589A-50E3-DD0ED6596022}" = Catalyst Control Center Graphics Full New
    "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34DB1D69-9FFC-7899-6F4D-22C4C15ADD54}" = CCC Help Polish
    "{3D5A4684-26F8-4F06-93D7-009954F28AC6}" = OpenOffice.org 3.2
    "{3F310D8D-AC3B-5478-5AEA-D2EF5D7437E7}" = CCC Help Swedish
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
    "{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
    "{595007B2-E139-535C-D723-4B0442FC40F5}" = CCC Help Italian
    "{5A21C631-0494-7377-1E3B-99353E04F83B}" = CCC Help Japanese
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{695C04CF-CF98-FAD6-9590-6C555B2E2E79}" = CCC Help Chinese Standard
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6F277272-77D6-1E03-B8BB-B408B26C5140}" = CCC Help Czech
    "{7240A994-0ED4-4841-AD3B-5E5F72850F67}" = Catalyst Control Center Graphics Previews Vista
    "{781E0319-15CD-4A4C-A47E-D9FFF697E7A1}" = Messenger Companion
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{7C66E480-E42D-3664-B207-5CE9A706BC1F}" = Catalyst Control Center Graphics Light
    "{7CAAA7B2-D9EA-2416-9D63-DDBC8E669059}" = CCC Help French
    "{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
    "{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{84B4C4F4-F244-6A7E-EDC6-ECD46ACAAE59}" = CCC Help Greek
    "{8628121F-843D-4564-BD62-A9B639D5B822}" = csp
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8BADD53C-3A6D-4D22-B8C5-56ACD699C17D}" = Digital Signatur
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0020-0406-0000-0000000FF1CE}" = Kompatibilitetspakke til Office 2007-systemet
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00AF-0406-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Danish)
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AF4A82A7-F453-CE12-A942-E55FAC234387}" = ccc-core-static
    "{B238D61F-3EEF-4716-BFEA-9903DEF045D9}" = Microsoft Works
    "{B5B7E8FF-62F6-FA85-4C4A-83AAF816CE6E}" = CCC Help Spanish
    "{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}" = HP Support Assistant
    "{B8089767-9A45-0E84-FCDE-15698650FF17}" = CCC Help Hungarian
    "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
    "{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C9496C0E-BE4C-7800-900B-5E66B958AEC1}" = CCC Help Russian
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
    "{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
    "{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
    "{EB1A6595-613F-9654-E58E-0876F8B0E8F3}" = Catalyst Control Center Localization All
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EDD1E22B-249A-5ED7-BA0A-C41BAA8256ED}" = CCC Help Korean
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F252C428-A4AE-C73E-031A-C451FDD660A9}" = CCC Help Norwegian
    "{F67EA3C6-38B0-675A-E2F9-8C343DE1C826}" = Catalyst Control Center Graphics Full Existing
    "{F686E613-03C4-085F-188A-9E5DC1455787}" = CCC Help Turkish
    "{F7F7626C-4612-BF7B-38D5-07E247973A1A}" = Catalyst Control Center Core Implementation
    "{F8CA8746-F561-61D7-A496-8D4C4E1F8A57}" = CCC Help Dutch
    "{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
    "{FCDDC9D3-5524-9AD1-651C-467910CC1903}" = CCC Help Finnish
    "{FEFA2963-5192-420F-B984-A7CC0D8DD8DA}" = Photoshop 7
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "AVG9Uninstall" = AVG Free 9.0
    "Canon MP640 series Brugerregistrering" = Canon MP640 series Brugerregistrering
    "Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
    "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
    "CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
    "CanonMyPrinter" = Canon Utilities My Printer
    "CanonSolutionMenu" = Canon Utilities Solution Menu
    "EasyBits Magic Desktop" = Magic Desktop
    "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
    "ESET Online Scanner" = ESET Online Scanner v3
    "Foxit Reader" = Foxit Reader
    "Google Chrome" = Google Chrome
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "king.com" = king.com (remove only)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "MediaNavigation.CDLabelPrint" = CD-LabelPrint
    "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
    "MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
    "My HP Game Console" = HP Game Console
    "NSS" = Norton Security Scan
    "OfficeTrial" = Prøveversion af Microsoft Office Home and Student 2007
    "PDF Complete" = PDF Complete Special Edition
    "Pixeline" = Pixeline
    "Secunia PSI" = Secunia PSI
    "Silke" = Silke
    "VLC media player" = VLC media player 1.1.4
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite" = Windows Live Essentials
    "WT082124" = Blasterball 3
    "WT082141" = FATE
    "WT082168" = Penguins!
    "WT082172" = Polar Bowler
    "WT082192" = Bejeweled 2 Deluxe
    "WT082200" = Chuzzle Deluxe
    "WT082222" = Insaniquarium Deluxe
    "WT082241" = Virtual Villagers - The Secret City
    "WT082246" = Zuma Deluxe
    "WT082396" = Diner Dash 2 Restaurant Rescue
    "WT082409" = Mahjongg Artifacts
    "WT082414" = Mystery P.I. - The Vegas Heist
    "WT082422" = Wedding Dash
    "WT082427" = Slingo Deluxe
    "WT082439" = Bus Driver
    "WT083492" = Agatha Christie - Death on the Nile
    "WT083510" = Jewel Quest Solitaire
    "WT083514" = Jewel Quest II
    "WT083521" = Dream Chronicles
    "WT083529" = Gem Shop

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Digital Signatur" = Digital Signatur

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
     
  13. jakobdk

    jakobdk TS Rookie Topic Starter

    Hmm... I posted the OTL report as well, but was told that my post would not be visible until a moderator had approved it.
     
  14. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    I just did. Hold on...
     
  15. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O4 - HKLM..\Run: [] File not found
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =====================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  16. jakobdk

    jakobdk TS Rookie Topic Starter

    I ran OTL with the fixes you posted. The report is copied below (I will now proceed with the three last scans described in your previous post and will report back when they are done):

    All processes killed
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    User: Schmidt
    ->Temp folder emptied: 479218 bytes
    ->Temporary Internet Files folder emptied: 8665004 bytes
    ->Java cache emptied: 8611294 bytes
    ->FireFox cache emptied: 106065377 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 1017 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 8040 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 8343936 bytes

    Total Files Cleaned = 126.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: Schmidt
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 11092010_001903

    Files\Folders moved on Reboot...
    C:\Users\Schmidt\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...
     
  17. jakobdk

    jakobdk TS Rookie Topic Starter

    Okay, I'm back :)

    1. I ran Security Check and will post the log below
    2. I ran TFC. It wanted to restart the computer, so I did
    3. Finally I deactivated AVG and ran the Eset scanner. It found no threats, thus no report. I then reenabled AVG.

    The Security Check log:

    Results of screen317's Security Check version 0.99.5
    Windows 7 (UAC is disabled!)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    AVG Free 9.0
    ESET Online Scanner v3
    WMI entry may not exist for antivirus; attempting automatic update.
    AVG9 successfully updated!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 22
    Out of date Java installed!
    Adobe Flash Player 10.1.102.64
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    AVG avgwdsvc.exe
    AVG avgtray.exe
    AVG avgemc.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
     
  18. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how is your computer doing.
     
  19. jakobdk

    jakobdk TS Rookie Topic Starter

    THANK YOU!!!

    I ran OTL with the restore point fix and will post the log below. I will then proceed with the other steps and get bv
    back as soon as I'm done :)

    The OTL log:

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    User: Schmidt
    ->Temp folder emptied: 397 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 33085377 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2650 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 32.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: Schmidt
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.17.3 log created on 11092010_014105

    Files\Folders moved on Reboot...
    C:\Users\Schmidt\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...
     
  20. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Cool :).....
     
  21. jakobdk

    jakobdk TS Rookie Topic Starter

    Okay, I'm back :)

    I have installed all the programs (FileHippo Update, WOT etc.) and have set Secunia PSI and the FileHippo Checker to run at startup. Tomorrow I will then talk my parents through the programs (it is around 2.30 AM in Denmark at the moment).

    One last thing, though:
    Just to make sure, I ran Bootkit Remover (the program that started all this fuzz), and it still reports an infected MBR ("PhysicalDrive0 Controlled by rootkit!" "Boot code on some of your physical discs is hidden by a rootkit.").

    I then ran MBRCheck and it said everything is OK (the MBR is standard Windows 7). I have copied the log below.

    I still think that there was a rootkit in the MBR in the beginning (since MBRCheck also reported a suspicious MBR), but I'm beginning to suspect, that the latest check done with Bootkit Remover is a false positive in some way. Could it be, that this program (that I chose to use on my own initiative, and that you did not ask me to use, I should add) is not compatible with Windows 7 64bit?

    Please advice if you think I should do anything further :)

    The latest MBRCheck log:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: FOXCONN
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer: Hewlett-Packard
    System Product Name: SG3-110SC
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 183):
    0x02A1E000 \SystemRoot\system32\ntoskrnl.exe
    0x02FFA000 \SystemRoot\system32\hal.dll
    0x00BC0000 \SystemRoot\system32\kdcom.dll
    0x00C01000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    0x00C0E000 \SystemRoot\system32\PSHED.dll
    0x00C22000 \SystemRoot\system32\CLFS.SYS
    0x00C80000 \SystemRoot\system32\CI.dll
    0x00D40000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00DE4000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00E84000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x00EDB000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x00EE4000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x00EEE000 \SystemRoot\system32\DRIVERS\pci.sys
    0x00F21000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00F2E000 \SystemRoot\System32\drivers\partmgr.sys
    0x00F43000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00F58000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00FB4000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00FCE000 \SystemRoot\system32\DRIVERS\amdsata.sys
    0x00E00000 \SystemRoot\system32\DRIVERS\storport.sys
    0x00E62000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x01030000 \SystemRoot\system32\drivers\fltmgr.sys
    0x0107C000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01219000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x01090000 \SystemRoot\System32\Drivers\msrpc.sys
    0x013BC000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x010EE000 \SystemRoot\System32\Drivers\cng.sys
    0x013D6000 \SystemRoot\System32\drivers\pcw.sys
    0x013E7000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x0148E000 \SystemRoot\system32\drivers\ndis.sys
    0x01580000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01400000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01601000 \SystemRoot\System32\drivers\tcpip.sys
    0x0142B000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01161000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x01475000 \SystemRoot\System32\Drivers\spldr.sys
    0x011AD000 \SystemRoot\System32\drivers\rdyboost.sys
    0x015E0000 \SystemRoot\System32\Drivers\mup.sys
    0x015F2000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x01898000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x018D2000 \SystemRoot\system32\DRIVERS\disk.sys
    0x018E8000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x01957000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x01981000 \SystemRoot\System32\Drivers\Null.SYS
    0x0198A000 \SystemRoot\System32\Drivers\Beep.SYS
    0x01991000 \SystemRoot\System32\drivers\vga.sys
    0x0199F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x019C4000 \SystemRoot\System32\drivers\watchdog.sys
    0x019D4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x019DD000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x019E6000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x019EF000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x01800000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x01811000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x0182F000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x0183C000 \SystemRoot\System32\Drivers\avgtdia.sys
    0x02C9B000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x02CE0000 \SystemRoot\system32\drivers\afd.sys
    0x02D6A000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x02D73000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x02D99000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x02DAF000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x02DBE000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x02DD9000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x02C00000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x02C51000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x02C5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x02C68000 \SystemRoot\System32\drivers\discache.sys
    0x02C77000 \SystemRoot\System32\Drivers\dfsc.sys
    0x02DED000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x0188D000 \SystemRoot\System32\Drivers\avgmfx64.sys
    0x03A20000 \SystemRoot\System32\Drivers\avgldx64.sys
    0x03A67000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x03A8D000 \SystemRoot\system32\DRIVERS\amdppm.sys
    0x03AA2000 \SystemRoot\system32\DRIVERS\atikmpag.sys
    0x048BF000 \SystemRoot\system32\DRIVERS\atipmdag.sys
    0x03AD6000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x04F23000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x04F69000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
    0x04FC0000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x04800000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x04856000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x04867000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x0488B000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x04894000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x048A4000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x04FCB000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x04FEF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x03BCA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x03A00000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x01000000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x00FE2000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x0147D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x013F1000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x04FFB000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x03CCF000 \SystemRoot\system32\DRIVERS\ks.sys
    0x03D12000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x03D24000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x03D7E000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x042D5000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x0450D000 \SystemRoot\system32\drivers\portcls.sys
    0x0454A000 \SystemRoot\system32\drivers\drmk.sys
    0x0456C000 \SystemRoot\system32\drivers\ksthunk.sys
    0x04572000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x04580000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x04599000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x045A2000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x045A4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x045C1000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x045CF000 \SystemRoot\System32\Drivers\dump_diskdump.sys
    0x045D9000 \SystemRoot\System32\Drivers\dump_amdsata.sys
    0x045ED000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x050F9000 \SystemRoot\system32\DRIVERS\netr28ux.sys
    0x051D5000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x051E2000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x051EF000 \SystemRoot\system32\DRIVERS\LVUSBS64.sys
    0x0526E000 \SystemRoot\system32\DRIVERS\LV302V64.SYS
    0x05380000 \SystemRoot\system32\DRIVERS\lv302a64.sys
    0x05383000 \SystemRoot\system32\drivers\usbaudio.sys
    0x00090000 \SystemRoot\System32\win32k.sys
    0x0539E000 \SystemRoot\System32\drivers\Dxapi.sys
    0x053AA000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x053B8000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x005D0000 \SystemRoot\System32\TSDDD.dll
    0x00620000 \SystemRoot\System32\cdd.dll
    0x053C6000 \SystemRoot\system32\drivers\luafv.sys
    0x05200000 \SystemRoot\system32\drivers\WudfPf.sys
    0x05221000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x05000000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x05236000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x05249000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x04200000 \SystemRoot\system32\drivers\HTTP.sys
    0x05053000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x05071000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x05089000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x03DA0000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x050B6000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x03C00000 \SystemRoot\system32\drivers\peauth.sys
    0x05261000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x01918000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x053E9000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x062AE000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x06315000 \SystemRoot\System32\DRIVERS\srv.sys
    0x06271000 \SystemRoot\system32\DRIVERS\psi_mf.sys
    0x77080000 \Windows\System32\ntdll.dll
    0x47E70000 \Windows\System32\smss.exe
    0xFF3A0000 \Windows\System32\apisetschema.dll
    0xFF200000 \Windows\System32\autochk.exe
    0xFF2C0000 \Windows\System32\usp10.dll
    0xFF2B0000 \Windows\System32\lpk.dll
    0xFF260000 \Windows\System32\Wldap32.dll
    0xFF240000 \Windows\System32\imagehlp.dll
    0xFF160000 \Windows\System32\advapi32.dll
    0xFF0C0000 \Windows\System32\clbcatq.dll
    0xFEF40000 \Windows\System32\urlmon.dll
    0xFED30000 \Windows\System32\ole32.dll
    0xFEC90000 \Windows\System32\comdlg32.dll
    0x77250000 \Windows\System32\normaliz.dll
    0xFEC70000 \Windows\System32\sechost.dll
    0x76F60000 \Windows\System32\kernel32.dll
    0xFEA10000 \Windows\System32\iertutil.dll
    0xFE900000 \Windows\System32\msctf.dll
    0xFE8B0000 \Windows\System32\ws2_32.dll
    0xFE830000 \Windows\System32\difxapi.dll
    0xFE820000 \Windows\System32\nsi.dll
    0xFE7F0000 \Windows\System32\imm32.dll
    0xFE6C0000 \Windows\System32\rpcrt4.dll
    0xFE620000 \Windows\System32\msvcrt.dll
    0xFD890000 \Windows\System32\shell32.dll
    0xFD7B0000 \Windows\System32\oleaut32.dll
    0xFD730000 \Windows\System32\shlwapi.dll
    0x77240000 \Windows\System32\psapi.dll
    0xFD550000 \Windows\System32\setupapi.dll
    0xFD420000 \Windows\System32\wininet.dll
    0x76E60000 \Windows\System32\user32.dll
    0xFD3B0000 \Windows\System32\gdi32.dll
    0xFD310000 \Windows\System32\comctl32.dll
    0xFD2D0000 \Windows\System32\wintrust.dll
    0xFD260000 \Windows\System32\KernelBase.dll
    0xFD240000 \Windows\System32\devobj.dll
    0xFD0D0000 \Windows\System32\crypt32.dll
    0xFD090000 \Windows\System32\cfgmgr32.dll
    0xFD080000 \Windows\System32\msasn1.dll

    Processes (total 64):
    0 System Idle Process
    4 System
    272 C:\Windows\System32\smss.exe
    408 csrss.exe
    488 C:\Windows\System32\wininit.exe
    504 csrss.exe
    512 C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
    520 C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
    576 C:\Windows\System32\services.exe
    592 C:\Windows\System32\lsass.exe
    600 C:\Windows\System32\lsm.exe
    652 C:\Windows\System32\winlogon.exe
    780 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    804 C:\Windows\System32\svchost.exe
    1000 C:\Windows\System32\svchost.exe
    424 C:\Windows\System32\atiesrxx.exe
    332 C:\Windows\System32\svchost.exe
    396 C:\Windows\System32\svchost.exe
    1052 C:\Windows\System32\svchost.exe
    1208 C:\Windows\System32\svchost.exe
    1316 C:\Windows\System32\atieclxx.exe
    1416 C:\Windows\System32\svchost.exe
    1608 C:\Windows\System32\spoolsv.exe
    1640 C:\Windows\System32\svchost.exe
    1728 C:\Windows\System32\taskhost.exe
    1832 C:\Windows\System32\dwm.exe
    1920 C:\Windows\explorer.exe
    1152 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    2148 C:\Windows\SysWOW64\ezSharedSvcHost.exe
    2284 C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
    2304 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    2404 C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    2436 C:\Windows\System32\svchost.exe
    2540 C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
    2696 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2724 C:\Program Files (x86)\AVG\AVG9\avgemc.exe
    2940 C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
    2960 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    2984 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    3096 C:\Windows\System32\svchost.exe
    3188 C:\Windows\System32\svchost.exe
    3404 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    3564 C:\Windows\System32\SearchIndexer.exe
    3572 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    3660 C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    3688 C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    3696 C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
    3708 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    3948 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3680 C:\Windows\System32\svchost.exe
    4212 dllhost.exe
    4584 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    4656 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    152 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    3000 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    3144 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    5044 C:\Program Files (x86)\Secunia\PSI\psi.exe
    3928 C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
    4132 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    4276 C:\Windows\System32\SearchProtocolHost.exe
    4360 C:\Windows\System32\SearchFilterHost.exe
    4944 C:\Users\Schmidt\Desktop\MBRCheck.exe
    3752 C:\Windows\System32\conhost.exe
    2140 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06507e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000048`28600000 (NTFS)

    PhysicalDrive0 Model Number: WDCWD3200AAJS-60Z0A0, Rev: 03.03E03

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


    Done!
     
  22. jakobdk

    jakobdk TS Rookie Topic Starter

    OK - I'm off to bed (almost 3.30 AM!).

    I will check for replies in the morning.
     
  23. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    That's not necessary. It's little bit of an overkill.
    It's enough, if you run them once in a while.

    Regarding a rootkit...
    I trust MBRCheck and since you're not reporting any other issues, I see no reason to worry.
    Resetting MBR, like we did will get rid of any MBR infection.

    Good luck and stay safe :)
     
  24. jakobdk

    jakobdk TS Rookie Topic Starter

    Okay :)

    I have talked with my mother and have located what seems to cause the popups (it happened again this morning). She is using an application on Facebook called "Cute Catz" and it seems to have been hijacked by hackers (in general, not on my parents' computer as such). In the application, you can "feed" your friends' cats, and when you click to do this, the popup appears asking you to install a virus killer (scareware). Of course (and luckily) my mother didn't do so when asked - I have rescanned with MBRCheck and it says that everything is still OK.

    I did a bit of Google searching and found that Cute Catz' sister application "Pet Pupz" has had this problem: http://www.facebook.com/topic.php?uid=7235357217&topic=16546
    At the same time, Cute Catz users on Facebook complain that their application isn't maintained/updated nearly as often as Pet Pupz, so perhaps it is still vulnerable to the hackers.

    I also found a (Dutch) page where a user wrote that Bootkit Remover gave a warning ("Unknown MBR code" - not exacly a rootkit warning, but still), but MBRCheck said everything was OK. The user was told that Bootkit Remover was producing a false positive.
    In Dutch: http://www.nucia.eu/forum/showthread.php?t=59345
    Translated with Google Translate: http://translate.google.com/transla...p://www.nucia.eu/forum/showthread.php?t=59345

    Thanks for helping me :)
     
  25. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Thank you for an extra info :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...