Possible Win32/Heur infection

Solved
By juzt4
Mar 9, 2011
Topic Status:
Not open for further replies.
  1. Yesterday AVG showed that my NBA 2K11.exe file has Win32/Heur so I deleted it quickly (I don't know if it was a good decision). So I thought the virus was gone, but when I downloaded the same application again, AVG showed me the same thing. So I deleted it too. Then I scanned with AVG the whole computer and it showed only this:
    -----------------------------------------------
    Scan "Whole computer scan" completed.
    Information;"1"
    Folders selected for scanning:;"Whole computer scan"
    Scan started:;"Wednesday, March 09, 2011, 2:08:38 PM"
    Scan finished:;"Wednesday, March 09, 2011, 2:29:08 PM (20 minute(s) 29 second(s))"
    Total object scanned:;"791524"
    User who launched the scan:;"Justinas"

    Information
    ;"File";"Information";"Result"
    ;"C:\Windows\System32\pbsvc.exe";"The file is signed with a broken digital signature, issued by: Even Balance.";""
    ------------------------------------------------------
    Today I took all 8 steps Windows and here are the logs, before I updated Windows:
    ------------------------------------------------------
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5997

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    3/9/2011 2:43:21 PM
    mbam-log-2011-03-09 (14-43-21).txt

    Scan type: Quick scan
    Objects scanned: 165552
    Time elapsed: 3 minute(s), 14 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    -------------------------------------------------

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2011-03-09 14:57:54
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 ST380817AS rev.3.42
    Running: vb515xdt.exe; Driver: C:\Users\Justinas\AppData\Local\Temp\kwrdapoc.sys


    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 854E41F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3 854E41F8
    Device \Driver\atapi \Device\Ide\IdePort0 854E41F8
    Device \Driver\atapi \Device\Ide\IdePort1 854E41F8
    Device \Driver\atapi \Device\Ide\IdePort2 854E41F8
    Device \Driver\atapi \Device\Ide\IdePort3 854E41F8
    Device \Driver\atapi \Device\Ide\IdePort4 854E41F8
    Device \Driver\atapi \Device\Ide\IdePort5 854E41F8
    Device \FileSystem\Ntfs \Ntfs 854DB1F8

    AttachedDevice \FileSystem\Ntfs \Ntfs szkgfs.sys
    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- EOF - GMER 1.0.15 ----
    --------------------------------------------------------
    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Justinas at 15:08:29.00 on Wed 03/09/2011
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3582.2505 [GMT 2:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\PnkBstrA.exe
    C:\Windows\system32\PnkBstrB.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Users\Justinas\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.lt/
    uInternet Settings,ProxyOverride = *.local
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    uRun: [RGSC] c:\games\gta iv\rockstar games social club\RGSCLauncher.exe /silent
    uRun: [BitComet] "c:\games\lost horizon\bitcomet\BitComet.exe" /tray
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
    uRun: [Steam] "c:\games\steam\Steam.exe" -silent
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-2-16 218688]
    R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-2-24 185472]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 21072]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-13 136176]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-1 1343400]
    .
    =============== Created Last 30 ================
    .
    2011-03-09 12:39:15 -------- d-----w- c:\users\justinas\appdata\roaming\Malwarebytes
    2011-03-09 12:38:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-03-09 12:38:54 -------- d-----w- c:\progra~2\Malwarebytes
    2011-03-09 12:38:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-09 12:38:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-03-08 13:54:42 -------- d-----w- c:\progra~2\STOPzilla!
    2011-03-08 11:53:08 -------- d-----w- c:\program files\CamStudio
    2011-03-08 11:09:44 -------- d--h--w- C:\$AVG
    2011-03-06 17:25:18 -------- d-----w- c:\progra~2\Codemasters
    2011-03-03 15:24:25 74240 ----a-w- C:\eazip.exe
    2011-03-01 16:21:49 -------- d-----w- c:\program files\iPod
    2011-02-28 19:38:38 -------- d-----w- c:\windows\PCHEALTH
    2011-02-28 19:37:10 -------- d-----w- c:\program files\Microsoft Visual Studio 8
    2011-02-27 14:27:41 -------- d-----w- c:\program files\common files\Steam
    2011-02-27 14:23:25 -------- d-----w- c:\users\justinas\New folder
    2011-02-27 11:49:06 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
    2011-02-27 11:49:06 32656 ----a-w- c:\windows\system32\msonpmon.dll
    2011-02-27 11:39:09 -------- d-----w- c:\windows\system32\appmgmt
    2011-02-24 17:56:43 -------- d-----w- c:\users\justinas\appdata\roaming\GetRightToGo
    2011-02-23 17:56:34 276992 ----a-w- c:\windows\system32\wcncsvc.dll
    2011-02-23 13:36:48 442880 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-02-23 13:36:48 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-02-22 07:58:54 86016 ----a-w- c:\windows\system32\frapsvid.dll
    2011-02-17 18:36:04 -------- d-----w- c:\windows\system32\directx
    2011-02-17 18:07:49 -------- d-----w- c:\users\justinas\appdata\local\CrashRpt
    2011-02-16 08:47:13 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2011-02-16 08:46:59 -------- d-----w- c:\program files\DAEMON Tools Lite
    2011-02-16 08:42:28 181608 ----a-w- c:\progra~2\microsoft\windows\sqm\manifest\Sqm10137.bin
    2011-02-09 12:24:03 2329088 ----a-w- c:\windows\system32\win32k.sys
    2011-02-09 12:23:49 541184 ----a-w- c:\windows\system32\kerberos.dll
    2011-02-09 12:23:40 428032 ----a-w- c:\windows\system32\vbscript.dll
    .
    ==================== Find3M ====================
    .
    2011-03-06 16:56:33 444952 ----a-w- c:\windows\system32\wrap_oal.dll
    2011-03-06 12:52:16 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
    2011-03-05 19:43:30 22328 ----a-w- c:\users\justinas\appdata\roaming\PnkBstrK.sys
    2011-03-05 19:43:05 2337865 ----a-w- c:\windows\system32\pbsvc.exe
    2011-02-02 19:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-01-09 20:10:17 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
    2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-23 21:36:40 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    2010-12-21 05:38:24 73728 ----a-w- c:\windows\system32\wscsvc.dll
    2010-12-21 05:38:24 51200 ----a-w- c:\windows\system32\wscapi.dll
    2010-12-21 05:38:22 981504 ----a-w- c:\windows\system32\wininet.dll
    2010-12-21 05:38:22 350720 ----a-w- c:\windows\system32\winhttp.dll
    2010-12-21 05:38:21 204800 ----a-w- c:\windows\system32\WebClnt.dll
    2010-12-21 05:38:19 204288 ----a-w- c:\windows\system32\upnp.dll
    2010-12-21 05:38:16 14336 ----a-w- c:\windows\system32\slwga.dll
    2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll
    2010-12-21 05:36:16 1236992 ----a-w- c:\windows\system32\msxml3.dll
    2010-12-21 05:34:12 80384 ----a-w- c:\windows\system32\davclnt.dll
    2010-12-18 05:29:40 44544 ----a-w- c:\windows\system32\licmgr10.dll
    2010-12-18 04:20:55 386048 ----a-w- c:\windows\system32\html.iec
    2010-12-18 03:47:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    .
    ============= FINISH: 15:08:46.02 ===============

    Any help would be very appreciated. Thanks

    p.s. sorry if my English is bad and there may be traces of bitcomet and utorrent
  2. Broni

    Broni Malware Annihilator Posts: 45,159   +242

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =======================================================================

    Attach.txt part of DDS is missing.
    Please, post it.

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =======================================================================

    Please download Rootkit Unhooker from one of the following links and save it to your desktop.
    In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

    • Double-click on RKUnhookerLE.exe to start the program.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • Click the Report tab, then click Scan.
    • Check Drivers, Stealth, and uncheck the rest.
    • Click OK.
    • Wait until it's finished and then go to File > Save Report.
    • Save the report to your Desktop.
    • Copy and paste the contents of the report into your next reply.
    -- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
  3. juzt4

    juzt4 Newcomer, in training Topic Starter

    Attach.txt
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/31/2010 11:24:16 PM
    System Uptime: 3/9/2011 2:06:00 PM (1 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | EP35-DS3L
    Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz | Socket 775 | 1600/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 74 GiB total, 9.307 GiB free.
    D: is CDROM (UDF)
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP139: 3/9/2011 2:10:31 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
    RP140: 3/9/2011 2:18:46 PM - Removed Microsoft Games for Windows - LIVE Redistributable
    RP141: 3/9/2011 2:23:49 PM - Removed Microsoft Games for Windows - LIVE
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 10 ActiveX
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AVG 2011
    Battlefield: Bad Company™ 2
    Bonjour
    CamStudio
    DAEMON Tools Lite
    dahl's Practice Court (v2.0) patch
    Google Chrome
    Google Update Helper
    GRID
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 24
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    NBA 2K11
    NBA LIVE 2005
    OpenAL
    ProtectDisc Driver, Version 11
    PunkBuster Services
    QuickTime
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Shockwave
    Skype Toolbars
    Skype™ 5.1
    Steam
    Tom Clancy's Rainbow Six Vegas 2
    Ubisoft Game Launcher
    Uniblue RegistryBooster
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2412171)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2492475)
    Windows Live ID Sign-in Assistant
    WinRAR archiver
    YouTube Downloader 2.6.5
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/9/2011 2:07:48 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv
    3/8/2011 5:04:45 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    3/8/2011 5:04:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    3/8/2011 5:04:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    3/8/2011 5:04:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    3/8/2011 5:04:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    3/8/2011 5:04:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    3/8/2011 5:04:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    3/8/2011 5:04:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    3/8/2011 5:04:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    3/8/2011 5:04:18 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix CSC DfsC discache is3srv NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx Wanarpv6 WfpLwf
    3/8/2011 5:04:18 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/8/2011 5:04:18 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    3/8/2011 5:04:18 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    3/8/2011 5:04:18 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    3/8/2011 5:04:18 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    3/8/2011 5:04:18 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    3/8/2011 5:04:18 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/8/2011 5:04:18 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/8/2011 5:04:18 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    3/8/2011 5:04:18 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    3/8/2011 5:03:45 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    3/8/2011 4:11:16 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    3/8/2011 1:23:44 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx Wanarpv6 WfpLwf
    3/7/2011 2:52:30 PM, Error: volsnap [35] - The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
    3/4/2011 1:08:12 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    3/4/2011 1:08:12 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Ultimate Edition
    Windows Information: (build 7600), 32-bit
    Base Board Manufacturer: Gigabyte Technology Co., Ltd.
    BIOS Manufacturer: Award Software International, Inc.
    System Manufacturer: Gigabyte Technology Co., Ltd.
    System Product Name: EP35-DS3L
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 155):
    0x82813000 \SystemRoot\system32\ntkrnlpa.exe
    0x82C23000 \SystemRoot\system32\halmacpi.dll
    0x80BA6000 \SystemRoot\system32\kdcom.dll
    0x82E09000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x82E81000 \SystemRoot\system32\PSHED.dll
    0x82E92000 \SystemRoot\system32\BOOTVID.dll
    0x82E9A000 \SystemRoot\system32\CLFS.SYS
    0x82EDC000 \SystemRoot\system32\CI.dll
    0x82F87000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x8C00C000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x8C01A000 \SystemRoot\System32\Drivers\spjr.sys
    0x8C10D000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x8C116000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x8C13C000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x8C184000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x8C18C000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x8C197000 \SystemRoot\system32\DRIVERS\pci.sys
    0x8C1C1000 \SystemRoot\System32\drivers\partmgr.sys
    0x8C1D2000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x8C21B000 \SystemRoot\System32\drivers\volmgrx.sys
    0x8C266000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x8C26D000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x8C27B000 \SystemRoot\System32\drivers\mountmgr.sys
    0x8C291000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x8C29A000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x8C2BD000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x8C2C6000 \SystemRoot\system32\drivers\fltmgr.sys
    0x8C2FA000 \SystemRoot\system32\drivers\fileinfo.sys
    0x8C404000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x8C533000 \SystemRoot\System32\Drivers\msrpc.sys
    0x8C55E000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x8C571000 \SystemRoot\System32\Drivers\cng.sys
    0x8C5CE000 \SystemRoot\System32\drivers\pcw.sys
    0x8C5DC000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x8C30B000 \SystemRoot\system32\drivers\ndis.sys
    0x8C3C2000 \SystemRoot\system32\drivers\NETIO.SYS
    0x8C625000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x8C64A000 \SystemRoot\System32\drivers\tcpip.sys
    0x8C793000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8C7C4000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
    0x8C82C000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x8C86B000 \SystemRoot\System32\Drivers\spldr.sys
    0x8C873000 \SystemRoot\System32\drivers\rdyboost.sys
    0x8C8A0000 \SystemRoot\System32\Drivers\mup.sys
    0x8C8B0000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x8C8B8000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x8C8EA000 \SystemRoot\system32\DRIVERS\disk.sys
    0x8C8FB000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x8C920000 \SystemRoot\system32\DRIVERS\avgrkx86.sys
    0x8C925000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
    0x8C960000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8C97F000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
    0x8C98B000 \SystemRoot\System32\Drivers\Null.SYS
    0x8C992000 \SystemRoot\System32\Drivers\Beep.SYS
    0x8C999000 \SystemRoot\System32\drivers\vga.sys
    0x8C9A5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x8C9C6000 \SystemRoot\System32\drivers\watchdog.sys
    0x8C9D3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x8C9DB000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x8C9E3000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x8C9EB000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x8C800000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x8C80E000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x8C7CD000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x91A25000 \SystemRoot\system32\DRIVERS\avgtdix.sys
    0x91A6D000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x91A9F000 \SystemRoot\system32\drivers\afd.sys
    0x91AF9000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x91B00000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x91B1F000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x91B2D000 \SystemRoot\system32\DRIVERS\serial.sys
    0x91B47000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
    0x91B82000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x91B95000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x91BA5000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x91BE6000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x91BF0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x91A00000 \SystemRoot\System32\drivers\discache.sys
    0x94632000 \SystemRoot\system32\drivers\csc.sys
    0x94696000 \SystemRoot\System32\Drivers\dfsc.sys
    0x946AE000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x946BC000 \SystemRoot\system32\DRIVERS\avgldx86.sys
    0x946F8000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x94719000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x9521C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x9472B000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x95B82000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x95BBB000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x91000000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x9104B000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x9105A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x91079000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x9107F000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
    0x910A4000 \SystemRoot\system32\DRIVERS\serenum.sys
    0x910AE000 \SystemRoot\system32\DRIVERS\parport.sys
    0x910C6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x910DE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x910EB000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x910F8000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x9110A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x91122000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x9112D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x9114F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x91167000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x9117E000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x91195000 \SystemRoot\system32\DRIVERS\rdpbus.sys
    0x9119F000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x911AC000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x911AE000 \SystemRoot\system32\DRIVERS\ks.sys
    0x911E2000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x95C2D000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x95C71000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x95C82000 \SystemRoot\system32\drivers\HdAudio.sys
    0x95CD2000 \SystemRoot\system32\drivers\portcls.sys
    0x95D01000 \SystemRoot\system32\drivers\drmk.sys
    0x95D1A000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x95D25000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x95D38000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x95D3F000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x95D41000 \SystemRoot\system32\DRIVERS\udfs.sys
    0x95D81000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x95D8C000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x95D99000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x95DA4000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x95DAD000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x9AE10000 \SystemRoot\System32\win32k.sys
    0x95DBE000 \SystemRoot\System32\drivers\Dxapi.sys
    0x95DC8000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x9B070000 \SystemRoot\System32\TSDDD.dll
    0x9B0A0000 \SystemRoot\System32\cdd.dll
    0x95DD3000 \SystemRoot\system32\drivers\luafv.sys
    0x95C00000 \SystemRoot\system32\drivers\WudfPf.sys
    0x95C1A000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x95BC6000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x9CA04000 \SystemRoot\system32\drivers\HTTP.sys
    0x9CA89000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x9CAA2000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x9CAB4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x9CAD7000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x9CB12000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x9CB2D000 \SystemRoot\system32\DRIVERS\parvdm.sys
    0x9CB34000 \??\C:\Windows\system32\drivers\acedrv11.sys
    0x9CB60000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
    0x9CB69000 \SystemRoot\system32\drivers\peauth.sys
    0x95DEE000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x95BD9000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x911F0000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x95200000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
    0x9FE24000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x9FE73000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
    0x9FE9B000 \SystemRoot\System32\DRIVERS\srv.sys
    0x9FEEC000 \SystemRoot\system32\drivers\spsys.sys
    0x77B60000 \Windows\System32\ntdll.dll
    0x47A80000 \Windows\System32\smss.exe
    0x77DA0000 \Windows\System32\apisetschema.dll

    Processes (total 64):
    0 System Idle Process
    4 System
    248 C:\Windows\System32\smss.exe
    308 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    364 C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    496 csrss.exe
    560 csrss.exe
    568 C:\Windows\System32\wininit.exe
    620 C:\Windows\System32\winlogon.exe
    668 C:\Windows\System32\services.exe
    676 C:\Windows\System32\lsass.exe
    684 C:\Windows\System32\lsm.exe
    792 C:\Windows\System32\svchost.exe
    876 C:\Windows\System32\svchost.exe
    976 C:\Windows\System32\svchost.exe
    1012 C:\Windows\System32\svchost.exe
    1036 C:\Windows\System32\svchost.exe
    1128 C:\Windows\System32\audiodg.exe
    1212 C:\Windows\System32\svchost.exe
    1328 C:\Windows\System32\svchost.exe
    1520 C:\Windows\System32\spoolsv.exe
    1556 C:\Windows\System32\svchost.exe
    1712 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1752 C:\Program Files\AVG\AVG10\avgwdsvc.exe
    1772 C:\Program Files\Bonjour\mDNSResponder.exe
    1828 C:\Windows\System32\PnkBstrA.exe
    1856 C:\Windows\System32\PnkBstrB.exe
    1892 C:\Windows\System32\svchost.exe
    1960 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    476 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    1320 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    436 C:\Program Files\AVG\AVG10\avgnsx.exe
    1156 C:\Program Files\AVG\AVG10\avgemcx.exe
    1348 C:\Windows\System32\conhost.exe
    2324 C:\Windows\System32\SearchIndexer.exe
    2652 C:\Windows\System32\taskhost.exe
    2784 C:\Windows\System32\taskeng.exe
    2800 C:\Windows\System32\dwm.exe
    2828 C:\Windows\explorer.exe
    2848 C:\Windows\System32\taskeng.exe
    3076 C:\Windows\System32\svchost.exe
    3340 C:\Program Files\AVG\AVG10\avgtray.exe
    3348 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    3364 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    3384 C:\Program Files\iTunes\iTunesHelper.exe
    3396 C:\Program Files\DAEMON Tools Lite\DTLite.exe
    3404 C:\Games\Steam\Steam.exe
    3716 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    3724 C:\Windows\System32\conhost.exe
    3804 C:\Program Files\Google\Chrome\Application\chrome.exe
    3852 C:\Program Files\iPod\bin\iPodService.exe
    4016 C:\Program Files\Google\Chrome\Application\chrome.exe
    4024 C:\Program Files\Google\Chrome\Application\chrome.exe
    2284 C:\Program Files\Google\Chrome\Application\chrome.exe
    2576 C:\Program Files\Common Files\Steam\SteamService.exe
    2468 C:\Windows\System32\sppsvc.exe
    2732 C:\Windows\System32\svchost.exe
    208 taskhost.exe
    2864 WmiPrvSE.exe
    884 C:\Users\Justinas\Desktop\MBRCheck.exe
    888 C:\Windows\System32\conhost.exe
    3788 C:\Windows\System32\dllhost.exe
    2416 C:\Windows\System32\SearchProtocolHost.exe
    780 C:\Windows\System32\SearchFilterHost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

    PhysicalDrive0 Model Number: ST380817AS, Rev: 3.42

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


    Done!


    RkU Version: 3.8.388.590, Type LE (SR2)
    ==============================================
    OS Name: Windows 7
    Version 6.1.7600
    Number of processors #2
    ==============================================
    >Drivers
    ==============================================
    0x9521C000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 9854976 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 185.93 )
    0x82813000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
    0x82813000 PnpManager 4259840 bytes
    0x82813000 RAW 4259840 bytes
    0x82813000 WMIxWDM 4259840 bytes
    0x9AE10000 Win32k 2404352 bytes
    0x9AE10000 C:\Windows\System32\win32k.sys 2404352 bytes (Microsoft Corporation, Multi-User Win32 Driver)
    0x8C64A000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
    0x8C404000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
    0x8C01A000 PCI_PNP2738 995328 bytes
    0x8C01A000 C:\Windows\System32\Drivers\spjr.sys 995328 bytes
    0x8C01A000 sptd 995328 bytes
    0x9472B000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
    0x8C30B000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
    0x82EDC000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
    0x9CB69000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
    0x9CA04000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
    0x82E09000 C:\Windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)
    0x82F87000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
    0x9FEEC000 C:\Windows\system32\drivers\spsys.sys 434176 bytes (Microsoft Corporation, security processor)
    0x94632000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
    0x8C571000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
    0x91A9F000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
    0x9FE9B000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
    0x95C82000 C:\Windows\system32\drivers\HdAudio.sys 327680 bytes (Microsoft Corporation, High Definition Audio Function Driver)
    0x9FE24000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
    0x91000000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
    0x8C21B000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
    0x8C13C000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
    0x91A25000 C:\Windows\system32\DRIVERS\avgtdix.sys 294912 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
    0x95C2D000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
    0x82E9A000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
    0x91BA5000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
    0x95D41000 C:\Windows\system32\DRIVERS\udfs.sys 262144 bytes (Microsoft Corporation, UDF File System Driver)
    0x8C82C000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
    0x8C3C2000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
    0x946BC000 C:\Windows\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
    0x91B47000 C:\Windows\system32\DRIVERS\dtsoftbus01.sys 241664 bytes (DT Soft Ltd, DAEMON Tools Virtual Bus Driver)
    0x9CAD7000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
    0x95B82000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
    0x82C23000 ACPI_HAL 225280 bytes
    0x82C23000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
    0x8C2C6000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
    0x911AE000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
    0x8C8B8000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
    0x91A6D000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
    0x8C793000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
    0x95CD2000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
    0x8C873000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
    0x9CB34000 C:\Windows\system32\drivers\acedrv11.sys 180224 bytes (Protect Software GmbH, ProtectDisc x64/x86 Hybrid Driver)
    0x8C533000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
    0x8C197000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
    0x9FE73000 C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys 163840 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
    0x8C116000 C:\Windows\System32\Drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
    0x8C8FB000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
    0x8C625000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
    0x9107F000 C:\Windows\system32\DRIVERS\Rt86win7.sys 151552 bytes (Realtek Corporation , Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver )
    0x8C29A000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
    0x9CAB4000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
    0x9112D000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
    0x95BD9000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
    0x946F8000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
    0x8C9A5000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
    0x8C960000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
    0x9105A000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
    0x91B00000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
    0x9B0A0000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
    0x95DD3000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
    0x9CB12000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
    0x91B2D000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
    0x95C00000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
    0x9CA89000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
    0x95D01000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
    0x94696000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
    0x910C6000 C:\Windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
    0x910AE000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)
    0x9110A000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
    0x9114F000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
    0x91167000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
    0x9117E000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
    0x8C80E000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
    0x8C27B000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
    0x95D25000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
    0x8C55E000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
    0x95BC6000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
    0x91B82000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
    0x910F8000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
    0x94719000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
    0x9CAA2000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
    0x8C8EA000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
    0x95DAD000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
    0x8C2FA000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
    0x95C71000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
    0x8C1C1000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
    0x82E81000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
    0x95C1A000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
    0x8C8A0000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
    0x91B95000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
    0x8C1D2000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
    0x9104B000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
    0x946AE000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
    0x91B1F000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
    0x8C800000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
    0x8C26D000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
    0x8C5CE000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
    0x911E2000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
    0x8C00C000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
    0x910EB000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
    0x95D8C000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
    0x910DE000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
    0x9119F000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
    0x911F0000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
    0x8C9C6000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
    0x8C97F000 C:\Windows\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
    0x91A00000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
    0x8C999000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
    0x95D99000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
    0x95D1A000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
    0x95DC8000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
    0x95D81000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
    0x8C9EB000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
    0x91122000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
    0x8C7CD000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
    0x95BBB000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
    0x8C18C000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
    0x95200000 C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
    0x95DBE000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
    0x91BF0000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
    0x91BE6000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
    0x91195000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
    0x95DEE000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
    0x910A4000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
    0x8C2BD000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
    0x8C291000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
    0x8C925000 C:\Windows\system32\DRIVERS\AVGIDSEH.Sys 36864 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
    0x9CB60000 C:\Windows\system32\DRIVERS\AVGIDSShim.Sys 36864 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
    0x95DA4000 C:\Windows\System32\Drivers\dump_atapi.sys 36864 bytes
    0x8C5DC000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
    0x9FF56000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
    0x9B070000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
    0x8C7C4000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
    0x8C10D000 C:\Windows\System32\Drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
    0x82E92000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
    0x8C8B0000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
    0x80BA6000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
    0x8C184000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
    0x8C9D3000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
    0x8C9DB000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
    0x8C9E3000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
    0x8C86B000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
    0x8C992000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
    0x95D38000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
    0x8C98B000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
    0x9CB2D000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)
    0x8C266000 C:\Windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
    0x91AF9000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
    0x91079000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
    0x8C920000 C:\Windows\system32\DRIVERS\avgrkx86.sys 20480 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
    0x911AC000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
    0x95D3F000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
    0x855071F8 unknown_irp_handler 3592 bytes
    0x855051F8 unknown_irp_handler 3592 bytes
    0x855061F8 unknown_irp_handler 3592 bytes
    0x8653D1F8 unknown_irp_handler 3592 bytes
    0x8648B1F8 unknown_irp_handler 3592 bytes
    0x855031F8 unknown_irp_handler 3592 bytes
    0x864F8500 unknown_irp_handler 2816 bytes
    0x86640500 unknown_irp_handler 2816 bytes
    0x869F9500 unknown_irp_handler 2816 bytes
    0x86503500 unknown_irp_handler 2816 bytes
    ==============================================
    >Stealth
    ==============================================
    WARNING: File locked for read access [C:\Windows\system32\drivers\sptd.sys]
    ----------------------------------------------------------------------------------------------------
    After the scan it said: !!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

    By the way, thanks for posting on my problem very quickly. I really appreciate this.
    You help for a lot of people.
  4. juzt4

    juzt4 Newcomer, in training Topic Starter

    My time is +2 GMT so I'll check on this tomorrow. :)
  5. Broni

    Broni Malware Annihilator Posts: 45,159   +242

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  6. juzt4

    juzt4 Newcomer, in training Topic Starter

    Decided to post today because of the danger of the root kit.


    2011/03/09 22:55:51.0441 3712 TDSS rootkit removing tool 2.4.20.0 Mar 2 2011 10:44:30
    2011/03/09 22:55:51.0768 3712 ================================================================================
    2011/03/09 22:55:51.0768 3712 SystemInfo:
    2011/03/09 22:55:51.0768 3712
    2011/03/09 22:55:51.0768 3712 OS Version: 6.1.7600 ServicePack: 0.0
    2011/03/09 22:55:51.0768 3712 Product type: Workstation
    2011/03/09 22:55:51.0768 3712 ComputerName: GAMERSTATION
    2011/03/09 22:55:51.0768 3712 UserName: Justinas
    2011/03/09 22:55:51.0768 3712 Windows directory: C:\Windows
    2011/03/09 22:55:51.0768 3712 System windows directory: C:\Windows
    2011/03/09 22:55:51.0768 3712 Processor architecture: Intel x86
    2011/03/09 22:55:51.0768 3712 Number of processors: 2
    2011/03/09 22:55:51.0768 3712 Page size: 0x1000
    2011/03/09 22:55:51.0768 3712 Boot type: Normal boot
    2011/03/09 22:55:51.0768 3712 ================================================================================
    2011/03/09 22:55:52.0049 3712 Initialize success
    2011/03/09 22:56:00.0535 1780 ================================================================================
    2011/03/09 22:56:00.0535 1780 Scan started
    2011/03/09 22:56:00.0535 1780 Mode: Manual;
    2011/03/09 22:56:00.0535 1780 ================================================================================
    2011/03/09 22:56:01.0955 1780 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
    2011/03/09 22:56:02.0017 1780 acedrv11 (e6f53d6c0dea3d375362265e175ca638) C:\Windows\system32\drivers\acedrv11.sys
    2011/03/09 22:56:02.0049 1780 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
    2011/03/09 22:56:02.0095 1780 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
    2011/03/09 22:56:02.0142 1780 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/03/09 22:56:02.0189 1780 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/03/09 22:56:02.0220 1780 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/03/09 22:56:02.0267 1780 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
    2011/03/09 22:56:02.0298 1780 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
    2011/03/09 22:56:02.0345 1780 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    2011/03/09 22:56:02.0439 1780 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
    2011/03/09 22:56:02.0501 1780 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
    2011/03/09 22:56:02.0563 1780 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
    2011/03/09 22:56:02.0719 1780 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/03/09 22:56:02.0813 1780 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/03/09 22:56:02.0891 1780 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
    2011/03/09 22:56:02.0938 1780 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/03/09 22:56:02.0969 1780 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
    2011/03/09 22:56:03.0000 1780 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
    2011/03/09 22:56:03.0063 1780 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    2011/03/09 22:56:03.0094 1780 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/03/09 22:56:03.0125 1780 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/03/09 22:56:03.0156 1780 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
    2011/03/09 22:56:03.0219 1780 AVGIDSDriver (1ca8e5fe74efd5826bbd76c0470e6ae4) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
    2011/03/09 22:56:03.0234 1780 AVGIDSEH (b9b6e535b9b49c463f68f4bcdd232944) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
    2011/03/09 22:56:03.0265 1780 AVGIDSFilter (32a76fd3fc12d09c586730ef63b4b20b) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
    2011/03/09 22:56:03.0297 1780 AVGIDSShim (84431da40330cdfd84a7b92bcf0d4a05) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
    2011/03/09 22:56:03.0343 1780 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\Windows\system32\DRIVERS\avgldx86.sys
    2011/03/09 22:56:03.0359 1780 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\Windows\system32\DRIVERS\avgmfx86.sys
    2011/03/09 22:56:03.0406 1780 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\Windows\system32\DRIVERS\avgrkx86.sys
    2011/03/09 22:56:03.0437 1780 Avgtdix (660788ec46f10ece80274d564fa8b4aa) C:\Windows\system32\DRIVERS\avgtdix.sys
    2011/03/09 22:56:03.0499 1780 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    2011/03/09 22:56:03.0531 1780 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    2011/03/09 22:56:03.0577 1780 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    2011/03/09 22:56:03.0624 1780 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/03/09 22:56:03.0671 1780 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
    2011/03/09 22:56:03.0687 1780 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/03/09 22:56:03.0718 1780 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/03/09 22:56:03.0780 1780 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    2011/03/09 22:56:03.0811 1780 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/03/09 22:56:03.0843 1780 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/03/09 22:56:03.0874 1780 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/03/09 22:56:03.0905 1780 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/03/09 22:56:03.0936 1780 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/03/09 22:56:03.0983 1780 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/03/09 22:56:04.0030 1780 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    2011/03/09 22:56:04.0077 1780 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    2011/03/09 22:56:04.0123 1780 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/03/09 22:56:04.0155 1780 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
    2011/03/09 22:56:04.0201 1780 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
    2011/03/09 22:56:04.0217 1780 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/03/09 22:56:04.0248 1780 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2011/03/09 22:56:04.0295 1780 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/03/09 22:56:04.0357 1780 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
    2011/03/09 22:56:04.0404 1780 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
    2011/03/09 22:56:04.0435 1780 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    2011/03/09 22:56:04.0467 1780 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    2011/03/09 22:56:04.0545 1780 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    2011/03/09 22:56:04.0591 1780 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    2011/03/09 22:56:04.0654 1780 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/03/09 22:56:04.0794 1780 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    2011/03/09 22:56:04.0935 1780 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/03/09 22:56:04.0966 1780 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
    2011/03/09 22:56:05.0028 1780 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    2011/03/09 22:56:05.0075 1780 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    2011/03/09 22:56:05.0106 1780 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    2011/03/09 22:56:05.0153 1780 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    2011/03/09 22:56:05.0169 1780 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    2011/03/09 22:56:05.0200 1780 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/03/09 22:56:05.0247 1780 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    2011/03/09 22:56:05.0293 1780 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    2011/03/09 22:56:05.0309 1780 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/03/09 22:56:05.0371 1780 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/03/09 22:56:05.0418 1780 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/03/09 22:56:05.0449 1780 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/03/09 22:56:05.0496 1780 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    2011/03/09 22:56:05.0527 1780 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
    2011/03/09 22:56:05.0574 1780 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/03/09 22:56:05.0590 1780 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/03/09 22:56:05.0621 1780 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/03/09 22:56:05.0652 1780 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    2011/03/09 22:56:05.0715 1780 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/03/09 22:56:05.0746 1780 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
    2011/03/09 22:56:05.0793 1780 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
    2011/03/09 22:56:05.0824 1780 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
    2011/03/09 22:56:05.0871 1780 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/03/09 22:56:05.0902 1780 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
    2011/03/09 22:56:05.0949 1780 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/03/09 22:56:05.0980 1780 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
    2011/03/09 22:56:06.0011 1780 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/03/09 22:56:06.0042 1780 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/03/09 22:56:06.0073 1780 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    2011/03/09 22:56:06.0105 1780 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    2011/03/09 22:56:06.0167 1780 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    2011/03/09 22:56:06.0229 1780 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
    2011/03/09 22:56:06.0261 1780 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/03/09 22:56:06.0307 1780 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/03/09 22:56:06.0354 1780 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/03/09 22:56:06.0401 1780 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
    2011/03/09 22:56:06.0417 1780 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/03/09 22:56:06.0495 1780 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/03/09 22:56:06.0557 1780 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/03/09 22:56:06.0588 1780 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/03/09 22:56:06.0619 1780 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/03/09 22:56:06.0651 1780 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/03/09 22:56:06.0682 1780 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    2011/03/09 22:56:06.0713 1780 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    2011/03/09 22:56:06.0760 1780 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/03/09 22:56:06.0822 1780 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    2011/03/09 22:56:06.0853 1780 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    2011/03/09 22:56:06.0900 1780 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/03/09 22:56:06.0931 1780 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/03/09 22:56:06.0947 1780 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
    2011/03/09 22:56:06.0978 1780 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
    2011/03/09 22:56:07.0025 1780 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    2011/03/09 22:56:07.0041 1780 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
    2011/03/09 22:56:07.0087 1780 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/03/09 22:56:07.0119 1780 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/03/09 22:56:07.0150 1780 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/03/09 22:56:07.0181 1780 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
    2011/03/09 22:56:07.0212 1780 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
    2011/03/09 22:56:07.0259 1780 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    2011/03/09 22:56:07.0306 1780 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/03/09 22:56:07.0321 1780 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
    2011/03/09 22:56:07.0384 1780 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/03/09 22:56:07.0415 1780 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/03/09 22:56:07.0431 1780 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    2011/03/09 22:56:07.0477 1780 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    2011/03/09 22:56:07.0509 1780 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/03/09 22:56:07.0540 1780 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    2011/03/09 22:56:07.0571 1780 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/03/09 22:56:07.0602 1780 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    2011/03/09 22:56:07.0649 1780 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/03/09 22:56:07.0711 1780 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
    2011/03/09 22:56:07.0743 1780 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/03/09 22:56:07.0774 1780 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/03/09 22:56:07.0821 1780 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/03/09 22:56:07.0852 1780 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/03/09 22:56:07.0867 1780 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
    2011/03/09 22:56:07.0899 1780 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    2011/03/09 22:56:07.0930 1780 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
    2011/03/09 22:56:07.0977 1780 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/03/09 22:56:08.0023 1780 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    2011/03/09 22:56:08.0039 1780 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    2011/03/09 22:56:08.0101 1780 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
    2011/03/09 22:56:08.0148 1780 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    2011/03/09 22:56:08.0429 1780 nvlddmkm (b0881dda5a8160422561ffab7f0008b1) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2011/03/09 22:56:08.0694 1780 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
    2011/03/09 22:56:08.0725 1780 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
    2011/03/09 22:56:08.0757 1780 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
    2011/03/09 22:56:08.0819 1780 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/03/09 22:56:08.0881 1780 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    2011/03/09 22:56:08.0913 1780 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
    2011/03/09 22:56:08.0928 1780 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    2011/03/09 22:56:08.0975 1780 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
    2011/03/09 22:56:09.0006 1780 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
    2011/03/09 22:56:09.0037 1780 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/03/09 22:56:09.0069 1780 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    2011/03/09 22:56:09.0100 1780 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    2011/03/09 22:56:09.0287 1780 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/03/09 22:56:09.0318 1780 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    2011/03/09 22:56:09.0365 1780 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    2011/03/09 22:56:09.0427 1780 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/03/09 22:56:09.0505 1780 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/03/09 22:56:09.0552 1780 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    2011/03/09 22:56:09.0568 1780 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/03/09 22:56:09.0615 1780 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/03/09 22:56:09.0630 1780 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/03/09 22:56:09.0677 1780 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/03/09 22:56:09.0708 1780 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/03/09 22:56:09.0739 1780 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/03/09 22:56:09.0755 1780 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/03/09 22:56:09.0786 1780 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/03/09 22:56:09.0833 1780 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
    2011/03/09 22:56:09.0880 1780 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    2011/03/09 22:56:09.0911 1780 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    2011/03/09 22:56:09.0942 1780 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
    2011/03/09 22:56:09.0989 1780 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
    2011/03/09 22:56:10.0051 1780 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/03/09 22:56:10.0098 1780 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
    2011/03/09 22:56:10.0129 1780 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
    2011/03/09 22:56:10.0176 1780 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
    2011/03/09 22:56:10.0207 1780 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/03/09 22:56:10.0254 1780 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/03/09 22:56:10.0301 1780 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    2011/03/09 22:56:10.0332 1780 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    2011/03/09 22:56:10.0348 1780 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/03/09 22:56:10.0395 1780 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
    2011/03/09 22:56:10.0410 1780 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    2011/03/09 22:56:10.0441 1780 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2011/03/09 22:56:10.0473 1780 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/03/09 22:56:10.0504 1780 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
    2011/03/09 22:56:10.0551 1780 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/03/09 22:56:10.0582 1780 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/03/09 22:56:10.0613 1780 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    2011/03/09 22:56:10.0675 1780 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    2011/03/09 22:56:10.0753 1780 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
    2011/03/09 22:56:10.0753 1780 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
    2011/03/09 22:56:10.0753 1780 sptd - detected Locked file (1)
    2011/03/09 22:56:10.0769 1780 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
    2011/03/09 22:56:10.0816 1780 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
    2011/03/09 22:56:10.0847 1780 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/03/09 22:56:10.0925 1780 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/03/09 22:56:10.0972 1780 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
    2011/03/09 22:56:11.0003 1780 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
    2011/03/09 22:56:11.0019 1780 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
    2011/03/09 22:56:11.0143 1780 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
    2011/03/09 22:56:11.0237 1780 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/03/09 22:56:11.0268 1780 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
    2011/03/09 22:56:11.0315 1780 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
    2011/03/09 22:56:11.0346 1780 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
    2011/03/09 22:56:11.0455 1780 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
    2011/03/09 22:56:11.0689 1780 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
    2011/03/09 22:56:11.0923 1780 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/03/09 22:56:12.0220 1780 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/03/09 22:56:12.0454 1780 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/03/09 22:56:12.0657 1780 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
    2011/03/09 22:56:12.0828 1780 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
    2011/03/09 22:56:13.0405 1780 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
    2011/03/09 22:56:13.0452 1780 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    2011/03/09 22:56:13.0639 1780 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
    2011/03/09 22:56:13.0873 1780 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/03/09 22:56:13.0905 1780 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
    2011/03/09 22:56:13.0936 1780 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/03/09 22:56:13.0983 1780 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/03/09 22:56:14.0014 1780 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/03/09 22:56:14.0045 1780 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/03/09 22:56:14.0092 1780 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/03/09 22:56:14.0107 1780 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/03/09 22:56:14.0139 1780 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/03/09 22:56:14.0185 1780 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
    2011/03/09 22:56:14.0217 1780 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/03/09 22:56:14.0248 1780 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    2011/03/09 22:56:14.0279 1780 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
    2011/03/09 22:56:14.0326 1780 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
    2011/03/09 22:56:14.0341 1780 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    2011/03/09 22:56:14.0373 1780 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
    2011/03/09 22:56:14.0404 1780 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
    2011/03/09 22:56:14.0435 1780 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
    2011/03/09 22:56:14.0466 1780 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
    2011/03/09 22:56:14.0497 1780 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    2011/03/09 22:56:14.0529 1780 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
    2011/03/09 22:56:14.0575 1780 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/03/09 22:56:14.0607 1780 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
    2011/03/09 22:56:14.0653 1780 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/03/09 22:56:14.0685 1780 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/03/09 22:56:14.0700 1780 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/03/09 22:56:14.0747 1780 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    2011/03/09 22:56:14.0778 1780 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    2011/03/09 22:56:14.0856 1780 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/03/09 22:56:14.0887 1780 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    2011/03/09 22:56:14.0997 1780 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
    2011/03/09 22:56:15.0059 1780 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/03/09 22:56:15.0106 1780 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/03/09 22:56:15.0153 1780 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
    2011/03/09 22:56:15.0184 1780 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/03/09 22:56:15.0246 1780 ================================================================================
    2011/03/09 22:56:15.0246 1780 Scan finished
    2011/03/09 22:56:15.0246 1780 ================================================================================
    2011/03/09 22:56:15.0262 2984 Detected object count: 1
    2011/03/09 22:56:38.0599 2984 Locked file(sptd) - User select action: Skip
  7. Broni

    Broni Malware Annihilator Posts: 45,159   +242

    That looks good.

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  8. juzt4

    juzt4 Newcomer, in training Topic Starter

    Okay, I uninstalled AVG because CF doesn't work on that.

    Should I install Avira?

    The log will be here soon.

    EDIT: I installed Avira after the ComboFix scan.
  9. juzt4

    juzt4 Newcomer, in training Topic Starter

    Here it is. Tell me it's good.

    ComboFix 11-03-09.03 - Justinas 03/10/2011 13:59:53.1.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3582.2926 [GMT 2:00]
    Running from: c:\users\Justinas\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Justinas\AppData\Roaming\Microsoft\Windows\Recent\15 Days - [PC]-[DVD]-[Multi]-[Aventura Grafica]-[2010]-[DirectasXD.com].pif
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-10 to 2011-03-10 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-09 13:31 . 2011-03-09 13:31 -------- d-----w- c:\program files\Conduit
    2011-03-09 13:31 . 2011-03-09 13:31 -------- d-----w- c:\program files\uTorrentBar
    2011-03-09 13:31 . 2011-03-09 13:31 -------- d-----w- C:\extensions
    2011-03-09 12:39 . 2011-03-09 12:39 -------- d-----w- c:\users\Justinas\AppData\Roaming\Malwarebytes
    2011-03-09 12:38 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-03-09 12:38 . 2011-03-09 12:38 -------- d-----w- c:\programdata\Malwarebytes
    2011-03-09 12:38 . 2011-03-09 12:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-03-09 12:38 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-09 12:16 . 2010-12-23 05:28 642048 ----a-w- c:\windows\system32\CPFilters.dll
    2011-03-09 12:16 . 2010-12-23 05:28 850432 ----a-w- c:\windows\system32\sbe.dll
    2011-03-09 12:16 . 2010-12-23 05:28 534528 ----a-w- c:\windows\system32\EncDec.dll
    2011-03-09 12:16 . 2010-12-23 05:24 199680 ----a-w- c:\windows\system32\mpg2splt.ax
    2011-03-09 12:16 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll
    2011-03-09 12:16 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll
    2011-03-09 12:16 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll
    2011-03-09 12:16 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\system32\mstscax.dll
    2011-03-09 12:16 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\system32\mstsc.exe
    2011-03-08 13:54 . 2011-03-09 12:13 -------- d-----w- c:\programdata\STOPzilla!
    2011-03-08 11:53 . 2011-03-08 11:53 -------- d-----w- c:\program files\CamStudio
    2011-03-08 11:09 . 2011-03-08 11:09 -------- d-----w- C:\$AVG
    2011-03-06 17:25 . 2011-03-06 17:25 -------- d-----w- c:\programdata\Codemasters
    2011-03-02 16:02 . 2011-03-02 16:02 -------- d-----w- c:\program files\Common Files\Skype
    2011-03-01 16:21 . 2011-03-01 16:21 -------- d-----w- c:\program files\iPod
    2011-02-28 19:39 . 2011-03-01 19:35 -------- d-----w- c:\program files\Microsoft Works
    2011-02-28 19:38 . 2011-02-28 19:38 -------- d-----w- c:\windows\PCHEALTH
    2011-02-28 19:37 . 2011-02-28 19:37 -------- d-----w- c:\program files\Microsoft Visual Studio 8
    2011-02-28 19:34 . 2011-02-28 19:34 -------- d-----r- C:\MSOCache
    2011-02-27 14:27 . 2011-03-05 09:55 -------- d-----w- c:\program files\Common Files\Steam
    2011-02-27 14:23 . 2011-02-27 14:23 -------- d-----w- c:\users\Justinas\New folder
    2011-02-27 12:06 . 2011-02-27 12:06 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
    2011-02-27 12:03 . 2011-02-27 12:03 -------- d-----w- c:\users\Donata
    2011-02-27 11:49 . 2008-11-10 09:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
    2011-02-27 11:49 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
    2011-02-27 11:43 . 2011-02-27 11:43 -------- d-----w- c:\users\Nerijus\AppData\Local\Microsoft Help
    2011-02-27 11:43 . 2011-03-09 13:51 -------- d-----w- c:\programdata\Microsoft Help
    2011-02-24 17:56 . 2011-02-24 17:58 -------- d-----w- c:\users\Justinas\AppData\Roaming\GetRightToGo
    2011-02-23 17:56 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
    2011-02-23 13:36 . 2011-01-07 07:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-02-23 13:36 . 2011-01-07 07:31 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-02-22 07:58 . 2011-02-22 07:58 86016 ----a-w- c:\windows\system32\frapsvid.dll
    2011-02-18 07:32 . 2011-02-18 07:32 -------- d-----w- c:\program files\Common Files\Java
    2011-02-18 07:25 . 2011-02-18 07:25 -------- d-----w- c:\users\Nerijus\AppData\Roaming\Apple Computer
    2011-02-17 18:07 . 2011-02-17 18:07 -------- d-----w- c:\users\Justinas\AppData\Local\CrashRpt
    2011-02-16 08:47 . 2011-02-16 08:47 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2011-02-16 08:46 . 2011-02-16 08:47 -------- d-----w- c:\program files\DAEMON Tools Lite
    2011-02-16 08:42 . 2011-02-16 08:42 181608 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10137.bin
    2011-02-09 12:24 . 2011-01-05 03:37 2329088 ----a-w- c:\windows\system32\win32k.sys
    2011-02-09 12:23 . 2010-12-18 05:29 541184 ----a-w- c:\windows\system32\kerberos.dll
    2011-02-09 12:23 . 2011-01-05 05:37 428032 ----a-w- c:\windows\system32\vbscript.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-06 16:56 . 2010-11-22 14:06 444952 ----a-w- c:\windows\system32\wrap_oal.dll
    2011-03-06 12:52 . 2011-01-09 20:10 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
    2011-03-05 19:43 . 2011-01-09 20:10 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2011-03-05 19:43 . 2011-01-09 20:10 22328 ----a-w- c:\users\Justinas\AppData\Roaming\PnkBstrK.sys
    2011-03-05 19:43 . 2011-01-09 20:10 2337865 ----a-w- c:\windows\system32\pbsvc.exe
    2011-02-02 19:40 . 2011-01-29 13:15 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-01-09 20:10 . 2011-01-09 20:10 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
    2010-12-23 21:36 . 2010-12-23 21:36 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-12-09 10:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    2010-12-09 10:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
    "Steam"="c:\games\STEAM\Steam.exe" [2011-02-27 1242448]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [x]
    R0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys [x]
    R0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-13 136176]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-01 1343400]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-01 691696]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-02-16 218688]
    S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-13 17:00]
    .
    2011-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-13 17:00]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.lt/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-RGSC - c:\games\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe
    HKCU-Run-BitComet - c:\games\Lost Horizon\BitComet\BitComet.exe
    AddRemove-Practice Court_is1 - c:\games\NBALIV~1\unins000.exe
    AddRemove-{28CC29B1-2F66-4671-0081-651745DB4A2E} - c:\games\NBA LIVE\EAUninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3477844949-1269118923-1387545818-1001\Software\SecuROM\License information*]
    "datasecu"=hex:ec,da,33,10,ec,db,44,1b,38,bf,27,d2,7a,7a,e5,77,d6,f7,0c,58,4a,
    56,88,cb,31,cb,8c,f6,6c,42,94,43,a1,7c,3f,7a,64,2e,9c,8c,20,e2,37,fa,41,b9,\
    "rkeysecu"=hex:f8,2e,ac,40,0f,ef,9c,19,c2,5a,09,07,9c,23,eb,f0
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-03-10 14:04:40
    ComboFix-quarantined-files.txt 2011-03-10 12:04
    .
    Pre-Run: 11,965,239,296 bytes free
    Post-Run: 11,889,270,784 bytes free
    .
    - - End Of File - - 0F7784F0E7B5E430C3C50FDBF816BA7B
  10. Broni

    Broni Malware Annihilator Posts: 45,159   +242

    I definitely prefer Avira, or Avast over AVG.

    Combofix log looks fine.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  11. juzt4

    juzt4 Newcomer, in training Topic Starter

    OTL.txt here


    OTL logfile created on: 3/10/2011 11:08:35 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Justinas\Desktop
    Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 76.00% Memory free
    7.00 Gb Paging File | 6.00 Gb Available in Paging File | 88.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 74.43 Gb Total Space | 8.50 Gb Free Space | 11.42% Space Free | Partition Type: NTFS
    Drive D: | 4.79 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: GAMERSTATION | User Name: Justinas | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/03/10 23:07:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Justinas\Desktop\OTL.exe
    PRC - [2011/01/10 14:23:41 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2011/01/10 14:23:30 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2011/01/10 14:23:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009/07/14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/03/10 23:07:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Justinas\Desktop\OTL.exe
    MOD - [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/03/04 13:07:31 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2011/01/10 14:23:41 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2011/01/10 14:23:30 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2010/11/01 11:13:17 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/02/16 10:47:13 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV - [2011/01/10 14:23:53 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
    DRV - [2011/01/10 14:23:53 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2010/11/01 11:05:13 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2010/02/24 12:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
    DRV - [2009/07/14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
    DRV - [2009/07/14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
    DRV - [2009/07/14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
    DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2009/07/14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
    DRV - [2009/07/14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
    DRV - [2009/06/10 23:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3477844949-1269118923-1387545818-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.lt/
    IE - HKU\S-1-5-21-3477844949-1269118923-1387545818-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-3477844949-1269118923-1387545818-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FC EE A5 01 A7 79 CB 01 [binary data]
    IE - HKU\S-1-5-21-3477844949-1269118923-1387545818-1001\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-3477844949-1269118923-1387545818-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3477844949-1269118923-1387545818-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



    O1 HOSTS File: ([2011/03/10 14:03:49 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKU\S-1-5-21-3477844949-1269118923-1387545818-1001..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-3477844949-1269118923-1387545818-1001..\Run: [Steam] C:\Games\STEAM\Steam.exe (Valve Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-21-3477844949-1269118923-1387545818-1001\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-21-3477844949-1269118923-1387545818-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3477844949-1269118923-1387545818-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-3477844949-1269118923-1387545818-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\S-1-5-21-3477844949-1269118923-1387545818-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2008/03/26 01:46:13 | 000,132,016 | R--- | M] (InstallShield Software Corporation) - D:\autorun.exe -- [ UDF ]
    O32 - AutoRun File - [2008/03/26 00:50:03 | 000,004,286 | R--- | M] () - D:\autorun.ico -- [ UDF ]
    O32 - AutoRun File - [2008/03/26 00:50:03 | 000,000,047 | R--- | M] () - D:\autorun.inf -- [ UDF ]
    O32 - AutoRun File - [2008/03/26 00:50:19 | 000,000,382 | R--- | M] () - D:\autorun.ini -- [ UDF ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKU\S-1-5-21-3477844949-1269118923-1387545818-1001\...exe [@ = exefile] -- Reg Error: Key error. File not found

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)


    ========== Files/Folders - Created Within 30 Days ==========

    [2011/03/10 23:05:05 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Justinas\Desktop\OTL.exe
    [2011/03/10 21:42:34 | 000,000,000 | ---D | C] -- C:\Users\Justinas\AppData\Local\ElevatedDiagnostics
    [2011/03/10 14:37:28 | 000,000,000 | ---D | C] -- C:\Users\Justinas\AppData\Roaming\Avira
    [2011/03/10 14:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    [2011/03/10 14:36:14 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
    [2011/03/10 14:36:13 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
    [2011/03/10 14:36:13 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
    [2011/03/10 14:36:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
    [2011/03/10 14:36:12 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2011/03/10 14:04:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/03/10 14:04:41 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/03/10 14:04:41 | 000,000,000 | ---D | C] -- C:\Users\Justinas\AppData\Local\temp
    [2011/03/10 13:58:30 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/03/10 13:58:30 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/03/10 13:58:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/03/10 13:58:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/03/10 13:57:53 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/03/10 13:57:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/03/10 13:41:06 | 006,225,384 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Justinas\Desktop\AppRemover.exe
    [2011/03/09 22:55:39 | 001,374,808 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Justinas\Desktop\TDSSKiller.exe
    [2011/03/09 15:50:34 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2011/03/09 15:31:53 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
    [2011/03/09 15:31:46 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
    [2011/03/09 15:31:40 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrentBar
    [2011/03/09 15:31:38 | 000,000,000 | ---D | C] -- C:\extensions
    [2011/03/09 14:39:15 | 000,000,000 | ---D | C] -- C:\Users\Justinas\AppData\Roaming\Malwarebytes
    [2011/03/09 14:38:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011/03/09 14:38:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/03/09 14:38:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/03/09 14:38:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/03/09 14:38:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/03/09 14:37:17 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Justinas\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/03/09 14:30:35 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Justinas\Desktop\TFC.exe
    [2011/03/08 15:54:42 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
    [2011/03/08 13:53:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio
    [2011/03/08 13:53:08 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio
    [2011/03/08 13:09:44 | 000,000,000 | ---D | C] -- C:\$AVG
    [2011/03/06 19:25:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
    [2011/03/06 19:25:17 | 000,000,000 | ---D | C] -- C:\Users\Justinas\Documents\Codemasters
    [2011/03/03 18:39:27 | 000,000,000 | ---D | C] -- C:\Users\Justinas\Documents\BFBC2
    [2011/03/03 17:15:43 | 000,000,000 | ---D | C] -- C:\Users\Justinas\Documents\NBA Live 2005
    [2011/03/03 17:12:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA SPORTS
    [2011/03/02 18:02:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2011/03/01 18:45:31 | 000,000,000 | ---D | C] -- C:\Users\Justinas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
    [2011/03/01 18:22:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2011/03/01 18:21:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/02/28 21:41:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
    [2011/02/28 21:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
    [2011/02/28 21:39:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
    [2011/02/28 21:39:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
    [2011/02/28 21:38:38 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
    [2011/02/28 21:37:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
    [2011/02/28 21:36:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
    [2011/02/28 21:34:42 | 000,000,000 | R--D | C] -- C:\MSOCache
    [2011/02/27 16:50:35 | 000,000,000 | ---D | C] -- C:\Users\Justinas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter Strike Source 2011
    [2011/02/27 16:27:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
    [2011/02/27 16:27:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
    [2011/02/27 16:23:25 | 000,000,000 | ---D | C] -- C:\Users\Justinas\New folder
    [2011/02/27 13:43:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
    [2011/02/27 13:39:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
    [2011/02/24 19:56:43 | 000,000,000 | ---D | C] -- C:\Users\Justinas\AppData\Roaming\GetRightToGo
    [2011/02/24 19:56:43 | 000,000,000 | ---D | C] -- C:\Users\Justinas\Documents\Downloads
    [2011/02/22 09:58:54 | 000,086,016 | ---- | C] (Beepa P/L) -- C:\Windows\System32\frapsvid.dll
    [2011/02/18 09:32:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2011/02/17 20:40:51 | 000,000,000 | ---D | C] -- C:\Users\Justinas\Documents\Eden Games
    [2011/02/17 20:36:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
    [2011/02/17 20:07:49 | 000,000,000 | ---D | C] -- C:\Users\Justinas\AppData\Local\CrashRpt
    [2011/02/17 19:49:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari
    [2011/02/16 10:47:13 | 000,218,688 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
    [2011/02/16 10:47:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
    [2011/02/16 10:46:59 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite

    ========== Files - Modified Within 30 Days ==========

    [2011/03/10 23:07:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Justinas\Desktop\OTL.exe
    [2011/03/10 22:11:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/03/10 20:11:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/03/10 14:36:21 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
    [2011/03/10 14:03:49 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/03/10 13:58:04 | 000,020,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/03/10 13:58:04 | 000,020,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/03/10 13:50:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/03/10 13:50:41 | 2817,384,448 | -HS- | M] () -- C:\hiberfil.sys
    [2011/03/10 13:41:32 | 006,225,384 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Justinas\Desktop\AppRemover.exe
    [2011/03/10 13:40:41 | 004,284,550 | R--- | M] () -- C:\Users\Justinas\Desktop\ComboFix.exe
    [2011/03/09 22:54:44 | 001,261,440 | ---- | M] () -- C:\Users\Justinas\Desktop\tdsskiller.zip
    [2011/03/09 21:45:09 | 000,133,632 | ---- | M] () -- C:\Users\Justinas\Desktop\RKUnhookerLE.EXE
    [2011/03/09 21:44:04 | 000,080,384 | ---- | M] () -- C:\Users\Justinas\Desktop\MBRCheck.exe
    [2011/03/09 15:51:44 | 000,001,014 | ---- | M] () -- C:\Users\Justinas\Desktop\AVG whole computer scan.csv
    [2011/03/09 15:05:44 | 000,625,664 | ---- | M] () -- C:\Users\Justinas\Desktop\dds.scr
    [2011/03/09 14:45:09 | 000,296,448 | ---- | M] () -- C:\Users\Justinas\Desktop\vb515xdt.exe
    [2011/03/09 14:38:55 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/03/09 14:37:51 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Justinas\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/03/09 14:30:37 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Justinas\Desktop\TFC.exe
    [2011/03/09 14:12:30 | 000,000,792 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
    [2011/03/08 13:53:12 | 000,000,976 | ---- | M] () -- C:\Users\Public\Desktop\CamStudio.lnk
    [2011/03/08 13:52:59 | 001,364,995 | ---- | M] () -- C:\Users\Justinas\Desktop\CamStudio20.exe
    [2011/03/06 19:25:09 | 000,000,330 | ---- | M] () -- C:\Users\Justinas\Desktop\GRID.lnk
    [2011/03/06 18:56:33 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
    [2011/03/06 12:52:37 | 070,453,455 | ---- | M] () -- C:\Users\Justinas\Documents\Bottles of Beer - (Your Favorite Martian music video).mp4
    [2011/03/06 12:51:47 | 032,627,843 | ---- | M] () -- C:\Users\Justinas\Documents\Zombie Love Song - (Your Favorite Martian music video).mp4
    [2011/03/06 12:51:02 | 053,002,037 | ---- | M] () -- C:\Users\Justinas\Documents\My Balls - (Your Favorite Martian music video).mp4
    [2011/03/05 21:45:45 | 000,000,814 | ---- | M] () -- C:\Users\Justinas\Desktop\Tom Clancy's Rainbow Six Vegas 2 - Shortcut.lnk
    [2011/03/05 21:43:30 | 000,022,328 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
    [2011/03/05 21:43:30 | 000,022,328 | ---- | M] () -- C:\Users\Justinas\AppData\Roaming\PnkBstrK.sys
    [2011/03/05 21:43:05 | 002,337,865 | ---- | M] () -- C:\Windows\System32\pbsvc.exe
    [2011/03/02 21:39:47 | 002,455,946 | ---- | M] () -- C:\Users\Justinas\Desktop\DSC_0400.JPG
    [2011/03/02 20:11:55 | 000,002,290 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2011/03/02 10:45:38 | 001,374,808 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Justinas\Desktop\TDSSKiller.exe
    [2011/03/01 18:22:39 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/03/01 17:17:57 | 000,193,835 | ---- | M] () -- C:\Users\Justinas\Desktop\šmnah.png
    [2011/03/01 14:50:41 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/03/01 14:50:41 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/03/01 14:44:24 | 000,408,416 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/02/27 17:51:41 | 000,000,694 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
    [2011/02/27 16:50:35 | 000,002,088 | ---- | M] () -- C:\Users\Justinas\Desktop\Counter Strike Source 2011.lnk
    [2011/02/27 16:15:01 | 000,001,238 | RHS- | M] () -- C:\Users\Justinas\ntuser.pol
    [2011/02/22 09:58:54 | 000,086,016 | ---- | M] (Beepa P/L) -- C:\Windows\System32\frapsvid.dll
    [2011/02/20 18:23:13 | 000,160,539 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
    [2011/02/16 10:47:13 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
    [2011/02/16 10:47:01 | 000,001,900 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk

    ========== Files Created - No Company Name ==========

    [2011/03/10 14:36:21 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
    [2011/03/10 13:58:30 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/03/10 13:58:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/03/10 13:58:30 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/03/10 13:58:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/03/10 13:58:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/03/10 13:40:17 | 004,284,550 | R--- | C] () -- C:\Users\Justinas\Desktop\ComboFix.exe
    [2011/03/09 22:54:43 | 001,261,440 | ---- | C] () -- C:\Users\Justinas\Desktop\tdsskiller.zip
    [2011/03/09 21:45:10 | 000,133,632 | ---- | C] () -- C:\Users\Justinas\Desktop\RKUnhookerLE.EXE
    [2011/03/09 21:44:09 | 000,080,384 | ---- | C] () -- C:\Users\Justinas\Desktop\MBRCheck.exe
    [2011/03/09 15:51:44 | 000,001,014 | ---- | C] () -- C:\Users\Justinas\Desktop\AVG whole computer scan.csv
    [2011/03/09 15:05:44 | 000,625,664 | ---- | C] () -- C:\Users\Justinas\Desktop\dds.scr
    [2011/03/09 14:45:11 | 000,296,448 | ---- | C] () -- C:\Users\Justinas\Desktop\vb515xdt.exe
    [2011/03/09 14:38:55 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/03/09 14:09:41 | 000,000,792 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
    [2011/03/08 13:53:12 | 000,000,976 | ---- | C] () -- C:\Users\Public\Desktop\CamStudio.lnk
    [2011/03/08 13:52:50 | 001,364,995 | ---- | C] () -- C:\Users\Justinas\Desktop\CamStudio20.exe
    [2011/03/06 19:25:09 | 000,000,330 | ---- | C] () -- C:\Users\Justinas\Desktop\GRID.lnk
    [2011/03/06 12:52:37 | 070,453,455 | ---- | C] () -- C:\Users\Justinas\Documents\Bottles of Beer - (Your Favorite Martian music video).mp4
    [2011/03/06 12:51:47 | 032,627,843 | ---- | C] () -- C:\Users\Justinas\Documents\Zombie Love Song - (Your Favorite Martian music video).mp4
    [2011/03/06 12:51:01 | 053,002,037 | ---- | C] () -- C:\Users\Justinas\Documents\My Balls - (Your Favorite Martian music video).mp4
    [2011/03/05 21:45:45 | 000,000,814 | ---- | C] () -- C:\Users\Justinas\Desktop\Tom Clancy's Rainbow Six Vegas 2 - Shortcut.lnk
    [2011/03/03 14:18:23 | 002,455,946 | ---- | C] () -- C:\Users\Justinas\Desktop\DSC_0400.JPG
    [2011/03/01 18:22:39 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/03/01 17:17:56 | 000,193,835 | ---- | C] () -- C:\Users\Justinas\Desktop\šmnah.png
    [2011/02/28 15:02:14 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
    [2011/02/27 16:50:35 | 000,002,088 | ---- | C] () -- C:\Users\Justinas\Desktop\Counter Strike Source 2011.lnk
    [2011/02/27 16:27:40 | 000,000,694 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
    [2011/02/16 10:47:01 | 000,001,900 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
    [2011/01/09 22:10:48 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
    [2011/01/09 22:10:48 | 000,022,328 | ---- | C] () -- C:\Users\Justinas\AppData\Roaming\PnkBstrK.sys
    [2011/01/09 22:10:18 | 000,107,832 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
    [2011/01/09 22:10:17 | 002,337,865 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
    [2011/01/09 22:10:17 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
    [2010/11/21 16:21:31 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2010/11/13 19:08:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/14 06:33:53 | 000,408,416 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2009/07/14 04:05:48 | 000,623,940 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2009/07/14 04:05:48 | 000,106,316 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2009/07/14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

    ========== LOP Check ==========

    [2011/02/27 14:03:35 | 000,000,000 | ---D | M] -- C:\Users\Donata\AppData\Roaming\AVG10
    [2010/11/01 14:11:08 | 000,000,000 | ---D | M] -- C:\Users\Justinas\AppData\Roaming\2K Sports
    [2010/11/21 16:18:12 | 000,000,000 | ---D | M] -- C:\Users\Justinas\AppData\Roaming\DAEMON Tools Lite
    [2011/02/24 19:58:11 | 000,000,000 | ---D | M] -- C:\Users\Justinas\AppData\Roaming\GetRightToGo
    [2011/01/26 15:10:06 | 000,000,000 | ---D | M] -- C:\Users\Justinas\AppData\Roaming\Mount&Blade Warband
    [2011/02/11 17:21:03 | 000,000,000 | ---D | M] -- C:\Users\Justinas\AppData\Roaming\Ubisoft
    [2010/11/03 21:55:06 | 000,000,000 | ---D | M] -- C:\Users\Nerijus\AppData\Roaming\AVG10
    [2011/02/27 13:57:46 | 000,000,000 | ---D | M] -- C:\Users\Nerijus\AppData\Roaming\DAEMON Tools Lite
    [2010/11/14 11:19:54 | 000,000,000 | ---D | M] -- C:\Users\Nerijus\AppData\Roaming\Leadertech
    [2011/01/26 14:14:47 | 000,032,642 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2011/03/10 14:04:40 | 000,010,750 | ---- | M] () -- C:\ComboFix.txt
    [2009/06/10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2011/03/10 13:50:41 | 2817,384,448 | -HS- | M] () -- C:\hiberfil.sys
    [2011/03/10 13:50:41 | 3756,515,328 | -HS- | M] () -- C:\pagefile.sys
    [2011/03/09 22:58:15 | 000,065,690 | ---- | M] () -- C:\TDSSKiller.2.4.20.0_09.03.2011_22.55.51_log.txt

    < %systemroot%\Fonts\*.com >
    [2009/07/14 06:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 06:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 06:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 06:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 23:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2009/07/14 03:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
    [2003/06/18 17:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
    [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
    [2009/07/14 03:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 06:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/11/01 11:27:18 | 000,000,221 | -HS- | M] () -- C:\Users\Justinas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/03/10 13:41:32 | 006,225,384 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Justinas\Desktop\AppRemover.exe
    [2011/03/08 13:52:59 | 001,364,995 | ---- | M] () -- C:\Users\Justinas\Desktop\CamStudio20.exe
    [2011/03/10 13:40:41 | 004,284,550 | R--- | M] () -- C:\Users\Justinas\Desktop\ComboFix.exe
    [2011/03/09 14:37:51 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Justinas\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/03/09 21:44:04 | 000,080,384 | ---- | M] () -- C:\Users\Justinas\Desktop\MBRCheck.exe
    [2011/03/10 23:07:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Justinas\Desktop\OTL.exe
    [2011/03/09 21:45:09 | 000,133,632 | ---- | M] () -- C:\Users\Justinas\Desktop\RKUnhookerLE.EXE
    [2011/03/02 10:45:38 | 001,374,808 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Justinas\Desktop\TDSSKiller.exe
    [2011/03/09 14:30:37 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Justinas\Desktop\TFC.exe
    [2011/03/09 14:45:09 | 000,296,448 | ---- | M] () -- C:\Users\Justinas\Desktop\vb515xdt.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 23:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/11/01 11:25:04 | 000,000,402 | -HS- | M] () -- C:\Users\Justinas\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
  12. juzt4

    juzt4 Newcomer, in training Topic Starter

    Extras.txt here


    RkU Version: 3.8.388.590, Type LE (SR2)
    ==============================================
    OS Name: Windows 7
    Version 6.1.7600
    Number of processors #2
    ==============================================
    >Drivers
    ==============================================
    0x9521C000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 9854976 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 185.93 )
    0x82813000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
    0x82813000 PnpManager 4259840 bytes
    0x82813000 RAW 4259840 bytes
    0x82813000 WMIxWDM 4259840 bytes
    0x9AE10000 Win32k 2404352 bytes
    0x9AE10000 C:\Windows\System32\win32k.sys 2404352 bytes (Microsoft Corporation, Multi-User Win32 Driver)
    0x8C64A000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
    0x8C404000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
    0x8C01A000 PCI_PNP2738 995328 bytes
    0x8C01A000 C:\Windows\System32\Drivers\spjr.sys 995328 bytes
    0x8C01A000 sptd 995328 bytes
    0x9472B000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
    0x8C30B000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
    0x82EDC000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
    0x9CB69000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
    0x9CA04000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
    0x82E09000 C:\Windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)
    0x82F87000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
    0x9FEEC000 C:\Windows\system32\drivers\spsys.sys 434176 bytes (Microsoft Corporation, security processor)
    0x94632000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
    0x8C571000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
    0x91A9F000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
    0x9FE9B000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
    0x95C82000 C:\Windows\system32\drivers\HdAudio.sys 327680 bytes (Microsoft Corporation, High Definition Audio Function Driver)
    0x9FE24000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
    0x91000000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
    0x8C21B000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
    0x8C13C000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
    0x91A25000 C:\Windows\system32\DRIVERS\avgtdix.sys 294912 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
    0x95C2D000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
    0x82E9A000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
    0x91BA5000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
    0x95D41000 C:\Windows\system32\DRIVERS\udfs.sys 262144 bytes (Microsoft Corporation, UDF File System Driver)
    0x8C82C000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
    0x8C3C2000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
    0x946BC000 C:\Windows\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
    0x91B47000 C:\Windows\system32\DRIVERS\dtsoftbus01.sys 241664 bytes (DT Soft Ltd, DAEMON Tools Virtual Bus Driver)
    0x9CAD7000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
    0x95B82000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
    0x82C23000 ACPI_HAL 225280 bytes
    0x82C23000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
    0x8C2C6000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
    0x911AE000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
    0x8C8B8000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
    0x91A6D000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
    0x8C793000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
    0x95CD2000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
    0x8C873000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
    0x9CB34000 C:\Windows\system32\drivers\acedrv11.sys 180224 bytes (Protect Software GmbH, ProtectDisc x64/x86 Hybrid Driver)
    0x8C533000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
    0x8C197000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
    0x9FE73000 C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys 163840 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
    0x8C116000 C:\Windows\System32\Drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
    0x8C8FB000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
    0x8C625000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
    0x9107F000 C:\Windows\system32\DRIVERS\Rt86win7.sys 151552 bytes (Realtek Corporation , Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver )
    0x8C29A000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
    0x9CAB4000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
    0x9112D000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
    0x95BD9000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
    0x946F8000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
    0x8C9A5000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
    0x8C960000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
    0x9105A000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
    0x91B00000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
    0x9B0A0000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
    0x95DD3000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
    0x9CB12000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
    0x91B2D000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
    0x95C00000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
    0x9CA89000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
    0x95D01000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
    0x94696000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
    0x910C6000 C:\Windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
    0x910AE000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)
    0x9110A000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
    0x9114F000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
    0x91167000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
    0x9117E000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
    0x8C80E000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
    0x8C27B000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
    0x95D25000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
    0x8C55E000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
    0x95BC6000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
    0x91B82000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
    0x910F8000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
    0x94719000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
    0x9CAA2000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
    0x8C8EA000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
    0x95DAD000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
    0x8C2FA000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
    0x95C71000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
    0x8C1C1000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
    0x82E81000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
    0x95C1A000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
    0x8C8A0000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
    0x91B95000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
    0x8C1D2000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
    0x9104B000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
    0x946AE000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
    0x91B1F000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
    0x8C800000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
    0x8C26D000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
    0x8C5CE000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
    0x911E2000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
    0x8C00C000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
    0x910EB000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
    0x95D8C000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
    0x910DE000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
    0x9119F000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
    0x911F0000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
    0x8C9C6000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
    0x8C97F000 C:\Windows\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
    0x91A00000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
    0x8C999000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
    0x95D99000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
    0x95D1A000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
    0x95DC8000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
    0x95D81000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
    0x8C9EB000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
    0x91122000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
    0x8C7CD000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
    0x95BBB000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
    0x8C18C000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
    0x95200000 C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
    0x95DBE000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
    0x91BF0000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
    0x91BE6000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
    0x91195000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
    0x95DEE000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
    0x910A4000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
    0x8C2BD000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
    0x8C291000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
    0x8C925000 C:\Windows\system32\DRIVERS\AVGIDSEH.Sys 36864 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
    0x9CB60000 C:\Windows\system32\DRIVERS\AVGIDSShim.Sys 36864 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
    0x95DA4000 C:\Windows\System32\Drivers\dump_atapi.sys 36864 bytes
    0x8C5DC000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
    0x9FF56000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
    0x9B070000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
    0x8C7C4000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
    0x8C10D000 C:\Windows\System32\Drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
    0x82E92000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
    0x8C8B0000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
    0x80BA6000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
    0x8C184000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
    0x8C9D3000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
    0x8C9DB000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
    0x8C9E3000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
    0x8C86B000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
    0x8C992000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
    0x95D38000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
    0x8C98B000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
    0x9CB2D000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)
    0x8C266000 C:\Windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
    0x91AF9000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
    0x91079000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
    0x8C920000 C:\Windows\system32\DRIVERS\avgrkx86.sys 20480 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
    0x911AC000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
    0x95D3F000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
    0x855071F8 unknown_irp_handler 3592 bytes
    0x855051F8 unknown_irp_handler 3592 bytes
    0x855061F8 unknown_irp_handler 3592 bytes
    0x8653D1F8 unknown_irp_handler 3592 bytes
    0x8648B1F8 unknown_irp_handler 3592 bytes
    0x855031F8 unknown_irp_handler 3592 bytes
    0x864F8500 unknown_irp_handler 2816 bytes
    0x86640500 unknown_irp_handler 2816 bytes
    0x869F9500 unknown_irp_handler 2816 bytes
    0x86503500 unknown_irp_handler 2816 bytes
    ==============================================
    >Stealth
    ==============================================
    WARNING: File locked for read access [C:\Windows\system32\drivers\sptd.sys]
  13. Broni

    Broni Malware Annihilator Posts: 45,159   +242

    You posted RKUnhooker log instead of Extras.txt.
     
  14. juzt4

    juzt4 Newcomer, in training Topic Starter

    Ups, my bad.:rolleyes: I will post it tomorrow or very late at your time. In this time zone it's midnight. p.s im using my iPod to post this, because I can't log in to my computer now ( non-virus related, just family)
  15. Broni

    Broni Malware Annihilator Posts: 45,159   +242

    No problem :)
  16. juzt4

    juzt4 Newcomer, in training Topic Starter

    Here you go:

    OTL Extras logfile created on: 3/10/2011 11:08:35 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Justinas\Desktop
    Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 76.00% Memory free
    7.00 Gb Paging File | 6.00 Gb Available in Paging File | 88.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 74.43 Gb Total Space | 8.50 Gb Free Space | 11.42% Space Free | Partition Type: NTFS
    Drive D: | 4.79 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: GAMERSTATION | User Name: Justinas | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-3477844949-1269118923-1387545818-1001\SOFTWARE\Classes\<extension>]
    .exe [@ = exefile] -- Reg Error: Key error. File not found
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}" = Uniblue RegistryBooster
    "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.5
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 24
    "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
    "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
    "{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{81DD0597-29EB-4FA0-8223-4F41362B2E72}" = NBA 2K11
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
    "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{FD416706-875C-4B0B-A23A-9E740DAE029E}" = Tom Clancy's Rainbow Six Vegas 2
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "CamStudio" = CamStudio
    "conduitEngine" = Conduit Engine
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Google Chrome" = Google Chrome
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "OpenAL" = OpenAL
    "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
    "PunkBusterSvc" = PunkBuster Services
    "Shockwave" = Shockwave
    "Uniblue RegistryBooster" = Uniblue RegistryBooster
    "uTorrentBar Toolbar" = uTorrentBar Toolbar
    "WinRAR archiver" = WinRAR archiver

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 3/8/2011 7:13:53 AM | Computer Name = GamerStation | Source = Application Hang | ID = 1002
    Description = The program BitComet.exe version 1.17.12.28 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: cd4 Start
    Time: 01cbdd7f2a0d5da9 Termination Time: 23478 Application Path: C:\Games\Lost Horizon\BitComet\BitComet.exe

    Report
    Id: 149c1d15-4975-11e0-8719-001fd0570ddf

    Error - 3/8/2011 7:18:11 AM | Computer Name = GamerStation | Source = Application Hang | ID = 1002
    Description = The program BitComet.exe version 1.17.12.28 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 5d4 Start
    Time: 01cbdd8240638896 Termination Time: 26615 Application Path: C:\Games\Lost Horizon\BitComet\BitComet.exe

    Report
    Id: adf937da-4975-11e0-8719-001fd0570ddf

    Error - 3/8/2011 7:21:21 AM | Computer Name = GamerStation | Source = Application Hang | ID = 1002
    Description = The program Explorer.EXE version 6.1.7600.16450 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 95c Start
    Time: 01cbdd7f26eff0ad Termination Time: 60000 Application Path: C:\Windows\Explorer.EXE

    Report
    Id: 050759ed-4976-11e0-8719-001fd0570ddf

    Error - 3/8/2011 8:05:58 AM | Computer Name = GamerStation | Source = Application Hang | ID = 1002
    Description = The program chrome.exe version 0.0.0.0 stopped interacting with Windows
    and was closed. To see if more information about the problem is available, check
    the problem history in the Action Center control panel. Process ID: 111c Start Time:
    01cbdd878f34dbe6 Termination Time: 8 Application Path: C:\Program Files\Google\Chrome\Application\chrome.exe

    Report
    Id:

    Error - 3/8/2011 8:17:55 AM | Computer Name = GamerStation | Source = Application Hang | ID = 1002
    Description = The program Explorer.EXE version 6.1.7600.16450 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: b9c Start
    Time: 01cbdd83adb02c1b Termination Time: 10747 Application Path: C:\Windows\Explorer.EXE

    Report
    Id: 0f3de70b-497e-11e0-b5ce-001fd0570ddf

    Error - 3/8/2011 9:24:34 AM | Computer Name = GamerStation | Source = Application Hang | ID = 1002
    Description = The program BitComet.exe version 1.17.12.28 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 55c Start
    Time: 01cbdd84cf0a685d Termination Time: 11110 Application Path: C:\Games\Lost Horizon\BitComet\BitComet.exe

    Report
    Id: 5d754056-4987-11e0-b5ce-001fd0570ddf

    Error - 3/8/2011 10:08:56 AM | Computer Name = GamerStation | Source = VSS | ID = 8194
    Description =

    Error - 3/8/2011 10:19:25 AM | Computer Name = GamerStation | Source = Application Hang | ID = 1002
    Description = The program SZOptions.exe version 5.0.84.5 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 620 Start
    Time: 01cbdd9b76590412 Termination Time: 60000 Application Path: C:\Program Files\STOPzilla!\SZOptions.exe

    Report
    Id: d2686282-498e-11e0-b56b-001fd0570ddf

    Error - 3/9/2011 9:01:23 AM | Computer Name = GamerStation | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 3/10/2011 1:14:47 PM | Computer Name = GamerStation | Source = Application Hang | ID = 1002
    Description = The program hl2.exe version 0.0.0.0 stopped interacting with Windows
    and was closed. To see if more information about the problem is available, check
    the problem history in the Action Center control panel. Process ID: a68 Start Time:
    01cbdf43e5686612 Termination Time: 382 Application Path: C:\Games\M&B Warband\CSS\Counter
    Strike Source 2011\hl2.exe Report Id:

    [ Media Center Events ]
    Error - 11/4/2010 12:09:11 PM | Computer Name = GamerStation | Source = MCUpdate | ID = 0
    Description = 6:09:11 PM - Error connecting to the internet. 6:09:11 PM - Unable
    to contact server..

    Error - 11/4/2010 12:09:21 PM | Computer Name = GamerStation | Source = MCUpdate | ID = 0
    Description = 6:09:16 PM - Error connecting to the internet. 6:09:16 PM - Unable
    to contact server..

    Error - 11/4/2010 1:09:26 PM | Computer Name = GamerStation | Source = MCUpdate | ID = 0
    Description = 7:09:26 PM - Error connecting to the internet. 7:09:26 PM - Unable
    to contact server..

    Error - 11/4/2010 1:09:33 PM | Computer Name = GamerStation | Source = MCUpdate | ID = 0
    Description = 7:09:32 PM - Error connecting to the internet. 7:09:32 PM - Unable
    to contact server..

    Error - 12/3/2010 8:14:57 AM | Computer Name = GamerStation | Source = MCUpdate | ID = 0
    Description = 2:14:41 PM - Error connecting to the internet. 2:14:42 PM - Unable
    to contact server..

    [ System Events ]
    Error - 3/9/2011 9:40:40 AM | Computer Name = GamerStation | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    is3srv szkg5 szkgfs

    Error - 3/9/2011 11:55:40 AM | Computer Name = GamerStation | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    is3srv szkg5 szkgfs

    Error - 3/9/2011 12:39:27 PM | Computer Name = GamerStation | Source = volsnap | ID = 393252
    Description = The shadow copies of volume C: were aborted because the shadow copy
    storage could not grow due to a user imposed limit.

    Error - 3/9/2011 3:42:28 PM | Computer Name = GamerStation | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    is3srv szkg5 szkgfs

    Error - 3/9/2011 4:53:22 PM | Computer Name = GamerStation | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    is3srv szkg5 szkgfs

    Error - 3/10/2011 7:35:22 AM | Computer Name = GamerStation | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    is3srv szkg5 szkgfs

    Error - 3/10/2011 7:51:01 AM | Computer Name = GamerStation | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    is3srv szkg5 szkgfs

    Error - 3/10/2011 7:59:28 AM | Computer Name = GamerStation | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 3/10/2011 8:02:15 AM | Computer Name = GamerStation | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 3/10/2011 8:03:50 AM | Computer Name = GamerStation | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.


    < End of report >
  17. juzt4

    juzt4 Newcomer, in training Topic Starter

    I scanned my computer with Avira just in case:




    Avira AntiVir Personal
    Report file date: Friday, March 11, 2011 09:09

    Scanning for 2480408 virus strains and unwanted programs.

    The program is running as an unrestricted full version.
    Online services are available:

    Licensee : Avira AntiVir Personal - FREE Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows 7
    Windows version : (plain) [6.1.7600]
    Boot mode : Normally booted
    Username : SYSTEM
    Computer name : GAMERSTATION

    Version information:
    BUILD.DAT : 10.0.0.611 31824 Bytes 1/14/2011 13:42:00
    AVSCAN.EXE : 10.0.3.5 435368 Bytes 1/10/2011 12:23:31
    AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 10:57:04
    LUKE.DLL : 10.0.3.2 104296 Bytes 1/10/2011 12:23:40
    LUKERES.DLL : 10.0.0.1 12648 Bytes 2/10/2010 21:40:49
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 07:05:36
    VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 12:23:50
    VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 12:37:43
    VBASE003.VDF : 7.11.3.1 2048 Bytes 2/9/2011 12:37:43
    VBASE004.VDF : 7.11.3.2 2048 Bytes 2/9/2011 12:37:43
    VBASE005.VDF : 7.11.3.3 2048 Bytes 2/9/2011 12:37:43
    VBASE006.VDF : 7.11.3.4 2048 Bytes 2/9/2011 12:37:43
    VBASE007.VDF : 7.11.3.5 2048 Bytes 2/9/2011 12:37:43
    VBASE008.VDF : 7.11.3.6 2048 Bytes 2/9/2011 12:37:43
    VBASE009.VDF : 7.11.3.7 2048 Bytes 2/9/2011 12:37:44
    VBASE010.VDF : 7.11.3.8 2048 Bytes 2/9/2011 12:37:44
    VBASE011.VDF : 7.11.3.9 2048 Bytes 2/9/2011 12:37:44
    VBASE012.VDF : 7.11.3.10 2048 Bytes 2/9/2011 12:37:44
    VBASE013.VDF : 7.11.3.59 157184 Bytes 2/14/2011 12:37:44
    VBASE014.VDF : 7.11.3.97 120320 Bytes 2/16/2011 12:37:45
    VBASE015.VDF : 7.11.3.148 128000 Bytes 2/19/2011 12:37:45
    VBASE016.VDF : 7.11.3.183 140288 Bytes 2/22/2011 12:37:46
    VBASE017.VDF : 7.11.3.216 124416 Bytes 2/24/2011 12:37:46
    VBASE018.VDF : 7.11.3.251 159232 Bytes 2/28/2011 12:37:47
    VBASE019.VDF : 7.11.4.33 148992 Bytes 3/2/2011 12:37:48
    VBASE020.VDF : 7.11.4.73 150016 Bytes 3/6/2011 12:37:48
    VBASE021.VDF : 7.11.4.108 122880 Bytes 3/8/2011 12:37:49
    VBASE022.VDF : 7.11.4.109 2048 Bytes 3/8/2011 12:37:49
    VBASE023.VDF : 7.11.4.110 2048 Bytes 3/8/2011 12:37:49
    VBASE024.VDF : 7.11.4.111 2048 Bytes 3/8/2011 12:37:49
    VBASE025.VDF : 7.11.4.112 2048 Bytes 3/8/2011 12:37:49
    VBASE026.VDF : 7.11.4.113 2048 Bytes 3/8/2011 12:37:49
    VBASE027.VDF : 7.11.4.114 2048 Bytes 3/8/2011 12:37:49
    VBASE028.VDF : 7.11.4.115 2048 Bytes 3/8/2011 12:37:49
    VBASE029.VDF : 7.11.4.116 2048 Bytes 3/8/2011 12:37:49
    VBASE030.VDF : 7.11.4.117 2048 Bytes 3/8/2011 12:37:49
    VBASE031.VDF : 7.11.4.147 125440 Bytes 3/10/2011 12:37:50
    Engineversion : 8.2.4.180
    AEVDF.DLL : 8.1.2.1 106868 Bytes 1/10/2011 12:23:26
    AESCRIPT.DLL : 8.1.3.56 1261945 Bytes 3/10/2011 12:38:01
    AESCN.DLL : 8.1.7.2 127349 Bytes 1/10/2011 12:23:26
    AESBX.DLL : 8.1.3.2 254324 Bytes 1/10/2011 12:23:26
    AERDL.DLL : 8.1.9.2 635252 Bytes 1/10/2011 12:23:25
    AEPACK.DLL : 8.2.4.11 520566 Bytes 3/10/2011 12:38:00
    AEOFFICE.DLL : 8.1.1.17 205177 Bytes 3/10/2011 12:37:58
    AEHEUR.DLL : 8.1.2.83 3338613 Bytes 3/10/2011 12:37:58
    AEHELP.DLL : 8.1.16.1 246134 Bytes 3/10/2011 12:37:52
    AEGEN.DLL : 8.1.5.2 397683 Bytes 3/10/2011 12:37:52
    AEEMU.DLL : 8.1.3.0 393589 Bytes 1/10/2011 12:23:18
    AECORE.DLL : 8.1.19.2 196983 Bytes 3/10/2011 12:37:51
    AEBB.DLL : 8.1.1.0 53618 Bytes 1/10/2011 12:23:18
    AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/10/2011 12:23:32
    AVPREF.DLL : 10.0.0.0 44904 Bytes 1/10/2011 12:23:30
    AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 12:27:13
    AVREG.DLL : 10.0.3.2 53096 Bytes 1/10/2011 12:23:31
    AVSCPLR.DLL : 10.0.3.2 84328 Bytes 1/10/2011 12:23:31
    AVARKT.DLL : 10.0.22.6 231784 Bytes 1/10/2011 12:23:27
    AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/10/2011 12:23:28
    SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 12:27:22
    AVSMTP.DLL : 10.0.0.17 63848 Bytes 1/10/2011 12:23:31
    NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 12:27:21
    RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 11:10:20
    RCTEXT.DLL : 10.0.58.0 97128 Bytes 1/10/2011 12:23:52

    Configuration settings for the scan:
    Jobname.............................: Complete system scan
    Configuration file..................: C:\program files\avira\antivir desktop\sysscan.avp
    Logging.............................: low
    Primary action......................: interactive
    Secondary action....................: ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Boot sectors........................: C:,
    Process scan........................: on
    Extended process scan...............: on
    Scan registry.......................: on
    Search for rootkits.................: on
    Integrity checking of system files..: off
    Scan all files......................: All files
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: medium

    Start of the scan: Friday, March 11, 2011 09:09

    Starting search for hidden objects.
    HKEY_USERS\S-1-5-21-3477844949-1269118923-1387545818-1001\Software\SecuROM\License information\datasecu
    [NOTE] The registry entry is invisible.
    HKEY_USERS\S-1-5-21-3477844949-1269118923-1387545818-1001\Software\SecuROM\License information\rkeysecu
    [NOTE] The registry entry is invisible.

    The scan of running processes will be started
    Scan process 'avnotify.exe' - '99' Module(s) have been scanned
    Scan process 'taskeng.exe' - '26' Module(s) have been scanned
    Scan process 'SearchFilterHost.exe' - '27' Module(s) have been scanned
    Scan process 'SearchProtocolHost.exe' - '29' Module(s) have been scanned
    Scan process 'svchost.exe' - '28' Module(s) have been scanned
    Scan process 'vssvc.exe' - '47' Module(s) have been scanned
    Scan process 'avscan.exe' - '83' Module(s) have been scanned
    Scan process 'avscan.exe' - '28' Module(s) have been scanned
    Scan process 'avcenter.exe' - '83' Module(s) have been scanned
    Scan process 'chrome.exe' - '62' Module(s) have been scanned
    Scan process 'chrome.exe' - '41' Module(s) have been scanned
    Scan process 'chrome.exe' - '41' Module(s) have been scanned
    Scan process 'chrome.exe' - '41' Module(s) have been scanned
    Scan process 'chrome.exe' - '90' Module(s) have been scanned
    Scan process 'SteamService.exe' - '42' Module(s) have been scanned
    Scan process 'iPodService.exe' - '33' Module(s) have been scanned
    Scan process 'svchost.exe' - '38' Module(s) have been scanned
    Scan process 'Steam.exe' - '119' Module(s) have been scanned
    Scan process 'SearchIndexer.exe' - '58' Module(s) have been scanned
    Scan process 'DTLite.exe' - '55' Module(s) have been scanned
    Scan process 'avgnt.exe' - '64' Module(s) have been scanned
    Scan process 'iTunesHelper.exe' - '74' Module(s) have been scanned
    Scan process 'GrooveMonitor.exe' - '48' Module(s) have been scanned
    Scan process 'jusched.exe' - '25' Module(s) have been scanned
    Scan process 'Explorer.EXE' - '164' Module(s) have been scanned
    Scan process 'Dwm.exe' - '32' Module(s) have been scanned
    Scan process 'taskhost.exe' - '51' Module(s) have been scanned
    Scan process 'WLIDSvcM.exe' - '17' Module(s) have been scanned
    Scan process 'WLIDSVC.EXE' - '60' Module(s) have been scanned
    Scan process 'svchost.exe' - '32' Module(s) have been scanned
    Scan process 'PnkBstrB.exe' - '28' Module(s) have been scanned
    Scan process 'PnkBstrA.exe' - '25' Module(s) have been scanned
    Scan process 'mDNSResponder.exe' - '40' Module(s) have been scanned
    Scan process 'conhost.exe' - '14' Module(s) have been scanned
    Scan process 'avshadow.exe' - '31' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '48' Module(s) have been scanned
    Scan process 'avguard.exe' - '67' Module(s) have been scanned
    Scan process 'svchost.exe' - '69' Module(s) have been scanned
    Scan process 'sched.exe' - '50' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '88' Module(s) have been scanned
    Scan process 'svchost.exe' - '87' Module(s) have been scanned
    Scan process 'svchost.exe' - '66' Module(s) have been scanned
    Scan process 'svchost.exe' - '160' Module(s) have been scanned
    Scan process 'svchost.exe' - '90' Module(s) have been scanned
    Scan process 'svchost.exe' - '83' Module(s) have been scanned
    Scan process 'svchost.exe' - '34' Module(s) have been scanned
    Scan process 'svchost.exe' - '52' Module(s) have been scanned
    Scan process 'lsm.exe' - '16' Module(s) have been scanned
    Scan process 'lsass.exe' - '65' Module(s) have been scanned
    Scan process 'services.exe' - '33' Module(s) have been scanned
    Scan process 'winlogon.exe' - '31' Module(s) have been scanned
    Scan process 'wininit.exe' - '26' Module(s) have been scanned
    Scan process 'csrss.exe' - '16' Module(s) have been scanned
    Scan process 'csrss.exe' - '16' Module(s) have been scanned
    Scan process 'smss.exe' - '2' Module(s) have been scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan executable files (registry).
    The registry was scanned ( '358' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\Program Files\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2.dll
    [DETECTION] Is the TR/Black.Gen2 Trojan
    C:\Users\Justinas\Documents\My Games\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2.dll
    [DETECTION] Is the TR/Black.Gen2 Trojan

    Beginning disinfection:
    C:\Users\Justinas\Documents\My Games\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2.dll
    [DETECTION] Is the TR/Black.Gen2 Trojan
    [NOTE] The file was moved to the quarantine directory under the name '493570f4.qua'.
    C:\Program Files\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2.dll
    [DETECTION] Is the TR/Black.Gen2 Trojan
    [NOTE] The file was moved to the quarantine directory under the name '51a25f53.qua'.


    End of the scan: Friday, March 11, 2011 09:49
    Used time: 39:08 Minute(s)

    The scan has been done completely.

    18635 Scanned directories
    324985 Files were scanned
    2 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 files were deleted
    0 Viruses and unwanted programs were repaired
    2 Files were moved to quarantine
    0 Files were renamed
    0 Files cannot be scanned
    324983 Files not concerned
    1652 Archives were scanned
    0 Warnings
    2 Notes
    489522 Objects were scanned with rootkit scan
    2 Hidden objects were found
  18. Broni

    Broni Malware Annihilator Posts: 45,159   +242

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      [2011/02/27 14:03:35 | 000,000,000 | ---D | M] -- C:\Users\Donata\AppData\Roaming\AVG10
      [2010/11/03 21:55:06 | 000,000,000 | ---D | M] -- C:\Users\Nerijus\AppData\Roaming\AVG10
      
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =======================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
  19. juzt4

    juzt4 Newcomer, in training Topic Starter

    Here's the log of the first fix:


    All processes killed
    ========== OTL ==========
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    C:\Users\Donata\AppData\Roaming\AVG10\cfgall folder moved successfully.
    C:\Users\Donata\AppData\Roaming\AVG10 folder moved successfully.
    C:\Users\Nerijus\AppData\Roaming\AVG10\cfgall folder moved successfully.
    C:\Users\Nerijus\AppData\Roaming\AVG10 folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Donata
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Justinas
    ->Temp folder emptied: 72593 bytes
    ->Temporary Internet Files folder emptied: 145803 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 240742614 bytes
    ->Flash cache emptied: 18892 bytes

    User: Nerijus
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1297713 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 231.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Donata
    ->Flash cache emptied: 0 bytes

    User: Justinas
    ->Flash cache emptied: 0 bytes

    User: Nerijus
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 03122011_085421

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
  20. juzt4

    juzt4 Newcomer, in training Topic Starter

    Here's the second:

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Donata
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Justinas
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 6094506 bytes
    ->Flash cache emptied: 0 bytes

    User: Nerijus
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 6.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Donata
    ->Flash cache emptied: 0 bytes

    User: Justinas
    ->Flash cache emptied: 0 bytes

    User: Nerijus
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb



    OTL by OldTimer - Version 3.2.22.3 log created on 03122011_085911

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
  21. juzt4

    juzt4 Newcomer, in training Topic Starter

    Oh, and by the way I would like to thank you for your help and time Broni. I REALLLLLLLLLY appreciate this. I heard you have a cold, so I hope you get better soon.


    Cheers!, juzt4

    EDIT: i'm going to run defragmenter soon
    and my computer is running great.
  22. Broni

    Broni Malware Annihilator Posts: 45,159   +242

    Whenever ready.
  23. juzt4

    juzt4 Newcomer, in training Topic Starter

    It's running great now, never better.
  24. Broni

    Broni Malware Annihilator Posts: 45,159   +242

    Yes!! [​IMG]
    Good luck and stay safe :)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.