Solved Can't remove win64/patched.a

[Dadajmond]

Hi!

I'm a 26 year old girl who has become a victim to This horrible virus. I have tried restarting the computer in fail safe mode and scanning with spybot, spydoctor and avg. I succeeded in removing some trojans (also got à few called seherif gen and bio something) but when I restarted to normal mode My computer just bluescreened on me.... I saw à similar topic with someone who also had This virus win64/patched.a WHO got help from à dragonmaster Jay with getting some kind of fixlist...

Can u help me too??? Need step by step instructions very grateful for your help.

Thank you from Sweden.

 

[Dadajmond]

I restored the computer to the point before I deleted the malware in fail safe mode so now I can start the computer again normally but all the trojans and that win64-virus is still there

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

If you are using Vista or Windows 7 enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• • 
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Next...

Re-run FRST again.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes in your reply.

I'll expect two logs:
- FRST.txt
- Search.txt

 

[Dadajmond]

Thank you so much for your help! I downloaded Farbar and put it on a flash drive. However, I Can't hit the F8 key to get into advanced options...delete key gets me into the bios settings just fine, and f12 key gets me the boot priority list (harddrive cdrom etc). but when I push f8 NOTHING happens. I get to a black screen right after "loading operating system" and a blinking mark such as when you're trying to write something in a word document...I havent waited more than five minutes tho, but I suspect it should work faster than that anyways??? nothing happens so I reboot with the button on the computer. is there another way to do this or is F8 the only way to go???

Grateful for further help.

 

[Broni]

Is this Windows 7?

 

[Dadajmond]

Yes that is correct. Windows7 professional

 

[Broni]

Create Windows 7 DVD: http://www.smartestcomputing.us.com...ble-dvd-or-usb-for-your-version-of-windows-7/ and use 2nd option:
To enter System Recovery Options by using Windows installation disc:

 

[Dadajmond]

Thank you I Will Try This. So I need à 64 gig dvd since I have the 64 bit version??? I apologize for the noob questions

 

[Dadajmond]

I saw now that the iso is 3 gig... Can I copy it to a flashdrive instead? I have one that holds 8 gigs... However I am unsure on how to boot with the flash drive because there are four different "usboptions" in the boot options..

 

[Dadajmond]

I also have 4,7 gigs dvds. should I burn to one of those? =) I understand that you are sleeping now or something, cause were in different time zones in sweden it's noon right now

 

[Broni]

Regular 4.7 DVD will be just fine.

 

[Dadajmond]

Okay thank you! I have burnt the iso onto a disc and I will now try to follow the steps provided. Will be updating with the progress in a few hours.

 

[Dadajmond]

Umm... Okay. I click repair computer but I cant choose operating system cause its not listed. Instead it tells me to insert the installation media for the device and click ok to select the driver. Which means I need to use My installation cd???? Or what?

 

[Dadajmond]

It also gives me an option to restore My computer using à system image that I created earlier.

 

[Broni]

Let me ask the tool maker for an advice.

 

[Broni]

Did you create Win 7 DVD as described in my link or you're using some of your own repair disk?

 

[Dadajmond]

I followed your instructions.

 

[Broni]

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

 

[Dadajmond]

I Will do This and answer as fast as possible. Expect à few hours tho Thank you!

 

[Dadajmond]

So I finished the scans.

Here are the results for the malwarebyte scan. I apologize that it is in swedish, hope you understand anyways???


Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Databasversion: v2012.10.29.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kristina :: KRISTINA-PC [administratör]

Skydd: Aktiverad

2012-10-29 21:10:58
mbam-log-2012-10-29 (21-10-58).txt

Skanningstyp: Snabbskanning
Aktiverade skanningsalternativ: Minne | Start | Register | Filsystem | Heuristik/Extra | Heuristik/Shuriken | PUP | PUM
Inaktiverade skanningsalternativ: P2P
Antal skannade objekt: 217495
Förfluten tid: 3 minut(er), 19 sekund(er)

Upptäckta minnesprocesser: 0
(Inga skadliga poster hittades)

Upptäckta minnesmoduler: 0
(Inga skadliga poster hittades)

Upptäckta registernycklar: 0
(Inga skadliga poster hittades)

Upptäckta registervärden: 0
(Inga skadliga poster hittades)

Upptäckta registerdataposter: 0
(Inga skadliga poster hittades)

Upptäckta mappar: 0
(Inga skadliga poster hittades)

Upptäckta filer: 3
C:\Users\Kristina\Downloads\IZArcInstall.exe (PUP.BundleInstaller.BI) -> Sattes I karantän och togs bort.
C:\Windows\Installer\{15265e7a-c324-1e76-a261-d8fd3cb2775c}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Sattes I karantän och togs bort.
C:\Windows\Installer\{15265e7a-c324-1e76-a261-d8fd3cb2775c}\U\000000cb.@ (Rootkit.0Access) -> Sattes I karantän och togs bort.

(klar)

 

[Dadajmond]

The GMER log turned up completely empty, the scan didn't find any modifications.

 

[Dadajmond]

And here are the results from the DDS scan:


Attach log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2012-09-30 19:34:16
System Uptime: 2012-10-29 21:17:20 (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | GA-890GPA-UD3H
Processor: AMD Phenom(tm) II X6 1100T Processor | Socket M2 | 3300/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 377,9 GiB free.
D: is CDROM (UDF)
E: is FIXED (NTFS) - 1863 GiB total, 1060,982 GiB free.
F: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP33: 2012-10-21 19:28:04 - Windows Live Essentials
RP34: 2012-10-21 19:29:07 - WLSetup
RP35: 2012-10-23 11:34:51 - Installed BankID Security Application
RP36: 2012-10-23 11:49:11 - Installerad Handelsbanken kortläsare
RP37: 2012-10-26 20:17:18 - DirectX har installerats
RP38: 2012-10-26 22:15:51 - Återställningsåtgärd
RP39: 2012-10-29 13:15:21 - AVG PC TuneUp installerades
RP40: 2012-10-29 14:36:13 - Installed Windows 7 USB/DVD Download Tool
.
==== Installed Programs ======================
.
«King`s Bounty - Warriors of the North» 1.0
7-Zip 9.20
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
AMD USB Filter Driver
µTorrent
AVG 2013
AVG PC TuneUp
AVG PC Tuneup 2011
AVG PC TuneUp Language Pack (en-US)
BankID säkerhetsprogram
D3DX10
DAEMON Tools Lite
Deus Ex: Human Revolution
Gigabyte Raid Configurer
Google Chrome
Google Update Helper
Handelsbanken kortläsare
IZArc 4.1.7
jZip
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Swedish) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel 2007 Help Uppdatering (KB963678)
Microsoft Office Excel MUI (Swedish) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (Swedish) 2007
Microsoft Office InfoPath MUI (Swedish) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (Swedish) 2007
Microsoft Office Outlook MUI (Swedish) 2007
Microsoft Office Powerpoint 2007 Help Uppdatering (KB963669)
Microsoft Office PowerPoint MUI (Swedish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Finnish) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Swedish) 2007
Microsoft Office Proofing (Swedish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Swedish) 2007
Microsoft Office Shared 64-bit MUI (Swedish) 2007
Microsoft Office Shared MUI (Swedish) 2007
Microsoft Office Word 2007 Help Uppdatering (KB963665)
Microsoft Office Word MUI (Swedish) 2007
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT110
MSVCRT110_amd64
NEC Electronics USB 3.0 Host Controller Driver
NETGEAR WNA1100 N150 Wireless USB Adapter
NVIDIA-uppdatering 1.10.8
NVIDIA 3D Vision drivrutin 306.23
NVIDIA 3D Vision drivrutin för styrenhet 306.23
NVIDIA Grafikdrivrutin 306.23
NVIDIA HD audiodrivrutin 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
NVIDIA Update Components
NVIDIAs kontrollpanel 306.23
ON_OFF Charge B10.0427.1
Photo Common
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Secret Files 3 (c) Deep Silver version 1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Steam
Torchlight II (c) Runic Games version 1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Windows 7 USB/DVD Download Tool
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.20 (64-bit)
Visual Studio 2010 x64 Redistributables
VLC media player 2.0.3
.
==== End Of File ===========================

 

[Broni]

Go on...

 

[Dadajmond]

And the DDS log:

DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421
Run by Kristina at 21:53:27 on 2012-10-29
Microsoft Windows 7 Professional 6.1.7601.1.1252.46.1053.18.4094.2514 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\XSrvSetup.exe
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xportera till Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: mswsock.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{5CD21730-B2CE-47A3-932F-02ADD69E4B05} : DHCPNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\kehqrjrq.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-9-21 61792]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2012-10-3 25056]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2012-10-2 21544]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2012-9-4 50296]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-9-13 151904]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-10-29 30568]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-10-17 283200]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\System32\drivers\jswpslwfx.sys [2012-10-3 26624]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2012-10-2 1314720]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-10-2 5783672]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-2 193568]
R2 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe [2012-10-2 72304]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-10-3 1258856]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-8-30 382312]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2012-8-23 2148216]
R2 WSWNA1100;WSWNA1100;C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2012-10-3 297440]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-10-29 711112]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2012-10-3 1924096]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-29 25928]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2009-11-20 75776]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2009-11-20 177152]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2012-10-3 189288]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-10-2 347680]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2012-7-4 11880]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-10-2 38456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Tjänsten Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-21 116648]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-29 399432]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-29 676936]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-9-30 250808]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 gupdatem;Tjänsten Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-21 116648]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2012-10-3 960992]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-9-30 114144]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 Tdsshbecr;Handelsbanken card reader;C:\Windows\System32\drivers\shbecr.sys [2008-9-22 50176]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-2 59392]
S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-1 1255736]
.
=============== Created Last 30 ================
.
2012-10-29 20:08:3125928----a-w-C:\Windows\System32\drivers\mbam.sys
2012-10-29 13:36:32119808----a-r-C:\Users\Kristina\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2012-10-29 13:36:32--------d-----w-C:\Users\Kristina\AppData\Local\Apps
2012-10-29 12:16:1135192----a-w-C:\Windows\System32\TURegOpt.exe
2012-10-29 12:16:1126488----a-w-C:\Windows\System32\authuitu.dll
2012-10-29 12:16:1121880----a-w-C:\Windows\SysWow64\authuitu.dll
2012-10-29 12:15:58--------d-----w-C:\Users\Kristina\AppData\Roaming\AVG
2012-10-29 12:15:15--------d-----w-C:\ProgramData\AVG
2012-10-29 12:15:10--------d-sh--w-C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-10-29 12:01:21--------d-----w-C:\Users\Kristina\AppData\Local\AVG Secure Search
2012-10-29 12:01:19--------d-----w-C:\ProgramData\AVG Secure Search
2012-10-29 12:01:1730568----a-w-C:\Windows\System32\drivers\avgtpx64.sys
2012-10-29 12:01:16--------d-----w-C:\Program Files (x86)\Common Files\AVG Secure Search
2012-10-29 12:01:15--------d-----w-C:\Program Files (x86)\AVG Secure Search
2012-10-27 15:06:13--------d-----w-C:\Users\Kristina\AppData\Roaming\TestApp
2012-10-27 15:04:42--------d-----w-C:\ProgramData\PC Tools
2012-10-27 15:04:42--------d-----w-C:\Program Files (x86)\PC Tools Security
2012-10-27 15:04:42--------d-----w-C:\Program Files (x86)\Common Files\PC Tools
2012-10-27 10:13:29--------d-----w-C:\Windows\pss
2012-10-26 21:28:55--------d-----w-C:\ProgramData\Spybot - Search & Destroy
2012-10-26 21:28:55--------d-----w-C:\Program Files (x86)\Spybot - Search & Destroy
2012-10-26 21:22:43--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-26 21:16:15--------d-----w-C:\Users\Kristina\AppData\Roaming\Malwarebytes
2012-10-26 21:16:07--------d-----w-C:\ProgramData\Malwarebytes
2012-10-26 20:53:40--------d-----w-C:\FRST
2012-10-26 18:34:37--------d-----w-C:\Users\Kristina\AppData\Local\FLT
2012-10-26 17:35:24--------d-----w-C:\Users\Kristina\AppData\Local\Programs
2012-10-23 09:49:17--------d-----w-C:\Program Files (x86)\Handelsbanken kortläsare
2012-10-23 09:35:25--------d-----w-C:\Users\Kristina\AppData\Roaming\Personal
2012-10-23 09:35:21--------d-----w-C:\Program Files (x86)\Personal
2012-10-21 17:55:06--------d-----w-C:\Users\Kristina\AppData\Local\Google
2012-10-18 09:09:22--------d-----w-C:\Program Files (x86)\IZArc
2012-10-18 09:06:22--------d-----w-C:\Users\Kristina\AppData\Local\jZip
2012-10-18 09:06:13--------d-----w-C:\Program Files (x86)\jZip
2012-10-18 08:24:19--------d-----w-C:\Users\Kristina\Tracing
2012-10-17 20:39:34--------d-----w-C:\ProgramData\RELOADED
2012-10-17 20:00:36283200----a-w-C:\Windows\System32\drivers\dtsoftbus01.sys
2012-10-17 20:00:32--------d-----w-C:\Users\Kristina\AppData\Roaming\DAEMON Tools Lite
2012-10-17 20:00:31--------d-----w-C:\Program Files (x86)\DAEMON Tools Lite
2012-10-17 19:59:50--------d-----w-C:\ProgramData\DAEMON Tools Lite
2012-10-13 11:31:58--------d-----w-C:\Users\Kristina\AppData\Local\Adobe
2012-10-10 07:39:071464320----a-w-C:\Windows\System32\crypt32.dll
2012-10-10 07:39:071159680----a-w-C:\Windows\SysWow64\crypt32.dll
2012-10-10 07:39:06184320----a-w-C:\Windows\System32\cryptsvc.dll
2012-10-10 07:39:06140288----a-w-C:\Windows\SysWow64\cryptsvc.dll
2012-10-10 07:39:06140288----a-w-C:\Windows\System32\cryptnet.dll
2012-10-10 07:39:06103936----a-w-C:\Windows\SysWow64\cryptnet.dll
2012-10-10 07:37:55715776----a-w-C:\Windows\System32\kerberos.dll
2012-10-10 07:37:55542208----a-w-C:\Windows\SysWow64\kerberos.dll
2012-10-05 01:26:22111456----a-w-C:\Windows\System32\drivers\avgmfx64.sys
2012-10-03 20:49:23--------d-----w-C:\Users\Kristina\AppData\Roaming\NVIDIA
2012-10-03 20:48:24--------d-----w-C:\Users\Kristina\AppData\Roaming\Frogwares
2012-10-03 18:42:49--------d-----w-C:\Windows\System32\appmgmt
2012-10-03 18:41:03--------d-----w-C:\Program Files (x86)\Steam
2012-10-03 18:29:1825056----a-w-C:\Windows\System32\drivers\SCMNdisP.sys
2012-10-03 18:29:181924096----a-w-C:\Windows\System32\drivers\athurx.sys
2012-10-03 18:29:1726624----a-w-C:\Windows\System32\drivers\jswpslwfx.sys
2012-10-03 18:29:14--------d-----w-C:\Program Files (x86)\NETGEAR
2012-10-03 18:18:52--------d-----w-C:\Users\Kristina\AppData\Local\Diagnostics
2012-10-03 16:52:54--------d-----w-C:\Users\Kristina\AppData\Local\Microsoft Help
2012-10-03 16:49:4884992----a-w-C:\Windows\System32\Spool\prtprocs\x64\CNBPP4.DLL
2012-10-03 16:38:18891240----a-w-C:\Windows\System32\nvvsvc.exe
2012-10-03 16:38:1863336----a-w-C:\Windows\System32\nvshext.dll
2012-10-03 16:38:186198120----a-w-C:\Windows\System32\nvcpl.dll
2012-10-03 16:38:183487434----a-w-C:\Windows\System32\nvcoproc.bin
2012-10-03 16:38:183266920----a-w-C:\Windows\System32\nvsvc64.dll
2012-10-03 16:38:182557800----a-w-C:\Windows\System32\nvsvcr.dll
2012-10-03 16:38:17118120----a-w-C:\Windows\System32\nvmctray.dll
2012-10-03 16:35:59--------d-----w-C:\NVIDIA
2012-10-02 21:42:21--------d-----w-C:\Windows\SysWow64\XPSViewer
2012-10-02 21:42:21--------d-----w-C:\Windows\SysWow64\wbem\sv-SE
2012-10-02 21:42:21--------d-----w-C:\Windows\SysWow64\sv
2012-10-02 21:42:21--------d-----w-C:\Windows\SysWow64\drivers\sv-SE
2012-10-02 21:42:16--------d-----w-C:\Windows\System32\sv
2012-10-02 21:42:16--------d-----w-C:\Windows\System32\drivers\UMDF\sv-SE
2012-10-02 21:42:16--------d-----w-C:\Windows\System32\drivers\sv-SE
2012-10-02 21:42:15--------d-----w-C:\Windows\System32\wbem\sv-SE
2012-10-02 21:42:08--------d-----w-C:\Windows\sv-SE
2012-10-02 21:04:00514560----a-w-C:\Windows\SysWow64\qdvd.dll
2012-10-02 21:04:00366592----a-w-C:\Windows\System32\qdvd.dll
2012-10-02 21:03:55245760----a-w-C:\Windows\System32\OxpsConverter.exe
2012-10-02 21:03:54376688----a-w-C:\Windows\System32\drivers\netio.sys
2012-10-02 21:03:54288624----a-w-C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-10-02 21:03:541913200----a-w-C:\Windows\System32\drivers\tcpip.sys
2012-10-02 21:03:52950128----a-w-C:\Windows\System32\drivers\ndis.sys
2012-10-02 21:03:5241472----a-w-C:\Windows\System32\drivers\RNDISMP.sys
2012-10-02 20:56:4873728----a-w-C:\Windows\SysWow64\ISUSPM.cpl
2012-10-02 20:56:4831272----a-w-C:\Windows\System32\AppleChargerSrv.exe
2012-10-02 20:56:4821544----a-w-C:\Windows\System32\drivers\AppleCharger.sys
2012-10-02 20:56:48--------d-----w-C:\Program Files\GIGABYTE
2012-10-02 20:56:48--------d-----w-C:\Program Files (x86)\GIGABYTE
2012-10-02 20:56:4781920----a-w-C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
2012-10-02 20:56:47581632----a-w-C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe
2012-10-02 20:56:47385024----a-w-C:\Program Files (x86)\Common Files\InstallShield\UpdateService\_ispmres.dll
2012-10-02 20:56:47368640----a-w-C:\Program Files (x86)\Common Files\InstallShield\UpdateService\_isusres.dll
2012-10-02 20:56:47278528----a-w-C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISDM.exe
2012-10-02 20:56:47221184----a-w-C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
2012-10-02 20:55:35--------d-----w-C:\Program Files (x86)\NEC Electronics
2012-10-02 20:54:59--------d-----w-C:\Program Files\ATI
2012-10-02 20:54:5038456----a-w-C:\Windows\System32\drivers\usbfilter.sys
2012-10-02 20:54:49--------d-----w-C:\Program Files (x86)\AMD
2012-10-02 20:54:1070200----a-w-C:\Windows\System32\drivers\amdsata.sys
2012-10-02 20:54:1028728----a-w-C:\Windows\System32\drivers\amdxata.sys
2012-10-02 20:54:031976944------r-C:\Windows\SysWow64\xRaidSetup.exe
2012-10-02 20:54:03158320------r-C:\Windows\SysWow64\xRaidAPI.dll
2012-10-02 20:54:0272304------r-C:\Windows\SysWow64\XSrvSetup.exe
2012-10-02 20:53:59--------d-----w-C:\RaidTool
2012-10-02 20:53:2316440----a-w-C:\Windows\System32\drivers\AtiPcie.sys
2012-10-02 20:53:15115312----a-w-C:\Windows\System32\drivers\jraid.sys
2012-10-02 20:53:13--------d-----w-C:\Windows\RaidTool
2012-10-02 20:52:5463488----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2012-10-02 20:52:52184320----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2012-10-02 20:52:5169714----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2012-10-02 20:52:515632----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2012-10-02 20:52:51274432----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2012-10-02 20:52:50753664----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2012-10-02 20:52:48200836----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2012-10-02 20:52:47331908----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2012-10-02 20:52:11107552----a-w-C:\Windows\System32\RTNUninst64.dll
2012-10-02 20:52:1074272----a-w-C:\Windows\System32\RtNicProp64.dll
2012-10-02 20:52:10347680----a-w-C:\Windows\System32\drivers\Rt64win7.sys
2012-10-02 20:27:59489744----a-w-C:\Windows\System32\DTSSymmetryDLL64.dll
2012-10-02 20:03:02--------d-----w-C:\Users\Kristina\AppData\Local\Macromedia
2012-10-02 20:01:12--------d-----w-C:\Users\Kristina\AppData\Local\Mozilla
2012-10-02 16:50:54--------d-----w-C:\Spara
2012-10-02 16:50:16--------d-----w-C:\Windows\System32\SPReview
2012-10-02 16:49:52--------d-----r-C:\Users\Kristina\Favoriter
2012-10-02 16:49:41--------d-----w-C:\Windows\System32\EventProviders
2012-10-02 16:20:0448976----a-w-C:\Windows\System32\netfxperf.dll
2012-10-02 16:20:041942856----a-w-C:\Windows\System32\dfshim.dll
2012-10-02 16:20:001130824----a-w-C:\Windows\SysWow64\dfshim.dll
2012-10-02 16:18:5998304----a-w-C:\Windows\SysWow64\fphc.dll
2012-10-02 16:01:5498816----a-w-C:\Windows\System32\drivers\usbccgp.sys
2012-10-02 15:59:211139200----a-w-C:\Windows\System32\FntCache.dll
2012-10-02 15:59:20902656----a-w-C:\Windows\System32\d2d1.dll
2012-10-02 15:59:20739840----a-w-C:\Windows\SysWow64\d2d1.dll
2012-10-02 01:30:38185696----a-w-C:\Windows\System32\drivers\avgldx64.sys
2012-10-01 02:35:07--------d-----w-C:\Windows\SysWow64\Wat
2012-10-01 02:35:07--------d-----w-C:\Windows\System32\Wat
2012-10-01 02:15:09--------d-----w-C:\ProgramData\NVIDIA Corporation
2012-10-01 02:15:05--------d-----w-C:\Program Files\NVIDIA Corporation
2012-10-01 02:15:05--------d-----w-C:\Program Files (x86)\NVIDIA Corporation
2012-10-01 01:28:35294912----a-w-C:\Windows\System32\browserchoice.exe
2012-10-01 01:06:2881408----a-w-C:\Windows\System32\imagehlp.dll
2012-10-01 01:06:285120----a-w-C:\Windows\SysWow64\wmi.dll
2012-10-01 01:06:285120----a-w-C:\Windows\System32\wmi.dll
2012-10-01 01:06:2823408----a-w-C:\Windows\System32\drivers\fs_rec.sys
2012-10-01 01:06:28159232----a-w-C:\Windows\SysWow64\imagehlp.dll
2012-09-30 23:28:29--------d-----w-C:\Windows\Panther
2012-09-30 22:52:5633792----a-w-C:\Windows\System32\profprov.dll
2012-09-30 22:52:56209920----a-w-C:\Windows\System32\profsvc.dll
2012-09-30 22:52:1959392----a-w-C:\Windows\System32\browcli.dll
2012-09-30 22:52:1941984----a-w-C:\Windows\SysWow64\browcli.dll
2012-09-30 22:52:19136704----a-w-C:\Windows\System32\browser.dll
2012-09-30 22:52:1164512----a-w-C:\Windows\SysWow64\devobj.dll
2012-09-30 22:52:1144544----a-w-C:\Windows\SysWow64\devrtl.dll
2012-09-30 22:52:11404480----a-w-C:\Windows\System32\umpnpmgr.dll
2012-09-30 22:52:11252928----a-w-C:\Windows\SysWow64\drvinst.exe
2012-09-30 22:52:11207872----a-w-C:\Windows\System32\cfgmgr32.dll
2012-09-30 22:52:11145920----a-w-C:\Windows\SysWow64\cfgmgr32.dll
2012-09-30 22:51:59574464----a-w-C:\Windows\System32\d3d10level9.dll
2012-09-30 22:51:59490496----a-w-C:\Windows\SysWow64\d3d10level9.dll
2012-09-30 22:51:573216384----a-w-C:\Windows\System32\msi.dll
2012-09-30 22:51:572342400----a-w-C:\Windows\SysWow64\msi.dll
2012-09-30 22:51:48976896----a-w-C:\Windows\System32\inetcomm.dll
2012-09-30 22:51:48741376----a-w-C:\Windows\SysWow64\inetcomm.dll
2012-09-30 22:50:281395712----a-w-C:\Windows\System32\mfc42.dll
2012-09-30 22:50:281359872----a-w-C:\Windows\System32\mfc42u.dll
2012-09-30 22:50:271164288----a-w-C:\Windows\SysWow64\mfc42u.dll
2012-09-30 22:50:271137664----a-w-C:\Windows\SysWow64\mfc42.dll
2012-09-30 22:50:269216----a-w-C:\Windows\System32\rdrmemptylst.exe
2012-09-30 22:50:2677312----a-w-C:\Windows\System32\rdpwsx.dll
2012-09-30 22:50:26149504----a-w-C:\Windows\System32\rdpcorekmts.dll
2012-09-30 22:41:34--------d-----w-C:\Users\Kristina\AppData\Roaming\AVG2013
2012-09-30 22:41:07690688----a-w-C:\Windows\SysWow64\msvcrt.dll
2012-09-30 22:41:07634880----a-w-C:\Windows\System32\msvcrt.dll
2012-09-30 22:40:583148800----a-w-C:\Windows\System32\win32k.sys
2012-09-30 22:40:3690624----a-w-C:\Windows\System32\drivers\bowser.sys
2012-09-30 22:40:17--------d-----w-C:\Users\Kristina\AppData\Roaming\TuneUp Software
2012-09-30 22:39:27--------d--h--w-C:\$AVG
2012-09-30 22:39:27--------d-----w-C:\ProgramData\AVG2013
2012-09-30 22:38:569308616----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E686AF26-19E7-487A-B624-72DBD140D894}\mpengine.dll
2012-09-30 22:38:54279656------w-C:\Windows\System32\MpSigStub.exe
2012-09-30 22:38:262164224----a-w-C:\Program Files\Windows Journal\Journal.exe
2012-09-30 22:38:261732096----a-w-C:\Program Files\Windows Journal\NBDoc.DLL
2012-09-30 22:38:25936960----a-w-C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-09-30 22:38:251402880----a-w-C:\Program Files\Windows Journal\JNWDRV.dll
2012-09-30 22:38:251393664----a-w-C:\Program Files\Windows Journal\JNTFiltr.dll
2012-09-30 22:38:251367552----a-w-C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-09-30 22:37:49--------d-----w-C:\Program Files (x86)\AVG
2012-09-30 22:37:06--------d--h--w-C:\ProgramData\Common Files
2012-09-30 22:37:06--------d-----w-C:\Users\Kristina\AppData\Local\MFAData
2012-09-30 22:37:06--------d-----w-C:\Users\Kristina\AppData\Local\Avg2013
2012-09-30 22:37:06--------d-----w-C:\ProgramData\MFAData
2012-09-30 22:35:20--------d-----w-C:\Windows\PCHEALTH
2012-09-30 22:29:53142336----a-w-C:\Windows\System32\poqexec.exe
2012-09-30 22:28:53509952----a-w-C:\Windows\System32\ntshrui.dll
2012-09-30 22:23:18889416-c--a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\30fc36a01cd9f5a01\dotNetFx40_Full_setup.exe
2012-09-30 22:23:17--------d-----w-C:\Users\Kristina\AppData\Local\Windows Live
2012-09-30 22:23:12--------d-----w-C:\Program Files (x86)\Common Files\Windows Live
2012-09-30 22:21:5977312----a-w-C:\Windows\System32\packager.dll
2012-09-30 22:21:5967072----a-w-C:\Windows\SysWow64\packager.dll
2012-09-30 22:15:312622464----a-w-C:\Windows\System32\wucltux.dll
2012-09-30 22:15:2699840----a-w-C:\Windows\System32\wudriver.dll
2012-09-30 22:15:1936864----a-w-C:\Windows\System32\wuapp.exe
2012-09-30 22:15:19186752----a-w-C:\Windows\System32\wuwebv.dll
.
==================== Find3M ====================
.
2012-10-10 16:47:1273656----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-10 16:47:12696760----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-02 21:41:332560----a-w-C:\Windows\SysWow64\drivers\sv-SE\qwavedrv.sys.mui
2012-10-02 21:41:255632----a-w-C:\Windows\SysWow64\drivers\sv-SE\ndiscap.sys.mui
2012-10-02 21:41:252560----a-w-C:\Windows\SysWow64\drivers\sv-SE\scfilter.sys.mui
2012-10-02 21:41:2247104----a-w-C:\Windows\SysWow64\drivers\sv-SE\tcpip.sys.mui
2012-10-02 21:41:2015872----a-w-C:\Windows\SysWow64\drivers\sv-SE\pacer.sys.mui
2012-10-02 21:41:1928672----a-w-C:\Windows\SysWow64\drivers\sv-SE\bfe.dll.mui
2012-10-02 20:39:10152576----a-w-C:\Windows\SysWow64\msclmd.dll
2012-10-02 20:39:09175616----a-w-C:\Windows\System32\msclmd.dll
2012-09-21 01:46:04200032----a-w-C:\Windows\System32\drivers\avgtdia.sys
2012-09-21 01:46:00225120----a-w-C:\Windows\System32\drivers\avgloga.sys
2012-09-21 01:45:5061792----a-w-C:\Windows\System32\drivers\avgidsha.sys
2012-09-14 19:19:292048----a-w-C:\Windows\System32\tzres.dll
2012-09-14 18:28:532048----a-w-C:\Windows\SysWow64\tzres.dll
2012-09-14 01:05:1840800----a-w-C:\Windows\System32\drivers\avgrkx64.sys
2012-09-13 01:11:18151904----a-w-C:\Windows\System32\drivers\avgidsdrivera.sys
2012-09-12 14:07:4458368----a-w-C:\Windows\SysWow64\sirenacm.dll
2012-09-04 09:39:3250296----a-w-C:\Windows\System32\drivers\avgfwd6a.sys
2012-08-31 18:19:351659760----a-w-C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:03:455559664----a-w-C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:023968880----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:023914096----a-w-C:\Windows\SysWow64\ntoskrnl.exe
2012-08-30 08:40:14429416----a-w-C:\Windows\SysWow64\nvStreaming.exe
2012-08-24 18:05:07220160----a-w-C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48172544----a-w-C:\Windows\SysWow64\wintrust.dll
2012-08-20 18:48:44362496----a-w-C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44243200----a-w-C:\Windows\System32\wow64.dll
2012-08-20 18:48:4413312----a-w-C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43215040----a-w-C:\Windows\System32\winsrv.dll
2012-08-20 18:48:3716384----a-w-C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35424448----a-w-C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22338432----a-w-C:\Windows\System32\conhost.exe
2012-08-20 17:40:2114336----a-w-C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:4444032----a-w-C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:2625600----a-w-C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:195120----a-w-C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18274944----a-w-C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:217680----a-w-C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:202048----a-w-C:\Windows\SysWow64\user.exe
2012-08-20 15:33:286144---ha-w-C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:284608---ha-w-C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:283584---ha-w-C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:283072---ha-w-C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 21:54:07,54 ===============

 

[Broni]

• Download RogueKiller on the desktop
• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

=========================================

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

=========================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.