TechSpot

Virus: System Check

Inactive
By Emerik
Jan 9, 2012
  1. Emerik

    Emerik TS Rookie Topic Starter Posts: 51

    L logfile created on: 1/11/2012 7:22:35 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Administrator\Desktop
    64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: Sweden | Language: SVE | Date Format: yyyy-MM-dd

    3.89 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 58.03% Memory free
    7.78 Gb Paging File | 5.96 Gb Available in Paging File | 76.58% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 297.79 Gb Total Space | 238.39 Gb Free Space | 80.05% Space Free | Partition Type: NTFS

    Computer Name: SR9EPGOY | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/01/11 19:20:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
    PRC - [2011/07/25 22:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
    PRC - [2011/07/04 02:02:00 | 000,148,840 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
    PRC - [2011/07/04 02:02:00 | 000,062,824 | ---- | M] (Lenovo Group Limited) -- C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
    PRC - [2011/05/31 09:48:36 | 000,059,240 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
    PRC - [2011/05/31 09:48:34 | 000,040,808 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
    PRC - [2011/05/31 09:48:18 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
    PRC - [2011/05/26 18:43:12 | 000,328,040 | ---- | M] (Lenovo Group Limited) -- C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
    PRC - [2011/05/25 13:21:32 | 000,281,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
    PRC - [2011/05/18 17:12:30 | 000,083,440 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Tablettmeny\TSMService.exe
    PRC - [2011/05/09 10:18:22 | 000,484,856 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Tablettmeny\TSMResident.exe
    PRC - [2011/04/14 12:22:42 | 000,361,832 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
    PRC - [2011/04/14 12:22:28 | 000,263,528 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
    PRC - [2011/04/14 12:22:26 | 000,124,264 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
    PRC - [2011/04/07 15:41:32 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
    PRC - [2011/04/04 09:27:20 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
    PRC - [2011/03/29 12:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    PRC - [2011/03/14 19:04:14 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe
    PRC - [2011/03/02 14:07:36 | 000,443,240 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
    PRC - [2011/02/07 15:15:38 | 000,210,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    PRC - [2011/01/17 09:42:04 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2011/01/17 09:42:02 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/10/27 21:11:00 | 000,079,136 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Tablettmeny\ASR\ASRSVC.exe
    PRC - [2010/04/07 13:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
    PRC - [2010/04/01 13:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe


    ========== Modules (No Company Name) ==========

    MOD - [2010/04/06 08:05:16 | 002,085,888 | ---- | M] () -- C:\Program Files\Lenovo\AutoLock\cv210.dll
    MOD - [2010/04/06 08:04:06 | 002,201,088 | ---- | M] () -- C:\Program Files\Lenovo\AutoLock\cxcore210.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/11/23 11:27:10 | 001,267,000 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
    SRV:64bit: - [2011/06/30 08:37:30 | 002,528,096 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
    SRV:64bit: - [2011/05/31 09:48:36 | 000,059,240 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
    SRV:64bit: - [2011/05/31 09:48:18 | 000,041,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe -- (LENOVO.CAMMUTE)
    SRV:64bit: - [2011/05/02 13:27:50 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV:64bit: - [2011/05/02 13:10:26 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV:64bit: - [2011/04/27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2011/04/27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2011/04/20 09:04:38 | 000,144,232 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe -- (TPHKLOAD)
    SRV:64bit: - [2011/04/04 09:27:20 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe -- (LENOVO.MICMUTE)
    SRV:64bit: - [2011/03/29 18:15:36 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
    SRV:64bit: - [2011/03/29 12:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
    SRV:64bit: - [2011/02/01 06:05:12 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
    SRV:64bit: - [2010/12/17 07:18:08 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
    SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/04/07 13:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
    SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2011/07/25 22:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
    SRV - [2011/07/04 02:02:00 | 000,477,032 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
    SRV - [2011/07/04 02:02:00 | 000,148,840 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE -- (PwmEWSvc)
    SRV - [2011/07/04 02:02:00 | 000,083,304 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
    SRV - [2011/05/18 17:12:30 | 000,083,440 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\ThinkPad\Tablettmeny\TSMService.exe -- (TabletSVC)
    SRV - [2011/04/14 12:22:28 | 000,263,528 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
    SRV - [2011/04/14 12:22:26 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
    SRV - [2011/03/14 19:04:14 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)
    SRV - [2011/03/02 14:07:36 | 000,443,240 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe -- (SROSVC)
    SRV - [2011/02/07 15:15:38 | 000,210,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) Intel(R)
    SRV - [2011/01/17 09:42:04 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2011/01/17 09:42:02 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2010/10/27 21:11:00 | 000,079,136 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\ThinkPad\Tablettmeny\ASR\ASRSVC.exe -- (ASRSVC)
    SRV - [2010/06/25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
    SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/07/04 02:02:00 | 000,031,344 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
    DRV:64bit: - [2011/07/04 02:02:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
    DRV:64bit: - [2011/06/27 16:06:54 | 000,025,584 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\program files\pc-doctor\pcdsrvc_x64.pkms -- (PCDSRVC{127174DC-C366ED8B-06020200}_0)
    DRV:64bit: - [2011/05/25 16:23:00 | 000,101,888 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
    DRV:64bit: - [2011/05/19 20:06:46 | 001,442,352 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2011/05/01 13:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
    DRV:64bit: - [2011/04/27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2011/03/30 14:16:24 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/03/29 18:13:40 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
    DRV:64bit: - [2011/03/29 18:11:48 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/03/11 04:10:38 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
    DRV:64bit: - [2011/03/05 02:18:42 | 000,166,016 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
    DRV:64bit: - [2011/02/09 13:48:56 | 001,577,600 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
    DRV:64bit: - [2011/02/01 06:05:12 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
    DRV:64bit: - [2010/12/20 17:31:00 | 000,316,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
    DRV:64bit: - [2010/11/21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
    DRV:64bit: - [2010/11/21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
    DRV:64bit: - [2010/11/21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2010/11/21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
    DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/11/05 15:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/10/19 15:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
    DRV:64bit: - [2010/09/07 13:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
    DRV:64bit: - [2010/06/28 02:39:46 | 000,017,064 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wstbtndb.sys -- (HBtnKey)
    DRV:64bit: - [2010/06/25 18:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
    DRV:64bit: - [2009/12/04 00:35:14 | 000,020,992 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
    DRV:64bit: - [2009/07/20 15:09:10 | 000,132,608 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
    DRV:64bit: - [2009/07/20 15:09:10 | 000,116,992 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV:64bit: - [2009/07/20 15:09:10 | 000,113,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
    DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
    DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
    DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/03/13 12:47:34 | 000,013,840 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp) SMI Helper Driver (smihlp)
    DRV:64bit: - [2007/02/19 06:56:38 | 000,027,136 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
    DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1710067825-1136283663-2566881455-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://home.vrg.se
    IE - HKU\S-1-5-21-1710067825-1136283663-2566881455-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.startup.homepage: "facebook.com"
    FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8153
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: forcetls@sid.stamm:3.0.0

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Administrator\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/24 11:40:58 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2011/09/08 13:02:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
    [2011/12/21 10:26:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\44rgjj9n.default\extensions
    [2011/09/08 13:02:28 | 000,000,000 | ---D | M] (Force-TLS) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\44rgjj9n.default\extensions\forcetls@sid.stamm
    [2011/12/21 10:26:32 | 000,000,000 | ---D | M] (Svensk ordlista) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\44rgjj9n.default\extensions\sv@dictionaries.addons.mozilla.org
    [2011/11/24 11:41:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
    [2011/12/06 14:53:58 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\44RGJJ9N.DEFAULT\EXTENSIONS\SUPPORT-MIN@WOLFRAM.COM.XPI
    [2011/11/24 11:40:58 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011/11/09 00:06:34 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2011/11/24 11:40:58 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/01/11 00:35:03 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [ALCKRESI.EXE] C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE (Lenovo Group Limited)
    O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
    O4:64bit: - HKLM..\Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe ()
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
    O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
    O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
    O4 - HKLM..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe (COMODO)
    O4 - HKLM..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe (COMODO)
    O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [TSMResident] C:\Program Files (x86)\ThinkPad\Tablettmeny\TSMRESIDENT.EXE (Lenovo Group Limited)
    O4 - HKU\S-1-5-21-1710067825-1136283663-2566881455-500..\Run: [Facebook Update] C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O4 - HKU\S-1-5-21-1710067825-1136283663-2566881455-500..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-1710067825-1136283663-2566881455-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1710067825-1136283663-2566881455-500\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-1710067825-1136283663-2566881455-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1710067825-1136283663-2566881455-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
    O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
    O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCC8F49D-FEFF-4E2B-B8AA-0A332256AFA6}: DhcpNameServer = 192.168.0.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - AppInit_DLLs: (C:\Windows\System32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
    O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) -C:\Windows\SysWOW64\guard32.dll (COMODO)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
    O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/01/11 19:20:13 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
    [2012/01/11 07:29:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/01/11 00:59:59 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/01/10 23:51:39 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/01/10 23:12:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/01/10 23:12:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/01/10 23:12:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/01/10 23:12:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/01/10 23:12:05 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/01/10 23:07:52 | 004,377,322 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
    [2012/01/10 21:59:29 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2012/01/10 21:14:16 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/01/10 20:07:56 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\Administrator\Desktop\boot_cleaner.exe
    [2012/01/10 15:23:34 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\dds.scr
    [2012/01/08 21:13:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
    [2012/01/08 21:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/01/08 21:13:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Malwarebytes' Anti-Malware
    [2012/01/08 21:13:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/01/08 21:11:27 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2012/01/08 20:42:55 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Administrator\Desktop\mbam-setup-1.60.0.1800.exe
    [2012/01/08 19:13:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
    [2011/12/25 14:12:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\HTC Legend filer
    [2011/12/25 13:32:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\HTC Hero filer
    [2011/12/24 14:48:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2011/02/07 15:15:50 | 000,020,944 | ---- | C] (Intel Corporation) -- C:\Users\Administrator\AppData\Roaming\JomCap.dll

    ========== Files - Modified Within 30 Days ==========

    [2012/01/11 19:28:05 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1710067825-1136283663-2566881455-500UA.job
    [2012/01/11 19:28:00 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
    [2012/01/11 19:25:00 | 000,000,528 | -H-- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
    [2012/01/11 19:20:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
    [2012/01/11 18:45:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/01/11 18:36:13 | 000,000,960 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1710067825-1136283663-2566881455-500UA.job
    [2012/01/11 17:07:11 | 000,021,984 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/01/11 17:07:11 | 000,021,984 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/01/11 17:05:58 | 001,457,064 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/01/11 17:05:58 | 000,622,356 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat
    [2012/01/11 17:05:58 | 000,612,194 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/01/11 17:05:58 | 000,122,902 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat
    [2012/01/11 17:05:58 | 000,105,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/01/11 16:59:14 | 3132,542,976 | -HS- | M] () -- C:\hiberfil.sys
    [2012/01/11 00:35:03 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/01/10 23:24:43 | 526,377,856 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/01/10 23:08:26 | 004,377,322 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
    [2012/01/10 20:39:23 | 000,001,302 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skärmurklipp och start för OneNote 2010.lnk
    [2012/01/10 15:26:01 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1710067825-1136283663-2566881455-500Core.job
    [2012/01/10 15:23:39 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\dds.scr
    [2012/01/10 15:23:05 | 000,302,592 | ---- | M] () -- C:\Users\Administrator\Desktop\2vspwgjb.exe
    [2012/01/10 14:28:01 | 000,000,984 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1710067825-1136283663-2566881455-500Core.job
    [2012/01/08 21:05:36 | 000,001,365 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\GetValue.vbs
    [2012/01/08 20:43:59 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Administrator\Desktop\mbam-setup-1.60.0.1800.exe
    [2012/01/08 19:57:17 | 000,000,035 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\SetValue.bat
    [2012/01/08 19:13:53 | 000,000,683 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2012/01/08 00:30:02 | 000,002,445 | ---- | M] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk
    [2011/12/25 23:00:34 | 000,001,456 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Adobe Save for Web 12.0 Prefs
    [2011/12/25 23:00:33 | 000,302,302 | ---- | M] () -- C:\Users\Administrator\Desktop\whistler2.jpg
    [2011/12/25 22:47:25 | 000,511,231 | ---- | M] () -- C:\Users\Administrator\Desktop\whistler.jpg
    [2011/12/15 03:25:31 | 004,968,776 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

    ========== Files Created - No Company Name ==========

    [2012/01/10 23:12:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/01/10 23:12:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/01/10 23:12:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/01/10 23:12:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/01/10 23:12:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/01/10 21:59:26 | 526,377,856 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2012/01/10 15:23:06 | 000,302,592 | ---- | C] () -- C:\Users\Administrator\Desktop\2vspwgjb.exe
    [2012/01/08 19:57:17 | 000,001,365 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\GetValue.vbs
    [2012/01/08 19:57:17 | 000,000,035 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\SetValue.bat
    [2012/01/08 19:13:53 | 000,000,683 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2011/12/25 23:00:34 | 000,001,456 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Adobe Save for Web 12.0 Prefs
    [2011/12/25 23:00:32 | 000,302,302 | ---- | C] () -- C:\Users\Administrator\Desktop\whistler2.jpg
    [2011/12/25 22:47:23 | 000,511,231 | ---- | C] () -- C:\Users\Administrator\Desktop\whistler.jpg
    [2011/11/03 17:29:00 | 000,002,092 | ---- | C] () -- C:\Windows\tabled32.ini
    [2011/09/08 22:38:31 | 000,094,080 | ---- | C] () -- C:\Program Files (x86)\Install Lightroom 3.exe
    [2011/09/08 22:38:23 | 000,641,407 | R--- | C] () -- C:\Program Files (x86)\Lightroom 3 ReadMe.pdf
    [2011/09/07 21:51:11 | 008,469,474 | ---- | C] () -- C:\Program Files\Adobe Photoshop CS5 or extended activator VIRUS FREE.zip
    [2011/09/06 12:31:47 | 001,474,930 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/09/05 20:16:22 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011/09/05 20:09:07 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
    [2011/08/08 23:47:10 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011/08/08 23:47:05 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2011/08/08 14:08:14 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini
    [2010/06/25 18:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
    [2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

    ========== LOP Check ==========

    [2011/12/24 14:48:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2011/09/07 19:34:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    [2011/09/02 18:19:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\LolClient
    [2011/09/27 10:50:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PCDr
    [2011/09/02 16:01:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PwrMgr
    [2012/01/08 22:06:57 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Spotify
    [2011/09/02 18:10:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SystemRequirementsLab
    [2012/01/08 21:12:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
    [2012/01/10 15:26:01 | 000,000,938 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1710067825-1136283663-2566881455-500Core.job
    [2012/01/11 18:36:13 | 000,000,960 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1710067825-1136283663-2566881455-500UA.job
    [2012/01/11 19:25:00 | 000,000,528 | -H-- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
    [2011/10/26 11:56:25 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2012/01/11 19:28:00 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

    ========== Purity Check ==========
     
  2. Emerik

    Emerik TS Rookie Topic Starter Posts: 51

    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2012/01/11 00:59:34 | 000,017,963 | ---- | M] () -- C:\ComboFix.txt
    [2012/01/11 16:59:14 | 3132,542,976 | -HS- | M] () -- C:\hiberfil.sys
    [2011/10/06 12:40:22 | 000,000,336 | ---- | M] () -- C:\INSTALL.LOG
    [2005/09/22 23:39:38 | 000,894,976 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2012/01/11 16:59:16 | 4176,723,968 | -HS- | M] () -- C:\pagefile.sys
    [2012/01/08 21:05:25 | 000,002,071 | ---- | M] () -- C:\rapport.txt

    < %systemroot%\Fonts\*.com >
    [2009/07/14 06:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 06:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 06:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 06:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 21:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2011/05/13 14:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
    [2011/05/19 16:38:22 | 000,094,080 | ---- | M] () -- C:\Program Files (x86)\Install Lightroom 3.exe
    [2011/09/08 22:38:23 | 000,641,407 | R--- | M] () -- C:\Program Files (x86)\Lightroom 3 ReadMe.pdf

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/09/02 14:18:47 | 000,000,221 | -HS- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/01/10 15:23:05 | 000,302,592 | ---- | M] () -- C:\Users\Administrator\Desktop\2vspwgjb.exe
    [2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Administrator\Desktop\boot_cleaner.exe
    [2012/01/10 23:08:26 | 004,377,322 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
    [2012/01/08 20:43:59 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Administrator\Desktop\mbam-setup-1.60.0.1800.exe
    [2012/01/11 19:20:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 22:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2011/09/02 10:39:53 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2011/09/02 10:39:53 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2011/09/02 10:39:53 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2011/09/02 10:39:53 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2011/09/02 10:39:53 | 000,786,432 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
    [2011/09/02 10:39:53 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/05/09 17:35:28 | 001,243,576 | ---- | M] (Adobe Systems, Incorporated) -- C:\Users\Administrator\Favorites\amtlib (2).dll
    [2010/05/08 10:56:50 | 000,911,800 | ---- | M] (Adobe Systems, Incorporated) -- C:\Users\Administrator\Favorites\amtlib.dll
    [2011/10/28 07:34:24 | 000,000,402 | -HS- | M] () -- C:\Users\Administrator\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
    No captured output from command...

    < dir /b "%systemroot%\*.exe" | find /i " " /c >
    No captured output from command...

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
    "UseWUServer" = 1

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  3. Broni

    Broni Malware Annihilator Posts: 47,066   +256

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
      O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
      O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===========================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  4. Emerik

    Emerik TS Rookie Topic Starter Posts: 51

    I did the OTL-scan but after rebooting the computer I couldn't connect to internet so I tried rebooting the computer again, and then it worked. The problem is that I can't find where the log went. Was it saved? If not, what should I do?
     
  5. Broni

    Broni Malware Annihilator Posts: 47,066   +256

    Re-run the fix.
     
  6. Emerik

    Emerik TS Rookie Topic Starter Posts: 51

    Thanks for quick response! :)
    Logs (and more will come):

    All processes killed
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ not found.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 1601776 bytes
    ->Temporary Internet Files folder emptied: 99634 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 19189328 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: VRElev
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 3810 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 103838 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 20.00 mb


    [EMPTYJAVA]

    User: Administrator
    ->Java cache emptied: 0 bytes

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: VRElev

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: VRElev

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 01112012_234941

    Files\Folders moved on Reboot...
    C:\Users\Administrator\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...

    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 30
    Mozilla Firefox (x86 en-US..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Comodo Firewall cmdagent.exe
    Comodo Firewall cfp.exe
    Microsoft Security Essentials msseces.exe
    Microsoft Security Client Antimalware MsMpEng.exe
    Microsoft Security Client Antimalware NisSrv.exe
    ``````````End of Log````````````

    Farbar Service Scanner
    Ran by Administrator (administrator) on 11-01-2012 at 23:54:46
    Microsoft Windows 7 Enterprise Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error: Google IP is offline
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall"=DWORD:0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============
    SDRSVC Service is not running. Checking service configuration:
    The start type of SDRSVC service is OK.
    The ImagePath of SDRSVC service is OK.
    The ServiceDll of SDRSVC service is OK.

    VSS Service is not running. Checking service configuration:
    The start type of VSS service is OK.
    The ImagePath of VSS service is OK.


    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ===========

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  7. Emerik

    Emerik TS Rookie Topic Starter Posts: 51

    Quick question: Should the "Remove found threats"-box be checked on the ESET scanner?
     
  8. Broni

    Broni Malware Annihilator Posts: 47,066   +256

    Yes.
    Is it unchecked in current version?
     
  9. Emerik

    Emerik TS Rookie Topic Starter Posts: 51

    No, it is checked. Just wasn't sure if you meant "just check the scan-box" or "additionally, check the scan-box". Running it now, anyway.
     
  10. Emerik

    Emerik TS Rookie Topic Starter Posts: 51

    Computer is scanning now, but going to bed... will post log results in the morning. Thanks a lot for the help Broni. I really appreciate it. :)
     
  11. Emerik

    Emerik TS Rookie Topic Starter Posts: 51

    ESET produced no logs, so all logs required should be posted now. By the way, I think I still get redirected sometimes when entering websites, to a comletely random website... Might just be by chance though.
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,066   +256

    Which browser is getting redirected?
     
  13. Emerik

    Emerik TS Rookie Topic Starter Posts: 51

    Mozilla Firefox.
     
  14. Emerik

    Emerik TS Rookie Topic Starter Posts: 51

    Okay, now I'm quite sure I'm getting redirected. I was googling something, and when trying to enter a wikipedia page I ended up at some random swedish site about an animal hospital or something, though it didn't seem like a harmful site. When checking the history I saw some links in between the wikipedia page and the animal page, for example:

    http://64.156.192.117/xml/g.php?u=b...8354b9824-a236-080201-11919-mitt liv som hund

    and

    http://clicks.thespecialsearch.com/...=1326441741.09&xtr_new_end_time=1326441741.11

    Sorry for the spam, just thought it might be helpful in figuring out the problem!

    Thank you in advance.
     
  15. Broni

    Broni Malware Annihilator Posts: 47,066   +256

    Can you check if IE is getting redirected as well?

    Please download GooredFix from one of the locations below and save it to your Desktop
    Download Mirror #1
    Download Mirror #2
    • Ensure all Firefox windows are closed.
    • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
    • When prompted to run the scan, click Yes.
    • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
     
  16. Emerik

    Emerik TS Rookie Topic Starter Posts: 51

    Same problem with IE, getting redirected still...

    GooredFix by jpshortstuff (03.07.10.1)
    Log created at 21:18 on 13/01/2012 (Administrator)
    Firefox version 8.0.1 (en-US)

    ========== GooredScan ==========


    ========== GooredLog ==========

    C:\Program Files (x86)\Mozilla Firefox\extensions\
    {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [17:19 02/09/2011]
    {972ce4c6-7e08-4474-a285-3208198ce6fd} [17:33 08/09/2011]
    {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [19:06 11/01/2012]

    C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\44rgjj9n.default\extensions\
    forcetls@sid.stamm [12:02 08/09/2011]
    sv@dictionaries.addons.mozilla.org [09:26 21/12/2011]

    [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
    (none)

    -=E.O.F=-
     
  17. Broni

    Broni Malware Annihilator Posts: 47,066   +256

    Please download MiniToolBox and run it.

    Checkmark following boxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Report FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Users, Partitions and Memory size
    Click Go and post the result.
     
  18. Emerik

    Emerik TS Rookie Topic Starter Posts: 51

    MiniToolBox by Farbar
    Ran by Administrator (administrator) on 13-01-2012 at 22:03:41
    Microsoft Windows 7 Enterprise Service Pack 1 (X64)
    Boot Mode: Normal
    ***************************************************************************

    ========================= Flush DNS: ===================================

    IP-konfiguration f”r Windows

    DNS-matcharens cacheminne har rensats.

    ========================= IE Proxy Settings: ==============================

    Proxy is not enabled.
    No Proxy Server is set.

    ========================= FF Proxy Settings: ==============================

    ========================= Hosts content: =================================

    127.0.0.1 localhost

    ========================= IP Configuration: ================================

    Intel(R) Centrino(R) Advanced-N 6205 = Wireless Network Connection (Connected)
    Intel(R) 82579LM Gigabit Network Connection = Local Area Connection (Media disconnected)
    Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
    Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
    ========================= Winsock entries =====================================

    Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
    Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
    Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
    Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
    Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
    Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
    Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
    Catalog5 09 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
    Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
    x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
    x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
    x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
    x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
    x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
    x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
    x64-Catalog5 09 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
    x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

    ========================= Event log errors: ===============================

    Application errors:
    ==================
    Error: (01/13/2012 09:29:24 PM) (Source: PC-Doctor) (User: )
    Description: (3984) Asapi: (21:29:24:9480)(3984) engine.EngineLink - Error -- 81 Invalid connection to client

    Error: (01/13/2012 09:20:46 PM) (Source: Application Error) (User: )
    Description: Felet uppstod i programmet med namn: jusched.exe, version 2.0.6.1, tidsstämpel 0x4df127ab
    , felet uppstod i modulen med namn: USER32.dll, version 6.1.7601.17514, tidsstämpel 0x4ce7ba59
    Undantagskod: 0xc0000005
    Felförskjutning: 0x00029951
    Process-ID: 0x4d4
    Programmets starttid: 0xjusched.exe0
    Sökväg till program: jusched.exe1
    Sökväg till modul: jusched.exe2
    Rapport-ID: jusched.exe3

    Error: (01/13/2012 09:18:14 PM) (Source: SideBySide) (User: )
    Description: Det gick inte att skapa aktiveringskontext för C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1. Det finns ett fel i manifest- eller principfilen C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2 på rad C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
    En komponentversion som begärs av programmet står i konflikt med en annan komponentversion som redan är aktiv.
    Följande komponenter orsakar konflikten:
    Komponent 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Komponent 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error: (01/13/2012 09:08:30 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/13/2012 02:58:24 PM) (Source: Application Error) (User: )
    Description: Felet uppstod i programmet med namn: jusched.exe, version 2.0.6.1, tidsstämpel 0x4df127ab
    , felet uppstod i modulen med namn: USER32.dll, version 6.1.7601.17514, tidsstämpel 0x4ce7ba59
    Undantagskod: 0xc0000005
    Felförskjutning: 0x00029951
    Process-ID: 0x680
    Programmets starttid: 0xjusched.exe0
    Sökväg till program: jusched.exe1
    Sökväg till modul: jusched.exe2
    Rapport-ID: jusched.exe3

    Error: (01/13/2012 02:53:08 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/13/2012 00:07:21 PM) (Source: Application Error) (User: )
    Description: Felet uppstod i programmet med namn: jusched.exe, version 2.0.6.1, tidsstämpel 0x4df127ab
    , felet uppstod i modulen med namn: USER32.dll, version 6.1.7601.17514, tidsstämpel 0x4ce7ba59
    Undantagskod: 0xc0000005
    Felförskjutning: 0x00029951
    Process-ID: 0x1368
    Programmets starttid: 0xjusched.exe0
    Sökväg till program: jusched.exe1
    Sökväg till modul: jusched.exe2
    Rapport-ID: jusched.exe3

    Error: (01/13/2012 00:01:49 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/13/2012 08:39:17 AM) (Source: Application Error) (User: )
    Description: Felet uppstod i programmet med namn: jusched.exe, version 2.0.6.1, tidsstämpel 0x4df127ab
    , felet uppstod i modulen med namn: USER32.dll, version 6.1.7601.17514, tidsstämpel 0x4ce7ba59
    Undantagskod: 0xc0000005
    Felförskjutning: 0x00029951
    Process-ID: 0x1350
    Programmets starttid: 0xjusched.exe0
    Sökväg till program: jusched.exe1
    Sökväg till modul: jusched.exe2
    Rapport-ID: jusched.exe3

    Error: (01/13/2012 08:34:01 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    System errors:
    =============
    Error: (01/13/2012 09:56:47 PM) (Source: Ntfs) (User: )
    Description: Filsystemstrukturen på disken är skadad och oanvändbar.
    Kör verktyget CHKDSK på volymen .

    Error: (01/13/2012 09:56:47 PM) (Source: Ntfs) (User: )
    Description: Filsystemstrukturen på disken är skadad och oanvändbar.
    Kör verktyget CHKDSK på volymen .

    Error: (01/13/2012 09:29:09 PM) (Source: Ntfs) (User: )
    Description: Filsystemstrukturen på disken är skadad och oanvändbar.
    Kör verktyget CHKDSK på volymen .

    Error: (01/13/2012 09:09:09 PM) (Source: Ntfs) (User: )
    Description: Filsystemstrukturen på disken är skadad och oanvändbar.
    Kör verktyget CHKDSK på volymen .

    Error: (01/13/2012 09:08:31 PM) (Source: Service Control Manager) (User: )
    Description: Följande start- eller systemstartdrivrutin(er) avbröts på grund av fel under start:
    cdrom

    Error: (01/13/2012 09:08:27 PM) (Source: Ntfs) (User: )
    Description: Filsystemstrukturen på disken är skadad och oanvändbar.
    Kör verktyget CHKDSK på volymen .

    Error: (01/13/2012 09:08:27 PM) (Source: Ntfs) (User: )
    Description: Filsystemstrukturen på disken är skadad och oanvändbar.
    Kör verktyget CHKDSK på volymen .

    Error: (01/13/2012 09:08:14 PM) (Source: Ntfs) (User: )
    Description: Filsystemstrukturen på disken är skadad och oanvändbar.
    Kör verktyget CHKDSK på volymen .

    Error: (01/13/2012 03:13:47 PM) (Source: Ntfs) (User: )
    Description: Filsystemstrukturen på disken är skadad och oanvändbar.
    Kör verktyget CHKDSK på volymen .

    Error: (01/13/2012 02:53:45 PM) (Source: Ntfs) (User: )
    Description: Filsystemstrukturen på disken är skadad och oanvändbar.
    Kör verktyget CHKDSK på volymen .


    Microsoft Office Sessions:
    =========================
    Error: (01/13/2012 09:29:24 PM) (Source: PC-Doctor)(User: )
    Description: (3984) Asapi: (21:29:24:9480)(3984) engine.EngineLink - Error -- 81 Invalid connection to client

    Error: (01/13/2012 09:20:46 PM) (Source: Application Error)(User: )
    Description: jusched.exe2.0.6.14df127abUSER32.dll6.1.7601.175144ce7ba59c0000005000299514d401ccd23020c5f64dC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Windows\syswow64\USER32.dll12fa4379-3e24-11e1-9796-cc52afe0241b

    Error: (01/13/2012 09:18:14 PM) (Source: SideBySide)(User: )
    Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Administrator\Downloads\esetsmartinstaller_enu.exe

    Error: (01/13/2012 09:08:30 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/13/2012 02:58:24 PM) (Source: Application Error)(User: )
    Description: jusched.exe2.0.6.14df127abUSER32.dll6.1.7601.175144ce7ba59c00000050002995168001ccd1fab5c771b3C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Windows\syswow64\USER32.dlla8238034-3dee-11e1-af02-cc52afe0241b

    Error: (01/13/2012 02:53:08 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/13/2012 00:07:21 PM) (Source: Application Error)(User: )
    Description: jusched.exe2.0.6.14df127abUSER32.dll6.1.7601.175144ce7ba59c000000500029951136801ccd1e2d11b9704C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Windows\syswow64\USER32.dllc34e1dd4-3dd6-11e1-a21c-cc52afe0241b

    Error: (01/13/2012 00:01:49 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/13/2012 08:39:17 AM) (Source: Application Error)(User: )
    Description: jusched.exe2.0.6.14df127abUSER32.dll6.1.7601.175144ce7ba59c000000500029951135001ccd1c5c016495bC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Windows\syswow64\USER32.dllb204eee9-3db9-11e1-9de0-cc52afe0241b

    Error: (01/13/2012 08:34:01 AM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    ========================= Memory info: ===================================

    Percentage of memory in use: 40%
    Total physical RAM: 3983.23 MB
    Available physical RAM: 2354.51 MB
    Total Pagefile: 7964.66 MB
    Available Pagefile: 5949.57 MB
    Total Virtual: 4095.88 MB
    Available Virtual: 3975.76 MB

    ========================= Partitions: =====================================

    1 Drive c: (OSDisk) (Fixed) (Total:297.79 GB) (Free:236.32 GB) NTFS

    ========================= Users: ========================================

    **** End of log ****
     
  19. Broni

    Broni Malware Annihilator Posts: 47,066   +256

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  20. Emerik

    Emerik TS Rookie Topic Starter Posts: 51

    ComboFix 12-01-13.05 - Administrator 2012-01-13 23:26:57.3.4 - x64
    Microsoft Windows 7 Enterprise 6.1.7601.1.1252.46.1033.18.3983.2510 [GMT 1:00]
    Körs från: c:\users\Administrator\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
    SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
    .
    .
    (((((((((((((((((((((((( Filer skapade från 2011-12-13 till 2012-01-13 ))))))))))))))))))))))))))))))
    .
    .
    2012-01-13 23:01 . 2012-01-13 23:01 -------- d-----w- c:\users\VRElev\AppData\Local\temp
    2012-01-13 23:01 . 2012-01-13 23:01 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-01-13 20:19 . 2012-01-13 20:19 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7472ADB9-061A-4480-BBE7-BBD2C048DE96}\offreg.dll
    2012-01-13 20:19 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7472ADB9-061A-4480-BBE7-BBD2C048DE96}\mpengine.dll
    2012-01-12 02:00 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
    2012-01-12 02:00 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
    2012-01-12 02:00 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
    2012-01-12 02:00 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
    2012-01-11 23:02 . 2012-01-11 23:02 -------- d-----w- c:\program files (x86)\ESET
    2012-01-11 19:14 . 2012-01-11 19:14 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-01-11 18:56 . 2012-01-11 18:56 -------- d-----w- C:\_OTL
    2012-01-10 20:14 . 2012-01-10 20:16 -------- d-----w- C:\FRST
    2012-01-08 20:13 . 2012-01-08 20:13 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
    2012-01-08 20:13 . 2012-01-08 20:13 -------- d-----w- c:\programdata\Malwarebytes
    2012-01-08 20:11 . 2012-01-08 20:11 -------- d-----w- c:\program files\CCleaner
    2012-01-08 18:57 . 2012-01-08 20:05 1365 ----a-w- c:\users\Administrator\AppData\Roaming\GetValue.vbs
    2012-01-08 18:57 . 2012-01-08 18:57 35 ----a-w- c:\users\Administrator\AppData\Roaming\SetValue.bat
    2011-12-25 13:12 . 2011-12-25 13:13 -------- d-----w- c:\users\Administrator\HTC Legend filer
    2011-12-25 12:32 . 2011-12-25 12:53 -------- d-----w- c:\users\Administrator\HTC Hero filer
    2011-12-24 13:48 . 2011-12-24 13:48 -------- d-----w- c:\users\Administrator\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2011-12-15 02:04 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
    2011-12-15 02:01 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
    2011-12-15 02:01 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
    2011-12-15 02:01 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
    2011-12-15 02:00 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-12-15 02:00 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-21 13:53 . 2011-09-02 17:04 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-11-21 11:40 . 2011-09-07 11:48 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-11-10 04:54 . 2011-09-02 13:58 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-05-19 15:38 . 2011-09-08 21:38 94080 ----a-w- c:\program files (x86)\Install Lightroom 3.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-01-10_23.36.39 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2010-11-21 03:24 . 2010-11-21 03:24 96768 c:\windows\SysWOW64\sspicli.dll
    + 2012-01-12 02:03 . 2011-11-17 05:28 96768 c:\windows\SysWOW64\sspicli.dll
    + 2012-01-12 02:03 . 2011-11-17 05:34 22016 c:\windows\SysWOW64\secur32.dll
    - 2010-11-21 03:24 . 2010-11-21 03:24 22016 c:\windows\SysWOW64\secur32.dll
    - 2009-07-14 04:54 . 2012-01-10 22:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-01-13 13:53 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-01-13 13:53 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-01-10 22:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-01-13 13:53 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-01-10 22:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-11-21 03:09 . 2012-01-13 20:17 53456 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-01-13 20:17 31012 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-09-02 15:48 . 2012-01-12 21:23 12316 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1710067825-1136283663-2566881455-500_UserData.bin
    - 2010-11-21 03:24 . 2010-11-21 03:24 29184 c:\windows\system32\sspisrv.dll
    + 2012-01-12 02:03 . 2011-11-17 06:35 29184 c:\windows\system32\sspisrv.dll
    - 2010-11-21 03:24 . 2010-11-21 03:24 28160 c:\windows\system32\secur32.dll
    + 2012-01-12 02:03 . 2011-11-17 06:35 28160 c:\windows\system32\secur32.dll
    + 2012-01-12 02:03 . 2011-11-17 06:33 31232 c:\windows\system32\lsass.exe
    - 2009-07-13 23:20 . 2009-07-14 01:39 31232 c:\windows\system32\lsass.exe
    + 2012-01-12 02:03 . 2011-11-17 06:49 95600 c:\windows\system32\drivers\ksecdd.sys
    + 2011-08-08 13:06 . 2012-01-13 20:15 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-08-08 13:06 . 2012-01-10 22:24 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-08-08 13:06 . 2012-01-13 20:15 81920 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-08-08 13:06 . 2012-01-10 22:24 81920 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-01-10 22:24 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-01-13 20:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:46 . 2012-01-12 10:41 80120 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    - 2011-09-02 15:01 . 2012-01-08 01:30 2190 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
    + 2011-09-02 15:01 . 2012-01-13 14:57 2190 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
    + 2012-01-13 20:08 . 2012-01-13 20:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-01-10 22:48 . 2012-01-10 22:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-01-13 20:08 . 2012-01-13 20:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-01-10 22:48 . 2012-01-10 22:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-01-12 02:03 . 2011-11-17 05:35 314880 c:\windows\SysWOW64\webio.dll
    - 2010-11-21 03:23 . 2010-11-21 03:23 314880 c:\windows\SysWOW64\webio.dll
    + 2012-01-12 02:03 . 2011-11-17 05:34 224768 c:\windows\SysWOW64\schannel.dll
    - 2010-11-21 03:23 . 2010-11-21 03:23 514560 c:\windows\SysWOW64\qdvd.dll
    + 2012-01-12 02:03 . 2011-10-26 04:32 514560 c:\windows\SysWOW64\qdvd.dll
    - 2011-09-02 13:58 . 2011-09-02 13:58 157472 c:\windows\SysWOW64\javaws.exe
    + 2012-01-11 19:06 . 2011-11-10 04:54 157472 c:\windows\SysWOW64\javaws.exe
    + 2012-01-11 19:06 . 2011-11-10 04:54 149280 c:\windows\SysWOW64\javaw.exe
    + 2012-01-11 19:06 . 2011-11-10 04:54 149280 c:\windows\SysWOW64\java.exe
    + 2012-01-12 02:03 . 2011-11-17 06:35 395776 c:\windows\system32\webio.dll
    - 2010-11-21 03:24 . 2010-11-21 03:24 395776 c:\windows\system32\webio.dll
    + 2011-08-09 07:53 . 2012-01-12 17:24 253040 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    - 2010-11-21 03:24 . 2010-11-21 03:24 136192 c:\windows\system32\sspicli.dll
    + 2012-01-12 02:03 . 2011-11-17 06:35 136192 c:\windows\system32\sspicli.dll
    + 2012-01-12 02:03 . 2011-11-17 06:35 340992 c:\windows\system32\schannel.dll
    - 2010-11-21 03:24 . 2010-11-21 03:24 340992 c:\windows\system32\schannel.dll
    + 2012-01-12 02:03 . 2011-10-26 05:25 366592 c:\windows\system32\qdvd.dll
    - 2010-11-21 03:24 . 2010-11-21 03:24 366592 c:\windows\system32\qdvd.dll
    + 2011-08-08 23:00 . 2012-01-13 20:15 622356 c:\windows\system32\perfh01D.dat
    - 2011-08-08 23:00 . 2012-01-10 22:32 622356 c:\windows\system32\perfh01D.dat
    - 2009-07-14 02:36 . 2012-01-10 22:32 612194 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-01-13 20:15 612194 c:\windows\system32\perfh009.dat
    - 2011-08-08 23:00 . 2012-01-10 22:32 122902 c:\windows\system32\perfc01D.dat
    + 2011-08-08 23:00 . 2012-01-13 20:15 122902 c:\windows\system32\perfc01D.dat
    + 2009-07-14 02:36 . 2012-01-13 20:15 105412 c:\windows\system32\perfc009.dat
    - 2009-07-14 02:36 . 2012-01-10 22:32 105412 c:\windows\system32\perfc009.dat
    + 2012-01-12 02:03 . 2011-11-17 06:49 152432 c:\windows\system32\drivers\ksecpkg.sys
    + 2012-01-12 02:03 . 2011-11-17 06:44 459232 c:\windows\system32\drivers\cng.sys
    - 2009-07-14 05:01 . 2012-01-08 01:30 469728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-01-13 14:57 469728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2012-01-11 19:14 . 2012-01-11 19:14 207360 c:\windows\Installer\6ca08.msi
    + 2012-01-12 02:03 . 2011-10-29 05:23 465920 c:\windows\ehome\mstvcapn.dll
    - 2010-11-21 03:24 . 2010-11-21 03:24 465920 c:\windows\ehome\mstvcapn.dll
    + 2012-01-12 02:03 . 2011-10-26 04:32 1328128 c:\windows\SysWOW64\quartz.dll
    - 2010-11-21 03:23 . 2010-11-21 03:23 1328128 c:\windows\SysWOW64\quartz.dll
    + 2012-01-12 02:03 . 2011-10-26 05:25 1572864 c:\windows\system32\quartz.dll
    - 2010-11-21 03:24 . 2010-11-21 03:24 1447936 c:\windows\system32\lsasrv.dll
    + 2012-01-12 02:03 . 2011-11-17 06:35 1447936 c:\windows\system32\lsasrv.dll
    + 2009-07-14 04:45 . 2012-01-12 02:22 6854835 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    - 2009-07-14 04:45 . 2012-01-02 18:14 6854835 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    + 2011-10-24 10:14 . 2012-01-13 14:57 2024056 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    - 2011-10-24 10:14 . 2012-01-10 22:48 2024056 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2011-09-06 19:25 . 2012-01-13 14:57 7108232 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
    - 2011-09-06 19:25 . 2012-01-08 01:30 7108232 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
    - 2009-07-14 02:34 . 2011-12-15 02:24 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2009-07-14 02:34 . 2012-01-12 02:19 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2011-08-08 13:14 . 2012-01-12 02:00 54008112 c:\windows\system32\MRT.exe
    + 2011-09-02 15:01 . 2012-01-13 14:57 22046672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1710067825-1136283663-2566881455-500-12288.dat
    .
    -- 'Snapshot' återställt till dagens datum --
    .
    (((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Not* tomma poster & legitima standardposter visas inte.
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-09-02 3077528]
    "Facebook Update"="c:\users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-11-07 137536]
    "OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-07-04 1605992]
    "TSMResident"="c:\program files (x86)\ThinkPad\Tablettmeny\TSMRESIDENT.EXE" [2011-05-09 484856]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    "COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 213304]
    "CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 184120]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
    Skärmurklipp och start för OneNote 2010.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
    R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-07-04 477032]
    R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
    R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft - nätverkskontroll;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
    R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-07-04 83304]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 tsusbhub;tsusbhub; [x]
    S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]
    S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
    S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
    S2 ASRSVC;ASR Service;c:\program files (x86)\ThinkPad\Tablettmeny\ASR\ASRSVC.exe [2010-10-27 79136]
    S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
    S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [x]
    S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-07 210896]
    S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-05-31 41320]
    S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-04-04 45496]
    S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-05-31 59240]
    S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
    S2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-07-04 148840]
    S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [x]
    S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]
    S2 SROSVC;Screen Reading Optimizer Service Program;c:\program files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2011-03-02 443240]
    S2 TabletSVC;TABLET Service;c:\program files (x86)\ThinkPad\Tablettmeny\TSMService.exe [2011-05-18 83440]
    S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-04-20 144232]
    S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-03-29 64952]
    S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]
    S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
    S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
    .
    .
    Innehåll i mappen 'Schemalagda aktiviteter':
    .
    2012-01-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1710067825-1136283663-2566881455-500Core.job
    - c:\users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-20 14:21]
    .
    2012-01-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1710067825-1136283663-2566881455-500UA.job
    - c:\users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-20 14:21]
    .
    2012-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1710067825-1136283663-2566881455-500Core.job
    - c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-29 11:16]
    .
    2012-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1710067825-1136283663-2566881455-500UA.job
    - c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-29 11:16]
    .
    2012-01-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
    .
    2012-01-13 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-05-31 40808]
    "TpShocks"="TpShocks.exe" [2011-03-29 380776]
    "AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2011-04-14 31592]
    "ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2011-05-25 281960]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
    "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-14 316032]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 9048392]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\guard64.dll
    .
    ------- Extra genomsökning -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = https://home.vrg.se
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 83.255.245.11 193.150.193.150
    FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\44rgjj9n.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - facebook.com
    .
    .
    --------------------- LÅSTA REGISTERNYCKLAR ---------------------
    .
    [HKEY_USERS\S-1-5-21-1710067825-1136283663-2566881455-500\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (Administrator)
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,17,ca,
    00,9a,bb,ea,08,b1,9f,bd,17,8d,6c,fb,d9
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,2e,90,
    6a,f2,63,4b,07,a3,f0,4c,fc,1c,7a,e5,64
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,cb,25,
    88,35,1f,d6,00,9a,c5,16,24,77,4a,25,dc
    "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b7,e6,
    ac,16,5d,30,03,ae,2b,05,f3,01,cc,44,e5
    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,05,41,
    32,c1,08,0c,0c,bc,aa,88,e9,66,6c,04,8b
    .
    [HKEY_USERS\S-1-5-21-1710067825-1136283663-2566881455-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (Administrator)
    "Timestamp"=hex:e8,c5,dd,da,72,69,cc,01
    .
    [HKEY_USERS\S-1-5-21-1710067825-1136283663-2566881455-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b9,cd,29,60,03,3f,d3,45,b4,90,d4,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b9,cd,29,60,03,3f,d3,45,b4,90,d4,\
    .
    [HKEY_USERS\S-1-5-21-1710067825-1136283663-2566881455-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-1710067825-1136283663-2566881455-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-1710067825-1136283663-2566881455-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Applications\\notepad.exe"
    .
    [HKEY_USERS\S-1-5-21-1710067825-1136283663-2566881455-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-1710067825-1136283663-2566881455-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-1710067825-1136283663-2566881455-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Sluttid: 2012-01-14 00:24:12
    ComboFix-quarantined-files.txt 2012-01-13 23:24
    ComboFix2.txt 2012-01-10 23:59
    .
    Före genomsökningen: 253*720*588*288 byte ledigt
    Efter genomsökningen: 253*734*404*096 byte ledigt
    .
    - - End Of File - - C02752A312D6DF6B8B54FB1C538E3E8F
     
  21. Broni

    Broni Malware Annihilator Posts: 47,066   +256

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  22. Emerik

    Emerik TS Rookie Topic Starter Posts: 51

    After rebooting the computer, it wasn't able to boot correctly, I was immidiatly sent to Windows Starpup Repair... And now it's currently "Attempting repair" What should I do??
     
  23. Emerik

    Emerik TS Rookie Topic Starter Posts: 51

    Oh, and the program asked me to Cure after finding an infected file, and I continued. Now the repair thing shut down, and it didn't do anything about the virus. So should I restart in safe-mode and try again?
     
  24. Broni

    Broni Malware Annihilator Posts: 47,066   +256

    Yes, go ahead.
     
  25. Emerik

    Emerik TS Rookie Topic Starter Posts: 51

    Okay, major problem... can't even boot in safe mode... I can choose the option "Safe Mode" but afterwards I get a half second bluescreen and then it goes back to the first startup-screen, and the process starts over... What to do? :S
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.