[Closed]Help in removal of Trojan.agent

[damasry]

hello, i have windows 7 and my windows and my browsers have been very slow for one week now and spyware doctor says it contains trojan.agent but every time i delete the infected files i keep getting it again after rebooting.

I followed your instructions and here you are the logs i got in order:

Malware Bytes Log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7866

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

10/4/2011 6:25:58 PM
mbam-log-2011-10-04 (18-25-58).txt

Scan type: Quick scan
Objects scanned: 243554
Time elapsed: 43 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

=======================================================

GMER log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-10-04 18:38:15
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 WDC_WD3200AAJS-00B4A0 rev.01.03A01
Running: gmer.exe; Driver: C:\Users\damasry\AppData\Local\Temp\kftiifow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \Driver\tdx \Device\Ip pctgntdi.sys
AttachedDevice \Driver\tdx \Device\Tcp pctgntdi.sys
AttachedDevice \Driver\tdx \Device\Udp pctgntdi.sys
AttachedDevice \Driver\tdx \Device\RawIp pctgntdi.sys

---- EOF - GMER 1.0.15 ----

=============================================================

DDS Log:

DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by damasry at 18:58:01 on 2011-10-04
Microsoft Windows 7 Ultimate 6.1.7600.0.1256.20.1033.18.2046.1354 [GMT 2:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No File
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [cdloader] "c:\users\damasry\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [tcactive] d:\program files\the cleaner\tcap.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [PrintDisp] c:\windows\system32\PrintDisp.exe
mRun: [TaskTray]
mRun: [BDAgent] "d:\program files\bitdefender\bitdefender 2012\bdagent.exe"
mRun: [SpywareTerminatorShield] c:\program files\spyware terminator\SpywareTerminatorShield.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
StartupFolder: c:\users\damasry\appdata\roaming\micros~1\windows\startm~1\programs\startup\window~1.lnk - c:\windows\system32\WFS.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoca~1.lnk - c:\program files\common files\autodesk shared\acstart17.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vistaf~1.lnk - c:\program files\common files\imagemaker\Vstdaemon.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableSecureUIAPaths = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{14676F0B-C82F-4051-B8B2-7E0A9D3D236A} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9523A78C-802D-475A-9C8D-50917A66A19E} : DhcpNameServer = 192.168.1.1
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\damasry\appdata\roaming\mozilla\firefox\profiles\xhchvlfs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.infoaxe.com/enhancedsearch_add.jsp?cx=partner-pub-6808396145675874:xl345tirlb7&cof=FORID:10&ie=ISO-8859-1&tracking=100,ff,4.0.1,-1,-1,-1&q=
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\users\damasry\appdata\roaming\idm\idmmzcc3\components\idmmzcc.dll
FF - component: c:\users\damasry\appdata\roaming\mozilla\firefox\profiles\xhchvlfs.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\damasry\appdata\roaming\mozilla\firefox\profiles\xhchvlfs.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: d:\program files\google\picasa3\npPicasa3.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin7.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-9-25 326688]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-9-25 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-9-25 656320]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-9-25 54328]
R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-9-25 79512]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2011-7-15 240184]
S0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2011-9-21 596600]
S1 bdfwfpf;bdfwfpf;c:\program files\common files\bitdefender\bitdefender firewall\bdfwfpf.sys [2011-9-21 90704]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [2010-1-19 85128]
S1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-9-25 252712]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-9-25 184536]
S1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [2011-9-25 32768]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-24 136176]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
S2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2011-2-12 85768]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2011-3-21 196928]
S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-3-21 68928]
S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2011-9-25 162200]
S2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [2011-5-1 77824]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-9-25 371472]
S2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-9-25 1117144]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2011-9-8 736672]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files\spyware terminator\st_rsser.exe [2011-9-25 573104]
S2 UPDATESRV;BitDefender Desktop Update Service;d:\program files\bitdefender\bitdefender 2012\updatesrv.exe [2011-7-22 50128]
S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2011-9-21 454960]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [2011-9-21 62544]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-12-22 14216]
S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-12-22 8456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-24 136176]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2011-9-25 89472]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [2011-9-25 56536]
S3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2011-9-25 56536]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2011-9-25 125888]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2011-9-25 70664]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-9-25 35264]
S3 ThreatFire;ThreatFire;c:\program files\pc tools security\tfengine\tfservice.exe service --> c:\program files\pc tools security\tfengine\TFService.exe service [?]
S3 Update Server;BitDefender Update Server v2;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2011-9-21 307544]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-8-13 1343400]
S3 Winacusb;Winacusb;c:\windows\system32\drivers\winacusb.sys [2006-7-27 829952]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2011-10-04 16:57:48 607260 ------r- c:\users\damasry\dds.scr
2011-10-04 07:42:34 -------- d-----w- c:\users\damasry\appdata\local\{4FEE63AF-BD2B-4E20-8E9F-3FD4BB303537}
2011-10-04 07:42:22 -------- d-----w- c:\users\damasry\appdata\local\{4576E36A-BBA1-488D-B66E-9D91D1BA0C80}
2011-10-03 10:35:27 -------- d-----w- c:\users\damasry\appdata\local\{1A36F54C-7E97-4F92-A208-B0D39019E28A}
2011-10-03 10:35:14 -------- d-----w- c:\users\damasry\appdata\local\{7B6E89C9-EFF8-415D-A8AC-182D3371094D}
2011-10-03 10:10:16 -------- d-----w- c:\users\damasry\appdata\local\{1F0B8D8A-6115-4AAB-8B39-8D8C60299B77}
2011-10-03 10:10:01 -------- d-----w- c:\users\damasry\appdata\local\{B00C4182-32B9-4A74-B721-053EB74549A4}
2011-10-02 19:52:03 -------- d-----w- c:\users\damasry\appdata\local\{6C8FA81D-41D5-48D4-9FFA-32EA47ED3CCA}
2011-10-02 19:51:52 -------- d-----w- c:\users\damasry\appdata\local\{27236C95-3202-4397-98BC-AB97F39E4EE0}
2011-10-02 07:51:24 -------- d-----w- c:\users\damasry\appdata\local\{17FD2F7B-28B1-4D22-8EC5-3A819D669DAC}
2011-10-02 07:51:11 -------- d-----w- c:\users\damasry\appdata\local\{D0948FD4-4F4F-4093-8F50-35143516AA6A}
2011-10-01 19:50:45 -------- d-----w- c:\users\damasry\appdata\local\{CFF957CF-3AA2-488D-92E6-28C3C8492329}
2011-10-01 19:50:34 -------- d-----w- c:\users\damasry\appdata\local\{77DF7F55-AF83-41BB-A171-E6DA80845FE4}
2011-10-01 19:50:23 -------- d-----w- c:\users\damasry\appdata\local\{DDE1746B-722E-4CDF-BBA1-4273D9DAE689}
2011-10-01 19:50:11 -------- d-----w- c:\users\damasry\appdata\local\{62A45E3C-AC05-487B-B958-41CB1E67C6FD}
2011-10-01 07:49:43 -------- d-----w- c:\users\damasry\appdata\local\{D2432527-CEF8-4FF2-9F97-97A2681BE2FB}
2011-10-01 07:49:24 -------- d-----w- c:\users\damasry\appdata\local\{B6691D51-079E-47C3-8AA1-7896F3B4A6FD}
2011-10-01 07:49:09 -------- d-----w- c:\users\damasry\appdata\local\{AF98533E-E748-4181-9B7E-5310F8EA00F1}
2011-09-30 18:55:13 -------- d-----w- c:\users\damasry\appdata\local\{22EF7C0E-F3F1-4EEF-8D81-942F88D5F10C}
2011-09-30 18:55:00 -------- d-----w- c:\users\damasry\appdata\local\{7BCA7B18-4A5A-488D-8E85-784EEF4F4639}
2011-09-30 06:54:25 -------- d-----w- c:\users\damasry\appdata\local\{E0070D71-A41F-4CC7-B575-91CAF7B196E4}
2011-09-30 06:54:13 -------- d-----w- c:\users\damasry\appdata\local\{76250ABB-F8D5-47BC-B8C0-3B29FF253415}
2011-09-29 06:34:54 -------- d-----w- c:\users\damasry\appdata\local\{9B20D35F-573D-43C7-8449-09F1A197D647}
2011-09-29 06:34:33 -------- d-----w- c:\users\damasry\appdata\local\{31E1CA9C-DF3B-401A-9018-92191CD58AD8}
2011-09-28 11:49:05 -------- d-----w- c:\users\damasry\appdata\local\{41A2637E-DB13-4362-BE91-E9581BC01122}
2011-09-28 11:48:55 -------- d-----w- c:\users\damasry\appdata\local\{B8A2C91D-1328-465F-BD4F-4A0331A73E7A}
2011-09-28 11:48:43 -------- d-----w- c:\users\damasry\appdata\local\{6F8F3DFC-C863-47C5-8DF4-F552CD30467C}
2011-09-28 11:48:32 -------- d-----w- c:\users\damasry\appdata\local\{D2E9935E-D186-4EC2-8A32-3AD53C48E28C}
2011-09-27 23:47:59 -------- d-----w- c:\users\damasry\appdata\local\{F182A376-80B8-479C-8CC5-3320C161E5B3}
2011-09-27 23:47:44 -------- d-----w- c:\users\damasry\appdata\local\{842A6D21-011C-4400-B034-6392002AD6AA}
2011-09-27 18:23:11 -------- d-----w- c:\users\damasry\appdata\local\{BAC988D8-DA11-4BBF-9EB1-9DDC2802150D}
2011-09-27 18:22:59 -------- d-----w- c:\users\damasry\appdata\local\{65466C91-E544-4A6E-B0F9-A83F0D1DAA5D}
2011-09-27 06:22:32 -------- d-----w- c:\users\damasry\appdata\local\{0F0E9EEB-61BF-4354-B49A-0F8CEF1803B8}
2011-09-27 06:22:19 -------- d-----w- c:\users\damasry\appdata\local\{85911310-6EA6-4107-BA91-7B8F5F87E3C3}
2011-09-26 13:41:15 -------- d-----w- c:\users\damasry\appdata\local\{06EF011F-E343-4C90-82F8-D8EE04783841}
2011-09-26 13:41:03 -------- d-----w- c:\users\damasry\appdata\local\{E123EB80-C40C-47C6-BC8B-755978A4B973}
2011-09-25 22:27:16 -------- d-----w- c:\users\damasry\appdata\local\{881BDCEA-0C13-47DB-A36A-950D97AA1D7E}
2011-09-25 22:27:03 -------- d-----w- c:\users\damasry\appdata\local\{D1E929E5-C7FA-45D3-8832-F9C33FF824E0}
2011-09-25 10:36:21 110080 ----a-r- c:\users\damasry\appdata\roaming\microsoft\installer\{d3f93a5a-7a5d-4867-b2a1-6f46500d006c}\IconF7A21AF7.exe
2011-09-25 10:36:21 110080 ----a-r- c:\users\damasry\appdata\roaming\microsoft\installer\{d3f93a5a-7a5d-4867-b2a1-6f46500d006c}\IconD7F16134.exe
2011-09-25 10:36:21 110080 ----a-r- c:\users\damasry\appdata\roaming\microsoft\installer\{d3f93a5a-7a5d-4867-b2a1-6f46500d006c}\IconCF33A0CE.exe
2011-09-25 10:36:20 -------- d-----w- C:\sh4ldr
2011-09-25 10:36:20 -------- d-----w- c:\program files\Enigma Software Group
2011-09-25 10:36:08 -------- d-----w- c:\windows\D3F93A5A7A5D4867B2A16F46500D006C.TMP
2011-09-25 10:36:07 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-09-25 10:26:36 -------- d-----w- c:\users\damasry\appdata\local\{A3698F38-1651-476A-89BB-CBB28C0F993D}
2011-09-25 10:26:25 -------- d-----w- c:\users\damasry\appdata\local\{6FEB7622-94EF-457B-83CF-737B879188F7}
2011-09-25 10:08:50 -------- d-s---w- C:\ComboFix
2011-09-25 09:35:40 388096 ----a-r- c:\users\damasry\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-09-25 09:35:40 -------- d-----w- c:\program files\Trend Micro
2011-09-25 07:39:24 -------- d-----w- c:\programdata\moosoft
2011-09-25 07:04:30 -------- d-----w- c:\users\damasry\appdata\roaming\thecleaner
2011-09-24 22:51:49 -------- d-----w- c:\users\damasry\appdata\roaming\PCToolsFirewallPlus
2011-09-24 22:51:48 -------- d-----w- c:\users\damasry\appdata\roaming\Spam Monitor
2011-09-24 22:51:47 79512 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2011-09-24 22:51:47 35264 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2011-09-24 22:51:45 54328 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2011-09-24 22:46:55 125888 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2011-09-24 22:46:40 56536 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2011-09-24 22:46:38 89472 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2011-09-24 22:46:38 31960 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2011-09-24 22:40:22 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-09-24 22:40:21 -------- d-----w- c:\users\damasry\appdata\roaming\Spyware Terminator
2011-09-24 22:40:21 -------- d-----w- c:\programdata\Spyware Terminator
2011-09-24 22:32:53 -------- d-----w- c:\program files\Spyware Terminator
2011-09-24 22:27:05 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-09-24 22:27:05 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-09-24 22:27:04 252712 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-09-24 22:27:04 107864 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-09-24 22:26:57 326688 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-09-24 22:26:57 162200 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-09-24 22:26:55 184536 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2011-09-24 22:26:52 70664 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-09-24 22:26:37 -------- d-----w- c:\program files\common files\PC Tools
2011-09-24 22:25:57 -------- d-----w- c:\users\damasry\appdata\local\{BBFCFE05-BDC9-40B8-90E6-C22459670715}
2011-09-24 22:25:38 -------- d-----w- c:\users\damasry\appdata\local\{75E46D0D-A3AC-4B88-B937-A10B8C8FE3E3}
2011-09-24 21:25:02 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-24 21:25:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-24 19:16:43 767952 ----a-w- c:\windows\BDTSupport.dll0900.old
2011-09-24 19:16:43 2189264 ----a-w- c:\windows\PCTBDCore.dll0900.old
2011-09-24 19:16:43 149456 ----a-w- c:\windows\SGDetectionTool.dll0900.old
2011-09-24 19:05:47 -------- d-----w- c:\program files\PC Tools Security
2011-09-24 19:01:11 -------- d-----w- c:\programdata\PC Tools
2011-09-24 08:09:33 -------- d-----w- c:\users\damasry\appdata\local\{F9F60620-7B56-47CE-B9A6-27DE0352B6FB}
2011-09-24 08:09:18 -------- d-----w- c:\users\damasry\appdata\local\{12BBF734-E148-4077-8C91-A1F85F75DA49}
2011-09-24 08:09:05 -------- d-----w- c:\users\damasry\appdata\local\{F2381D3B-A68C-49CD-814F-B0E810390BAE}
2011-09-24 08:08:49 -------- d-----w- c:\users\damasry\appdata\local\{9AE78F04-4616-4FDA-A27D-78DBDDAA9B54}
2011-09-23 07:42:17 -------- d-----w- c:\users\damasry\appdata\local\{D88924A2-0D71-4175-81B3-5AAD4BFA557E}
2011-09-23 07:42:01 -------- d-----w- c:\users\damasry\appdata\local\{A9055CC9-1988-4FC1-BCE0-88CA0E22F1EF}
2011-09-23 07:41:45 -------- d-----w- c:\users\damasry\appdata\local\{7CC49B8B-103F-4678-B487-B1C5133DD96E}
2011-09-22 15:45:10 -------- d-----w- c:\users\damasry\appdata\local\{73993E49-9090-4F0C-A5A7-B5D5F98C6558}
2011-09-22 15:44:58 -------- d-----w- c:\users\damasry\appdata\local\{41EDE5A6-F0F6-433E-920C-99043BB9486C}
2011-09-22 15:25:21 -------- d-----w- c:\users\damasry\appdata\local\{01FB76BF-BE22-4EE4-84A1-2C7BE2E876B4}
2011-09-22 15:25:05 -------- d-----w- c:\users\damasry\appdata\local\{1D00B5BE-C394-4D99-8CE7-CD221372298D}
2011-09-22 11:17:17 -------- d-----w- c:\users\damasry\appdata\local\{76E5C462-EEF8-4CE2-9F0A-BC31B477E73D}
2011-09-21 22:20:44 -------- d-----w- c:\users\damasry\appdata\local\{11F4959D-B122-4537-B12E-03CF68E1971E}
2011-09-21 22:20:31 -------- d-----w- c:\users\damasry\appdata\local\{BD0CC30F-D8FD-4582-91B3-8215866ADCD0}
2011-09-21 21:57:27 62544 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2011-09-21 21:56:35 454960 ----a-w- c:\windows\system32\drivers\avckf.sys
2011-09-21 21:55:56 596600 ----a-w- c:\windows\system32\drivers\avc3.sys
2011-09-21 19:57:38 -------- d-----w- c:\users\damasry\appdata\local\Method123 Ltd
2011-09-21 19:57:34 -------- d-----w- c:\users\damasry\appdata\local\IsolatedStorage
2011-09-21 19:57:32 -------- d-----w- c:\users\damasry\appdata\local\ApplicationHistory
2011-09-21 19:51:20 -------- d-----w- c:\windows\system32\URTTEMP
2011-09-21 10:20:02 -------- d-----w- c:\users\damasry\appdata\local\{B1E818AC-C1F7-49AE-8CB7-1FB28B1CC063}
2011-09-21 10:19:49 -------- d-----w- c:\users\damasry\appdata\local\{18DF3E0C-197F-458A-B7EB-9A24ECCA9355}
2011-09-20 18:59:40 -------- d-----w- c:\users\damasry\appdata\local\{76531812-AA4B-4E1E-B912-A548768D76D4}
2011-09-20 18:59:28 -------- d-----w- c:\users\damasry\appdata\local\{B130706B-D821-40E1-87AF-F88B4BE0A784}
2011-09-20 06:59:00 -------- d-----w- c:\users\damasry\appdata\local\{562EC33E-3786-47FA-8A47-577D27CB35BE}
2011-09-20 06:58:47 -------- d-----w- c:\users\damasry\appdata\local\{E912E281-B91A-44C6-8459-762D907F2459}
2011-09-19 18:42:34 -------- d-----w- c:\users\damasry\appdata\local\{FC9B46AE-712C-403F-83B2-0389D9EA2065}
2011-09-19 18:42:23 -------- d-----w- c:\users\damasry\appdata\local\{87F03C0F-1EA2-4456-ADDF-B591946D9DB9}
2011-09-19 18:42:11 -------- d-----w- c:\users\damasry\appdata\local\{03DD20DE-B8BD-41B9-AB69-9ADC88059E28}
2011-09-19 18:42:00 -------- d-----w- c:\users\damasry\appdata\local\{01C2FEF3-A2EE-4E36-8F20-2EBCA7644355}
2011-09-19 06:41:33 -------- d-----w- c:\users\damasry\appdata\local\{78B46A37-922A-4BE0-A157-1391D64C12F0}
2011-09-19 06:41:22 -------- d-----w- c:\users\damasry\appdata\local\{26493D5C-3570-49E7-B437-7BF41EF97245}
2011-09-19 06:41:10 -------- d-----w- c:\users\damasry\appdata\local\{F245322B-4A8E-4F94-8C84-9BF2290E6777}
2011-09-19 06:40:59 -------- d-----w- c:\users\damasry\appdata\local\{D06287D9-7CFB-4FAE-98CC-DC60353D2233}
2011-09-18 18:40:33 -------- d-----w- c:\users\damasry\appdata\local\{F9C8758B-F358-4637-A9F0-050E15FD5613}
2011-09-18 18:40:21 -------- d-----w- c:\users\damasry\appdata\local\{6793911C-826A-4FFB-862C-E1871776AEB3}
2011-09-18 06:39:49 -------- d-----w- c:\users\damasry\appdata\local\{96F803E2-C16C-4189-953A-0CB469D48953}
2011-09-18 06:39:34 -------- d-----w- c:\users\damasry\appdata\local\{B87B5D02-D58B-486C-AAD3-5931A4B348D5}
2011-09-18 06:39:19 -------- d-----w- c:\users\damasry\appdata\local\{F8EF63C6-FD1A-4617-876C-CC60515BB705}
2011-09-17 14:21:58 -------- d-----w- c:\users\damasry\appdata\local\{0EC038A4-0B2B-4EED-8861-CCC85ECCC0F8}
2011-09-17 14:21:38 -------- d-----w- c:\users\damasry\appdata\local\{8D73FFD6-3C40-4A6D-B04C-FFAD698E2F63}
2011-09-17 02:16:49 -------- d-----w- c:\users\damasry\appdata\local\{4DA03321-7B16-4D46-A7CE-C0903DB8C447}
2011-09-17 02:16:38 -------- d-----w- c:\users\damasry\appdata\local\{31C302F7-FB5A-4D37-8565-D63F11D14890}
2011-09-17 02:16:15 -------- d-----w- c:\users\damasry\appdata\local\{ABDC377A-0ECF-44BE-9BB0-C80A585456AD}
2011-09-16 14:16:01 -------- d-----w- c:\users\damasry\appdata\local\{ED784AB3-9FAF-4840-B367-3DFD9869C948}
2011-09-16 14:15:46 -------- d-----w- c:\users\damasry\appdata\local\{9F58757E-0F71-46D2-B377-3C48F18107D9}
2011-09-16 11:00:38 -------- d-----w- c:\users\damasry\appdata\local\{CBFF662A-7CA3-4CC3-A7DD-ABDE336CAC28}
2011-09-16 10:58:51 -------- d-----w- c:\users\damasry\appdata\local\{BBA54549-66EC-4C38-9CBA-522D4AC48497}
2011-09-16 09:03:25 -------- d-----w- c:\users\damasry\appdata\local\{3EB228B2-6ECF-4E2F-9D82-B36F30313982}
2011-09-15 19:53:50 -------- d-----w- c:\users\damasry\appdata\local\{E45C9480-BFD8-4869-85DD-0EF837E20B75}
2011-09-15 19:53:39 -------- d-----w- c:\users\damasry\appdata\local\{5AE1EC66-F5A8-4E4A-B34E-0378C480BFDA}
2011-09-15 07:53:13 -------- d-----w- c:\users\damasry\appdata\local\{1D3E3445-AF20-42D2-AC75-ED391D487A12}
2011-09-15 07:53:01 -------- d-----w- c:\users\damasry\appdata\local\{18135BF0-1CCC-4121-9B36-73805F205753}
2011-09-15 07:51:50 -------- d-----w- c:\users\damasry\appdata\local\{667BB04D-16B2-4D5C-B9A4-A6D019512659}
2011-09-15 07:51:37 -------- d-----w- c:\users\damasry\appdata\local\{AEAE4935-60B5-4BC9-B330-7A72D79592CA}
2011-09-14 19:51:10 -------- d-----w- c:\users\damasry\appdata\local\{E41F8CDC-52E1-41B7-89E4-FD7CBEAD2CC7}
2011-09-14 19:50:58 -------- d-----w- c:\users\damasry\appdata\local\{80556366-E20C-4EA4-8445-67886C359163}
2011-09-14 07:50:31 -------- d-----w- c:\users\damasry\appdata\local\{9E0D12D9-B90C-4F13-A385-486760D5337C}
2011-09-14 07:50:20 -------- d-----w- c:\users\damasry\appdata\local\{8AD84375-DD02-4966-84BF-B4506A9B931C}
2011-09-14 07:50:08 -------- d-----w- c:\users\damasry\appdata\local\{55EC3CCA-C094-4178-A179-096CEECCBB3C}
2011-09-14 07:49:56 -------- d-----w- c:\users\damasry\appdata\local\{A3D0A680-CB28-4DFE-B4A4-8D115464560D}
2011-09-13 19:49:29 -------- d-----w- c:\users\damasry\appdata\local\{481E9B34-838F-45A8-9BAC-A367CE8C9C2C}
2011-09-13 19:49:17 -------- d-----w- c:\users\damasry\appdata\local\{F7E7BE9D-646D-49F2-B0E8-BD8B88276529}
2011-09-13 07:48:50 -------- d-----w- c:\users\damasry\appdata\local\{28586FA0-8B7F-4290-91A1-8AEE1F95C07B}
2011-09-13 07:48:37 -------- d-----w- c:\users\damasry\appdata\local\{7EBA8246-732B-4936-8C3E-CD4EB906401C}
2011-09-12 19:48:11 -------- d-----w- c:\users\damasry\appdata\local\{B48EFA8D-4E85-486E-8A61-E8B83C62721D}
2011-09-12 19:47:59 -------- d-----w- c:\users\damasry\appdata\local\{8DE118F1-031C-46D8-941A-4DAEBDB6BB89}
2011-09-12 07:47:33 -------- d-----w- c:\users\damasry\appdata\local\{D8554E64-E0D7-442C-BE0C-56623BC6A210}
2011-09-12 07:47:22 -------- d-----w- c:\users\damasry\appdata\local\{BD6AA239-9986-4B5A-8734-3DB6B7FDBF9D}
2011-09-12 07:47:09 -------- d-----w- c:\users\damasry\appdata\local\{BB026501-ACA1-4954-90CA-193375449198}
2011-09-12 07:46:58 -------- d-----w- c:\users\damasry\appdata\local\{83AF7716-5B7E-4CED-83B0-3DC6FCC34853}
2011-09-11 19:46:31 -------- d-----w- c:\users\damasry\appdata\local\{A7261DF0-C5C6-49D2-B1E7-C147FFEA2F79}
2011-09-11 19:46:18 -------- d-----w- c:\users\damasry\appdata\local\{50A26B33-FE14-48F4-BF0C-6663B72DDF91}
2011-09-11 07:44:47 -------- d-----w- c:\users\damasry\appdata\local\{08CD8F08-C356-4B21-AF48-A7F81DC96B54}
2011-09-11 07:44:35 -------- d-----w- c:\users\damasry\appdata\local\{A9AA7E37-EBBB-4FFE-B041-C6089D7C1E62}
2011-09-10 19:44:10 -------- d-----w- c:\users\damasry\appdata\local\{8D75FBDB-621C-4E3C-A767-4F8F46C86FCC}
2011-09-10 19:43:58 -------- d-----w- c:\users\damasry\appdata\local\{59CE097C-287F-4610-A8F8-122BA691A655}
2011-09-10 19:43:47 -------- d-----w- c:\users\damasry\appdata\local\{1D0513B2-B4F1-4357-9EC5-62143523194E}
2011-09-10 07:43:19 -------- d-----w- c:\users\damasry\appdata\local\{0BE3D832-38B9-4C48-A6C4-A59257C41910}
2011-09-10 07:43:06 -------- d-----w- c:\users\damasry\appdata\local\{A96EF8AA-C9E2-4530-92A4-A670D1252616}
2011-09-09 13:52:46 -------- d-----w- c:\users\damasry\appdata\local\{FC1A8392-9C24-44E8-9A1F-DA93895ED812}
2011-09-09 13:52:35 -------- d-----w- c:\users\damasry\appdata\local\{F9A5B964-814C-4A1F-B129-F251AF32C383}
2011-09-09 13:52:22 -------- d-----w- c:\users\damasry\appdata\local\{E333D15B-1454-440B-83D5-87A2CD1691FF}
2011-09-09 13:52:11 -------- d-----w- c:\users\damasry\appdata\local\{C1A3793E-7F42-4377-A367-02D85A11389F}
2011-09-09 01:51:43 -------- d-----w- c:\users\damasry\appdata\local\{90B708B4-B6DD-4ECA-B832-D17C86C5685F}
2011-09-09 01:51:31 -------- d-----w- c:\users\damasry\appdata\local\{80F19241-356B-4B40-8490-97E983195BE4}
2011-09-08 18:29:45 -------- d-----w- c:\users\damasry\appdata\local\{EF64DD9F-400F-46B8-B9C5-3C4FC24900EB}
2011-09-08 18:29:34 -------- d-----w- c:\users\damasry\appdata\local\{5DB86779-183B-47E9-9799-224182FD0155}
2011-09-08 06:29:06 -------- d-----w- c:\users\damasry\appdata\local\{53499E8F-D2C1-46B0-B1AE-5621ADBC0081}
2011-09-08 06:28:51 -------- d-----w- c:\users\damasry\appdata\local\{2ABB1DCF-427D-47B8-BA2F-0F5D00217C20}
2011-09-08 06:28:39 -------- d-----w- c:\users\damasry\appdata\local\{1C82E595-C318-4E37-B235-3C46637ADE4F}
2011-09-08 06:28:23 -------- d-----w- c:\users\damasry\appdata\local\{69F9F9CF-8186-463E-9DEF-96EDCA9091B0}
2011-09-07 14:00:50 -------- d-----w- c:\users\damasry\appdata\local\{D0170C19-1236-459D-B341-E536E282E35D}
2011-09-07 14:00:38 -------- d-----w- c:\users\damasry\appdata\local\{8641A72E-C18A-4B08-8DA2-479389EEC4E4}
2011-09-07 02:00:10 -------- d-----w- c:\users\damasry\appdata\local\{DBF02422-3BE2-439E-A9CF-BE178F4DE866}
2011-09-07 01:59:58 -------- d-----w- c:\users\damasry\appdata\local\{7DC4642B-47EF-4671-9F0F-ED0BC6B3A292}
2011-09-06 07:27:27 -------- d-----w- c:\users\damasry\appdata\local\{1B8F8917-AC6B-4356-B527-4D2CE93A3074}
2011-09-06 07:27:15 -------- d-----w- c:\users\damasry\appdata\local\{A036D208-D7F9-4F38-BCC1-9802118CD72A}
2011-09-06 07:27:04 -------- d-----w- c:\users\damasry\appdata\local\{4F21D148-45E9-4FE2-8043-26E81608B31E}
2011-09-06 07:26:51 -------- d-----w- c:\users\damasry\appdata\local\{4006FE6F-24FA-43AD-87CE-A0D06E94EB36}
2011-09-05 19:26:23 -------- d-----w- c:\users\damasry\appdata\local\{A0BD32A8-16EA-4887-A147-7EDDE5EC5032}
2011-09-05 19:26:10 -------- d-----w- c:\users\damasry\appdata\local\{640C6A7F-5AFC-424B-A079-0D6240EFE009}
2011-09-05 16:53:45 186281 ----a-w- c:\programdata\1315241385.bdinstall.bin
2011-09-05 16:52:13 -------- d-----w- c:\users\damasry\appdata\roaming\Bitdefender
2011-09-05 16:52:09 -------- d-----w- c:\programdata\Bitdefender
2011-09-05 16:49:50 353096 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2011-09-05 16:49:50 311248 ----a-w- c:\windows\system32\drivers\trufos.sys
2011-09-05 16:45:45 15526 ----a-w- c:\programdata\1315241143.bdinstall.bin
2011-09-05 16:45:15 15526 ----a-w- c:\programdata\1315241112.bdinstall.bin
2011-09-05 16:44:52 158934 ----a-w- c:\programdata\1315239351.bdinstall.bin
2011-09-05 16:13:33 15526 ----a-w- c:\programdata\1315239210.bdinstall.bin
2011-09-05 16:13:12 129508 ----a-w- c:\programdata\1315238898.bdinstall.bin
2011-09-05 07:25:43 -------- d-----w- c:\users\damasry\appdata\local\{302F9895-3372-4EF5-BB44-8E5E91F9CDFB}
2011-09-05 07:25:32 -------- d-----w- c:\users\damasry\appdata\local\{B02E4036-E8F7-4F00-AD20-B44933501FD2}
2011-09-05 07:25:20 -------- d-----w- c:\users\damasry\appdata\local\{B434F1B1-804B-476A-881C-E449D4734CAB}
2011-09-05 07:25:09 -------- d-----w- c:\users\damasry\appdata\local\{8F8755CB-AFC7-413D-973E-719EC5476F75}
2011-09-04 19:24:43 -------- d-----w- c:\users\damasry\appdata\local\{62640CBE-70F7-4AAF-8C55-C2427C085F18}
2011-09-04 19:24:31 -------- d-----w- c:\users\damasry\appdata\local\{B90AE945-969B-4E96-91A0-3064FCD7A8B1}
.
==================== Find3M ====================
.
2011-08-02 01:57:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:37:32 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-07-16 04:34:28 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 04:31:12 271360 ----a-w- c:\windows\system32\conhost.exe
2011-07-16 02:21:47 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-15 14:11:46 240184 ----a-w- c:\windows\system32\drivers\avchv.sys
2011-07-09 02:26:10 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
.
============= FINISH: 18:59:25.27 ===============



Attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 12/22/2010 12:17:54 PM
System Uptime: 10/4/2011 6:54:01 PM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | G31-S3L
Processor: Intel(R) Core(TM)2 Quad CPU Q6700 @ 2.66GHz | Socket 775 | 2666/266mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 39 GiB total, 2.697 GiB free.
D: is FIXED (NTFS) - 36 GiB total, 2.857 GiB free.
E: is FIXED (NTFS) - 45 GiB total, 0.115 GiB free.
F: is FIXED (NTFS) - 45 GiB total, 2.417 GiB free.
G: is FIXED (NTFS) - 45 GiB total, 0.096 GiB free.
H: is FIXED (NTFS) - 45 GiB total, 5.325 GiB free.
I: is CDROM (CDFS)
M: is FIXED (NTFS) - 45 GiB total, 1.254 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
ACDSee Photo Manager 12
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Apple Application Support
Apple Software Update
AutoCAD 2007 - English
Bitdefender Antivirus Plus 2012
BitTorrent
BitTorrentBar Toolbar
BS.Player FREE
Canon MP Navigator 3.1
Canon MP140 series
Catلlogo Eletrônico de Peças Chevrolet
D3DX10
DHTML Editing Component
DivX Setup
Driver Genius Professional Edition
EASEUS Partition Master 6.5.2 Home Edition
EasyCall 2008
Easylink FaxLauncher Pro
EatCam Webcam Recorder Pro 5.0
ESET Online Scanner v3
Feedback Tool
Google Chrome
Google Earth Plug-in
Google Update Helper
HiJackThis
Hotspot Shield 1.57
ImageShack Uploader 2.2.0
Infix 4.08
Internet Download Manager
iWatermark 3.1.6 beta 1 (Feburary 2nd 2009)
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
magicJack
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 7.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Essentials
Nitro PDF Professional
PC Tools Internet Security
PhotoImpact X3
Picasa 3
PowerISO
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Recuva
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Drive Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Skype™ 5.3
SpyHunter
Spyware Terminator 2012
The Cleaner 2012
U.S. Robotics 56K Faxmodem USB
Ulead Photo Express 6
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2586924)
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.1.5
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinDriver Ghost Enterprise 2.06
WinRAR archiver
WorldUnlock Codes Calculator
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
9/29/2011 8:32:02 AM, Error: EventLog [6008] - The previous system shutdown at 12:40:25 AM on ‎9/‎29/‎2011 was unexpected.
9/27/2011 8:21:44 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: bdselfpr sptd
10/4/2011 9:34:30 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
10/4/2011 6:54:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
10/4/2011 6:54:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
10/4/2011 6:54:36 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
10/4/2011 6:54:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/4/2011 6:54:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/4/2011 6:54:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/4/2011 6:54:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/4/2011 6:54:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/4/2011 6:54:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/4/2011 6:54:17 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avc3 bdfwfpf bdselfpr BDVEDISK CSC DfsC discache NetBIOS NetBT nsiproxy pctgntdi PCTSD Psched rdbss SCDEmu spldr sptd sp_rsdrv2 StarOpen tdx Wanarpv6 WfpLwf ws2ifsl
10/4/2011 6:54:16 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/4/2011 6:54:16 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/4/2011 6:54:16 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/4/2011 6:54:16 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/4/2011 6:54:16 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/4/2011 6:54:16 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
10/4/2011 6:54:16 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/4/2011 6:54:16 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/4/2011 6:54:16 PM, Error: Service Control Manager [7001] - The Fax service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.
10/4/2011 6:54:16 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/4/2011 6:54:16 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/4/2011 6:52:29 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
10/4/2011 6:51:57 PM, Error: Service Control Manager [7016] - The BitDefender Virus Shield service has reported an invalid current state 14.
10/4/2011 6:50:05 PM, Error: Service Control Manager [7034] - The BitDefender Virus Shield service terminated unexpectedly. It has done this 1 time(s).
10/4/2011 12:23:49 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
.
==== End Of File ===========================


===============================================================



please help!!!!!

 

[damasry]

this is the log file i got from Malware bytes when it discovered the infected files from the begaining:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7792

Windows 6.1.7600 (Safe Mode)
Internet Explorer 9.0.8112.16421

9/25/2011 8:43:02 AM
mbam-log-2011-09-25 (08-43-02).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|M:\|)
Objects scanned: 620404
Time elapsed: 1 hour(s), 0 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

\AutoStart (Trojan.Agent) -> Value: AutoStart -> Quarantined and

deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
e:\all programs\poweriso_4_4-bramjnet-dr.ahmed\Keygen\Keygen.exe

(RiskWare.Tool.HCK) -> Quarantined and deleted successfully.
e:\all programs\RECOVER\recover4all professional\R4all.exe

(RiskWare.Tool.CK) -> Quarantined and deleted successfully.
e:\all programs\recover4all pro 2.26\R4all.exe (RiskWare.Tool.CK)

-> Quarantined and deleted successfully.
h:\windows 7 ultimate (32 bit)\other windows 7 activation tools

\remove windows activation technologies 2.2.6.exe

(HackTool.Wpakill) -> Quarantined and deleted successfully.
h:\windows 7 ultimate (32 bit)\other windows 7 activation tools

\se7en activator v3.exe (RiskWare.Tool.CK) -> Quarantined and

deleted successfully.
h:\windows 7 ultimate (32 bit)\other windows 7 activation tools

\windows 7 loader 1.7.9\windows 7 loader 1.7.9.0.exe

(RiskWare.Tool.CK) -> Quarantined and deleted successfully.
h:\windows 7 ultimate (32 bit)\other windows 7 activation tools

\windows loader 1.9.3 (reccomended)\windows loader 1.9.3.exe

(RiskWare.Tool.HCK) -> Quarantined and deleted successfully.
h:\windows 7 ultimate (32 bit)\unique tools\remove windows

genuine advantage notifications.exe (PUP.RemoveWGA) -> Not

selected for removal.
h:\windows 7 ultimate (32 bit)\windows 7 ultimate (32

bit)\windows 7 activation (reccomended)\windows 7 activation.exe

(RiskWare.Tool.HCK) -> Quarantined and deleted successfully.
m:\Eper\new folder\eper50r\fiat_eper_tabletka.exe

(Trojan.MultiDropper) -> Quarantined and deleted successfully.
c:\programdata\common.data (Malware.Trace) -> Quarantined and

deleted successfully.

 

[Bobbye]

Welcome to TechSpot!

My Guidelines: please read and follow:

• Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
• Read my instructions carefully. If you don't understand or have a problem, ask me.
• If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
• Follow the order of the tasks I give you. Order is crucial in cleaning process.
• File sharing programs should be uninstalled or disabled during the cleaning process..
• Observe these:
  [o] Don't use any other cleaning programs or scans while I'm helping you.
  [o] Don't use a Registry cleaner or make any changes in the Registry.
  [o] Don't download and install new programs- except those I give you.
• Please let me know if there is any change in the system.

If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
Please keep in mind that whenever you use Notepad for a log, you must click on Format first> Uncheck Word Wrap. You second Mbam has WordWrap checked. It males it very hard to read the log. Note: you do not meed to post that same log again.
=====================================
I'd like you to run the following scans

1. Download CKScanner and save to your desktop.

• Doubleclick CKScanner.exe and click Search For Files.
• When the cursor hourglass disappears, click Save List To File.
• A message box will verify that the file is saved.
• Double-click the CKFiles.txt icon on your desktop and copy/paste the contents
  in your next reply.

====================================
2. Please run the MGA Diagnostics tool

• You will be prompted to either “Run” or “Save” the tool. Choose to “Run” the tool and follow the on-screen prompts.
• You will receive an Internet Explorer-Security Warning dialog box for the Windows Genuine Advantage Diagnostic Tool>
• You must choose to Run this tool when prompted.
• Once you are presented with the Diagnostics tool choose Continue to run the diagnostic report.
• If the RESOLVE button is available after running the diagnostics, please click RESOLVE to allow the diagnostic tool to attempt a repair.
• After running the MGA Diagnostic tool, click on the Windows tab and then click on Copy
• Please return to this thread and Paste the results here for review.

------------------------------------------
This tool will is to look on the computer itself, in the documentation you received with the computer or with your retail purchase of Windows to see if you have a Certificate of Authenticity (COA). If you have one, tell us about the COA. Tell us:

1. What edition of Windows XP is it for, Home, Pro, or Media Center, or another version of Windows?
2. Does it read "OEM Software" or "OEM Product" in black lettering?
3. Or, does it have the computer manufacturer's name in black lettering?
4. DO NOT post the Product Key.

NOTE: The data collected with the Genuine Diagnostics Tool does NOT contain any information that can personally identify you and can be fully reviewed, by you, before being posted.
====================================
3. Download Security Check by screen317 from one of these links:
Link1
Link 2

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

===================================

 

[damasry]

Thanks Bobbye for your reply.

Please find the logs i got as per your instructions:

CKScanner Log:

CKScanner - Additional Security Risks - These are not necessarily bad
c:\users\damasry\downloads\nitro.pdf.professional6.ocr.crack.zip
c:\users\damasry\downloads\nitro.pdf.serial.keygen.zip
scanner sequence 3.AA.11.MSAPTB
----- EOF -----

=======================================================

MGA Diagnostics tool Log:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-*****-*****-*****
Windows Product Key Hash: W5/6nm6F2UPXrCkY5xUhXb/+21g=
Windows Product ID: 00426-OEM-8992662-00006
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7600.2.00010100.0.0.001
ID: {95B8CBFA-BDCD-4593-92C2-36D7ACACC995}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000000
Build lab: 7600.win7_gdr.110622-1503
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 103 Blocked VLK
Microsoft Office Enterprise 2007 - 103 Blocked VLK
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{95B8CBFA-BDCD-4593-92C2-36D7ACACC995}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-HYRR2</PKey><PID>00426-OEM-8992662-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-1374027771-2314446394-2333244112</SID><SYSTEM><Manufacturer>Gigabyte Technology Co., Ltd.</Manufacturer><Model>G31-S3L</Model></SYSTEM><BIOS><Manufacturer>Award Software International, Inc.</Manufacturer><Version>F3</Version><SMBIOSVersion major="2" minor="4"/><Date>20071127000000.000000+000</Date></BIOS><HWID>99B83607018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Egypt Standard Time(GMT+02:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>GBT </OEMID><OEMTableID>GBTUACPI</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>103</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>103</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>ACD7202654E586</Val><Hash>fFic3JgCreGGRxyF8uMWB4R4Jcg=</Hash><Pid>89388-707-1528066-65517</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="103"/><App Id="16" Version="12" Result="103"/><App Id="18" Version="12" Result="103"/><App Id="19" Version="12" Result="103"/><App Id="1A" Version="12" Result="103"/><App Id="1B" Version="12" Result="103"/><App Id="44" Version="12" Result="103"/><App Id="A1" Version="12" Result="103"/><App Id="BA" Version="12" Result="103"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7600.16385

Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00178-926-600006-02-1033-7600.0000-3562010
Installation ID: 020004966696663700369116614582822423173293629341333396
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: HYRR2
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 10/5/2011 1:04:28 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 8:13:2011 12:02
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: LgAAAAEAAgABAAEAAAABAAAAAgABAAEAJJRIH4pKBuiqdsKt7Khk80qiWsPMMQ==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC GBT GBTUACPI
FACP GBT GBTUACPI
HPET GBT GBTUACPI
MCFG GBT GBTUACPI
SLIC GBT GBTUACPI



==============================================================

Security Check Log:

Results of screen317's Security Check version 0.99.20
Windows 7 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
ESET Online Scanner v3
Bitdefender Antivirus Plus 2012
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
The Cleaner 2012
Java(TM) 6 Update 26
Out of date Java installed!
Adobe Flash Player 10.3.181.26
Mozilla Firefox (7.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent
ThreatFire TFService.exe
Bitdefender Bitdefender 2012 vsserv.exe
Bitdefender Bitdefender 2012 bdagent.exe
Bitdefender Bitdefender 2012 updatesrv.exe
``````````End of Log````````````


=====================================================

Thanks for your quick reply.

 

[Bobbye]

You have pirated programs.
c:\users\damasry\downloads\nitro.pdf.professional6.ocr.crack.zip
c:\users\damasry\downloads\nitro.pdf.serial.keygen.zip
--------
Office is not genuine.
OGA Data-->
Office Status: 103 Blocked VLK
Microsoft Office Enterprise 2007 - 103 Blocked VLK
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
The report is telling us that you have a Non-Genuine installation of a Volume Licensing-only edition of Office XP Professional. Your installation was done with a now-blocked Volume Licensing Key (VLK).

Volume Licensing editions of Office such as your installation of Office XP Professional are not to be sold to individual consumers, and are only to be sold to larger businesses, educational institutions, and governmental agencies who have a Volume License Agreement with Microsoft. These Volume Licenses should not be sold to consumers because they are not permanent licenses;
===============================
It appears that you have also pirated the Windows Activation key.

Please download OTMovit by Old Timer and save to your desktop.

• Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  

  :Files  
  e:\all programs\poweriso_4_4-bramjnet-dr.ahmed\Keygen\Keygen.exe
  e:\all programs\RECOVER\recover4all professional\R4all.exe 
  e:\all programs\recover4all pro 2.26\R4all.exe
  h:\windows 7 ultimate (32 bit)\other windows 7 activation tools\remove windows activation technologies 2.2.6.exe
  h:\windows 7 ultimate (32 bit)\other windows 7 activation tools\se7en activator v3.exe 
  h:\windows 7 ultimate (32 bit)\other windows 7 activation tools\windows 7 loader 1.7.9\windows 7 loader 1.7.9.0.exe 
  h:\windows 7 ultimate (32 bit)\other windows 7 activation tools\windows loader 1.9.3 (reccomended)\windows loader 1.9.3.exe
  h:\windows 7 ultimate (32 bit)\unique tools\remove windows genuine advantage notifications.exe 
  h:\windows 7 ultimate (32 bit)\windows 7 ultimate (32bit)\windows 7 activation (reccomended)\windows 7 activation.exe 
  m:\Eper\new folder\eper50r\fiat_eper_tabletka.exe
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log).
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
===============================
In order to continue support, all pirated software will have to be removed.

This thread is closed.