Solved Possible Win32/Heur infection

Status
Not open for further replies.
J

juzt4

Posts: 15   +0
Yesterday AVG showed that my NBA 2K11.exe file has Win32/Heur so I deleted it quickly (I don't know if it was a good decision). So I thought the virus was gone, but when I downloaded the same application again, AVG showed me the same thing. So I deleted it too. Then I scanned with AVG the whole computer and it showed only this:
-----------------------------------------------
Scan "Whole computer scan" completed.
Information;"1"
Folders selected for scanning:;"Whole computer scan"
Scan started:;"Wednesday, March 09, 2011, 2:08:38 PM"
Scan finished:;"Wednesday, March 09, 2011, 2:29:08 PM (20 minute(s) 29 second(s))"
Total object scanned:;"791524"
User who launched the scan:;"Justinas"

Information
;"File";"Information";"Result"
;"C:\Windows\System32\pbsvc.exe";"The file is signed with a broken digital signature, issued by: Even Balance.";""
------------------------------------------------------
Today I took all 8 steps Windows and here are the logs, before I updated Windows:
------------------------------------------------------
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5997

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/9/2011 2:43:21 PM
mbam-log-2011-03-09 (14-43-21).txt

Scan type: Quick scan
Objects scanned: 165552
Time elapsed: 3 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
-------------------------------------------------

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-03-09 14:57:54
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 ST380817AS rev.3.42
Running: vb515xdt.exe; Driver: C:\Users\Justinas\AppData\Local\Temp\kwrdapoc.sys


---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 854E41F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3 854E41F8
Device \Driver\atapi \Device\Ide\IdePort0 854E41F8
Device \Driver\atapi \Device\Ide\IdePort1 854E41F8
Device \Driver\atapi \Device\Ide\IdePort2 854E41F8
Device \Driver\atapi \Device\Ide\IdePort3 854E41F8
Device \Driver\atapi \Device\Ide\IdePort4 854E41F8
Device \Driver\atapi \Device\Ide\IdePort5 854E41F8
Device \FileSystem\Ntfs \Ntfs 854DB1F8

AttachedDevice \FileSystem\Ntfs \Ntfs szkgfs.sys
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----
--------------------------------------------------------
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Justinas at 15:08:29.00 on Wed 03/09/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3582.2505 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Windows\explorer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Justinas\Desktop\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.lt/
uInternet Settings,ProxyOverride = *.local
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [RGSC] c:\games\gta iv\rockstar games social club\RGSCLauncher.exe /silent
uRun: [BitComet] "c:\games\lost horizon\bitcomet\BitComet.exe" /tray
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Steam] "c:\games\steam\Steam.exe" -silent
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-2-16 218688]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-2-24 185472]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 21072]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-13 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-1 1343400]
.
=============== Created Last 30 ================
.
2011-03-09 12:39:15 -------- d-----w- c:\users\justinas\appdata\roaming\Malwarebytes
2011-03-09 12:38:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-09 12:38:54 -------- d-----w- c:\progra~2\Malwarebytes
2011-03-09 12:38:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-09 12:38:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-08 13:54:42 -------- d-----w- c:\progra~2\STOPzilla!
2011-03-08 11:53:08 -------- d-----w- c:\program files\CamStudio
2011-03-08 11:09:44 -------- d--h--w- C:\$AVG
2011-03-06 17:25:18 -------- d-----w- c:\progra~2\Codemasters
2011-03-03 15:24:25 74240 ----a-w- C:\eazip.exe
2011-03-01 16:21:49 -------- d-----w- c:\program files\iPod
2011-02-28 19:38:38 -------- d-----w- c:\windows\PCHEALTH
2011-02-28 19:37:10 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-02-27 14:27:41 -------- d-----w- c:\program files\common files\Steam
2011-02-27 14:23:25 -------- d-----w- c:\users\justinas\New folder
2011-02-27 11:49:06 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2011-02-27 11:49:06 32656 ----a-w- c:\windows\system32\msonpmon.dll
2011-02-27 11:39:09 -------- d-----w- c:\windows\system32\appmgmt
2011-02-24 17:56:43 -------- d-----w- c:\users\justinas\appdata\roaming\GetRightToGo
2011-02-23 17:56:34 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-23 13:36:48 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 13:36:48 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 07:58:54 86016 ----a-w- c:\windows\system32\frapsvid.dll
2011-02-17 18:36:04 -------- d-----w- c:\windows\system32\directx
2011-02-17 18:07:49 -------- d-----w- c:\users\justinas\appdata\local\CrashRpt
2011-02-16 08:47:13 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-02-16 08:46:59 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-02-16 08:42:28 181608 ----a-w- c:\progra~2\microsoft\windows\sqm\manifest\Sqm10137.bin
2011-02-09 12:24:03 2329088 ----a-w- c:\windows\system32\win32k.sys
2011-02-09 12:23:49 541184 ----a-w- c:\windows\system32\kerberos.dll
2011-02-09 12:23:40 428032 ----a-w- c:\windows\system32\vbscript.dll
.
==================== Find3M ====================
.
2011-03-06 16:56:33 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-03-06 12:52:16 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-03-05 19:43:30 22328 ----a-w- c:\users\justinas\appdata\roaming\PnkBstrK.sys
2011-03-05 19:43:05 2337865 ----a-w- c:\windows\system32\pbsvc.exe
2011-02-02 19:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-09 20:10:17 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-12-23 21:36:40 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-12-21 05:38:24 73728 ----a-w- c:\windows\system32\wscsvc.dll
2010-12-21 05:38:24 51200 ----a-w- c:\windows\system32\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- c:\windows\system32\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- c:\windows\system32\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- c:\windows\system32\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- c:\windows\system32\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- c:\windows\system32\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- c:\windows\system32\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- c:\windows\system32\davclnt.dll
2010-12-18 05:29:40 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 04:20:55 386048 ----a-w- c:\windows\system32\html.iec
2010-12-18 03:47:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 15:08:46.02 ===============

Any help would be very appreciated. Thanks

p.s. sorry if my English is bad and there may be traces of bitcomet and utorrent
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=======================================================================

Attach.txt part of DDS is missing.
Please, post it.

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=======================================================================

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
 
Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 10/31/2010 11:24:16 PM
System Uptime: 3/9/2011 2:06:00 PM (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | EP35-DS3L
Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz | Socket 775 | 1600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 9.307 GiB free.
D: is CDROM (UDF)
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP139: 3/9/2011 2:10:31 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP140: 3/9/2011 2:18:46 PM - Removed Microsoft Games for Windows - LIVE Redistributable
RP141: 3/9/2011 2:23:49 PM - Removed Microsoft Games for Windows - LIVE
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2011
Battlefield: Bad Company™ 2
Bonjour
CamStudio
DAEMON Tools Lite
dahl's Practice Court (v2.0) patch
Google Chrome
Google Update Helper
GRID
iTunes
Java Auto Updater
Java(TM) 6 Update 24
Malwarebytes' Anti-Malware
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
NBA 2K11
NBA LIVE 2005
OpenAL
ProtectDisc Driver, Version 11
PunkBuster Services
QuickTime
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Shockwave
Skype Toolbars
Skype™ 5.1
Steam
Tom Clancy's Rainbow Six Vegas 2
Ubisoft Game Launcher
Uniblue RegistryBooster
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2492475)
Windows Live ID Sign-in Assistant
WinRAR archiver
YouTube Downloader 2.6.5
.
==== Event Viewer Messages From Past Week ========
.
3/9/2011 2:07:48 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv
3/8/2011 5:04:45 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2011 5:04:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
3/8/2011 5:04:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
3/8/2011 5:04:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/8/2011 5:04:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/8/2011 5:04:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/8/2011 5:04:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/8/2011 5:04:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/8/2011 5:04:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/8/2011 5:04:18 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix CSC DfsC discache is3srv NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx Wanarpv6 WfpLwf
3/8/2011 5:04:18 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2011 5:04:18 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/8/2011 5:04:18 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/8/2011 5:04:18 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2011 5:04:18 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2011 5:04:18 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
3/8/2011 5:04:18 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2011 5:04:18 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/8/2011 5:04:18 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/8/2011 5:04:18 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/8/2011 5:03:45 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
3/8/2011 4:11:16 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
3/8/2011 1:23:44 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx Wanarpv6 WfpLwf
3/7/2011 2:52:30 PM, Error: volsnap [35] - The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
3/4/2011 1:08:12 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
3/4/2011 1:08:12 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: EP35-DS3L
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 155):
0x82813000 \SystemRoot\system32\ntkrnlpa.exe
0x82C23000 \SystemRoot\system32\halmacpi.dll
0x80BA6000 \SystemRoot\system32\kdcom.dll
0x82E09000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x82E81000 \SystemRoot\system32\PSHED.dll
0x82E92000 \SystemRoot\system32\BOOTVID.dll
0x82E9A000 \SystemRoot\system32\CLFS.SYS
0x82EDC000 \SystemRoot\system32\CI.dll
0x82F87000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8C00C000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8C01A000 \SystemRoot\System32\Drivers\spjr.sys
0x8C10D000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8C116000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8C13C000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8C184000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8C18C000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8C197000 \SystemRoot\system32\DRIVERS\pci.sys
0x8C1C1000 \SystemRoot\System32\drivers\partmgr.sys
0x8C1D2000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8C21B000 \SystemRoot\System32\drivers\volmgrx.sys
0x8C266000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8C26D000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8C27B000 \SystemRoot\System32\drivers\mountmgr.sys
0x8C291000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8C29A000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8C2BD000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8C2C6000 \SystemRoot\system32\drivers\fltmgr.sys
0x8C2FA000 \SystemRoot\system32\drivers\fileinfo.sys
0x8C404000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8C533000 \SystemRoot\System32\Drivers\msrpc.sys
0x8C55E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8C571000 \SystemRoot\System32\Drivers\cng.sys
0x8C5CE000 \SystemRoot\System32\drivers\pcw.sys
0x8C5DC000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8C30B000 \SystemRoot\system32\drivers\ndis.sys
0x8C3C2000 \SystemRoot\system32\drivers\NETIO.SYS
0x8C625000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8C64A000 \SystemRoot\System32\drivers\tcpip.sys
0x8C793000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8C7C4000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8C82C000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8C86B000 \SystemRoot\System32\Drivers\spldr.sys
0x8C873000 \SystemRoot\System32\drivers\rdyboost.sys
0x8C8A0000 \SystemRoot\System32\Drivers\mup.sys
0x8C8B0000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8C8B8000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8C8EA000 \SystemRoot\system32\DRIVERS\disk.sys
0x8C8FB000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8C920000 \SystemRoot\system32\DRIVERS\avgrkx86.sys
0x8C925000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x8C960000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C97F000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0x8C98B000 \SystemRoot\System32\Drivers\Null.SYS
0x8C992000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C999000 \SystemRoot\System32\drivers\vga.sys
0x8C9A5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8C9C6000 \SystemRoot\System32\drivers\watchdog.sys
0x8C9D3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8C9DB000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8C9E3000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8C9EB000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C800000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C80E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C7CD000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x91A25000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0x91A6D000 \SystemRoot\System32\DRIVERS\netbt.sys
0x91A9F000 \SystemRoot\system32\drivers\afd.sys
0x91AF9000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x91B00000 \SystemRoot\system32\DRIVERS\pacer.sys
0x91B1F000 \SystemRoot\system32\DRIVERS\netbios.sys
0x91B2D000 \SystemRoot\system32\DRIVERS\serial.sys
0x91B47000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
0x91B82000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x91B95000 \SystemRoot\system32\DRIVERS\termdd.sys
0x91BA5000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x91BE6000 \SystemRoot\system32\drivers\nsiproxy.sys
0x91BF0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x91A00000 \SystemRoot\System32\drivers\discache.sys
0x94632000 \SystemRoot\system32\drivers\csc.sys
0x94696000 \SystemRoot\System32\Drivers\dfsc.sys
0x946AE000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x946BC000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0x946F8000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x94719000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x9521C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x9472B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x95B82000 \SystemRoot\System32\drivers\dxgmms1.sys
0x95BBB000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x91000000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x9104B000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x9105A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x91079000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x9107F000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x910A4000 \SystemRoot\system32\DRIVERS\serenum.sys
0x910AE000 \SystemRoot\system32\DRIVERS\parport.sys
0x910C6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x910DE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x910EB000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x910F8000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x9110A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x91122000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x9112D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x9114F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x91167000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x9117E000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x91195000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x9119F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x911AC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x911AE000 \SystemRoot\system32\DRIVERS\ks.sys
0x911E2000 \SystemRoot\system32\DRIVERS\umbus.sys
0x95C2D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x95C71000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x95C82000 \SystemRoot\system32\drivers\HdAudio.sys
0x95CD2000 \SystemRoot\system32\drivers\portcls.sys
0x95D01000 \SystemRoot\system32\drivers\drmk.sys
0x95D1A000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x95D25000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x95D38000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x95D3F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x95D41000 \SystemRoot\system32\DRIVERS\udfs.sys
0x95D81000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x95D8C000 \SystemRoot\System32\Drivers\crashdmp.sys
0x95D99000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x95DA4000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x95DAD000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x9AE10000 \SystemRoot\System32\win32k.sys
0x95DBE000 \SystemRoot\System32\drivers\Dxapi.sys
0x95DC8000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9B070000 \SystemRoot\System32\TSDDD.dll
0x9B0A0000 \SystemRoot\System32\cdd.dll
0x95DD3000 \SystemRoot\system32\drivers\luafv.sys
0x95C00000 \SystemRoot\system32\drivers\WudfPf.sys
0x95C1A000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x95BC6000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9CA04000 \SystemRoot\system32\drivers\HTTP.sys
0x9CA89000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9CAA2000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9CAB4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9CAD7000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9CB12000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9CB2D000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x9CB34000 \??\C:\Windows\system32\drivers\acedrv11.sys
0x9CB60000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0x9CB69000 \SystemRoot\system32\drivers\peauth.sys
0x95DEE000 \SystemRoot\System32\Drivers\secdrv.SYS
0x95BD9000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x911F0000 \SystemRoot\System32\drivers\tcpipreg.sys
0x95200000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0x9FE24000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9FE73000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0x9FE9B000 \SystemRoot\System32\DRIVERS\srv.sys
0x9FEEC000 \SystemRoot\system32\drivers\spsys.sys
0x77B60000 \Windows\System32\ntdll.dll
0x47A80000 \Windows\System32\smss.exe
0x77DA0000 \Windows\System32\apisetschema.dll

Processes (total 64):
0 System Idle Process
4 System
248 C:\Windows\System32\smss.exe
308 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
364 C:\PROGRA~1\AVG\AVG10\avgrsx.exe
496 csrss.exe
560 csrss.exe
568 C:\Windows\System32\wininit.exe
620 C:\Windows\System32\winlogon.exe
668 C:\Windows\System32\services.exe
676 C:\Windows\System32\lsass.exe
684 C:\Windows\System32\lsm.exe
792 C:\Windows\System32\svchost.exe
876 C:\Windows\System32\svchost.exe
976 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1128 C:\Windows\System32\audiodg.exe
1212 C:\Windows\System32\svchost.exe
1328 C:\Windows\System32\svchost.exe
1520 C:\Windows\System32\spoolsv.exe
1556 C:\Windows\System32\svchost.exe
1712 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1752 C:\Program Files\AVG\AVG10\avgwdsvc.exe
1772 C:\Program Files\Bonjour\mDNSResponder.exe
1828 C:\Windows\System32\PnkBstrA.exe
1856 C:\Windows\System32\PnkBstrB.exe
1892 C:\Windows\System32\svchost.exe
1960 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
476 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
1320 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
436 C:\Program Files\AVG\AVG10\avgnsx.exe
1156 C:\Program Files\AVG\AVG10\avgemcx.exe
1348 C:\Windows\System32\conhost.exe
2324 C:\Windows\System32\SearchIndexer.exe
2652 C:\Windows\System32\taskhost.exe
2784 C:\Windows\System32\taskeng.exe
2800 C:\Windows\System32\dwm.exe
2828 C:\Windows\explorer.exe
2848 C:\Windows\System32\taskeng.exe
3076 C:\Windows\System32\svchost.exe
3340 C:\Program Files\AVG\AVG10\avgtray.exe
3348 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3364 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3384 C:\Program Files\iTunes\iTunesHelper.exe
3396 C:\Program Files\DAEMON Tools Lite\DTLite.exe
3404 C:\Games\Steam\Steam.exe
3716 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
3724 C:\Windows\System32\conhost.exe
3804 C:\Program Files\Google\Chrome\Application\chrome.exe
3852 C:\Program Files\iPod\bin\iPodService.exe
4016 C:\Program Files\Google\Chrome\Application\chrome.exe
4024 C:\Program Files\Google\Chrome\Application\chrome.exe
2284 C:\Program Files\Google\Chrome\Application\chrome.exe
2576 C:\Program Files\Common Files\Steam\SteamService.exe
2468 C:\Windows\System32\sppsvc.exe
2732 C:\Windows\System32\svchost.exe
208 taskhost.exe
2864 WmiPrvSE.exe
884 C:\Users\Justinas\Desktop\MBRCheck.exe
888 C:\Windows\System32\conhost.exe
3788 C:\Windows\System32\dllhost.exe
2416 C:\Windows\System32\SearchProtocolHost.exe
780 C:\Windows\System32\SearchFilterHost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

PhysicalDrive0 Model Number: ST380817AS, Rev: 3.42

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #2
==============================================
>Drivers
==============================================
0x9521C000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 9854976 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 185.93 )
0x82813000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x82813000 PnpManager 4259840 bytes
0x82813000 RAW 4259840 bytes
0x82813000 WMIxWDM 4259840 bytes
0x9AE10000 Win32k 2404352 bytes
0x9AE10000 C:\Windows\System32\win32k.sys 2404352 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8C64A000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x8C404000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x8C01A000 PCI_PNP2738 995328 bytes
0x8C01A000 C:\Windows\System32\Drivers\spjr.sys 995328 bytes
0x8C01A000 sptd 995328 bytes
0x9472B000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8C30B000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x82EDC000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x9CB69000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x9CA04000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x82E09000 C:\Windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x82F87000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x9FEEC000 C:\Windows\system32\drivers\spsys.sys 434176 bytes (Microsoft Corporation, security processor)
0x94632000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x8C571000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x91A9F000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x9FE9B000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0x95C82000 C:\Windows\system32\drivers\HdAudio.sys 327680 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0x9FE24000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x91000000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8C21B000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8C13C000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x91A25000 C:\Windows\system32\DRIVERS\avgtdix.sys 294912 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0x95C2D000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x82E9A000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x91BA5000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x95D41000 C:\Windows\system32\DRIVERS\udfs.sys 262144 bytes (Microsoft Corporation, UDF File System Driver)
0x8C82C000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8C3C2000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x946BC000 C:\Windows\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0x91B47000 C:\Windows\system32\DRIVERS\dtsoftbus01.sys 241664 bytes (DT Soft Ltd, DAEMON Tools Virtual Bus Driver)
0x9CAD7000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x95B82000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x82C23000 ACPI_HAL 225280 bytes
0x82C23000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8C2C6000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x911AE000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8C8B8000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x91A6D000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8C793000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x95CD2000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8C873000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x9CB34000 C:\Windows\system32\drivers\acedrv11.sys 180224 bytes (Protect Software GmbH, ProtectDisc x64/x86 Hybrid Driver)
0x8C533000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8C197000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x9FE73000 C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys 163840 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
0x8C116000 C:\Windows\System32\Drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x8C8FB000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8C625000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x9107F000 C:\Windows\system32\DRIVERS\Rt86win7.sys 151552 bytes (Realtek Corporation , Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver )
0x8C29A000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9CAB4000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x9112D000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x95BD9000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x946F8000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8C9A5000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8C960000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x9105A000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x91B00000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x9B0A0000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x95DD3000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x9CB12000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x91B2D000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
0x95C00000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x9CA89000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x95D01000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x94696000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x910C6000 C:\Windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x910AE000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)
0x9110A000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x9114F000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x91167000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x9117E000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8C80E000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x8C27B000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x95D25000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x8C55E000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x95BC6000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x91B82000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x910F8000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x94719000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x9CAA2000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8C8EA000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x95DAD000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x8C2FA000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x95C71000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8C1C1000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x82E81000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x95C1A000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8C8A0000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x91B95000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x8C1D2000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x9104B000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x946AE000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x91B1F000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8C800000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8C26D000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8C5CE000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x911E2000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8C00C000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x910EB000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x95D8C000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x910DE000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x9119F000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x911F0000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8C9C6000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8C97F000 C:\Windows\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0x91A00000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x8C999000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x95D99000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x95D1A000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x95DC8000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x95D81000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x8C9EB000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x91122000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8C7CD000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x95BBB000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8C18C000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x95200000 C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
0x95DBE000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x91BF0000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x91BE6000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x91195000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0x95DEE000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x910A4000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0x8C2BD000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x8C291000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8C925000 C:\Windows\system32\DRIVERS\AVGIDSEH.Sys 36864 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
0x9CB60000 C:\Windows\system32\DRIVERS\AVGIDSShim.Sys 36864 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
0x95DA4000 C:\Windows\System32\Drivers\dump_atapi.sys 36864 bytes
0x8C5DC000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x9FF56000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x9B070000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8C7C4000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x8C10D000 C:\Windows\System32\Drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x82E92000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8C8B0000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BA6000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x8C184000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8C9D3000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8C9DB000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x8C9E3000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x8C86B000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8C992000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x95D38000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8C98B000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x9CB2D000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)
0x8C266000 C:\Windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x91AF9000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x91079000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8C920000 C:\Windows\system32\DRIVERS\avgrkx86.sys 20480 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0x911AC000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x95D3F000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x855071F8 unknown_irp_handler 3592 bytes
0x855051F8 unknown_irp_handler 3592 bytes
0x855061F8 unknown_irp_handler 3592 bytes
0x8653D1F8 unknown_irp_handler 3592 bytes
0x8648B1F8 unknown_irp_handler 3592 bytes
0x855031F8 unknown_irp_handler 3592 bytes
0x864F8500 unknown_irp_handler 2816 bytes
0x86640500 unknown_irp_handler 2816 bytes
0x869F9500 unknown_irp_handler 2816 bytes
0x86503500 unknown_irp_handler 2816 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\Windows\system32\drivers\sptd.sys]
----------------------------------------------------------------------------------------------------
After the scan it said: !!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

By the way, thanks for posting on my problem very quickly. I really appreciate this.
You help for a lot of people.
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Decided to post today because of the danger of the root kit.


2011/03/09 22:55:51.0441 3712 TDSS rootkit removing tool 2.4.20.0 Mar 2 2011 10:44:30
2011/03/09 22:55:51.0768 3712 ================================================================================
2011/03/09 22:55:51.0768 3712 SystemInfo:
2011/03/09 22:55:51.0768 3712
2011/03/09 22:55:51.0768 3712 OS Version: 6.1.7600 ServicePack: 0.0
2011/03/09 22:55:51.0768 3712 Product type: Workstation
2011/03/09 22:55:51.0768 3712 ComputerName: GAMERSTATION
2011/03/09 22:55:51.0768 3712 UserName: Justinas
2011/03/09 22:55:51.0768 3712 Windows directory: C:\Windows
2011/03/09 22:55:51.0768 3712 System windows directory: C:\Windows
2011/03/09 22:55:51.0768 3712 Processor architecture: Intel x86
2011/03/09 22:55:51.0768 3712 Number of processors: 2
2011/03/09 22:55:51.0768 3712 Page size: 0x1000
2011/03/09 22:55:51.0768 3712 Boot type: Normal boot
2011/03/09 22:55:51.0768 3712 ================================================================================
2011/03/09 22:55:52.0049 3712 Initialize success
2011/03/09 22:56:00.0535 1780 ================================================================================
2011/03/09 22:56:00.0535 1780 Scan started
2011/03/09 22:56:00.0535 1780 Mode: Manual;
2011/03/09 22:56:00.0535 1780 ================================================================================
2011/03/09 22:56:01.0955 1780 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/03/09 22:56:02.0017 1780 acedrv11 (e6f53d6c0dea3d375362265e175ca638) C:\Windows\system32\drivers\acedrv11.sys
2011/03/09 22:56:02.0049 1780 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/03/09 22:56:02.0095 1780 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/03/09 22:56:02.0142 1780 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/03/09 22:56:02.0189 1780 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/03/09 22:56:02.0220 1780 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/03/09 22:56:02.0267 1780 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/03/09 22:56:02.0298 1780 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/03/09 22:56:02.0345 1780 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/03/09 22:56:02.0439 1780 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/03/09 22:56:02.0501 1780 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/03/09 22:56:02.0563 1780 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/03/09 22:56:02.0719 1780 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/03/09 22:56:02.0813 1780 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/03/09 22:56:02.0891 1780 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/03/09 22:56:02.0938 1780 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/03/09 22:56:02.0969 1780 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/03/09 22:56:03.0000 1780 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/03/09 22:56:03.0063 1780 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/03/09 22:56:03.0094 1780 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/03/09 22:56:03.0125 1780 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/09 22:56:03.0156 1780 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/03/09 22:56:03.0219 1780 AVGIDSDriver (1ca8e5fe74efd5826bbd76c0470e6ae4) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/03/09 22:56:03.0234 1780 AVGIDSEH (b9b6e535b9b49c463f68f4bcdd232944) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/03/09 22:56:03.0265 1780 AVGIDSFilter (32a76fd3fc12d09c586730ef63b4b20b) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/03/09 22:56:03.0297 1780 AVGIDSShim (84431da40330cdfd84a7b92bcf0d4a05) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
2011/03/09 22:56:03.0343 1780 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\Windows\system32\DRIVERS\avgldx86.sys
2011/03/09 22:56:03.0359 1780 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\Windows\system32\DRIVERS\avgmfx86.sys
2011/03/09 22:56:03.0406 1780 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\Windows\system32\DRIVERS\avgrkx86.sys
2011/03/09 22:56:03.0437 1780 Avgtdix (660788ec46f10ece80274d564fa8b4aa) C:\Windows\system32\DRIVERS\avgtdix.sys
2011/03/09 22:56:03.0499 1780 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/03/09 22:56:03.0531 1780 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/03/09 22:56:03.0577 1780 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/03/09 22:56:03.0624 1780 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/03/09 22:56:03.0671 1780 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/09 22:56:03.0687 1780 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/03/09 22:56:03.0718 1780 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/03/09 22:56:03.0780 1780 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/03/09 22:56:03.0811 1780 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/03/09 22:56:03.0843 1780 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/03/09 22:56:03.0874 1780 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/03/09 22:56:03.0905 1780 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/03/09 22:56:03.0936 1780 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/09 22:56:03.0983 1780 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/09 22:56:04.0030 1780 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/03/09 22:56:04.0077 1780 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/03/09 22:56:04.0123 1780 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/09 22:56:04.0155 1780 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/03/09 22:56:04.0201 1780 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/03/09 22:56:04.0217 1780 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/09 22:56:04.0248 1780 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/03/09 22:56:04.0295 1780 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/03/09 22:56:04.0357 1780 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/03/09 22:56:04.0404 1780 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/03/09 22:56:04.0435 1780 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/03/09 22:56:04.0467 1780 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/03/09 22:56:04.0545 1780 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/03/09 22:56:04.0591 1780 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/03/09 22:56:04.0654 1780 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/09 22:56:04.0794 1780 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/03/09 22:56:04.0935 1780 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/03/09 22:56:04.0966 1780 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/03/09 22:56:05.0028 1780 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/03/09 22:56:05.0075 1780 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/03/09 22:56:05.0106 1780 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/09 22:56:05.0153 1780 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/03/09 22:56:05.0169 1780 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/03/09 22:56:05.0200 1780 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/09 22:56:05.0247 1780 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/03/09 22:56:05.0293 1780 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/03/09 22:56:05.0309 1780 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/09 22:56:05.0371 1780 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/03/09 22:56:05.0418 1780 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/03/09 22:56:05.0449 1780 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/03/09 22:56:05.0496 1780 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/03/09 22:56:05.0527 1780 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/03/09 22:56:05.0574 1780 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/09 22:56:05.0590 1780 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/03/09 22:56:05.0621 1780 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/03/09 22:56:05.0652 1780 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/03/09 22:56:05.0715 1780 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/09 22:56:05.0746 1780 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/03/09 22:56:05.0793 1780 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/03/09 22:56:05.0824 1780 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/03/09 22:56:05.0871 1780 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/09 22:56:05.0902 1780 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/03/09 22:56:05.0949 1780 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/03/09 22:56:05.0980 1780 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/03/09 22:56:06.0011 1780 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/09 22:56:06.0042 1780 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/09 22:56:06.0073 1780 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/03/09 22:56:06.0105 1780 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/03/09 22:56:06.0167 1780 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/03/09 22:56:06.0229 1780 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/03/09 22:56:06.0261 1780 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/09 22:56:06.0307 1780 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/09 22:56:06.0354 1780 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/03/09 22:56:06.0401 1780 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/09 22:56:06.0417 1780 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/03/09 22:56:06.0495 1780 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/09 22:56:06.0557 1780 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/03/09 22:56:06.0588 1780 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/03/09 22:56:06.0619 1780 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/03/09 22:56:06.0651 1780 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/03/09 22:56:06.0682 1780 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/03/09 22:56:06.0713 1780 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/03/09 22:56:06.0760 1780 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/03/09 22:56:06.0822 1780 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/03/09 22:56:06.0853 1780 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/09 22:56:06.0900 1780 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/09 22:56:06.0931 1780 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/09 22:56:06.0947 1780 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/03/09 22:56:06.0978 1780 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/03/09 22:56:07.0025 1780 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/09 22:56:07.0041 1780 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/03/09 22:56:07.0087 1780 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/09 22:56:07.0119 1780 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/09 22:56:07.0150 1780 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/09 22:56:07.0181 1780 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/03/09 22:56:07.0212 1780 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/03/09 22:56:07.0259 1780 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/03/09 22:56:07.0306 1780 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/03/09 22:56:07.0321 1780 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/03/09 22:56:07.0384 1780 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/09 22:56:07.0415 1780 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/09 22:56:07.0431 1780 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/03/09 22:56:07.0477 1780 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/03/09 22:56:07.0509 1780 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/09 22:56:07.0540 1780 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/03/09 22:56:07.0571 1780 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/03/09 22:56:07.0602 1780 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/03/09 22:56:07.0649 1780 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/09 22:56:07.0711 1780 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/03/09 22:56:07.0743 1780 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/03/09 22:56:07.0774 1780 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/09 22:56:07.0821 1780 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/09 22:56:07.0852 1780 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/09 22:56:07.0867 1780 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/03/09 22:56:07.0899 1780 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/09 22:56:07.0930 1780 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/09 22:56:07.0977 1780 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/03/09 22:56:08.0023 1780 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/03/09 22:56:08.0039 1780 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/09 22:56:08.0101 1780 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/03/09 22:56:08.0148 1780 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/03/09 22:56:08.0429 1780 nvlddmkm (b0881dda5a8160422561ffab7f0008b1) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/03/09 22:56:08.0694 1780 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/03/09 22:56:08.0725 1780 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/03/09 22:56:08.0757 1780 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/03/09 22:56:08.0819 1780 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/09 22:56:08.0881 1780 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/03/09 22:56:08.0913 1780 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/03/09 22:56:08.0928 1780 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/03/09 22:56:08.0975 1780 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/03/09 22:56:09.0006 1780 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/03/09 22:56:09.0037 1780 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/03/09 22:56:09.0069 1780 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/03/09 22:56:09.0100 1780 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/03/09 22:56:09.0287 1780 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/09 22:56:09.0318 1780 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/03/09 22:56:09.0365 1780 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/09 22:56:09.0427 1780 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/03/09 22:56:09.0505 1780 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/03/09 22:56:09.0552 1780 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/09 22:56:09.0568 1780 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/09 22:56:09.0615 1780 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/03/09 22:56:09.0630 1780 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/09 22:56:09.0677 1780 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/09 22:56:09.0708 1780 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/09 22:56:09.0739 1780 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/09 22:56:09.0755 1780 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/03/09 22:56:09.0786 1780 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/09 22:56:09.0833 1780 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/03/09 22:56:09.0880 1780 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/09 22:56:09.0911 1780 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/03/09 22:56:09.0942 1780 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/03/09 22:56:09.0989 1780 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/03/09 22:56:10.0051 1780 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/09 22:56:10.0098 1780 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/03/09 22:56:10.0129 1780 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/03/09 22:56:10.0176 1780 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/03/09 22:56:10.0207 1780 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/03/09 22:56:10.0254 1780 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/09 22:56:10.0301 1780 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/03/09 22:56:10.0332 1780 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/03/09 22:56:10.0348 1780 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/03/09 22:56:10.0395 1780 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/03/09 22:56:10.0410 1780 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/03/09 22:56:10.0441 1780 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/03/09 22:56:10.0473 1780 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/03/09 22:56:10.0504 1780 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/03/09 22:56:10.0551 1780 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/03/09 22:56:10.0582 1780 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/03/09 22:56:10.0613 1780 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/03/09 22:56:10.0675 1780 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/03/09 22:56:10.0753 1780 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/03/09 22:56:10.0753 1780 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/03/09 22:56:10.0753 1780 sptd - detected Locked file (1)
2011/03/09 22:56:10.0769 1780 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2011/03/09 22:56:10.0816 1780 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/09 22:56:10.0847 1780 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/09 22:56:10.0925 1780 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/03/09 22:56:10.0972 1780 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/03/09 22:56:11.0003 1780 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/03/09 22:56:11.0019 1780 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/09 22:56:11.0143 1780 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/03/09 22:56:11.0237 1780 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/09 22:56:11.0268 1780 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/09 22:56:11.0315 1780 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/03/09 22:56:11.0346 1780 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/03/09 22:56:11.0455 1780 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/09 22:56:11.0689 1780 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/09 22:56:11.0923 1780 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/09 22:56:12.0220 1780 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/09 22:56:12.0454 1780 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/03/09 22:56:12.0657 1780 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/09 22:56:12.0828 1780 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/03/09 22:56:13.0405 1780 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/09 22:56:13.0452 1780 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/03/09 22:56:13.0639 1780 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2011/03/09 22:56:13.0873 1780 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/09 22:56:13.0905 1780 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/03/09 22:56:13.0936 1780 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/09 22:56:13.0983 1780 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/09 22:56:14.0014 1780 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/03/09 22:56:14.0045 1780 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/09 22:56:14.0092 1780 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/03/09 22:56:14.0107 1780 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/09 22:56:14.0139 1780 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/09 22:56:14.0185 1780 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/03/09 22:56:14.0217 1780 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/09 22:56:14.0248 1780 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/03/09 22:56:14.0279 1780 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/03/09 22:56:14.0326 1780 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/03/09 22:56:14.0341 1780 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/03/09 22:56:14.0373 1780 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/03/09 22:56:14.0404 1780 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/03/09 22:56:14.0435 1780 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/03/09 22:56:14.0466 1780 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/03/09 22:56:14.0497 1780 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/03/09 22:56:14.0529 1780 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/03/09 22:56:14.0575 1780 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/03/09 22:56:14.0607 1780 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/03/09 22:56:14.0653 1780 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/03/09 22:56:14.0685 1780 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/09 22:56:14.0700 1780 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/09 22:56:14.0747 1780 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/03/09 22:56:14.0778 1780 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/09 22:56:14.0856 1780 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/03/09 22:56:14.0887 1780 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/03/09 22:56:14.0997 1780 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/03/09 22:56:15.0059 1780 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/03/09 22:56:15.0106 1780 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/09 22:56:15.0153 1780 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/03/09 22:56:15.0184 1780 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/09 22:56:15.0246 1780 ================================================================================
2011/03/09 22:56:15.0246 1780 Scan finished
2011/03/09 22:56:15.0246 1780 ================================================================================
2011/03/09 22:56:15.0262 2984 Detected object count: 1
2011/03/09 22:56:38.0599 2984 Locked file(sptd) - User select action: Skip
 
That looks good.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Okay, I uninstalled AVG because CF doesn't work on that.

Should I install Avira?

The log will be here soon.

EDIT: I installed Avira after the ComboFix scan.
 
Here it is. Tell me it's good.

ComboFix 11-03-09.03 - Justinas 03/10/2011 13:59:53.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3582.2926 [GMT 2:00]
Running from: c:\users\Justinas\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Justinas\AppData\Roaming\Microsoft\Windows\Recent\15 Days - [PC]-[DVD]-[Multi]-[Aventura Grafica]-[2010]-[DirectasXD.com].pif
.
.
((((((((((((((((((((((((( Files Created from 2011-02-10 to 2011-03-10 )))))))))))))))))))))))))))))))
.
.
2011-03-09 13:31 . 2011-03-09 13:31 -------- d-----w- c:\program files\Conduit
2011-03-09 13:31 . 2011-03-09 13:31 -------- d-----w- c:\program files\uTorrentBar
2011-03-09 13:31 . 2011-03-09 13:31 -------- d-----w- C:\extensions
2011-03-09 12:39 . 2011-03-09 12:39 -------- d-----w- c:\users\Justinas\AppData\Roaming\Malwarebytes
2011-03-09 12:38 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-09 12:38 . 2011-03-09 12:38 -------- d-----w- c:\programdata\Malwarebytes
2011-03-09 12:38 . 2011-03-09 12:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-09 12:38 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-09 12:16 . 2010-12-23 05:28 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 12:16 . 2010-12-23 05:28 850432 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 12:16 . 2010-12-23 05:28 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 12:16 . 2010-12-23 05:24 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 12:16 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-03-09 12:16 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-03-09 12:16 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-09 12:16 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 12:16 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\system32\mstsc.exe
2011-03-08 13:54 . 2011-03-09 12:13 -------- d-----w- c:\programdata\STOPzilla!
2011-03-08 11:53 . 2011-03-08 11:53 -------- d-----w- c:\program files\CamStudio
2011-03-08 11:09 . 2011-03-08 11:09 -------- d-----w- C:\$AVG
2011-03-06 17:25 . 2011-03-06 17:25 -------- d-----w- c:\programdata\Codemasters
2011-03-02 16:02 . 2011-03-02 16:02 -------- d-----w- c:\program files\Common Files\Skype
2011-03-01 16:21 . 2011-03-01 16:21 -------- d-----w- c:\program files\iPod
2011-02-28 19:39 . 2011-03-01 19:35 -------- d-----w- c:\program files\Microsoft Works
2011-02-28 19:38 . 2011-02-28 19:38 -------- d-----w- c:\windows\PCHEALTH
2011-02-28 19:37 . 2011-02-28 19:37 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-02-28 19:34 . 2011-02-28 19:34 -------- d-----r- C:\MSOCache
2011-02-27 14:27 . 2011-03-05 09:55 -------- d-----w- c:\program files\Common Files\Steam
2011-02-27 14:23 . 2011-02-27 14:23 -------- d-----w- c:\users\Justinas\New folder
2011-02-27 12:06 . 2011-02-27 12:06 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-02-27 12:03 . 2011-02-27 12:03 -------- d-----w- c:\users\Donata
2011-02-27 11:49 . 2008-11-10 09:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2011-02-27 11:49 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2011-02-27 11:43 . 2011-02-27 11:43 -------- d-----w- c:\users\Nerijus\AppData\Local\Microsoft Help
2011-02-27 11:43 . 2011-03-09 13:51 -------- d-----w- c:\programdata\Microsoft Help
2011-02-24 17:56 . 2011-02-24 17:58 -------- d-----w- c:\users\Justinas\AppData\Roaming\GetRightToGo
2011-02-23 17:56 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-23 13:36 . 2011-01-07 07:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 13:36 . 2011-01-07 07:31 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 07:58 . 2011-02-22 07:58 86016 ----a-w- c:\windows\system32\frapsvid.dll
2011-02-18 07:32 . 2011-02-18 07:32 -------- d-----w- c:\program files\Common Files\Java
2011-02-18 07:25 . 2011-02-18 07:25 -------- d-----w- c:\users\Nerijus\AppData\Roaming\Apple Computer
2011-02-17 18:07 . 2011-02-17 18:07 -------- d-----w- c:\users\Justinas\AppData\Local\CrashRpt
2011-02-16 08:47 . 2011-02-16 08:47 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-02-16 08:46 . 2011-02-16 08:47 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-02-16 08:42 . 2011-02-16 08:42 181608 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10137.bin
2011-02-09 12:24 . 2011-01-05 03:37 2329088 ----a-w- c:\windows\system32\win32k.sys
2011-02-09 12:23 . 2010-12-18 05:29 541184 ----a-w- c:\windows\system32\kerberos.dll
2011-02-09 12:23 . 2011-01-05 05:37 428032 ----a-w- c:\windows\system32\vbscript.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-06 16:56 . 2010-11-22 14:06 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-03-06 12:52 . 2011-01-09 20:10 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-03-05 19:43 . 2011-01-09 20:10 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-03-05 19:43 . 2011-01-09 20:10 22328 ----a-w- c:\users\Justinas\AppData\Roaming\PnkBstrK.sys
2011-03-05 19:43 . 2011-01-09 20:10 2337865 ----a-w- c:\windows\system32\pbsvc.exe
2011-02-02 19:40 . 2011-01-29 13:15 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-09 20:10 . 2011-01-09 20:10 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-12-23 21:36 . 2010-12-23 21:36 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 10:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 10:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Steam"="c:\games\STEAM\Steam.exe" [2011-02-27 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [x]
R0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys [x]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-13 136176]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-01 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-01 691696]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-02-16 218688]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-13 17:00]
.
2011-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-13 17:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.lt/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-RGSC - c:\games\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe
HKCU-Run-BitComet - c:\games\Lost Horizon\BitComet\BitComet.exe
AddRemove-Practice Court_is1 - c:\games\NBALIV~1\unins000.exe
AddRemove-{28CC29B1-2F66-4671-0081-651745DB4A2E} - c:\games\NBA LIVE\EAUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3477844949-1269118923-1387545818-1001\Software\SecuROM\License information*]
"datasecu"=hex:ec,da,33,10,ec,db,44,1b,38,bf,27,d2,7a,7a,e5,77,d6,f7,0c,58,4a,
56,88,cb,31,cb,8c,f6,6c,42,94,43,a1,7c,3f,7a,64,2e,9c,8c,20,e2,37,fa,41,b9,\
"rkeysecu"=hex:f8,2e,ac,40,0f,ef,9c,19,c2,5a,09,07,9c,23,eb,f0
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-03-10 14:04:40
ComboFix-quarantined-files.txt 2011-03-10 12:04
.
Pre-Run: 11,965,239,296 bytes free
Post-Run: 11,889,270,784 bytes free
.
- - End Of File - - 0F7784F0E7B5E430C3C50FDBF816BA7B
 
I definitely prefer Avira, or Avast over AVG.

Combofix log looks fine.

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL.txt here


OTL logfile created on: 3/10/2011 11:08:35 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Justinas\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 76.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.43 Gb Total Space | 8.50 Gb Free Space | 11.42% Space Free | Partition Type: NTFS
Drive D: | 4.79 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: GAMERSTATION | User Name: Justinas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/10 23:07:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Justinas\Desktop\OTL.exe
PRC - [2011/01/10 14:23:41 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/01/10 14:23:30 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/01/10 14:23:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe


========== Modules (SafeList) ==========

MOD - [2011/03/10 23:07:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Justinas\Desktop\OTL.exe
MOD - [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/04 13:07:31 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/01/10 14:23:41 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/01/10 14:23:30 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/01 11:13:17 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/02/16 10:47:13 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/01/10 14:23:53 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/01/10 14:23:53 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/01 11:05:13 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/02/24 12:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009/07/14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/06/10 23:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3477844949-1269118923-1387545818-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.lt/
IE - HKU\S-1-5-21-3477844949-1269118923-1387545818-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3477844949-1269118923-1387545818-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FC EE A5 01 A7 79 CB 01 [binary data]
IE - HKU\S-1-5-21-3477844949-1269118923-1387545818-1001\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3477844949-1269118923-1387545818-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3477844949-1269118923-1387545818-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2011/03/10 14:03:49 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKU\S-1-5-21-3477844949-1269118923-1387545818-1001..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3477844949-1269118923-1387545818-1001..\Run: [Steam] C:\Games\STEAM\Steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3477844949-1269118923-1387545818-1001\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3477844949-1269118923-1387545818-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3477844949-1269118923-1387545818-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3477844949-1269118923-1387545818-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3477844949-1269118923-1387545818-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/03/26 01:46:13 | 000,132,016 | R--- | M] (InstallShield Software Corporation) - D:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008/03/26 00:50:03 | 000,004,286 | R--- | M] () - D:\autorun.ico -- [ UDF ]
O32 - AutoRun File - [2008/03/26 00:50:03 | 000,000,047 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2008/03/26 00:50:19 | 000,000,382 | R--- | M] () - D:\autorun.ini -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3477844949-1269118923-1387545818-1001\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)


========== Files/Folders - Created Within 30 Days ==========

[2011/03/10 23:05:05 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Justinas\Desktop\OTL.exe
[2011/03/10 21:42:34 | 000,000,000 | ---D | C] -- C:\Users\Justinas\AppData\Local\ElevatedDiagnostics
[2011/03/10 14:37:28 | 000,000,000 | ---D | C] -- C:\Users\Justinas\AppData\Roaming\Avira
[2011/03/10 14:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/03/10 14:36:14 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/03/10 14:36:13 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/03/10 14:36:13 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/03/10 14:36:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/03/10 14:36:12 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/03/10 14:04:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/03/10 14:04:41 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/03/10 14:04:41 | 000,000,000 | ---D | C] -- C:\Users\Justinas\AppData\Local\temp
[2011/03/10 13:58:30 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/03/10 13:58:30 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/03/10 13:58:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/03/10 13:58:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/03/10 13:57:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/10 13:57:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/03/10 13:41:06 | 006,225,384 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Justinas\Desktop\AppRemover.exe
[2011/03/09 22:55:39 | 001,374,808 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Justinas\Desktop\TDSSKiller.exe
[2011/03/09 15:50:34 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/03/09 15:31:53 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/03/09 15:31:46 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2011/03/09 15:31:40 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrentBar
[2011/03/09 15:31:38 | 000,000,000 | ---D | C] -- C:\extensions
[2011/03/09 14:39:15 | 000,000,000 | ---D | C] -- C:\Users\Justinas\AppData\Roaming\Malwarebytes
[2011/03/09 14:38:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/03/09 14:38:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/09 14:38:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/03/09 14:38:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/03/09 14:38:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/09 14:37:17 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Justinas\Desktop\mbam-setup-1.50.1.1100.exe
[2011/03/09 14:30:35 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Justinas\Desktop\TFC.exe
[2011/03/08 15:54:42 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/03/08 13:53:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio
[2011/03/08 13:53:08 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio
[2011/03/08 13:09:44 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/03/06 19:25:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2011/03/06 19:25:17 | 000,000,000 | ---D | C] -- C:\Users\Justinas\Documents\Codemasters
[2011/03/03 18:39:27 | 000,000,000 | ---D | C] -- C:\Users\Justinas\Documents\BFBC2
[2011/03/03 17:15:43 | 000,000,000 | ---D | C] -- C:\Users\Justinas\Documents\NBA Live 2005
[2011/03/03 17:12:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA SPORTS
[2011/03/02 18:02:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/03/01 18:45:31 | 000,000,000 | ---D | C] -- C:\Users\Justinas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2011/03/01 18:22:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/03/01 18:21:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/02/28 21:41:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/02/28 21:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2011/02/28 21:39:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2011/02/28 21:39:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/02/28 21:38:38 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/02/28 21:37:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2011/02/28 21:36:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/02/28 21:34:42 | 000,000,000 | R--D | C] -- C:\MSOCache
[2011/02/27 16:50:35 | 000,000,000 | ---D | C] -- C:\Users\Justinas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter Strike Source 2011
[2011/02/27 16:27:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2011/02/27 16:27:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2011/02/27 16:23:25 | 000,000,000 | ---D | C] -- C:\Users\Justinas\New folder
[2011/02/27 13:43:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/02/27 13:39:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2011/02/24 19:56:43 | 000,000,000 | ---D | C] -- C:\Users\Justinas\AppData\Roaming\GetRightToGo
[2011/02/24 19:56:43 | 000,000,000 | ---D | C] -- C:\Users\Justinas\Documents\Downloads
[2011/02/22 09:58:54 | 000,086,016 | ---- | C] (Beepa P/L) -- C:\Windows\System32\frapsvid.dll
[2011/02/18 09:32:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/02/17 20:40:51 | 000,000,000 | ---D | C] -- C:\Users\Justinas\Documents\Eden Games
[2011/02/17 20:36:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2011/02/17 20:07:49 | 000,000,000 | ---D | C] -- C:\Users\Justinas\AppData\Local\CrashRpt
[2011/02/17 19:49:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari
[2011/02/16 10:47:13 | 000,218,688 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011/02/16 10:47:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011/02/16 10:46:59 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite

========== Files - Modified Within 30 Days ==========

[2011/03/10 23:07:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Justinas\Desktop\OTL.exe
[2011/03/10 22:11:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/10 20:11:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/10 14:36:21 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/03/10 14:03:49 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/03/10 13:58:04 | 000,020,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/10 13:58:04 | 000,020,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/10 13:50:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/10 13:50:41 | 2817,384,448 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/10 13:41:32 | 006,225,384 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Justinas\Desktop\AppRemover.exe
[2011/03/10 13:40:41 | 004,284,550 | R--- | M] () -- C:\Users\Justinas\Desktop\ComboFix.exe
[2011/03/09 22:54:44 | 001,261,440 | ---- | M] () -- C:\Users\Justinas\Desktop\tdsskiller.zip
[2011/03/09 21:45:09 | 000,133,632 | ---- | M] () -- C:\Users\Justinas\Desktop\RKUnhookerLE.EXE
[2011/03/09 21:44:04 | 000,080,384 | ---- | M] () -- C:\Users\Justinas\Desktop\MBRCheck.exe
[2011/03/09 15:51:44 | 000,001,014 | ---- | M] () -- C:\Users\Justinas\Desktop\AVG whole computer scan.csv
[2011/03/09 15:05:44 | 000,625,664 | ---- | M] () -- C:\Users\Justinas\Desktop\dds.scr
[2011/03/09 14:45:09 | 000,296,448 | ---- | M] () -- C:\Users\Justinas\Desktop\vb515xdt.exe
[2011/03/09 14:38:55 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/09 14:37:51 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Justinas\Desktop\mbam-setup-1.50.1.1100.exe
[2011/03/09 14:30:37 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Justinas\Desktop\TFC.exe
[2011/03/09 14:12:30 | 000,000,792 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/03/08 13:53:12 | 000,000,976 | ---- | M] () -- C:\Users\Public\Desktop\CamStudio.lnk
[2011/03/08 13:52:59 | 001,364,995 | ---- | M] () -- C:\Users\Justinas\Desktop\CamStudio20.exe
[2011/03/06 19:25:09 | 000,000,330 | ---- | M] () -- C:\Users\Justinas\Desktop\GRID.lnk
[2011/03/06 18:56:33 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/03/06 12:52:37 | 070,453,455 | ---- | M] () -- C:\Users\Justinas\Documents\Bottles of Beer - (Your Favorite Martian music video).mp4
[2011/03/06 12:51:47 | 032,627,843 | ---- | M] () -- C:\Users\Justinas\Documents\Zombie Love Song - (Your Favorite Martian music video).mp4
[2011/03/06 12:51:02 | 053,002,037 | ---- | M] () -- C:\Users\Justinas\Documents\My Balls - (Your Favorite Martian music video).mp4
[2011/03/05 21:45:45 | 000,000,814 | ---- | M] () -- C:\Users\Justinas\Desktop\Tom Clancy's Rainbow Six Vegas 2 - Shortcut.lnk
[2011/03/05 21:43:30 | 000,022,328 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/03/05 21:43:30 | 000,022,328 | ---- | M] () -- C:\Users\Justinas\AppData\Roaming\PnkBstrK.sys
[2011/03/05 21:43:05 | 002,337,865 | ---- | M] () -- C:\Windows\System32\pbsvc.exe
[2011/03/02 21:39:47 | 002,455,946 | ---- | M] () -- C:\Users\Justinas\Desktop\DSC_0400.JPG
[2011/03/02 20:11:55 | 000,002,290 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/03/02 10:45:38 | 001,374,808 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Justinas\Desktop\TDSSKiller.exe
[2011/03/01 18:22:39 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/03/01 17:17:57 | 000,193,835 | ---- | M] () -- C:\Users\Justinas\Desktop\šmnah.png
[2011/03/01 14:50:41 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/01 14:50:41 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/01 14:44:24 | 000,408,416 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/27 17:51:41 | 000,000,694 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/02/27 16:50:35 | 000,002,088 | ---- | M] () -- C:\Users\Justinas\Desktop\Counter Strike Source 2011.lnk
[2011/02/27 16:15:01 | 000,001,238 | RHS- | M] () -- C:\Users\Justinas\ntuser.pol
[2011/02/22 09:58:54 | 000,086,016 | ---- | M] (Beepa P/L) -- C:\Windows\System32\frapsvid.dll
[2011/02/20 18:23:13 | 000,160,539 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/02/16 10:47:13 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011/02/16 10:47:01 | 000,001,900 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk

========== Files Created - No Company Name ==========

[2011/03/10 14:36:21 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/03/10 13:58:30 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/03/10 13:58:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/03/10 13:58:30 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/03/10 13:58:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/03/10 13:58:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/10 13:40:17 | 004,284,550 | R--- | C] () -- C:\Users\Justinas\Desktop\ComboFix.exe
[2011/03/09 22:54:43 | 001,261,440 | ---- | C] () -- C:\Users\Justinas\Desktop\tdsskiller.zip
[2011/03/09 21:45:10 | 000,133,632 | ---- | C] () -- C:\Users\Justinas\Desktop\RKUnhookerLE.EXE
[2011/03/09 21:44:09 | 000,080,384 | ---- | C] () -- C:\Users\Justinas\Desktop\MBRCheck.exe
[2011/03/09 15:51:44 | 000,001,014 | ---- | C] () -- C:\Users\Justinas\Desktop\AVG whole computer scan.csv
[2011/03/09 15:05:44 | 000,625,664 | ---- | C] () -- C:\Users\Justinas\Desktop\dds.scr
[2011/03/09 14:45:11 | 000,296,448 | ---- | C] () -- C:\Users\Justinas\Desktop\vb515xdt.exe
[2011/03/09 14:38:55 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/09 14:09:41 | 000,000,792 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/03/08 13:53:12 | 000,000,976 | ---- | C] () -- C:\Users\Public\Desktop\CamStudio.lnk
[2011/03/08 13:52:50 | 001,364,995 | ---- | C] () -- C:\Users\Justinas\Desktop\CamStudio20.exe
[2011/03/06 19:25:09 | 000,000,330 | ---- | C] () -- C:\Users\Justinas\Desktop\GRID.lnk
[2011/03/06 12:52:37 | 070,453,455 | ---- | C] () -- C:\Users\Justinas\Documents\Bottles of Beer - (Your Favorite Martian music video).mp4
[2011/03/06 12:51:47 | 032,627,843 | ---- | C] () -- C:\Users\Justinas\Documents\Zombie Love Song - (Your Favorite Martian music video).mp4
[2011/03/06 12:51:01 | 053,002,037 | ---- | C] () -- C:\Users\Justinas\Documents\My Balls - (Your Favorite Martian music video).mp4
[2011/03/05 21:45:45 | 000,000,814 | ---- | C] () -- C:\Users\Justinas\Desktop\Tom Clancy's Rainbow Six Vegas 2 - Shortcut.lnk
[2011/03/03 14:18:23 | 002,455,946 | ---- | C] () -- C:\Users\Justinas\Desktop\DSC_0400.JPG
[2011/03/01 18:22:39 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/03/01 17:17:56 | 000,193,835 | ---- | C] () -- C:\Users\Justinas\Desktop\šmnah.png
[2011/02/28 15:02:14 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2011/02/27 16:50:35 | 000,002,088 | ---- | C] () -- C:\Users\Justinas\Desktop\Counter Strike Source 2011.lnk
[2011/02/27 16:27:40 | 000,000,694 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/02/16 10:47:01 | 000,001,900 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011/01/09 22:10:48 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/01/09 22:10:48 | 000,022,328 | ---- | C] () -- C:\Users\Justinas\AppData\Roaming\PnkBstrK.sys
[2011/01/09 22:10:18 | 000,107,832 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/01/09 22:10:17 | 002,337,865 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011/01/09 22:10:17 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/11/21 16:21:31 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/11/13 19:08:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 06:33:53 | 000,408,416 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,623,940 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,106,316 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/02/27 14:03:35 | 000,000,000 | ---D | M] -- C:\Users\Donata\AppData\Roaming\AVG10
[2010/11/01 14:11:08 | 000,000,000 | ---D | M] -- C:\Users\Justinas\AppData\Roaming\2K Sports
[2010/11/21 16:18:12 | 000,000,000 | ---D | M] -- C:\Users\Justinas\AppData\Roaming\DAEMON Tools Lite
[2011/02/24 19:58:11 | 000,000,000 | ---D | M] -- C:\Users\Justinas\AppData\Roaming\GetRightToGo
[2011/01/26 15:10:06 | 000,000,000 | ---D | M] -- C:\Users\Justinas\AppData\Roaming\Mount&Blade Warband
[2011/02/11 17:21:03 | 000,000,000 | ---D | M] -- C:\Users\Justinas\AppData\Roaming\Ubisoft
[2010/11/03 21:55:06 | 000,000,000 | ---D | M] -- C:\Users\Nerijus\AppData\Roaming\AVG10
[2011/02/27 13:57:46 | 000,000,000 | ---D | M] -- C:\Users\Nerijus\AppData\Roaming\DAEMON Tools Lite
[2010/11/14 11:19:54 | 000,000,000 | ---D | M] -- C:\Users\Nerijus\AppData\Roaming\Leadertech
[2011/01/26 14:14:47 | 000,032,642 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/06/10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2011/03/10 14:04:40 | 000,010,750 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/03/10 13:50:41 | 2817,384,448 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/10 13:50:41 | 3756,515,328 | -HS- | M] () -- C:\pagefile.sys
[2011/03/09 22:58:15 | 000,065,690 | ---- | M] () -- C:\TDSSKiller.2.4.20.0_09.03.2011_22.55.51_log.txt

< %systemroot%\Fonts\*.com >
[2009/07/14 06:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 06:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 06:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 06:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 23:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/14 03:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2003/06/18 17:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
[2009/07/14 03:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 06:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/11/01 11:27:18 | 000,000,221 | -HS- | M] () -- C:\Users\Justinas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/03/10 13:41:32 | 006,225,384 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Justinas\Desktop\AppRemover.exe
[2011/03/08 13:52:59 | 001,364,995 | ---- | M] () -- C:\Users\Justinas\Desktop\CamStudio20.exe
[2011/03/10 13:40:41 | 004,284,550 | R--- | M] () -- C:\Users\Justinas\Desktop\ComboFix.exe
[2011/03/09 14:37:51 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Justinas\Desktop\mbam-setup-1.50.1.1100.exe
[2011/03/09 21:44:04 | 000,080,384 | ---- | M] () -- C:\Users\Justinas\Desktop\MBRCheck.exe
[2011/03/10 23:07:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Justinas\Desktop\OTL.exe
[2011/03/09 21:45:09 | 000,133,632 | ---- | M] () -- C:\Users\Justinas\Desktop\RKUnhookerLE.EXE
[2011/03/02 10:45:38 | 001,374,808 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Justinas\Desktop\TDSSKiller.exe
[2011/03/09 14:30:37 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Justinas\Desktop\TFC.exe
[2011/03/09 14:45:09 | 000,296,448 | ---- | M] () -- C:\Users\Justinas\Desktop\vb515xdt.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 23:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/11/01 11:25:04 | 000,000,402 | -HS- | M] () -- C:\Users\Justinas\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >
 
Extras.txt here


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #2
==============================================
>Drivers
==============================================
0x9521C000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 9854976 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 185.93 )
0x82813000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x82813000 PnpManager 4259840 bytes
0x82813000 RAW 4259840 bytes
0x82813000 WMIxWDM 4259840 bytes
0x9AE10000 Win32k 2404352 bytes
0x9AE10000 C:\Windows\System32\win32k.sys 2404352 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8C64A000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x8C404000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x8C01A000 PCI_PNP2738 995328 bytes
0x8C01A000 C:\Windows\System32\Drivers\spjr.sys 995328 bytes
0x8C01A000 sptd 995328 bytes
0x9472B000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8C30B000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x82EDC000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x9CB69000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x9CA04000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x82E09000 C:\Windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x82F87000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x9FEEC000 C:\Windows\system32\drivers\spsys.sys 434176 bytes (Microsoft Corporation, security processor)
0x94632000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x8C571000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x91A9F000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x9FE9B000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0x95C82000 C:\Windows\system32\drivers\HdAudio.sys 327680 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0x9FE24000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x91000000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8C21B000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8C13C000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x91A25000 C:\Windows\system32\DRIVERS\avgtdix.sys 294912 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0x95C2D000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x82E9A000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x91BA5000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x95D41000 C:\Windows\system32\DRIVERS\udfs.sys 262144 bytes (Microsoft Corporation, UDF File System Driver)
0x8C82C000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8C3C2000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x946BC000 C:\Windows\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0x91B47000 C:\Windows\system32\DRIVERS\dtsoftbus01.sys 241664 bytes (DT Soft Ltd, DAEMON Tools Virtual Bus Driver)
0x9CAD7000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x95B82000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x82C23000 ACPI_HAL 225280 bytes
0x82C23000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8C2C6000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x911AE000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8C8B8000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x91A6D000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8C793000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x95CD2000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8C873000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x9CB34000 C:\Windows\system32\drivers\acedrv11.sys 180224 bytes (Protect Software GmbH, ProtectDisc x64/x86 Hybrid Driver)
0x8C533000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8C197000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x9FE73000 C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys 163840 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
0x8C116000 C:\Windows\System32\Drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x8C8FB000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8C625000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x9107F000 C:\Windows\system32\DRIVERS\Rt86win7.sys 151552 bytes (Realtek Corporation , Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver )
0x8C29A000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9CAB4000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x9112D000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x95BD9000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x946F8000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8C9A5000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8C960000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x9105A000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x91B00000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x9B0A0000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x95DD3000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x9CB12000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x91B2D000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
0x95C00000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x9CA89000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x95D01000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x94696000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x910C6000 C:\Windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x910AE000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)
0x9110A000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x9114F000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x91167000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x9117E000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8C80E000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x8C27B000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x95D25000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x8C55E000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x95BC6000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x91B82000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x910F8000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x94719000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x9CAA2000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8C8EA000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x95DAD000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x8C2FA000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x95C71000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8C1C1000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x82E81000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x95C1A000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8C8A0000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x91B95000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x8C1D2000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x9104B000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x946AE000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x91B1F000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8C800000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8C26D000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8C5CE000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x911E2000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8C00C000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x910EB000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x95D8C000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x910DE000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x9119F000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x911F0000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8C9C6000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8C97F000 C:\Windows\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0x91A00000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x8C999000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x95D99000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x95D1A000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x95DC8000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x95D81000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x8C9EB000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x91122000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8C7CD000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x95BBB000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8C18C000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x95200000 C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
0x95DBE000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x91BF0000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x91BE6000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x91195000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0x95DEE000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x910A4000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0x8C2BD000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x8C291000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8C925000 C:\Windows\system32\DRIVERS\AVGIDSEH.Sys 36864 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
0x9CB60000 C:\Windows\system32\DRIVERS\AVGIDSShim.Sys 36864 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
0x95DA4000 C:\Windows\System32\Drivers\dump_atapi.sys 36864 bytes
0x8C5DC000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x9FF56000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x9B070000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8C7C4000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x8C10D000 C:\Windows\System32\Drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x82E92000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8C8B0000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BA6000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x8C184000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8C9D3000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8C9DB000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x8C9E3000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x8C86B000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8C992000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x95D38000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8C98B000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x9CB2D000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)
0x8C266000 C:\Windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x91AF9000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x91079000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8C920000 C:\Windows\system32\DRIVERS\avgrkx86.sys 20480 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0x911AC000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x95D3F000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x855071F8 unknown_irp_handler 3592 bytes
0x855051F8 unknown_irp_handler 3592 bytes
0x855061F8 unknown_irp_handler 3592 bytes
0x8653D1F8 unknown_irp_handler 3592 bytes
0x8648B1F8 unknown_irp_handler 3592 bytes
0x855031F8 unknown_irp_handler 3592 bytes
0x864F8500 unknown_irp_handler 2816 bytes
0x86640500 unknown_irp_handler 2816 bytes
0x869F9500 unknown_irp_handler 2816 bytes
0x86503500 unknown_irp_handler 2816 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\Windows\system32\drivers\sptd.sys]
 
Ups, my bad.:rolleyes: I will post it tomorrow or very late at your time. In this time zone it's midnight. p.s im using my iPod to post this, because I can't log in to my computer now ( non-virus related, just family)
 
Here you go:

OTL Extras logfile created on: 3/10/2011 11:08:35 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Justinas\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 76.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.43 Gb Total Space | 8.50 Gb Free Space | 11.42% Space Free | Partition Type: NTFS
Drive D: | 4.79 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: GAMERSTATION | User Name: Justinas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3477844949-1269118923-1387545818-1001\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}" = Uniblue RegistryBooster
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 24
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81DD0597-29EB-4FA0-8223-4F41362B2E72}" = NBA 2K11
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{FD416706-875C-4B0B-A23A-9E740DAE029E}" = Tom Clancy's Rainbow Six Vegas 2
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CamStudio" = CamStudio
"conduitEngine" = Conduit Engine
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"OpenAL" = OpenAL
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Shockwave" = Shockwave
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/8/2011 7:13:53 AM | Computer Name = GamerStation | Source = Application Hang | ID = 1002
Description = The program BitComet.exe version 1.17.12.28 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: cd4 Start
Time: 01cbdd7f2a0d5da9 Termination Time: 23478 Application Path: C:\Games\Lost Horizon\BitComet\BitComet.exe

Report
Id: 149c1d15-4975-11e0-8719-001fd0570ddf

Error - 3/8/2011 7:18:11 AM | Computer Name = GamerStation | Source = Application Hang | ID = 1002
Description = The program BitComet.exe version 1.17.12.28 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 5d4 Start
Time: 01cbdd8240638896 Termination Time: 26615 Application Path: C:\Games\Lost Horizon\BitComet\BitComet.exe

Report
Id: adf937da-4975-11e0-8719-001fd0570ddf

Error - 3/8/2011 7:21:21 AM | Computer Name = GamerStation | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.1.7600.16450 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 95c Start
Time: 01cbdd7f26eff0ad Termination Time: 60000 Application Path: C:\Windows\Explorer.EXE

Report
Id: 050759ed-4976-11e0-8719-001fd0570ddf

Error - 3/8/2011 8:05:58 AM | Computer Name = GamerStation | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 111c Start Time:
01cbdd878f34dbe6 Termination Time: 8 Application Path: C:\Program Files\Google\Chrome\Application\chrome.exe

Report
Id:

Error - 3/8/2011 8:17:55 AM | Computer Name = GamerStation | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.1.7600.16450 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: b9c Start
Time: 01cbdd83adb02c1b Termination Time: 10747 Application Path: C:\Windows\Explorer.EXE

Report
Id: 0f3de70b-497e-11e0-b5ce-001fd0570ddf

Error - 3/8/2011 9:24:34 AM | Computer Name = GamerStation | Source = Application Hang | ID = 1002
Description = The program BitComet.exe version 1.17.12.28 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 55c Start
Time: 01cbdd84cf0a685d Termination Time: 11110 Application Path: C:\Games\Lost Horizon\BitComet\BitComet.exe

Report
Id: 5d754056-4987-11e0-b5ce-001fd0570ddf

Error - 3/8/2011 10:08:56 AM | Computer Name = GamerStation | Source = VSS | ID = 8194
Description =

Error - 3/8/2011 10:19:25 AM | Computer Name = GamerStation | Source = Application Hang | ID = 1002
Description = The program SZOptions.exe version 5.0.84.5 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 620 Start
Time: 01cbdd9b76590412 Termination Time: 60000 Application Path: C:\Program Files\STOPzilla!\SZOptions.exe

Report
Id: d2686282-498e-11e0-b56b-001fd0570ddf

Error - 3/9/2011 9:01:23 AM | Computer Name = GamerStation | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 3/10/2011 1:14:47 PM | Computer Name = GamerStation | Source = Application Hang | ID = 1002
Description = The program hl2.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: a68 Start Time:
01cbdf43e5686612 Termination Time: 382 Application Path: C:\Games\M&B Warband\CSS\Counter
Strike Source 2011\hl2.exe Report Id:

[ Media Center Events ]
Error - 11/4/2010 12:09:11 PM | Computer Name = GamerStation | Source = MCUpdate | ID = 0
Description = 6:09:11 PM - Error connecting to the internet. 6:09:11 PM - Unable
to contact server..

Error - 11/4/2010 12:09:21 PM | Computer Name = GamerStation | Source = MCUpdate | ID = 0
Description = 6:09:16 PM - Error connecting to the internet. 6:09:16 PM - Unable
to contact server..

Error - 11/4/2010 1:09:26 PM | Computer Name = GamerStation | Source = MCUpdate | ID = 0
Description = 7:09:26 PM - Error connecting to the internet. 7:09:26 PM - Unable
to contact server..

Error - 11/4/2010 1:09:33 PM | Computer Name = GamerStation | Source = MCUpdate | ID = 0
Description = 7:09:32 PM - Error connecting to the internet. 7:09:32 PM - Unable
to contact server..

Error - 12/3/2010 8:14:57 AM | Computer Name = GamerStation | Source = MCUpdate | ID = 0
Description = 2:14:41 PM - Error connecting to the internet. 2:14:42 PM - Unable
to contact server..

[ System Events ]
Error - 3/9/2011 9:40:40 AM | Computer Name = GamerStation | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
is3srv szkg5 szkgfs

Error - 3/9/2011 11:55:40 AM | Computer Name = GamerStation | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
is3srv szkg5 szkgfs

Error - 3/9/2011 12:39:27 PM | Computer Name = GamerStation | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 3/9/2011 3:42:28 PM | Computer Name = GamerStation | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
is3srv szkg5 szkgfs

Error - 3/9/2011 4:53:22 PM | Computer Name = GamerStation | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
is3srv szkg5 szkgfs

Error - 3/10/2011 7:35:22 AM | Computer Name = GamerStation | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
is3srv szkg5 szkgfs

Error - 3/10/2011 7:51:01 AM | Computer Name = GamerStation | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
is3srv szkg5 szkgfs

Error - 3/10/2011 7:59:28 AM | Computer Name = GamerStation | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 3/10/2011 8:02:15 AM | Computer Name = GamerStation | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 3/10/2011 8:03:50 AM | Computer Name = GamerStation | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.


< End of report >
 
I scanned my computer with Avira just in case:




Avira AntiVir Personal
Report file date: Friday, March 11, 2011 09:09

Scanning for 2480408 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7
Windows version : (plain) [6.1.7600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : GAMERSTATION

Version information:
BUILD.DAT : 10.0.0.611 31824 Bytes 1/14/2011 13:42:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 1/10/2011 12:23:31
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 10:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 1/10/2011 12:23:40
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/10/2010 21:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 07:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 12:23:50
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 12:37:43
VBASE003.VDF : 7.11.3.1 2048 Bytes 2/9/2011 12:37:43
VBASE004.VDF : 7.11.3.2 2048 Bytes 2/9/2011 12:37:43
VBASE005.VDF : 7.11.3.3 2048 Bytes 2/9/2011 12:37:43
VBASE006.VDF : 7.11.3.4 2048 Bytes 2/9/2011 12:37:43
VBASE007.VDF : 7.11.3.5 2048 Bytes 2/9/2011 12:37:43
VBASE008.VDF : 7.11.3.6 2048 Bytes 2/9/2011 12:37:43
VBASE009.VDF : 7.11.3.7 2048 Bytes 2/9/2011 12:37:44
VBASE010.VDF : 7.11.3.8 2048 Bytes 2/9/2011 12:37:44
VBASE011.VDF : 7.11.3.9 2048 Bytes 2/9/2011 12:37:44
VBASE012.VDF : 7.11.3.10 2048 Bytes 2/9/2011 12:37:44
VBASE013.VDF : 7.11.3.59 157184 Bytes 2/14/2011 12:37:44
VBASE014.VDF : 7.11.3.97 120320 Bytes 2/16/2011 12:37:45
VBASE015.VDF : 7.11.3.148 128000 Bytes 2/19/2011 12:37:45
VBASE016.VDF : 7.11.3.183 140288 Bytes 2/22/2011 12:37:46
VBASE017.VDF : 7.11.3.216 124416 Bytes 2/24/2011 12:37:46
VBASE018.VDF : 7.11.3.251 159232 Bytes 2/28/2011 12:37:47
VBASE019.VDF : 7.11.4.33 148992 Bytes 3/2/2011 12:37:48
VBASE020.VDF : 7.11.4.73 150016 Bytes 3/6/2011 12:37:48
VBASE021.VDF : 7.11.4.108 122880 Bytes 3/8/2011 12:37:49
VBASE022.VDF : 7.11.4.109 2048 Bytes 3/8/2011 12:37:49
VBASE023.VDF : 7.11.4.110 2048 Bytes 3/8/2011 12:37:49
VBASE024.VDF : 7.11.4.111 2048 Bytes 3/8/2011 12:37:49
VBASE025.VDF : 7.11.4.112 2048 Bytes 3/8/2011 12:37:49
VBASE026.VDF : 7.11.4.113 2048 Bytes 3/8/2011 12:37:49
VBASE027.VDF : 7.11.4.114 2048 Bytes 3/8/2011 12:37:49
VBASE028.VDF : 7.11.4.115 2048 Bytes 3/8/2011 12:37:49
VBASE029.VDF : 7.11.4.116 2048 Bytes 3/8/2011 12:37:49
VBASE030.VDF : 7.11.4.117 2048 Bytes 3/8/2011 12:37:49
VBASE031.VDF : 7.11.4.147 125440 Bytes 3/10/2011 12:37:50
Engineversion : 8.2.4.180
AEVDF.DLL : 8.1.2.1 106868 Bytes 1/10/2011 12:23:26
AESCRIPT.DLL : 8.1.3.56 1261945 Bytes 3/10/2011 12:38:01
AESCN.DLL : 8.1.7.2 127349 Bytes 1/10/2011 12:23:26
AESBX.DLL : 8.1.3.2 254324 Bytes 1/10/2011 12:23:26
AERDL.DLL : 8.1.9.2 635252 Bytes 1/10/2011 12:23:25
AEPACK.DLL : 8.2.4.11 520566 Bytes 3/10/2011 12:38:00
AEOFFICE.DLL : 8.1.1.17 205177 Bytes 3/10/2011 12:37:58
AEHEUR.DLL : 8.1.2.83 3338613 Bytes 3/10/2011 12:37:58
AEHELP.DLL : 8.1.16.1 246134 Bytes 3/10/2011 12:37:52
AEGEN.DLL : 8.1.5.2 397683 Bytes 3/10/2011 12:37:52
AEEMU.DLL : 8.1.3.0 393589 Bytes 1/10/2011 12:23:18
AECORE.DLL : 8.1.19.2 196983 Bytes 3/10/2011 12:37:51
AEBB.DLL : 8.1.1.0 53618 Bytes 1/10/2011 12:23:18
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/10/2011 12:23:32
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/10/2011 12:23:30
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 12:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 1/10/2011 12:23:31
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 1/10/2011 12:23:31
AVARKT.DLL : 10.0.22.6 231784 Bytes 1/10/2011 12:23:27
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/10/2011 12:23:28
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 12:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 1/10/2011 12:23:31
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 12:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 11:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 1/10/2011 12:23:52

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Friday, March 11, 2011 09:09

Starting search for hidden objects.
HKEY_USERS\S-1-5-21-3477844949-1269118923-1387545818-1001\Software\SecuROM\License information\datasecu
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-3477844949-1269118923-1387545818-1001\Software\SecuROM\License information\rkeysecu
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'avnotify.exe' - '99' Module(s) have been scanned
Scan process 'taskeng.exe' - '26' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '27' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '29' Module(s) have been scanned
Scan process 'svchost.exe' - '28' Module(s) have been scanned
Scan process 'vssvc.exe' - '47' Module(s) have been scanned
Scan process 'avscan.exe' - '83' Module(s) have been scanned
Scan process 'avscan.exe' - '28' Module(s) have been scanned
Scan process 'avcenter.exe' - '83' Module(s) have been scanned
Scan process 'chrome.exe' - '62' Module(s) have been scanned
Scan process 'chrome.exe' - '41' Module(s) have been scanned
Scan process 'chrome.exe' - '41' Module(s) have been scanned
Scan process 'chrome.exe' - '41' Module(s) have been scanned
Scan process 'chrome.exe' - '90' Module(s) have been scanned
Scan process 'SteamService.exe' - '42' Module(s) have been scanned
Scan process 'iPodService.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'Steam.exe' - '119' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '58' Module(s) have been scanned
Scan process 'DTLite.exe' - '55' Module(s) have been scanned
Scan process 'avgnt.exe' - '64' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '74' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '48' Module(s) have been scanned
Scan process 'jusched.exe' - '25' Module(s) have been scanned
Scan process 'Explorer.EXE' - '164' Module(s) have been scanned
Scan process 'Dwm.exe' - '32' Module(s) have been scanned
Scan process 'taskhost.exe' - '51' Module(s) have been scanned
Scan process 'WLIDSvcM.exe' - '17' Module(s) have been scanned
Scan process 'WLIDSVC.EXE' - '60' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'PnkBstrB.exe' - '28' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '25' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '40' Module(s) have been scanned
Scan process 'conhost.exe' - '14' Module(s) have been scanned
Scan process 'avshadow.exe' - '31' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '48' Module(s) have been scanned
Scan process 'avguard.exe' - '67' Module(s) have been scanned
Scan process 'svchost.exe' - '69' Module(s) have been scanned
Scan process 'sched.exe' - '50' Module(s) have been scanned
Scan process 'spoolsv.exe' - '88' Module(s) have been scanned
Scan process 'svchost.exe' - '87' Module(s) have been scanned
Scan process 'svchost.exe' - '66' Module(s) have been scanned
Scan process 'svchost.exe' - '160' Module(s) have been scanned
Scan process 'svchost.exe' - '90' Module(s) have been scanned
Scan process 'svchost.exe' - '83' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'lsm.exe' - '16' Module(s) have been scanned
Scan process 'lsass.exe' - '65' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'winlogon.exe' - '31' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '358' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Program Files\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2.dll
[DETECTION] Is the TR/Black.Gen2 Trojan
C:\Users\Justinas\Documents\My Games\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2.dll
[DETECTION] Is the TR/Black.Gen2 Trojan

Beginning disinfection:
C:\Users\Justinas\Documents\My Games\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2.dll
[DETECTION] Is the TR/Black.Gen2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '493570f4.qua'.
C:\Program Files\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2.dll
[DETECTION] Is the TR/Black.Gen2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '51a25f53.qua'.


End of the scan: Friday, March 11, 2011 09:49
Used time: 39:08 Minute(s)

The scan has been done completely.

18635 Scanned directories
324985 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
2 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
324983 Files not concerned
1652 Archives were scanned
0 Warnings
2 Notes
489522 Objects were scanned with rootkit scan
2 Hidden objects were found
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2011/02/27 14:03:35 | 000,000,000 | ---D | M] -- C:\Users\Donata\AppData\Roaming\AVG10
[2010/11/03 21:55:06 | 000,000,000 | ---D | M] -- C:\Users\Nerijus\AppData\Roaming\AVG10


:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=======================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.
 
Here's the log of the first fix:


All processes killed
========== OTL ==========
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Users\Donata\AppData\Roaming\AVG10\cfgall folder moved successfully.
C:\Users\Donata\AppData\Roaming\AVG10 folder moved successfully.
C:\Users\Nerijus\AppData\Roaming\AVG10\cfgall folder moved successfully.
C:\Users\Nerijus\AppData\Roaming\AVG10 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Donata
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Justinas
->Temp folder emptied: 72593 bytes
->Temporary Internet Files folder emptied: 145803 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 240742614 bytes
->Flash cache emptied: 18892 bytes

User: Nerijus
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1297713 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 231.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Donata
->Flash cache emptied: 0 bytes

User: Justinas
->Flash cache emptied: 0 bytes

User: Nerijus
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03122011_085421

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
Here's the second:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Donata
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Justinas
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 6094506 bytes
->Flash cache emptied: 0 bytes

User: Nerijus
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 6.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Donata
->Flash cache emptied: 0 bytes

User: Justinas
->Flash cache emptied: 0 bytes

User: Nerijus
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.22.3 log created on 03122011_085911

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
Oh, and by the way I would like to thank you for your help and time Broni. I REALLLLLLLLLY appreciate this. I heard you have a cold, so I hope you get better soon.


Cheers!, juzt4

EDIT: i'm going to run defragmenter soon
and my computer is running great.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
797
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni

Latest posts

Back