Solved Malware blocks removal tools and antivirus sofware

[Maroan]

Hello,
I have a computer that is infected, and at the beginning it couldnt start at all (black screen in safe mode and only start logo in normal start mode). I have tryied Dr.Web Live CD and it didnt help at all. Then Kaspersky Live CD and it founds 2 trojans and now I can start the computer in safe mode. The next step was to use Combofix, but it just stops after the accept/not accept window. I was able to install MBM, but coulnt update it, and it got stuck after it found 1 infection... A restart of the progamme trigger an error message... I was able to do a Hijakthis log, but I dont know how usefull it is when it has been done in safe mode?
Thank you for your help! By the way I use Windows XP Home Edtion with SP3 installed.

P.S:
I forgot to write that I use a USB memory stick to be able to install software on the infected machine, the internet connection doesnt work either.

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[Maroan]

First of all, thank you Broni for your help! It is greatly appreciated, believe me!
I have read the 8-steps instructions, and I have some questions:
I can only start the computer in safe mode. If I start it in normal mode, the computer never comes to the desktop, it just shows the start logo with the rolling XP blue bar running, and never comes further.
Will it be ok to run the programs in safe mode so far?

TFC looks like it will run fine, since it cleans all TEMP folders, but i have allready tryied to install and run Malwarebytes Anti-Malware,it just stops running. I have tryied to restart the computer (still in safe mode) and restart the program, but the computer returns an error message, and nothing more happens... Renaming the program doesnt help either.
And I cant open the task managers window either.

My last question for now is:
Shall I run DDS and GMER in safe mode?
I hope my english is ok, Im not so used to write in english!

 

[Broni]

Yes, safe mode will be fine for now.
Complete as many steps, as you can.

 

[Maroan]

Ok, I couldnt get Malwarebytes to work, but the other programs ran fine.
Here are the logs:

GMER (Qick scan):

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit quick scan 2011-04-07 18:44:41
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\00000067 SAMSUNG_SP2504C rev.VT100-33
Running: zrckln5k.exe; Driver: C:\DOCUME~1\Matthias\LOKALE~1\Temp\kfqyquow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

I found it a little bit short, so I did a complete scan as well, but it only shows 2 registry keys and cookies. I can post it as well if you wish.


DDS logs:

.
DDS (Ver_11-03-05.01) - NTFSx86 MINIMAL
Run by Matthias at 19:17:44,00 on 07-04-2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.2047.1796 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Documents and Settings\Matthias\Skrivebord\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.dk/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:33440
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\programmer\avg\avg10\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\programmer\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Hjælp til tilmelding til Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programmer\fælles filer\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\programmer\softonic_english\tbSof0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmer\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\programmer\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmer\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\programmer\softonic_english\tbSof0.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\programmer\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\programmer\windows live\messenger\msnmsgr.exe" /background
uRun: [BitTorrent DNA] "c:\programmer\dna\btdna.exe"
uRun: [Skype] "c:\programmer\skype\phone\Skype.exe" /nosplash /minimized
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\programmer\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [AVG_TRAY] c:\programmer\avg\avg10\avgtray.exe
mRun: [QuickTime Task] "c:\programmer\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\programmer\itunes\iTunesHelper.exe"
mRun: [ActivControl] c:\programmer\activ software\activdriver\ActivControl2.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\documents and settings\matthias\menuen start\programmer\start\CurseClientStartup.ccip
StartupFolder: c:\docume~1\matthias\menuen~1\progra~1\start\screen~1.lnk - c:\programmer\microsoft office\office12\ONENOTEM.EXE
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmer\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\programmer\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/DA-DK/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\programmer\avg\avg10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fllesf~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs:
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\matthias\applic~1\mozilla\firefox\profiles\po835jhi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\programmer\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\programmer\microsoft\office live\npOLW.dll
FF - plugin: c:\programmer\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmer\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programmer\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\programmer\avg\avg10\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R2 aawservice;Lavasoft Ad-Aware Service;c:\programmer\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\drivers\activhidsermini.sys [2010-5-26 74752]
R3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\drivers\activmouse.sys [2010-5-26 6144]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]
S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984]
S2 AVGIDSAgent;AVGIDSAgent;c:\programmer\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
S2 avgwd;AVG WatchDog;c:\programmer\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-5-4 54752]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
S3 fsssvc;Windows Live-tjenesten Family Safety;c:\programmer\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2010-11-1 41984]
.
=============== Created Last 30 ================
.
2011-04-05 18:12:26 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
.
==================== Find3M ====================
.
2011-01-21 14:44:12 439808 ----a-w- c:\windows\system32\shimgvw.dll
.
============= FINISH: 19:18:30,54 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 15-02-2008 19:16:25
System Uptime: 07-04-2011 19:16:11 (0 hours ago)
.
Motherboard: MSI | | MS-7250
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5600+ | CPU 1 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 98,88 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: Hændelsestimer med høj præcision
Device ID: ACPI\PNP0103\0
Manufacturer: (Standardsystemenheder)
Name: Hændelsestimer med høj præcision
PNP Device ID: ACPI\PNP0103\0
Service:
.
==== System Restore Points ===================
.
RP419: 03-12-2010 20:59:38 - Systemkontrolpunkt
RP420: 04-11-2010 22:15:27 - Systemkontrolpunkt
RP421: 08-11-2010 12:35:23 - Systemkontrolpunkt
RP422: 07-11-2010 17:21:03 - Systemkontrolpunkt
RP423: 08-11-2010 20:38:22 - Systemkontrolpunkt
RP424: 10-11-2010 17:03:41 - Systemkontrolpunkt
RP425: 10-11-2010 21:18:13 - Software Distribution Service 3.0
RP426: 11-11-2010 22:19:39 - Systemkontrolpunkt
RP427: 14-11-2010 22:08:45 - Systemkontrolpunkt
RP428: 16-11-2010 19:17:19 - Systemkontrolpunkt
RP429: 17-11-2010 20:24:00 - Systemkontrolpunkt
RP430: 18-11-2010 21:37:34 - Systemkontrolpunkt
RP431: 21-11-2010 16:51:07 - Systemkontrolpunkt
RP432: 22-11-2010 18:01:23 - Systemkontrolpunkt
RP433: 24-11-2010 17:44:20 - Systemkontrolpunkt
RP434: 25-11-2010 18:08:49 - Systemkontrolpunkt
RP435: 27-11-2010 10:25:11 - Systemkontrolpunkt
RP436: 28-11-2010 14:43:39 - Systemkontrolpunkt
RP437: 29-11-2010 18:31:28 - Systemkontrolpunkt
RP438: 30-11-2010 19:26:57 - Systemkontrolpunkt
RP439: 02-12-2010 18:33:50 - Systemkontrolpunkt
RP440: 05-12-2010 11:46:11 - Systemkontrolpunkt
RP441: 06-12-2010 18:48:08 - Systemkontrolpunkt
RP442: 08-12-2010 09:38:33 - Systemkontrolpunkt
RP443: 09-12-2010 10:11:11 - Systemkontrolpunkt
RP444: 10-12-2010 13:22:43 - Systemkontrolpunkt
RP445: 12-12-2010 14:30:09 - Systemkontrolpunkt
RP446: 14-12-2010 17:54:49 - Systemkontrolpunkt
RP447: 15-12-2010 18:44:19 - Systemkontrolpunkt
RP448: 16-12-2010 00:23:23 - Software Distribution Service 3.0
RP449: 17-12-2010 00:49:35 - Systemkontrolpunkt
RP450: 18-12-2010 01:46:13 - Systemkontrolpunkt
RP451: 18-12-2010 01:58:42 - Software Distribution Service 3.0
RP452: 19-12-2010 10:25:17 - Systemkontrolpunkt
RP453: 20-12-2010 10:32:25 - Systemkontrolpunkt
RP454: 23-12-2010 15:19:44 - Systemkontrolpunkt
RP455: 24-12-2010 16:03:25 - Systemkontrolpunkt
RP456: 25-12-2010 18:24:46 - Systemkontrolpunkt
RP457: 26-12-2010 21:24:26 - Systemkontrolpunkt
RP458: 29-12-2010 14:33:00 - Systemkontrolpunkt
RP459: 30-12-2010 16:08:49 - Systemkontrolpunkt
RP460: 01-01-2011 17:13:30 - Systemkontrolpunkt
RP461: 05-01-2011 20:18:32 - Systemkontrolpunkt
RP462: 07-01-2011 20:10:31 - Systemkontrolpunkt
RP463: 09-01-2011 10:21:32 - Systemkontrolpunkt
RP464: 10-01-2011 18:23:05 - Systemkontrolpunkt
RP465: 11-01-2011 18:23:16 - Systemkontrolpunkt
RP466: 13-01-2011 15:57:13 - Systemkontrolpunkt
RP467: 13-01-2011 23:52:54 - Software Distribution Service 3.0
RP468: 23-01-2011 17:09:48 - Systemkontrolpunkt
RP469: 26-01-2011 18:39:57 - Systemkontrolpunkt
RP470: 28-01-2011 20:14:43 - Systemkontrolpunkt
RP471: 30-01-2011 10:59:09 - Systemkontrolpunkt
RP472: 31-01-2011 16:39:36 - Systemkontrolpunkt
RP473: 01-02-2011 16:56:51 - Installeret ActivSoftware
RP474: 02-02-2011 17:56:15 - Systemkontrolpunkt
RP475: 03-02-2011 18:56:33 - Systemkontrolpunkt
RP476: 11-02-2011 23:16:09 - Software Distribution Service 3.0
RP477: 14-02-2011 16:51:15 - Systemkontrolpunkt
RP478: 15-02-2011 17:20:32 - Systemkontrolpunkt
RP479: 20-02-2011 11:40:53 - Systemkontrolpunkt
RP480: 21-02-2011 16:22:55 - Systemkontrolpunkt
RP481: 22-02-2011 17:53:15 - Systemkontrolpunkt
RP482: 23-02-2011 18:57:54 - Systemkontrolpunkt
RP483: 24-02-2011 19:01:05 - Systemkontrolpunkt
RP484: 24-02-2011 22:53:46 - Installed DirectX
.
==== Installed Programs ======================
.
.
ActivDriver x86 v5.5
ActivInspire Help (DNK) v1
ActivInspire HWR Resources (DNK) v1
ActivInspire v1
Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Afinstalleringsværktøj for software
ATI Display Driver
ATI Parental Control & Encoder
AVG 2011
Bonjour
CCleaner (remove only)
Curse Client
Dragon Age II Demo
Fremhævelsesvisning (Windows Live Toolbar)
Heroes of Newerth
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
Hotfix til Windows Internet Explorer 7 (KB947864)
Hotfix til Windows Media Player 11 (KB939683)
Hotfix til Windows XP (KB2158563)
Hotfix til Windows XP (KB2443685)
Hotfix til Windows XP (KB952287)
Hotfix til Windows XP (KB961118)
Hotfix til Windows XP (KB970653-v3)
Hotfix til Windows XP (KB976098-v2)
Hotfix til Windows XP (KB979306)
Hotfix til Windows XP (KB981793)
iTunes
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 15
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Junk Mail filter update
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (Danish) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (Danish) 2007
Microsoft Office PowerPoint MUI (Danish) 2007
Microsoft Office Proof (Danish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Danish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (Danish) 2007
Microsoft Office Word MUI (Danish) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (Danish) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.13)
MSVCRT
MSXML 6.0 Parser (KB933579)
NVIDIA Drivers
Opdatering til Windows Internet Explorer 8 (KB973874)
Opdatering til Windows Internet Explorer 8 (KB976662)
Opdatering til Windows Internet Explorer 8 (KB976749)
Opdatering til Windows Internet Explorer 8 (KB980182)
Opdatering til Windows XP (KB2141007)
Opdatering til Windows XP (KB2345886)
Opdatering til Windows XP (KB2467659)
Opdatering til Windows XP (KB951072-v2)
Opdatering til Windows XP (KB951978)
Opdatering til Windows XP (KB955759)
Opdatering til Windows XP (KB955839)
Opdatering til Windows XP (KB961503)
Opdatering til Windows XP (KB967715)
Opdatering til Windows XP (KB968389)
Opdatering til Windows XP (KB971737)
Opdatering til Windows XP (KB973687)
Opdatering til Windows XP (KB973815)
OpenOffice.org Installer 1.0
Overførselsværktøj til Windows Live
PDF Reader 3
QuickTime
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB938127)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB942615)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB944533)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB950759)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB953838)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB956390)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB958215)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB960714)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB961260)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB963027)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB969897)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB972260)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2183461)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2360131)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2416400)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2482017)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB971961)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB972260)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB974455)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB976325)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB978207)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB981332)
Sikkerhedsopdatering til Windows Internet Explorer 8 (KB982381)
Sikkerhedsopdatering til Windows Media Player (KB2378111)
Sikkerhedsopdatering til Windows Media Player (KB911564)
Sikkerhedsopdatering til Windows Media Player (KB952069)
Sikkerhedsopdatering til Windows Media Player (KB954155)
Sikkerhedsopdatering til Windows Media Player (KB968816)
Sikkerhedsopdatering til Windows Media Player (KB973540)
Sikkerhedsopdatering til Windows Media Player (KB975558)
Sikkerhedsopdatering til Windows Media Player (KB978695)
Sikkerhedsopdatering til Windows Media Player 11 (KB936782)
Sikkerhedsopdatering til Windows Media Player 11 (KB954154)
Sikkerhedsopdatering til Windows Media Player 6.4 (KB925398)
Sikkerhedsopdatering til Windows Media Player 9 (KB936782)
Sikkerhedsopdatering til Windows XP (KB2079403)
Sikkerhedsopdatering til Windows XP (KB2115168)
Sikkerhedsopdatering til Windows XP (KB2121546)
Sikkerhedsopdatering til Windows XP (KB2160329)
Sikkerhedsopdatering til Windows XP (KB2229593)
Sikkerhedsopdatering til Windows XP (KB2259922)
Sikkerhedsopdatering til Windows XP (KB2279986)
Sikkerhedsopdatering til Windows XP (KB2286198)
Sikkerhedsopdatering til Windows XP (KB2296011)
Sikkerhedsopdatering til Windows XP (KB2296199)
Sikkerhedsopdatering til Windows XP (KB2347290)
Sikkerhedsopdatering til Windows XP (KB2360937)
Sikkerhedsopdatering til Windows XP (KB2387149)
Sikkerhedsopdatering til Windows XP (KB2393802)
Sikkerhedsopdatering til Windows XP (KB2419632)
Sikkerhedsopdatering til Windows XP (KB2423089)
Sikkerhedsopdatering til Windows XP (KB2436673)
Sikkerhedsopdatering til Windows XP (KB2440591)
Sikkerhedsopdatering til Windows XP (KB2443105)
Sikkerhedsopdatering til Windows XP (KB2476687)
Sikkerhedsopdatering til Windows XP (KB2478960)
Sikkerhedsopdatering til Windows XP (KB2478971)
Sikkerhedsopdatering til Windows XP (KB2479628)
Sikkerhedsopdatering til Windows XP (KB2483185)
Sikkerhedsopdatering til Windows XP (KB2485376)
Sikkerhedsopdatering til Windows XP (KB923561)
Sikkerhedsopdatering til Windows XP (KB923789)
Sikkerhedsopdatering til Windows XP (KB938464-v2)
Sikkerhedsopdatering til Windows XP (KB938464)
Sikkerhedsopdatering til Windows XP (KB941569)
Sikkerhedsopdatering til Windows XP (KB946648)
Sikkerhedsopdatering til Windows XP (KB950760)
Sikkerhedsopdatering til Windows XP (KB950762)
Sikkerhedsopdatering til Windows XP (KB950974)
Sikkerhedsopdatering til Windows XP (KB951066)
Sikkerhedsopdatering til Windows XP (KB951376-v2)
Sikkerhedsopdatering til Windows XP (KB951376)
Sikkerhedsopdatering til Windows XP (KB951698)
Sikkerhedsopdatering til Windows XP (KB951748)
Sikkerhedsopdatering til Windows XP (KB952004)
Sikkerhedsopdatering til Windows XP (KB952954)
Sikkerhedsopdatering til Windows XP (KB953839)
Sikkerhedsopdatering til Windows XP (KB954211)
Sikkerhedsopdatering til Windows XP (KB954459)
Sikkerhedsopdatering til Windows XP (KB954600)
Sikkerhedsopdatering til Windows XP (KB955069)
Sikkerhedsopdatering til Windows XP (KB956391)
Sikkerhedsopdatering til Windows XP (KB956572)
Sikkerhedsopdatering til Windows XP (KB956744)
Sikkerhedsopdatering til Windows XP (KB956802)
Sikkerhedsopdatering til Windows XP (KB956803)
Sikkerhedsopdatering til Windows XP (KB956841)
Sikkerhedsopdatering til Windows XP (KB956844)
Sikkerhedsopdatering til Windows XP (KB957095)
Sikkerhedsopdatering til Windows XP (KB957097)
Sikkerhedsopdatering til Windows XP (KB958644)
Sikkerhedsopdatering til Windows XP (KB958687)
Sikkerhedsopdatering til Windows XP (KB958690)
Sikkerhedsopdatering til Windows XP (KB958869)
Sikkerhedsopdatering til Windows XP (KB959426)
Sikkerhedsopdatering til Windows XP (KB960225)
Sikkerhedsopdatering til Windows XP (KB960715)
Sikkerhedsopdatering til Windows XP (KB960803)
Sikkerhedsopdatering til Windows XP (KB960859)
Sikkerhedsopdatering til Windows XP (KB961371)
Sikkerhedsopdatering til Windows XP (KB961373)
Sikkerhedsopdatering til Windows XP (KB961501)
Sikkerhedsopdatering til Windows XP (KB968537)
Sikkerhedsopdatering til Windows XP (KB969059)
Sikkerhedsopdatering til Windows XP (KB969898)
Sikkerhedsopdatering til Windows XP (KB969947)
Sikkerhedsopdatering til Windows XP (KB970238)
Sikkerhedsopdatering til Windows XP (KB970430)
Sikkerhedsopdatering til Windows XP (KB971468)
Sikkerhedsopdatering til Windows XP (KB971486)
Sikkerhedsopdatering til Windows XP (KB971557)
Sikkerhedsopdatering til Windows XP (KB971633)
Sikkerhedsopdatering til Windows XP (KB971657)
Sikkerhedsopdatering til Windows XP (KB971961)
Sikkerhedsopdatering til Windows XP (KB972270)
Sikkerhedsopdatering til Windows XP (KB973346)
Sikkerhedsopdatering til Windows XP (KB973354)
Sikkerhedsopdatering til Windows XP (KB973507)
Sikkerhedsopdatering til Windows XP (KB973525)
Sikkerhedsopdatering til Windows XP (KB973869)
Sikkerhedsopdatering til Windows XP (KB973904)
Sikkerhedsopdatering til Windows XP (KB974112)
Sikkerhedsopdatering til Windows XP (KB974318)
Sikkerhedsopdatering til Windows XP (KB974392)
Sikkerhedsopdatering til Windows XP (KB974571)
Sikkerhedsopdatering til Windows XP (KB975025)
Sikkerhedsopdatering til Windows XP (KB975467)
Sikkerhedsopdatering til Windows XP (KB975560)
Sikkerhedsopdatering til Windows XP (KB975561)
Sikkerhedsopdatering til Windows XP (KB975562)
Sikkerhedsopdatering til Windows XP (KB975713)
Sikkerhedsopdatering til Windows XP (KB977165)
Sikkerhedsopdatering til Windows XP (KB977816)
Sikkerhedsopdatering til Windows XP (KB977914)
Sikkerhedsopdatering til Windows XP (KB978037)
Sikkerhedsopdatering til Windows XP (KB978251)
Sikkerhedsopdatering til Windows XP (KB978262)
Sikkerhedsopdatering til Windows XP (KB978338)
Sikkerhedsopdatering til Windows XP (KB978542)
Sikkerhedsopdatering til Windows XP (KB978601)
Sikkerhedsopdatering til Windows XP (KB978706)
Sikkerhedsopdatering til Windows XP (KB979309)
Sikkerhedsopdatering til Windows XP (KB979482)
Sikkerhedsopdatering til Windows XP (KB979559)
Sikkerhedsopdatering til Windows XP (KB979683)
Sikkerhedsopdatering til Windows XP (KB979687)
Sikkerhedsopdatering til Windows XP (KB980195)
Sikkerhedsopdatering til Windows XP (KB980218)
Sikkerhedsopdatering til Windows XP (KB980232)
Sikkerhedsopdatering til Windows XP (KB980436)
Sikkerhedsopdatering til Windows XP (KB981322)
Sikkerhedsopdatering til Windows XP (KB981852)
Sikkerhedsopdatering til Windows XP (KB981957)
Sikkerhedsopdatering til Windows XP (KB981997)
Sikkerhedsopdatering til Windows XP (KB982132)
Sikkerhedsopdatering til Windows XP (KB982214)
Sikkerhedsopdatering til Windows XP (KB982665)
Sikkerhedsopdatering til Windows XP (KB982802)
Skype™ 4.2
Smarte menuer (Windows Live Toolbar)
Tilmeldingsassistent til Windows Live
Udvidelser (Windows Live Toolbar)
Unreal Tournament 2003
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Ventrilo Client
Vigtig opdatering til Windows Media Player 11 (KB959772)
VLC media player 1.1.1
WebFldrs XP
Westwood Shared Internet Components
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Favorites til Windows Live Toolbar
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
World of Warcraft
.
==== End Of File ===========================

I hope its helpfull...

 

[Broni]

Restart computer in Safe Mode with Networking to perform following steps....

Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

• Double-click SUPERAntiSpyware.exe and use the default settings for installation.
• An icon will be created on your desktop. Double-click that icon to launch the program.
• If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
• Under "Configuration and Preferences", click the Preferences button.
• Click the Scanning Control tab.
• Under Scanner Options make sure the following are checked (leave all others unchecked):
  • Close browsers before scanning.
  • Terminate memory threats before quarantining.
• Click the "Close" button to leave the control center screen.
• Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
• On the left, make sure you check C:\Fixed Drive.
• On the right, under "Complete Scan", choose Perform Complete Scan.
• Click "Next" to start the scan. Please be patient while it scans your computer.
• After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
• Make sure everything has a checkmark next to it and click "Next".
• A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
• If asked if you want to reboot, click "Yes".
• To retrieve the removal information after reboot, launch SUPERAntispyware again.
  • Click Preferences, then click the Statistics/Logs tab.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Copy and paste the Scan Log results in your next reply.
• Click Close to exit the program.

Post SUPERAntiSpyware log.

 

[Maroan]

I have installed Superantispyware from my usb memory stick, because i cant start Explorer, nor Firefox. I applied the update and ran the program. But it stops at this file:
C:\Programs Files\AVG\AVG10\avgchsvx.exe.
But it did find 15 threats in the cookies map, before it stopped to work.

If I try to stop the program or click Next, Superantispyware freezes. I cant do nothing else but restart the computer.

Kaspersky Live CD had the same problem when reading this file, but at the same time it wrotes that all the AVG files were packed with password. Could it be an idea to delete the whole AVG map?

 

[Broni]

Yes, uninstall AVG, using AVG Remover: http://www.avg.com/us-en/download-tools

 

[Maroan]

Well it didnt succed either, (Map corrupted) but I have something you might use, an OTL log:

OTL logfile created on: 4/6/2011 10:57:43 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 88.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer
Drive C: | 232.88 Gb Total Space | 98.39 Gb Free Space | 42.25% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2011/01/06 10:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Programmer\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/21 23:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Programmer\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/13 07:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto] -- C:\Programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/11/03 20:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programmer\Fælles filer\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/26 15:25:52 | 000,611,664 | ---- | M] (Lavasoft) [Auto] -- C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2006/10/26 08:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programmer\Fælles filer\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (GMSIPCI)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/12/07 23:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 08:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 10:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2010/09/06 21:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/06 21:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 15:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 15:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 15:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/05/26 10:21:00 | 000,006,144 | ---- | M] (Promethean Technologies Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\activmouse.sys -- (prmvmouse)
DRV - [2010/05/26 10:20:44 | 000,074,752 | ---- | M] (Promethean Technologies Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\activhidsermini.sys -- (ActivHidSerMini)
DRV - [2010/04/29 09:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/08/05 16:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2006/08/22 21:53:14 | 001,723,904 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/08/01 21:53:00 | 000,168,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW)
DRV - [2006/04/06 02:20:44 | 004,258,816 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/03/22 01:24:02 | 000,018,944 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/22 01:24:00 | 000,052,736 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/03/16 06:51:32 | 000,099,840 | R--- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2005/03/09 02:53:00 | 000,036,352 | R--- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Matthias_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
IE - HKU\Matthias_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://dk.msn.com/?ocid=iehp
IE - HKU\Matthias_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = da
IE - HKU\Matthias_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A8 87 F5 EF ED 99 CA 01 [binary data]
IE - HKU\Matthias_ON_C\..\URLSearchHook: 930f1200-f5f1-4870-bac6-e233ec8e7023} - Reg Error: Key error. File not found
IE - HKU\Matthias_ON_C\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\Matthias_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Matthias_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\Matthias_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:33440

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{EBDC7EC1-549E-48ee-96F7-C2252F5BBBED}: C:\Programmer\Comodo\HopSurfToolbar\hopsurfext_ff3
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programmer\AVG\AVG10\Firefox\ [2010/12/27 11:09:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Programmer\Mozilla Firefox\components [2010/12/12 08:52:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Programmer\Mozilla Firefox\plugins [2010/12/12 08:52:09 | 000,000,000 | ---D | M]

[2010/07/25 04:55:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programmer\Mozilla Firefox\extensions
[2010/10/26 04:32:55 | 000,001,525 | ---- | M] () -- C:\Programmer\Mozilla Firefox\searchplugins\amazon-co-uk.xml
[2010/10/26 04:32:55 | 000,001,178 | ---- | M] () -- C:\Programmer\Mozilla Firefox\searchplugins\wikipedia-da.xml
[2010/10/26 04:32:55 | 000,001,102 | ---- | M] () -- C:\Programmer\Mozilla Firefox\searchplugins\yahoo-dk.xml

O1 HOSTS File: ([2002/09/16 08:00:00 | 000,000,723 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Hjælp til tilmelding til Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Programmer\Softonic_English\tbSof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Programmer\Softonic_English\tbSof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\Matthias_ON_C\..\Toolbar\WebBrowser: (Softonic English Toolbar) - {930F1200-F5F1-4870-BAC6-E233EC8E7023} - C:\Programmer\Softonic_English\tbSof0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ActivControl] C:\Programmer\Activ Software\ActivDriver\ActivControl2.exe (Promethean Technologies Group Ltd)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Programmer\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKU\Matthias_ON_C..\Run: [BitTorrent DNA] File not found
O4 - Startup: C:\Documents and Settings\Matthias\Menuen Start\Programmer\Start\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Matthias_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programmer\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/DA-DK/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmer\Fælles filer\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmer\Fælles filer\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/15 14:15:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Programmer\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Programmer\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/06 09:36:17 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2011/04/06 09:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menuen Start\Programmer\Malwarebytes' Anti-Malware
[2011/04/06 09:07:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/06 09:07:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/06 08:02:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/05 22:00:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Lokale indstillinger\Application Data\Mozilla
[2011/04/05 20:31:30 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2011/04/05 14:12:26 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/06 10:52:47 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\Matthias\Skrivebord\Microsoft Office Excel 2007.lnk
[2011/04/06 09:45:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/06 09:07:56 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Malwarebytes' Anti-Malware.lnk
[2011/04/06 09:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Menuen Start\Programmer\Malwarebytes' Anti-Malware
[2011/04/06 04:58:50 | 004,315,129 | R--- | M] () -- C:\Documents and Settings\Administrator\Skrivebord\john.exe
[2011/04/05 21:57:31 | 000,447,292 | ---- | M] () -- C:\WINDOWS\System32\perfh006.dat
[2011/04/05 21:57:31 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/05 21:57:31 | 000,077,804 | ---- | M] () -- C:\WINDOWS\System32\perfc006.dat
[2011/04/05 21:57:31 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/05 20:31:16 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/06 09:07:56 | 000,000,681 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\Malwarebytes' Anti-Malware.lnk
[2011/04/06 08:02:36 | 004,315,129 | R--- | C] () -- C:\Documents and Settings\Administrator\Skrivebord\john.exe
[2010/11/10 11:45:01 | 000,023,920 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/31 15:22:26 | 000,075,776 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01e.exe
[2010/08/01 17:53:42 | 000,152,192 | ---- | C] () -- C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\FontCache3.0.0.0.dat
[2010/07/24 12:04:47 | 000,000,259 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/07/24 09:18:07 | 000,008,627 | ---- | C] () -- C:\Documents and Settings\Matthias\PAV_FOG.OPC
[2010/06/10 09:54:42 | 000,227,624 | ---- | C] () -- C:\WINDOWS\libactivboardex.dll
[2010/06/10 09:54:24 | 000,256,280 | ---- | C] () -- C:\WINDOWS\ActivDRV.dll
[2010/04/30 19:20:21 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DToPcM40.dat
[2009/09/30 17:41:03 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2009/09/27 08:17:36 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\legitcheckcontrol.dll.bak
[2009/09/27 08:17:36 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\LegitCheckControl.dll
[2009/09/27 08:17:36 | 000,323,072 | ---- | C] () -- C:\WINDOWS\System32\wgatray.exe.bak
[2009/09/27 08:17:36 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\wgalogon.dll.bak
[2008/12/28 05:02:46 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/12/28 04:59:48 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2008/10/31 13:17:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/05/16 06:58:04 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2008/05/04 14:27:17 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Matthias\Lokale indstillinger\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/18 06:32:56 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/02/21 15:50:59 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2008/02/21 13:27:21 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/02/16 06:02:28 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2008/02/15 14:35:49 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/02/15 14:32:36 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008/02/15 14:26:58 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008/02/15 14:26:58 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/02/15 14:16:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/02/15 14:14:05 | 000,021,644 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/02/15 14:11:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/02/15 14:10:41 | 000,149,200 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/08/16 13:52:54 | 000,133,583 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/08/02 09:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/03/24 01:03:00 | 000,279,552 | ---- | C] () -- C:\WINDOWS\System32\FGWVB32.DLL
[2002/09/16 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/09/16 08:00:00 | 000,447,292 | ---- | C] () -- C:\WINDOWS\System32\perfh006.dat
[2002/09/16 08:00:00 | 000,432,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/09/16 08:00:00 | 000,284,912 | ---- | C] () -- C:\WINDOWS\System32\perfi006.dat
[2002/09/16 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/09/16 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/09/16 08:00:00 | 000,077,804 | ---- | C] () -- C:\WINDOWS\System32\perfc006.dat
[2002/09/16 08:00:00 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/09/16 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/09/16 08:00:00 | 000,034,026 | ---- | C] () -- C:\WINDOWS\System32\perfd006.dat
[2002/09/16 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/09/16 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/09/16 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/09/04 05:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/09/04 05:10:20 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2011/02/01 11:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthias\Application Data\ACTIV Software
[2010/10/26 04:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthias\Application Data\AVG10
[2008/03/14 17:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthias\Application Data\Command & Conquer 3 Tiberium Wars
[2010/05/01 10:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthias\Application Data\DNA
[2009/01/19 12:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthias\Application Data\LimeWire
[2011/02/01 16:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthias\Application Data\Promethean
[2011/02/01 12:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Activ Software
[2010/10/26 04:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/07/24 09:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Backup
[2010/10/26 04:46:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/10/26 04:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/02/01 12:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Promethean
[2010/11/01 13:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/02/21 19:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/11/30 04:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2011/02/22 05:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2011/02/22 06:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2011/02/22 07:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2011/02/22 08:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2011/02/22 09:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2011/02/23 10:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2011/02/24 11:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2011/02/27 12:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2011/02/27 13:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2011/02/19 20:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2011/02/27 14:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2011/02/27 15:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2011/02/27 16:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2011/02/24 17:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2011/02/24 18:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2011/02/21 19:18:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2011/02/21 20:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2011/01/02 21:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2010/04/30 19:20:22 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2010/04/30 19:20:22 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2011/01/02 21:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/04/30 19:20:22 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2010/04/30 19:20:22 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2010/04/30 19:20:22 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2010/04/30 19:20:22 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2010/11/30 04:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2010/12/16 05:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2011/02/22 06:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2011/02/22 07:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2011/02/22 08:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2011/02/22 09:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2010/04/30 12:41:52 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2011/02/23 10:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2011/02/24 11:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2011/02/27 12:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2011/02/27 13:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2011/02/27 14:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2011/02/27 15:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2011/02/27 16:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2011/02/24 17:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2011/02/24 18:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2011/02/21 19:23:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At49.job
[2010/04/30 12:41:52 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2011/02/21 20:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At50.job
[2011/01/02 21:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At51.job
[2010/05/01 04:23:44 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At52.job
[2010/05/01 04:23:44 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At53.job
[2010/05/01 04:23:44 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At54.job
[2010/05/01 04:23:44 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At55.job
[2010/05/01 04:23:44 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At56.job
[2010/05/01 04:23:44 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At57.job
[2010/11/30 04:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At58.job
[2010/12/16 05:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At59.job
[2010/04/30 12:41:52 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2011/02/22 06:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At60.job
[2011/02/22 07:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At61.job
[2011/02/22 08:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At62.job
[2011/02/22 09:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At63.job
[2011/02/23 10:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At64.job
[2011/02/24 11:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At65.job
[2011/02/27 12:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At66.job
[2011/02/27 13:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At67.job
[2011/02/27 14:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At68.job
[2011/02/27 15:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At69.job
[2010/04/30 12:41:52 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2011/02/27 16:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At70.job
[2011/02/24 17:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At71.job
[2011/02/24 18:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At72.job
[2010/04/30 12:41:52 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/04/30 12:41:52 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

========== Purity Check ==========


< End of report >

I hope it might give a clue about what is going on, I have never seen an infection like this before...
And there must be a way to get rid of this AVG map? Delete function couldnt do it either...

 

[Broni]

I can see the infection, but before we go any further, please give me more details about this:

Well it didnt succed either, (Map corrupted)

 

[Maroan]

I restarted the computer after the AVG removal tool stopped, and though I could see that it had troubles removing the files before it stopped, I thought it had at least deleted a lot of them, but it didnt. The AVG map was still there with all its files inside. I tryied a normal "mouse mark and delete" and I got the message "Cannot delete the map, map corrupted".
Im translating from danish, I hope its correct...

 

[Broni]

Try this tool:
Please click here to download AppRemover on your desktop.

• Once done, double click on the icon of AppRemover.exe to run it.
  Vista users, right click on the icon and select "run as administrator"
• Uncheck "Enable anonymous usage statistics. No personal data will be recorded."
• Click on the Next button.
• Click on "Remove Security Application" or "Clean Up a Failed Uninstall" depending on what you want to do.
• Click on the Next button.
• A scan begins, please wait. Once done, click on the Next button.
• Now you should have a list of your security programs, choose the one you want to remove and click on the Next button.
• Follow the last step and reboot if asked to do so.

 

[Maroan]

AppRemover seems to work, but its taking hours! And its late in Denmark now, Ill let you know the result as soon as I can,Im going to bed! (Time is 02.25 in the morning!)

 

[Broni]

Very good
No rush with those things

 

[Maroan]

AppRemover doesnt seem to see the AVG10 map, but removed AVG 2011 up to 89 %... and stopped. I had to restart the computer.
But at least a few new things have happened: The task manager is back (I had to use Ctrl-shift-Esc to call it, the normal key combination didnt work) and I could see the following application running:
Wmprvse.exe.
I checked the file on the net and found out it is one of the bad guys! But in the meantime, the application disappeared from the task manager...
So, small steps, but its nice to see something is happening!

I forgot something:
I am able to run MBAM right after an installation, but as I wrote before it freezes, and I have to restart the computer. But when I try to restart MBAM, I get 2 error messages: "runtime err 0" and "runtime err 440"... Still bad luck there..

 

[Broni]

Please, give me fresh OTL log. We'll try to remove AVG leftovers manually.

 

[Maroan]

And here it is, with standard scan properties; If you want me to change some of the properties, just let me know.

OTL logfile created on: 4/10/2011 1:48:52 AM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 88.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer
Drive C: | 232.88 Gb Total Space | 98.77 Gb Free Space | 42.41% Space Free | Partition Type: NTFS
Drive D: | 3.92 Gb Total Space | 3.88 Gb Free Space | 98.95% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2011/01/06 10:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Programmer\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/21 23:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Programmer\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/13 07:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto] -- C:\Programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/11/03 20:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programmer\Fælles filer\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/26 15:25:52 | 000,611,664 | ---- | M] (Lavasoft) [Auto] -- C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2006/10/26 08:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programmer\Fælles filer\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (MBAMSwissArmy)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (GMSIPCI)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | System] -- -- (Avgtdix)
DRV - File not found [File_System | Boot] -- -- (Avgrkx86)
DRV - File not found [File_System | System] -- -- (Avgmfx86)
DRV - File not found [Kernel | System] -- -- (Avgldx86)
DRV - File not found [Kernel | On_Demand] -- -- (AVGIDSShim)
DRV - File not found [Kernel | On_Demand] -- -- (AVGIDSFilter)
DRV - File not found [Kernel | Boot] -- -- (AVGIDSEH)
DRV - File not found [Kernel | On_Demand] -- -- (AVGIDSDriver)
DRV - [2010/05/26 10:21:00 | 000,006,144 | ---- | M] (Promethean Technologies Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\activmouse.sys -- (prmvmouse)
DRV - [2010/05/26 10:20:44 | 000,074,752 | ---- | M] (Promethean Technologies Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\activhidsermini.sys -- (ActivHidSerMini)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Programmer\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Programmer\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/08/05 16:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2006/08/22 21:53:14 | 001,723,904 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/08/01 21:53:00 | 000,168,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW)
DRV - [2006/04/06 02:20:44 | 004,258,816 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/03/22 01:24:02 | 000,018,944 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/22 01:24:00 | 000,052,736 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/03/16 06:51:32 | 000,099,840 | R--- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2005/03/09 02:53:00 | 000,036,352 | R--- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{EBDC7EC1-549E-48ee-96F7-C2252F5BBBED}: C:\Programmer\Comodo\HopSurfToolbar\hopsurfext_ff3
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programmer\AVG\AVG10\Firefox\ [2010/12/27 11:09:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Programmer\Mozilla Firefox\components [2010/12/12 08:52:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Programmer\Mozilla Firefox\plugins [2010/12/12 08:52:09 | 000,000,000 | ---D | M]

[2010/07/25 04:55:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programmer\Mozilla Firefox\extensions
[2010/10/26 04:32:55 | 000,001,525 | ---- | M] () -- C:\Programmer\Mozilla Firefox\searchplugins\amazon-co-uk.xml
[2010/10/26 04:32:55 | 000,001,178 | ---- | M] () -- C:\Programmer\Mozilla Firefox\searchplugins\wikipedia-da.xml
[2010/10/26 04:32:55 | 000,001,102 | ---- | M] () -- C:\Programmer\Mozilla Firefox\searchplugins\yahoo-dk.xml

O1 HOSTS File: ([2002/09/16 08:00:00 | 000,000,723 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Hjælp til tilmelding til Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Programmer\Softonic_English\tbSof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Programmer\Softonic_English\tbSof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [ActivControl] C:\Programmer\Activ Software\ActivDriver\ActivControl2.exe (Promethean Technologies Group Ltd)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Programmer\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programmer\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/DA-DK/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmer\Fælles filer\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmer\Fælles filer\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programmer\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/15 14:15:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Programmer\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/07 22:07:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/04/07 22:07:39 | 000,000,000 | ---D | C] -- C:\Programmer\SUPERAntiSpyware
[2011/04/06 09:36:17 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2011/04/06 08:02:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/05 14:12:26 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0

========== Files - Modified Within 30 Days ==========

[2011/04/09 07:24:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/07 22:07:41 | 000,001,651 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\SUPERAntiSpyware Free Edition.lnk
[2011/04/07 19:42:32 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/05 21:57:31 | 000,447,292 | ---- | M] () -- C:\WINDOWS\System32\perfh006.dat
[2011/04/05 21:57:31 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/05 21:57:31 | 000,077,804 | ---- | M] () -- C:\WINDOWS\System32\perfc006.dat
[2011/04/05 21:57:31 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2011/04/07 22:07:41 | 000,001,651 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\SUPERAntiSpyware Free Edition.lnk
[2010/11/10 11:45:01 | 000,023,920 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/31 15:22:26 | 000,075,776 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01e.exe
[2010/07/24 12:04:47 | 000,000,259 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/06/10 09:54:42 | 000,227,624 | ---- | C] () -- C:\WINDOWS\libactivboardex.dll
[2010/06/10 09:54:24 | 000,256,280 | ---- | C] () -- C:\WINDOWS\ActivDRV.dll
[2010/04/30 19:20:21 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DToPcM40.dat
[2009/09/30 17:41:03 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2009/09/27 08:17:36 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\legitcheckcontrol.dll.bak
[2009/09/27 08:17:36 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\LegitCheckControl.dll
[2009/09/27 08:17:36 | 000,323,072 | ---- | C] () -- C:\WINDOWS\System32\wgatray.exe.bak
[2009/09/27 08:17:36 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\wgalogon.dll.bak
[2008/12/28 05:02:46 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/12/28 04:59:48 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2008/10/31 13:17:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/05/16 06:58:04 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2008/04/18 06:32:56 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/02/21 15:50:59 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2008/02/21 13:27:21 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/02/16 06:02:28 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2008/02/15 14:35:49 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/02/15 14:32:36 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008/02/15 14:26:58 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008/02/15 14:26:58 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/02/15 14:16:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/02/15 14:14:05 | 000,021,644 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/02/15 14:11:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/02/15 14:10:41 | 000,149,200 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/08/16 13:52:54 | 000,133,583 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/08/02 09:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/03/24 01:03:00 | 000,279,552 | ---- | C] () -- C:\WINDOWS\System32\FGWVB32.DLL
[2002/09/16 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/09/16 08:00:00 | 000,447,292 | ---- | C] () -- C:\WINDOWS\System32\perfh006.dat
[2002/09/16 08:00:00 | 000,432,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/09/16 08:00:00 | 000,284,912 | ---- | C] () -- C:\WINDOWS\System32\perfi006.dat
[2002/09/16 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/09/16 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/09/16 08:00:00 | 000,077,804 | ---- | C] () -- C:\WINDOWS\System32\perfc006.dat
[2002/09/16 08:00:00 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/09/16 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/09/16 08:00:00 | 000,034,026 | ---- | C] () -- C:\WINDOWS\System32\perfd006.dat
[2002/09/16 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/09/16 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/09/16 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/09/04 05:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/09/04 05:10:20 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2011/02/01 12:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Activ Software
[2010/10/26 04:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/07/24 09:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Backup
[2010/10/26 04:46:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/10/26 04:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/02/01 12:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Promethean
[2010/11/01 13:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/02/21 19:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/11/30 04:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2011/02/22 05:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2011/02/22 06:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2011/02/22 07:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2011/02/22 08:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2011/02/22 09:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2011/02/23 10:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2011/02/24 11:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2011/02/27 12:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2011/02/27 13:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2011/02/19 20:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2011/02/27 14:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2011/02/27 15:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2011/02/27 16:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2011/02/24 17:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2011/02/24 18:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2011/02/21 19:18:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2011/02/21 20:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2011/01/02 21:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2010/04/30 19:20:22 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2010/04/30 19:20:22 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2011/01/02 21:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/04/30 19:20:22 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2010/04/30 19:20:22 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2010/04/30 19:20:22 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2010/04/30 19:20:22 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2010/11/30 04:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2010/12/16 05:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2011/02/22 06:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2011/02/22 07:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2011/02/22 08:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2011/02/22 09:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2010/04/30 12:41:52 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2011/02/23 10:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2011/02/24 11:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2011/02/27 12:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2011/02/27 13:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2011/02/27 14:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2011/02/27 15:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2011/02/27 16:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2011/02/24 17:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2011/02/24 18:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2011/02/21 19:23:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At49.job
[2010/04/30 12:41:52 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2011/02/21 20:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At50.job
[2011/01/02 21:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At51.job
[2010/05/01 04:23:44 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At52.job
[2010/05/01 04:23:44 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At53.job
[2010/05/01 04:23:44 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At54.job
[2010/05/01 04:23:44 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At55.job
[2010/05/01 04:23:44 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At56.job
[2010/05/01 04:23:44 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At57.job
[2010/11/30 04:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At58.job
[2010/12/16 05:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At59.job
[2010/04/30 12:41:52 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2011/02/22 06:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At60.job
[2011/02/22 07:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At61.job
[2011/02/22 08:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At62.job
[2011/02/22 09:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At63.job
[2011/02/23 10:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At64.job
[2011/02/24 11:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At65.job
[2011/02/27 12:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At66.job
[2011/02/27 13:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At67.job
[2011/02/27 14:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At68.job
[2011/02/27 15:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At69.job
[2010/04/30 12:41:52 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2011/02/27 16:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At70.job
[2011/02/24 17:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At71.job
[2011/02/24 18:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At72.job
[2010/04/30 12:41:52 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/04/30 12:41:52 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

========== Purity Check ==========


< End of report >

i use OTLP from the reatogo-x-pe cd, it boots and works fine so far.

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  SRV - [2011/01/06 10:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Programmer\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
  SRV - [2010/10/21 23:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Programmer\AVG\AVG10\avgwdsvc.exe -- (avgwd)
  DRV - File not found [Kernel | System] -- -- (Avgtdix)
  DRV - File not found [File_System | Boot] -- -- (Avgrkx86)
  DRV - File not found [File_System | System] -- -- (Avgmfx86)
  DRV - File not found [Kernel | System] -- -- (Avgldx86)
  DRV - File not found [Kernel | On_Demand] -- -- (AVGIDSShim)
  DRV - File not found [Kernel | On_Demand] -- -- (AVGIDSFilter)
  DRV - File not found [Kernel | Boot] -- -- (AVGIDSEH)
  DRV - File not found [Kernel | On_Demand] -- -- (AVGIDSDriver)
  IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
  FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programmer\AVG\AVG10\Firefox\ [2010/12/27 11:09:16 | 000,000,000 | ---D | M]
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
  O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
  O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
  O4 - HKLM..\Run: [AVG_TRAY] C:\Programmer\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
  O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
  O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
  O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
  O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
  O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
  O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
  O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
  O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Programmer\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
  [2010/10/26 04:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
  [2011/02/21 19:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
  [2010/11/30 04:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
  [2011/02/22 05:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
  [2011/02/22 06:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
  [2011/02/22 07:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
  [2011/02/22 08:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
  [2011/02/22 09:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
  [2011/02/23 10:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
  [2011/02/24 11:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
  [2011/02/27 12:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
  [2011/02/27 13:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
  [2011/02/19 20:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
  [2011/02/27 14:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
  [2011/02/27 15:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
  [2011/02/27 16:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
  [2011/02/24 17:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
  [2011/02/24 18:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
  [2011/02/21 19:18:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
  [2011/02/21 20:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
  [2011/01/02 21:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
  [2010/04/30 19:20:22 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
  [2010/04/30 19:20:22 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
  [2011/01/02 21:17:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
  [2010/04/30 19:20:22 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
  [2010/04/30 19:20:22 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
  [2010/04/30 19:20:22 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
  [2010/04/30 19:20:22 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
  [2010/11/30 04:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
  [2010/12/16 05:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
  [2011/02/22 06:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
  [2011/02/22 07:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
  [2011/02/22 08:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
  [2011/02/22 09:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
  [2010/04/30 12:41:52 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
  [2011/02/23 10:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
  [2011/02/24 11:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
  [2011/02/27 12:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
  [2011/02/27 13:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
  [2011/02/27 14:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
  [2011/02/27 15:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
  [2011/02/27 16:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
  [2011/02/24 17:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
  [2011/02/24 18:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
  [2011/02/21 19:23:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At49.job
  [2010/04/30 12:41:52 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
  [2011/02/21 20:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At50.job
  [2011/01/02 21:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At51.job
  [2010/05/01 04:23:44 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At52.job
  [2010/05/01 04:23:44 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At53.job
  [2010/05/01 04:23:44 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At54.job
  [2010/05/01 04:23:44 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At55.job
  [2010/05/01 04:23:44 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At56.job
  [2010/05/01 04:23:44 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At57.job
  [2010/11/30 04:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At58.job
  [2010/12/16 05:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At59.job
  [2010/04/30 12:41:52 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
  [2011/02/22 06:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At60.job
  [2011/02/22 07:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At61.job
  [2011/02/22 08:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At62.job
  [2011/02/22 09:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At63.job
  [2011/02/23 10:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At64.job
  [2011/02/24 11:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At65.job
  [2011/02/27 12:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At66.job
  [2011/02/27 13:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At67.job
  [2011/02/27 14:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At68.job
  [2011/02/27 15:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At69.job
  [2010/04/30 12:41:52 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
  [2011/02/27 16:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At70.job
  [2011/02/24 17:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At71.job
  [2011/02/24 18:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At72.job
  [2010/04/30 12:41:52 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
  [2010/04/30 12:41:52 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
  
  :Services
  
  :Reg
  
  :Files
  C:\Programmer\AVG
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.

 

[Maroan]

The computer freezed after the custom scan, so I was not able to save any log. I rebooted the computer and did a quick scan, and here is the log:

OTL logfile created on: 4/10/2011 3:50:56 AM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 88.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer
Drive C: | 232.88 Gb Total Space | 98.76 Gb Free Space | 42.41% Space Free | Partition Type: NTFS
Drive D: | 3.92 Gb Total Space | 3.88 Gb Free Space | 98.95% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (AVGIDSAgent)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2010/10/21 23:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Programmer\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/13 07:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto] -- C:\Programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/11/03 20:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programmer\Fælles filer\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/26 15:25:52 | 000,611,664 | ---- | M] (Lavasoft) [Auto] -- C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2006/10/26 08:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programmer\Fælles filer\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (MBAMSwissArmy)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (GMSIPCI)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | System] -- -- (Avgtdix)
DRV - File not found [File_System | Boot] -- -- (Avgrkx86)
DRV - File not found [File_System | System] -- -- (Avgmfx86)
DRV - File not found [Kernel | System] -- -- (Avgldx86)
DRV - File not found [Kernel | On_Demand] -- -- (AVGIDSShim)
DRV - File not found [Kernel | On_Demand] -- -- (AVGIDSFilter)
DRV - File not found [Kernel | Boot] -- -- (AVGIDSEH)
DRV - File not found [Kernel | On_Demand] -- -- (AVGIDSDriver)
DRV - [2010/05/26 10:21:00 | 000,006,144 | ---- | M] (Promethean Technologies Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\activmouse.sys -- (prmvmouse)
DRV - [2010/05/26 10:20:44 | 000,074,752 | ---- | M] (Promethean Technologies Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\activhidsermini.sys -- (ActivHidSerMini)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Programmer\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Programmer\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/08/05 16:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2006/08/22 21:53:14 | 001,723,904 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/08/01 21:53:00 | 000,168,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW)
DRV - [2006/04/06 02:20:44 | 004,258,816 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/03/22 01:24:02 | 000,018,944 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/22 01:24:00 | 000,052,736 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/03/16 06:51:32 | 000,099,840 | R--- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2005/03/09 02:53:00 | 000,036,352 | R--- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{EBDC7EC1-549E-48ee-96F7-C2252F5BBBED}: C:\Programmer\Comodo\HopSurfToolbar\hopsurfext_ff3
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programmer\AVG\AVG10\Firefox\ [2010/12/27 11:09:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Programmer\Mozilla Firefox\components [2010/12/12 08:52:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Programmer\Mozilla Firefox\plugins [2010/12/12 08:52:09 | 000,000,000 | ---D | M]

[2010/07/25 04:55:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programmer\Mozilla Firefox\extensions
[2010/10/26 04:32:55 | 000,001,525 | ---- | M] () -- C:\Programmer\Mozilla Firefox\searchplugins\amazon-co-uk.xml
[2010/10/26 04:32:55 | 000,001,178 | ---- | M] () -- C:\Programmer\Mozilla Firefox\searchplugins\wikipedia-da.xml
[2010/10/26 04:32:55 | 000,001,102 | ---- | M] () -- C:\Programmer\Mozilla Firefox\searchplugins\yahoo-dk.xml

O1 HOSTS File: ([2002/09/16 08:00:00 | 000,000,723 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Hjælp til tilmelding til Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Programmer\Softonic_English\tbSof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Programmer\Softonic_English\tbSof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [ActivControl] C:\Programmer\Activ Software\ActivDriver\ActivControl2.exe (Promethean Technologies Group Ltd)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Programmer\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programmer\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/DA-DK/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmer\Fælles filer\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmer\Fælles filer\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programmer\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/15 14:15:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Programmer\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\tasks\At24.job
File not found -- C:\WINDOWS\tasks\At23.job
File not found -- C:\WINDOWS\tasks\At22.job
File not found -- C:\WINDOWS\tasks\At21.job
File not found -- C:\WINDOWS\tasks\At20.job
File not found -- C:\WINDOWS\tasks\At2.job
File not found -- C:\WINDOWS\tasks\At19.job
File not found -- C:\WINDOWS\tasks\At18.job
File not found -- C:\WINDOWS\tasks\At17.job
File not found -- C:\WINDOWS\tasks\At16.job
File not found -- C:\WINDOWS\tasks\At15.job
File not found -- C:\WINDOWS\tasks\At14.job
File not found -- C:\WINDOWS\tasks\At13.job
File not found -- C:\WINDOWS\tasks\At12.job
File not found -- C:\WINDOWS\tasks\At11.job
File not found -- C:\WINDOWS\tasks\At10.job
File not found -- C:\WINDOWS\tasks\At1.job
[2011/04/10 02:38:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/07 22:07:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/04/07 22:07:39 | 000,000,000 | ---D | C] -- C:\Programmer\SUPERAntiSpyware
[2011/04/06 09:36:17 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2011/04/06 08:02:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/05 14:12:26 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\tasks\At24.job
File not found -- C:\WINDOWS\tasks\At23.job
File not found -- C:\WINDOWS\tasks\At22.job
File not found -- C:\WINDOWS\tasks\At21.job
File not found -- C:\WINDOWS\tasks\At20.job
File not found -- C:\WINDOWS\tasks\At2.job
File not found -- C:\WINDOWS\tasks\At19.job
File not found -- C:\WINDOWS\tasks\At18.job
File not found -- C:\WINDOWS\tasks\At17.job
File not found -- C:\WINDOWS\tasks\At16.job
File not found -- C:\WINDOWS\tasks\At15.job
File not found -- C:\WINDOWS\tasks\At14.job
File not found -- C:\WINDOWS\tasks\At13.job
File not found -- C:\WINDOWS\tasks\At12.job
File not found -- C:\WINDOWS\tasks\At11.job
File not found -- C:\WINDOWS\tasks\At10.job
File not found -- C:\WINDOWS\tasks\At1.job
[2011/04/09 07:24:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/07 22:07:41 | 000,001,651 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\SUPERAntiSpyware Free Edition.lnk
[2011/04/07 19:42:32 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/05 21:57:31 | 000,447,292 | ---- | M] () -- C:\WINDOWS\System32\perfh006.dat
[2011/04/05 21:57:31 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/05 21:57:31 | 000,077,804 | ---- | M] () -- C:\WINDOWS\System32\perfc006.dat
[2011/04/05 21:57:31 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2011/04/10 02:38:34 | 002,234,368 | R--- | C] () -- C:\OTLPE.exe
[2011/04/07 22:07:41 | 000,001,651 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\SUPERAntiSpyware Free Edition.lnk
[2010/11/10 11:45:01 | 000,023,920 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/31 15:22:26 | 000,075,776 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01e.exe
[2010/07/24 12:04:47 | 000,000,259 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/06/10 09:54:42 | 000,227,624 | ---- | C] () -- C:\WINDOWS\libactivboardex.dll
[2010/06/10 09:54:24 | 000,256,280 | ---- | C] () -- C:\WINDOWS\ActivDRV.dll
[2010/04/30 19:20:21 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DToPcM40.dat
[2009/09/30 17:41:03 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2009/09/27 08:17:36 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\legitcheckcontrol.dll.bak
[2009/09/27 08:17:36 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\LegitCheckControl.dll
[2009/09/27 08:17:36 | 000,323,072 | ---- | C] () -- C:\WINDOWS\System32\wgatray.exe.bak
[2009/09/27 08:17:36 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\wgalogon.dll.bak
[2008/12/28 05:02:46 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/12/28 04:59:48 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2008/10/31 13:17:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/05/16 06:58:04 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2008/04/18 06:32:56 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/02/21 15:50:59 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2008/02/21 13:27:21 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/02/16 06:02:28 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2008/02/15 14:35:49 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/02/15 14:32:36 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008/02/15 14:26:58 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008/02/15 14:26:58 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/02/15 14:16:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/02/15 14:14:05 | 000,021,644 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/02/15 14:11:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/02/15 14:10:41 | 000,149,200 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/08/16 13:52:54 | 000,133,583 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/08/02 09:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/03/24 01:03:00 | 000,279,552 | ---- | C] () -- C:\WINDOWS\System32\FGWVB32.DLL
[2002/09/16 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/09/16 08:00:00 | 000,447,292 | ---- | C] () -- C:\WINDOWS\System32\perfh006.dat
[2002/09/16 08:00:00 | 000,432,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/09/16 08:00:00 | 000,284,912 | ---- | C] () -- C:\WINDOWS\System32\perfi006.dat
[2002/09/16 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/09/16 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/09/16 08:00:00 | 000,077,804 | ---- | C] () -- C:\WINDOWS\System32\perfc006.dat
[2002/09/16 08:00:00 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/09/16 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/09/16 08:00:00 | 000,034,026 | ---- | C] () -- C:\WINDOWS\System32\perfd006.dat
[2002/09/16 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/09/16 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/09/16 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/09/04 05:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/09/04 05:10:20 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2011/02/01 12:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Activ Software
[2011/04/10 02:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/07/24 09:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Backup
[2010/10/26 04:46:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/10/26 04:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/02/01 12:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Promethean
[2010/11/01 13:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
File not found --
File not found --
File not found --
File not found --
File not found --
File not found --
File not found --
File not found --
File not found --
File not found --
File not found --
File not found --
File not found --
File not found --
File not found --
File not found --
File not found --
[2011/02/22 08:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At62.job
[2011/02/22 09:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At63.job
[2011/02/23 10:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At64.job
[2011/02/24 11:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At65.job
[2011/02/27 12:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At66.job
[2011/02/27 13:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At67.job
[2011/02/27 14:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At68.job
[2011/02/27 15:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At69.job
[2010/04/30 12:41:52 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2011/02/27 16:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At70.job
[2011/02/24 17:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At71.job
[2011/02/24 18:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At72.job
[2010/04/30 12:41:52 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/04/30 12:41:52 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

========== Purity Check ==========


< End of report >

And I still get messages about files that are corrupted in the AVG10 map...

 

[Broni]

You're supposed to click on "Run Fix" button, not on "Quick scan" button.
We need to remove those items.

 

[Maroan]

I pasted the script and ran "run fix". it did the job and then the computer freezed..
I rebooted and did the quick scan, as you wrote!

 

[Broni]

Restart in Safe Mode, run the fix one more time, post its log and then "Quick scan" from NORMAL mode.

 

[Maroan]

I have run OTL from a boot cd so far, does that mean I have to install OTL to the harddrive?

 

[Broni]

I see.
Yeah...
Download OTL to your Desktop.

 

[Maroan]

Well still no luck: I have installed OTL to the desktop, and ran the script. It stops with the following message:
"File or map: C:\documents and settings\all users\aplications data\Avg10\log is corrupt and cannot be read. Run Chkdsk"

I get the same message with C:\programs\AVG10\identity Protection file...

And I still cant boot in normal mode...