Solved Need help removing rootkit

J

jakobdk

Posts: 14   +0
Hi,

I am currently visiting my parents and have noticed that they seem to have a rootkit installed on their computer. I need help removing this.

The rootkit seems to occasionally produce popups, although it doesn't happen often. They have not noticed anything else.

I have updated all programs using Secunia PSI. I then ran a complete scan using ESET online scanner - it found two threats in Windows' temporary folder (both were deleted).

I have read this thread: https://www.techspot.com/vb/topic155164.html
Here it is suggested to use the Bootkit Remover program, and (if it fails) to run TDSSkiller and then once again run Bootkit Remover. I ran Bootkit Remover and it detected a rootkit. I tried using the approact from the thread mentioned above, but the fix file will not work. Bootkit Remover reports:
CreateFile() ERROR 2
Error: Can't open physical disc device.
I then ran TDSSkiller, but it reports that everything is ok, and did not find any infection(s).

So... I think I need expert help on this one. I have therefore followed the six step preliminary removal instructions.

My parents' computer has AVG (free edition) installed.

I will post the logs below and hope that someone more skilled than me is able to help. I will be visiting my parents until Sunday, so any solution must be found during this week (I live far from my parents, so I can't visit them often).

---

MBAM log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5074

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

08-11-2010 16:45:23
mbam-log-2010-11-08 (16-45-23).txt

Scan type: Quick scan
Objects scanned: 137918
Time elapsed: 3 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


----

GMER log:

This log was empty, as GMER did not find anything. I did press save after GMER reported that everything was OK, but the log was empty.

----

DDS logs (DDS and Attach):


DDS (Ver_10-11-08.01) - NTFS_AMD64
Run by Schmidt at 17:18:14,06 on 08-11-2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.45.1030.18.1791.768 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Schmidt\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.houseofmagic.dk/
mWinlogon: Userinit=userinit.exe
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: Hjælp til logon til Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\Schmidt\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Google Sidewiki ... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
Trusted Zone: danid.dk
Trusted Zone: danid.dk
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AA58ED58-01DD-4d91-8333-CF10577473F7}
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [FullScreen] C:\BLOCK\CFG\flexbuild\FullScreen\launchFS.cmd
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
mRun-x64: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
AppInit_DLLs-X64: avgrssta.dll

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Schmidt\AppData\Roaming\Mozilla\Firefox\Profiles\4wv6w9o3.default\
FF - component: C:\Program Files (x86)\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npmidas.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
C:\Program Files (x86)\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");

============= SERVICES / DRIVERS ===============

R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2010-8-2 269904]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2010-8-2 35536]
R1 AvgTdiA;AVG Free Network Redirector x64;C:\Windows\System32\drivers\avgtdia.sys [2010-8-2 317520]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-5-10 202752]
R2 avg9emc;AVG Free E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2010-8-2 921952]
R2 avg9wd;AVG Free WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-8-2 308136]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-6-8 635416]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atipmdag.sys [2010-5-10 6366720]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-5-10 186880]
R3 lvpepf64;Volume Adapter;C:\Windows\System32\drivers\lv302a64.sys [2007-5-9 16032]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2007-5-9 50208]
R3 netr28ux;Driver til trådløst RT2870 USB LAN-kort til Vista;C:\Windows\System32\drivers\netr28ux.sys [2009-6-10 867328]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-5-10 346144]
S2 gupdate;Tjenesten Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-30 136176]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-31 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-7-7 17464]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-5-10 243744]
S3 WatAdminSvc;Tjenesten Windows Aktivering;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-2 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

=============== Created Last 30 ================

2010-11-08 15:57:20 -------- d-----w- C:\Users\Schmidt\AppData\Roaming\AVG9
2010-11-08 15:41:35 -------- d-----w- C:\Users\Schmidt\AppData\Roaming\Malwarebytes
2010-11-08 15:41:29 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-11-08 15:41:28 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-11-08 15:41:28 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-11-08 15:41:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-11-08 13:50:30 -------- d-----w- C:\Program Files (x86)\ESET
2010-11-06 15:32:08 -------- d-----w- C:\Windows\System32\drivers\NSSx64\0207030.022
2010-11-06 15:32:08 -------- d-----w- C:\Windows\System32\drivers\NSSx64
2010-11-06 15:32:08 -------- d-----w- C:\Program Files (x86)\Norton Security Scan
2010-11-06 15:32:08 -------- d-----w- C:\PROGRA~3\Symantec
2010-11-06 15:32:07 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2010-11-06 12:32:23 -------- d-----w- C:\Windows\SysWow64\Adobe
2010-10-31 08:11:56 -------- d-----w- C:\Users\Schmidt\AppData\Roaming\Windows Live Writer
2010-10-31 08:11:56 -------- d-----w- C:\Users\Schmidt\AppData\Local\Windows Live Writer
2010-10-31 04:57:50 -------- d-----w- C:\Windows\da
2010-10-31 04:57:11 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2010-10-31 04:56:08 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2010-10-31 04:55:23 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2010-10-31 04:55:23 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2010-10-31 04:55:23 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2010-10-31 04:55:23 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2010-10-31 04:55:20 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2010-10-31 04:55:20 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2010-10-31 04:53:49 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9a9e01c31cb78b72d\InstallManager_WLE_WLE.exe
2010-10-31 04:53:20 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8a23fb611cb78b724\MeshBetaRemover.exe
2010-10-31 04:52:55 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7ae42aa31cb78b71c\DSETUP.dll
2010-10-31 04:52:55 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7ae42aa31cb78b71c\DXSETUP.exe
2010-10-31 04:52:55 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7ae42aa31cb78b71c\dsetup32.dll
2010-10-31 04:52:43 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\736a58491cb78b71a\DSETUP.dll
2010-10-31 04:52:43 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\736a58491cb78b71a\DXSETUP.exe
2010-10-31 04:52:43 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\736a58491cb78b71a\dsetup32.dll
2010-10-31 04:51:16 -------- d-----w- C:\Users\Schmidt\AppData\Local\Windows Live
2010-10-31 04:50:43 206848 ----a-w- C:\Windows\System32\mfps.dll
2010-10-31 04:50:42 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
2010-10-31 04:50:42 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2010-10-31 04:50:42 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2010-10-31 04:50:42 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2010-10-31 04:50:41 4068864 ----a-w- C:\Windows\System32\mf.dll
2010-10-31 04:50:41 3181568 ----a-w- C:\Windows\SysWow64\mf.dll
2010-10-27 03:49:53 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2010-10-27 03:49:53 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2010-10-27 03:49:53 552960 ----a-w- C:\Windows\System32\msdri.dll
2010-10-27 03:49:53 288256 ----a-w- C:\Windows\System32\MSNP.ax
2010-10-27 03:49:53 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
2010-10-27 03:49:53 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2010-10-27 03:49:53 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2010-10-27 03:49:48 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2010-10-22 11:43:18 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2010-10-22 11:43:18 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2010-10-14 03:56:47 171880 ----a-w- C:\PROGRA~3\Microsoft\Windows\Sqm\Manifest\Sqm10134.bin
2010-10-13 19:42:27 -------- d-----w- C:\06794359eaf334fa119af69407d87e

==================== Find3M ====================

2010-09-22 23:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2010-09-22 23:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR
2010-09-21 13:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL
2010-09-21 13:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
2010-09-15 03:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll

============= FINISH: 17:18:33,45 ===============




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-08.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 02-08-2010 13:18:46
System Uptime: 11-08-2010 16:38:32 (2137 hours ago)

Motherboard: FOXCONN | | 2AAF
Processor: AMD Athlon(tm) II X2 215 Processor | CPU 1 | 2700/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 289 GiB total, 224,511 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 0,95 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP38: 08-10-2010 20:44:45 - Windows Update
RP39: 13-10-2010 21:41:47 - Windows Update
RP40: 21-10-2010 07:57:25 - Planlagt kontrolpunkt
RP41: 27-10-2010 09:14:44 - Avg Update
RP42: 27-10-2010 22:01:57 - Windows Update
RP43: 31-10-2010 05:50:19 - Windows Update
RP44: 31-10-2010 10:20:56 - HPSF Restore Point
RP45: 03-11-2010 17:44:38 - HPSF Restore Point
RP46: 08-11-2010 13:39:51 - Installed Java(TM) 6 Update 22
RP47: 08-11-2010 14:46:01 - Removed Adobe Reader 9.4.0 - Dansk.
RP48: 08-11-2010 16:07:27 - Installed 7-Zip 4.65 (x64 edition)

==== Installed Programs ======================


ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.5
Agatha Christie - Death on the Nile
AVG Free 9.0
Bejeweled 2 Deluxe
Blasterball 3
Bus Driver
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 3.0
Canon MP640 series Brugerregistrering
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CD-LabelPrint
Chuzzle Deluxe
csp
D3DX10
Digital Signatur
Diner Dash 2 Restaurant Rescue
Dream Chronicles
ESET Online Scanner v3
FATE
Foxit Reader
Gem Shop
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
HP Customer Experience Enhancements
HP Game Console
HP Games
HP Odometer
HP Support Assistant
HP Support Information
HP Update
HPAsset component for HP Active Support Library
Insaniquarium Deluxe
Java Auto Updater
Java(TM) 6 Update 22
Jewel Quest II
Jewel Quest Solitaire
Junk Mail filter update
king.com (remove only)
Kompatibilitetspakke til Office 2007-systemet
LabelPrint
LightScribe System Software
Magic Desktop
Mahjongg Artifacts
Malwarebytes' Anti-Malware
Mesh Runtime
Messenger Companion
Microsoft Office PowerPoint Viewer 2007 (Danish)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox (3.6.12)
MSVCRT
MSVCRT_amd64
Mystery P.I. - The Vegas Heist
Norton Security Scan
OpenOffice.org 3.2
PDF Complete Special Edition
Penguins!
Photoshop 7
Pixeline
Polar Bowler
Power2Go
Prøveversion af Microsoft Office Home and Student 2007
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Recovery Manager
Secunia PSI
Silke
Skype™ 4.2
Slingo Deluxe
Virtual Villagers - The Secret City
Visual C++ 8.0 Runtime Setup Package (x64)
VLC media player 1.1.4
Wedding Dash
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX-objekt til fjernforbindelser
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Zuma Deluxe

==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Never attempt to follow any advice from other topics, because every computer is unique.

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.
 
Thanks for the reply :)

I ran the program as administrator and have attached the log file here:


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: FOXCONN
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: Hewlett-Packard
System Product Name: SG3-110SC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 176):
0x02A55000 \SystemRoot\system32\ntoskrnl.exe
0x02A0C000 \SystemRoot\system32\hal.dll
0x00B89000 \SystemRoot\system32\kdcom.dll
0x00C8B000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C98000 \SystemRoot\system32\PSHED.dll
0x00CAC000 \SystemRoot\system32\CLFS.SYS
0x00D0A000 \SystemRoot\system32\CI.dll
0x00EAB000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F4F000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F5E000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FB5000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FBE000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00FC8000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E00000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E0D000 \SystemRoot\System32\drivers\partmgr.sys
0x00E22000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E37000 \SystemRoot\System32\drivers\volmgrx.sys
0x00DCA000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E93000 \SystemRoot\system32\DRIVERS\amdsata.sys
0x00C00000 \SystemRoot\system32\DRIVERS\storport.sys
0x00C62000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01045000 \SystemRoot\system32\drivers\fltmgr.sys
0x01091000 \SystemRoot\system32\drivers\fileinfo.sys
0x0123E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x010A5000 \SystemRoot\System32\Drivers\msrpc.sys
0x013E1000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01103000 \SystemRoot\System32\Drivers\cng.sys
0x01200000 \SystemRoot\System32\drivers\pcw.sys
0x01211000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01467000 \SystemRoot\system32\drivers\ndis.sys
0x01559000 \SystemRoot\system32\drivers\NETIO.SYS
0x015B9000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01602000 \SystemRoot\System32\drivers\tcpip.sys
0x01400000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01176000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0144A000 \SystemRoot\System32\Drivers\spldr.sys
0x011C2000 \SystemRoot\System32\drivers\rdyboost.sys
0x01452000 \SystemRoot\System32\Drivers\mup.sys
0x015E4000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01000000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0121B000 \SystemRoot\system32\DRIVERS\disk.sys
0x0185D000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x018CC000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x018F6000 \SystemRoot\System32\Drivers\Null.SYS
0x018FF000 \SystemRoot\System32\Drivers\Beep.SYS
0x01906000 \SystemRoot\System32\drivers\vga.sys
0x01914000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01939000 \SystemRoot\System32\drivers\watchdog.sys
0x01949000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01952000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0195B000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01964000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0196F000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01980000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0199E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x019AB000 \SystemRoot\System32\Drivers\avgtdia.sys
0x01800000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03A4D000 \SystemRoot\system32\drivers\afd.sys
0x03AD7000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03AE0000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03B06000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03B1C000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03B2B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03B46000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03B5A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03BAB000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03BB7000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03BC2000 \SystemRoot\System32\drivers\discache.sys
0x03BD1000 \SystemRoot\System32\Drivers\dfsc.sys
0x03BEF000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03A00000 \SystemRoot\System32\Drivers\avgmfx64.sys
0x03C58000 \SystemRoot\System32\Drivers\avgldx64.sys
0x03C9F000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03CC5000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x03CDA000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x03E8D000 \SystemRoot\system32\DRIVERS\atipmdag.sys
0x044F1000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03E00000 \SystemRoot\System32\drivers\dxgmms1.sys
0x03D0E000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x03E46000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x03D65000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03E51000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03E62000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x045E5000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x045EE000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x03DBB000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03DD1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03C00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03C0C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03C3B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03A08000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03A29000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x01845000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x015ED000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x045FE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0487E000 \SystemRoot\system32\DRIVERS\ks.sys
0x048C1000 \SystemRoot\system32\DRIVERS\umbus.sys
0x048D3000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0492D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04CFC000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x04F34000 \SystemRoot\system32\drivers\portcls.sys
0x04F71000 \SystemRoot\system32\drivers\drmk.sys
0x04F93000 \SystemRoot\system32\drivers\ksthunk.sys
0x00000000 \SystemRoot\System32\win32k.sys
0x04F99000 \SystemRoot\System32\drivers\Dxapi.sys
0x04FA5000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04FB3000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x04FBD000 \SystemRoot\System32\Drivers\dump_amdsata.sys
0x04FD1000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x04FE4000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x04C00000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x04C19000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x04C22000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04C24000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0245B000 \SystemRoot\system32\DRIVERS\netr28ux.sys
0x02537000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x02544000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x02551000 \SystemRoot\system32\DRIVERS\LVUSBS64.sys
0x0267D000 \SystemRoot\system32\DRIVERS\LV302V64.SYS
0x0278F000 \SystemRoot\system32\DRIVERS\lv302a64.sys
0x02792000 \SystemRoot\system32\drivers\usbaudio.sys
0x027AD000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x027BB000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00530000 \SystemRoot\System32\TSDDD.dll
0x006D0000 \SystemRoot\System32\cdd.dll
0x027C9000 \SystemRoot\system32\drivers\luafv.sys
0x02600000 \SystemRoot\system32\drivers\WudfPf.sys
0x02621000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0255C000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02636000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02649000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x04649000 \SystemRoot\system32\drivers\HTTP.sys
0x04711000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0472F000 \SystemRoot\System32\drivers\mpsdrv.sys
0x04747000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x04774000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x047C2000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x04C41000 \SystemRoot\system32\drivers\peauth.sys
0x047E5000 \SystemRoot\System32\Drivers\secdrv.SYS
0x04600000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0462D000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0494F000 \SystemRoot\System32\DRIVERS\srv2.sys
0x05602000 \SystemRoot\System32\DRIVERS\srv.sys
0x0573A000 \??\C:\Users\Schmidt\AppData\Local\Temp\esihdrv.sys
0x77090000 \Windows\System32\ntdll.dll
0x484C0000 \Windows\System32\smss.exe
0xFF3B0000 \Windows\System32\apisetschema.dll
0xFFBD0000 \Windows\System32\autochk.exe
0xFE610000 \Windows\System32\shell32.dll
0xFE570000 \Windows\System32\msvcrt.dll
0xFE550000 \Windows\System32\sechost.dll
0xFE540000 \Windows\System32\nsi.dll
0xFE2E0000 \Windows\System32\iertutil.dll
0xFE270000 \Windows\System32\gdi32.dll
0xFE140000 \Windows\System32\rpcrt4.dll
0xFE130000 \Windows\System32\lpk.dll
0x77260000 \Windows\System32\psapi.dll
0xFE020000 \Windows\System32\msctf.dll
0xFDF50000 \Windows\System32\usp10.dll
0x76F90000 \Windows\System32\user32.dll
0xFDE70000 \Windows\System32\oleaut32.dll
0xFDCF0000 \Windows\System32\urlmon.dll
0xFDC70000 \Windows\System32\difxapi.dll
0xFDB90000 \Windows\System32\advapi32.dll
0xFDB40000 \Windows\System32\Wldap32.dll
0xFDA10000 \Windows\System32\wininet.dll
0x77250000 \Windows\System32\normaliz.dll
0xFD970000 \Windows\System32\comdlg32.dll
0xFD790000 \Windows\System32\setupapi.dll
0xFD740000 \Windows\System32\ws2_32.dll
0xFD530000 \Windows\System32\ole32.dll
0xFD490000 \Windows\System32\clbcatq.dll
0xFD470000 \Windows\System32\imagehlp.dll
0x76E70000 \Windows\System32\kernel32.dll
0xFD3F0000 \Windows\System32\shlwapi.dll
0xFD3C0000 \Windows\System32\imm32.dll

Processes (total 60):
0 System Idle Process
4 System
272 C:\Windows\System32\smss.exe
404 csrss.exe
484 C:\Windows\System32\wininit.exe
504 csrss.exe
512 C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
520 C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
584 C:\Windows\System32\services.exe
604 C:\Windows\System32\lsass.exe
612 C:\Windows\System32\lsm.exe
640 C:\Windows\System32\winlogon.exe
720 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
816 C:\Windows\System32\svchost.exe
108 C:\Windows\System32\svchost.exe
380 C:\Windows\System32\atiesrxx.exe
964 C:\Windows\System32\svchost.exe
1052 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\svchost.exe
1196 C:\Windows\System32\svchost.exe
1292 C:\Windows\System32\svchost.exe
1416 C:\Windows\System32\atieclxx.exe
1524 C:\Windows\System32\spoolsv.exe
1552 C:\Windows\System32\svchost.exe
1736 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
1896 C:\Windows\System32\taskhost.exe
2012 C:\Windows\SysWOW64\ezSharedSvcHost.exe
1148 C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
1240 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
1484 C:\Program Files (x86)\PDF Complete\pdfsvc.exe
1852 C:\Windows\System32\svchost.exe
2136 C:\Windows\System32\dwm.exe
2168 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2176 C:\Windows\explorer.exe
2416 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2580 C:\Program Files (x86)\AVG\AVG9\avgemc.exe
2636 C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
2888 C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
2392 C:\Windows\System32\svchost.exe
3084 C:\Windows\System32\svchost.exe
3352 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
3512 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
3544 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3624 C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
3684 C:\Program Files (x86)\AVG\AVG9\avgtray.exe
3692 C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
3708 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
4056 C:\Windows\System32\SearchIndexer.exe
3180 C:\Program Files\Windows Media Player\wmpnetwk.exe
3156 C:\Windows\System32\svchost.exe
4216 dllhost.exe
4548 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
4664 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
1860 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
5048 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
4208 C:\Windows\System32\SearchProtocolHost.exe
6140 C:\Windows\System32\SearchFilterHost.exe
6096 C:\Users\Schmidt\Desktop\MBRCheck.exe
1596 C:\Windows\System32\conhost.exe
4140 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06507e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000048`28600000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200AAJS-60Z0A0, Rev: 03.03E03

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: FD32BFBB6B937A8EE2C6B7CF9EDBB28988C59346


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
 
It looks like there is something wrong with your MBR...

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

  • Place a blank CD in your CD drive.
  • Double click on NTBR_CD.exe file and a folder of the same name will appear.
  • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
  • Follow the prompts to burn the CD.
  • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
  • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
  • Insert the newly created CD into your infected PC and reboot your computer.
  • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
  • Read the warning and then continue as prompted.
  • You first need to select your keyboard layout - press Enter for English.
  • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
  • On the following screen enter 5 to select Install Standard MBR code.
  • Enter 2 to overwrite the infected MBR Code with the Windows 7 MBR code.
  • When asked to confirm please do so.
  • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
  • Eject the disc and then press ctrl+alt+del to reboot the PC.
Once rebooted, run MBRCheck again and post its log.
 
Thanks for the instructions.

I burned the CD-ROM and booted from it, but I get an error message:
EMM386:no XMS handler found, required
something failed - driver aborted

Please advice as to what I should do.
 
OK, we'll try different way...

If you have Vista/7 DVD...

start with step 2

If you don't have Vista/7 DVD...

1. Create Vista/7 Recovery Disc.

Option 1 :
Vista: http://www.c4consulting.com.au/soluctions/vista/VISTA SOLUCTIONS.htm
Windows 7: http://www.guidingtech.com/3816/system-repair-recovery-disc-windows-7/

Option 2:
Download Vista Recovery Disc iso image: http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/
Download Windows 7 Recovery Disc iso image: http://neosmart.net/blog/2009/windows-7-system-repair-discs/
Burn it to CD, or DVD: http://neosmart.net/wiki/display/G/Burning+ISO+Images+to+a+CD+or+DVD

2. Boot from created disk.

Vista users. At first screen click on Repair your computer:
setup-option.jpg


Windows 7 users. At first screen click on Install now:
25672d1251414873-mbr-restore-windows-7-master-boot-record-mbr_02.png

Select your language and click next:
25673d1251414836-mbr-restore-windows-7-master-boot-record-mbr_03.png

Click the button for "Use recovery tools":
25674d1251414836-mbr-restore-windows-7-master-boot-record-mbr_04.png


The following applies to both, Vista and Windows 7 users.

This will bring you to a new screen where the repair process will look for all Windows Vista/7 installations on your computer. When done you will be presented with the System Recovery Options dialog box:
system-recovery-options.jpg

After this, it will present you with a list of options including startup repair, system restore and command prompt:
systemrecovery.jpg

Select Command Prompt

Type in:
bootrec /FixMbr (<--- there is a "space" after "bootrec")
and then press Enter

Once completed then type Exit, press Enter and restart computer.

Post fresh MBRCheck log.
 
Thank you for taking the time to help me :)

I created a recovery disc (Windows 7) using option 1 from your list.

I booted from it and followed your instructions. I was told that the operation completed succesfully. I then rebooted the computer and ran MBRCheck. I have copied the log here:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: FOXCONN
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: Hewlett-Packard
System Product Name: SG3-110SC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 183):
0x02A18000 \SystemRoot\system32\ntoskrnl.exe
0x02FF4000 \SystemRoot\system32\hal.dll
0x00BB8000 \SystemRoot\system32\kdcom.dll
0x00C53000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C60000 \SystemRoot\system32\PSHED.dll
0x00C74000 \SystemRoot\system32\CLFS.SYS
0x00CD2000 \SystemRoot\system32\CI.dll
0x00EA5000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F49000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F58000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FAF000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FB8000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00FC2000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E00000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E0D000 \SystemRoot\System32\drivers\partmgr.sys
0x00E22000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E37000 \SystemRoot\System32\drivers\volmgrx.sys
0x00D92000 \SystemRoot\System32\drivers\mountmgr.sys
0x00DAC000 \SystemRoot\system32\DRIVERS\amdsata.sys
0x01058000 \SystemRoot\system32\DRIVERS\storport.sys
0x010BA000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x010C5000 \SystemRoot\system32\drivers\fltmgr.sys
0x01111000 \SystemRoot\system32\drivers\fileinfo.sys
0x01259000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01125000 \SystemRoot\System32\Drivers\msrpc.sys
0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01183000 \SystemRoot\System32\Drivers\cng.sys
0x0121A000 \SystemRoot\System32\drivers\pcw.sys
0x0122B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01412000 \SystemRoot\system32\drivers\ndis.sys
0x01504000 \SystemRoot\system32\drivers\NETIO.SYS
0x01564000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01602000 \SystemRoot\System32\drivers\tcpip.sys
0x0158F000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01000000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x015D9000 \SystemRoot\System32\Drivers\spldr.sys
0x00DC0000 \SystemRoot\System32\drivers\rdyboost.sys
0x015E1000 \SystemRoot\System32\Drivers\mup.sys
0x015F3000 \SystemRoot\System32\drivers\hwpolicy.sys
0x00C00000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01235000 \SystemRoot\system32\DRIVERS\disk.sys
0x0184B000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x018BA000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x018E4000 \SystemRoot\System32\Drivers\Null.SYS
0x018ED000 \SystemRoot\System32\Drivers\Beep.SYS
0x018F4000 \SystemRoot\System32\drivers\vga.sys
0x01902000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01927000 \SystemRoot\System32\drivers\watchdog.sys
0x01937000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01940000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01949000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01952000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0195D000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0196E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0198C000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01999000 \SystemRoot\System32\Drivers\avgtdia.sys
0x01800000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03A57000 \SystemRoot\system32\drivers\afd.sys
0x03AE1000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03AEA000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03B10000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03B26000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03B35000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03B50000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03B64000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03BB5000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03BC1000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03BCC000 \SystemRoot\System32\drivers\discache.sys
0x03BDB000 \SystemRoot\System32\Drivers\dfsc.sys
0x03A00000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03A11000 \SystemRoot\System32\Drivers\avgmfx64.sys
0x03E23000 \SystemRoot\System32\Drivers\avgldx64.sys
0x03E6A000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03E90000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x03EA5000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x0484E000 \SystemRoot\system32\DRIVERS\atipmdag.sys
0x04EB2000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04FA6000 \SystemRoot\System32\drivers\dxgmms1.sys
0x03ED9000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04FEC000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x03F30000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04800000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04811000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04835000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x0483E000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x03F86000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03F9C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03FC0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03FCC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03E00000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03A19000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03A3A000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x019EA000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x01400000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04FF7000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03C2D000 \SystemRoot\system32\DRIVERS\ks.sys
0x03C70000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03C82000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x03CDC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0406E000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x042A6000 \SystemRoot\system32\drivers\portcls.sys
0x042E3000 \SystemRoot\system32\drivers\drmk.sys
0x04305000 \SystemRoot\system32\drivers\ksthunk.sys
0x000F0000 \SystemRoot\System32\win32k.sys
0x0430B000 \SystemRoot\System32\drivers\Dxapi.sys
0x04317000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04325000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x0432F000 \SystemRoot\System32\Drivers\dump_amdsata.sys
0x04343000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x04356000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x04364000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x0437D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x04386000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04388000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x03CFE000 \SystemRoot\system32\DRIVERS\netr28ux.sys
0x043A5000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x043B2000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x043BF000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x043CD000 \SystemRoot\system32\DRIVERS\monitor.sys
0x0403F000 \SystemRoot\system32\DRIVERS\LVUSBS64.sys
0x0246C000 \SystemRoot\system32\DRIVERS\LV302V64.SYS
0x0257E000 \SystemRoot\system32\DRIVERS\lv302a64.sys
0x02581000 \SystemRoot\system32\drivers\usbaudio.sys
0x005B0000 \SystemRoot\System32\TSDDD.dll
0x007C0000 \SystemRoot\System32\cdd.dll
0x0259C000 \SystemRoot\system32\drivers\luafv.sys
0x025BF000 \SystemRoot\system32\drivers\WudfPf.sys
0x025E0000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02400000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02453000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x0404A000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x038FA000 \SystemRoot\system32\drivers\HTTP.sys
0x039C2000 \SystemRoot\system32\DRIVERS\bowser.sys
0x039E0000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03800000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0382D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0387B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0521B000 \SystemRoot\system32\drivers\peauth.sys
0x052C1000 \SystemRoot\System32\Drivers\secdrv.SYS
0x052CC000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x052F9000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0530B000 \SystemRoot\System32\DRIVERS\srv2.sys
0x05855000 \SystemRoot\System32\DRIVERS\srv.sys
0x77500000 \Windows\System32\ntdll.dll
0x47E60000 \Windows\System32\smss.exe
0xFF820000 \Windows\System32\apisetschema.dll
0xFFD20000 \Windows\System32\autochk.exe
0xFF770000 \Windows\System32\msvcrt.dll
0xFF720000 \Windows\System32\Wldap32.dll
0xFF6A0000 \Windows\System32\difxapi.dll
0xFF670000 \Windows\System32\imm32.dll
0x773E0000 \Windows\System32\kernel32.dll
0xFF620000 \Windows\System32\ws2_32.dll
0xFF4A0000 \Windows\System32\urlmon.dll
0xFF490000 \Windows\System32\nsi.dll
0xFF410000 \Windows\System32\shlwapi.dll
0xFF330000 \Windows\System32\advapi32.dll
0xFF0D0000 \Windows\System32\iertutil.dll
0xFF060000 \Windows\System32\gdi32.dll
0xFF050000 \Windows\System32\lpk.dll
0xFF030000 \Windows\System32\sechost.dll
0xFEE20000 \Windows\System32\ole32.dll
0xFEC40000 \Windows\System32\setupapi.dll
0x772E0000 \Windows\System32\user32.dll
0xFEBA0000 \Windows\System32\clbcatq.dll
0xFEAD0000 \Windows\System32\usp10.dll
0xFEAB0000 \Windows\System32\imagehlp.dll
0xFE980000 \Windows\System32\rpcrt4.dll
0xFE8A0000 \Windows\System32\oleaut32.dll
0x776D0000 \Windows\System32\psapi.dll
0xFDB10000 \Windows\System32\shell32.dll
0xFDA70000 \Windows\System32\comdlg32.dll
0xFD960000 \Windows\System32\msctf.dll
0xFD830000 \Windows\System32\wininet.dll
0x776C0000 \Windows\System32\normaliz.dll
0xFD7F0000 \Windows\System32\wintrust.dll
0xFD7D0000 \Windows\System32\devobj.dll
0xFD660000 \Windows\System32\crypt32.dll
0xFD5F0000 \Windows\System32\KernelBase.dll
0xFD5B0000 \Windows\System32\cfgmgr32.dll
0xFD510000 \Windows\System32\comctl32.dll
0xFD500000 \Windows\System32\msasn1.dll
0x776B0000 \Windows\SysWOW64\normaliz.dll

Processes (total 61):
0 System Idle Process
4 System
272 C:\Windows\System32\smss.exe
404 csrss.exe
500 C:\Windows\System32\wininit.exe
520 C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
528 csrss.exe
536 C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
600 C:\Windows\System32\services.exe
624 C:\Windows\System32\lsass.exe
632 C:\Windows\System32\lsm.exe
656 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
712 C:\Windows\System32\winlogon.exe
936 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\svchost.exe
468 C:\Windows\System32\atiesrxx.exe
868 C:\Windows\System32\svchost.exe
352 C:\Windows\System32\svchost.exe
1048 C:\Windows\System32\svchost.exe
1128 C:\Windows\System32\audiodg.exe
1204 C:\Windows\System32\svchost.exe
1236 C:\Windows\System32\atieclxx.exe
1360 C:\Windows\System32\svchost.exe
1608 C:\Windows\System32\spoolsv.exe
1620 C:\Windows\System32\taskeng.exe
1676 C:\Windows\System32\svchost.exe
1760 C:\Windows\System32\taskhost.exe
1848 C:\Windows\System32\dwm.exe
1952 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
1992 C:\Windows\explorer.exe
1264 C:\Windows\SysWOW64\ezSharedSvcHost.exe
1256 C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
1148 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2080 C:\Program Files (x86)\PDF Complete\pdfsvc.exe
2144 C:\Windows\System32\svchost.exe
2180 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2372 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2476 C:\Program Files (x86)\AVG\AVG9\avgemc.exe
2552 C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
2928 C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
2328 C:\Windows\servicing\TrustedInstaller.exe
2620 C:\Windows\System32\svchost.exe
2840 C:\Windows\System32\svchost.exe
3292 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
3356 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
3376 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
3388 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3460 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
3480 C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
3496 C:\Program Files (x86)\AVG\AVG9\avgtray.exe
3512 C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
3528 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
4036 C:\Windows\System32\SearchIndexer.exe
3056 C:\Program Files\Windows Media Player\wmpnetwk.exe
3452 C:\Windows\System32\SearchProtocolHost.exe
3400 C:\Windows\System32\SearchFilterHost.exe
1140 C:\Windows\System32\svchost.exe
2000 WmiPrvSE.exe
3920 C:\Users\Schmidt\Desktop\MBRCheck.exe
3908 C:\Windows\System32\conhost.exe
3956 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06507e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000048`28600000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200AAJS-60Z0A0, Rev: 03.03E03

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!
 
Excellent job :)

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
I followed your instructions. TDSSKiller reported no infections. I have copied the report here:

2010/11/08 23:52:38.0827 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
2010/11/08 23:52:38.0827 ================================================================================
2010/11/08 23:52:38.0827 SystemInfo:
2010/11/08 23:52:38.0827
2010/11/08 23:52:38.0827 OS Version: 6.1.7600 ServicePack: 0.0
2010/11/08 23:52:38.0827 Product type: Workstation
2010/11/08 23:52:38.0827 ComputerName: STATIONAER
2010/11/08 23:52:38.0827 UserName: Schmidt
2010/11/08 23:52:38.0827 Windows directory: C:\Windows
2010/11/08 23:52:38.0827 System windows directory: C:\Windows
2010/11/08 23:52:38.0827 Running under WOW64
2010/11/08 23:52:38.0827 Processor architecture: Intel x64
2010/11/08 23:52:38.0827 Number of processors: 2
2010/11/08 23:52:38.0827 Page size: 0x1000
2010/11/08 23:52:38.0827 Boot type: Normal boot
2010/11/08 23:52:38.0827 ================================================================================
2010/11/08 23:52:38.0827 Utility is running under WOW64
2010/11/08 23:52:39.0076 Initialize success
2010/11/08 23:52:45.0051 ================================================================================
2010/11/08 23:52:45.0051 Scan started
2010/11/08 23:52:45.0051 Mode: Manual;
2010/11/08 23:52:45.0051 ================================================================================
2010/11/08 23:52:45.0878 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/11/08 23:52:45.0940 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2010/11/08 23:52:45.0987 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/11/08 23:52:46.0018 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/11/08 23:52:46.0081 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2010/11/08 23:52:46.0127 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2010/11/08 23:52:46.0190 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2010/11/08 23:52:46.0237 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2010/11/08 23:52:46.0283 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2010/11/08 23:52:46.0330 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2010/11/08 23:52:46.0361 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2010/11/08 23:52:46.0517 amdkmdag (1147f8816d4ddc9fc43a40df52f40500) C:\Windows\system32\DRIVERS\atipmdag.sys
2010/11/08 23:52:46.0673 amdkmdap (ebc963d8f5b04c98f5ef597aae79cddd) C:\Windows\system32\DRIVERS\atikmpag.sys
2010/11/08 23:52:46.0705 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2010/11/08 23:52:46.0736 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
2010/11/08 23:52:46.0783 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/11/08 23:52:46.0814 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
2010/11/08 23:52:46.0861 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2010/11/08 23:52:46.0923 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2010/11/08 23:52:46.0939 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2010/11/08 23:52:46.0970 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/11/08 23:52:47.0017 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2010/11/08 23:52:47.0126 AvgLdx64 (b447db072bf939db9e07bef2adf4ecbd) C:\Windows\system32\Drivers\avgldx64.sys
2010/11/08 23:52:47.0173 AvgMfx64 (405baabbb48f9176e220020b1a77c47b) C:\Windows\system32\Drivers\avgmfx64.sys
2010/11/08 23:52:47.0204 AvgTdiA (ce90aec358a809e7bce6bb0f1da84622) C:\Windows\system32\Drivers\avgtdia.sys
2010/11/08 23:52:47.0251 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2010/11/08 23:52:47.0313 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2010/11/08 23:52:47.0375 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2010/11/08 23:52:47.0438 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/11/08 23:52:47.0453 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2010/11/08 23:52:47.0500 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/11/08 23:52:47.0516 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/11/08 23:52:47.0563 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2010/11/08 23:52:47.0609 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/11/08 23:52:47.0656 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/11/08 23:52:47.0687 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/11/08 23:52:47.0719 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/11/08 23:52:47.0765 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/11/08 23:52:47.0797 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2010/11/08 23:52:47.0843 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2010/11/08 23:52:47.0984 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2010/11/08 23:52:48.0046 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/11/08 23:52:48.0077 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2010/11/08 23:52:48.0109 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2010/11/08 23:52:48.0140 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2010/11/08 23:52:48.0171 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/11/08 23:52:48.0233 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/11/08 23:52:48.0296 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2010/11/08 23:52:48.0327 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2010/11/08 23:52:48.0358 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2010/11/08 23:52:48.0405 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2010/11/08 23:52:48.0452 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2010/11/08 23:52:48.0545 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2010/11/08 23:52:48.0717 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2010/11/08 23:52:48.0764 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2010/11/08 23:52:48.0951 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2010/11/08 23:52:48.0998 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2010/11/08 23:52:49.0060 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2010/11/08 23:52:49.0091 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2010/11/08 23:52:49.0123 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2010/11/08 23:52:49.0138 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/11/08 23:52:49.0169 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2010/11/08 23:52:49.0201 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2010/11/08 23:52:49.0247 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
2010/11/08 23:52:49.0279 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2010/11/08 23:52:49.0310 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2010/11/08 23:52:49.0341 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/11/08 23:52:49.0403 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2010/11/08 23:52:49.0435 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/11/08 23:52:49.0466 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/11/08 23:52:49.0481 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2010/11/08 23:52:49.0513 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2010/11/08 23:52:49.0544 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2010/11/08 23:52:49.0669 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/11/08 23:52:49.0731 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2010/11/08 23:52:49.0778 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2010/11/08 23:52:49.0825 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/11/08 23:52:49.0856 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/11/08 23:52:49.0903 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2010/11/08 23:52:49.0981 IntcAzAudAddService (c0ae19e528afef42d22e00e20bb1d1f7) C:\Windows\system32\drivers\RTKVHD64.sys
2010/11/08 23:52:50.0012 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2010/11/08 23:52:50.0043 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2010/11/08 23:52:50.0090 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/11/08 23:52:50.0121 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/11/08 23:52:50.0137 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2010/11/08 23:52:50.0152 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2010/11/08 23:52:50.0183 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2010/11/08 23:52:50.0215 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/11/08 23:52:50.0246 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/11/08 23:52:50.0277 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/11/08 23:52:50.0308 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2010/11/08 23:52:50.0339 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2010/11/08 23:52:50.0371 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2010/11/08 23:52:50.0433 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2010/11/08 23:52:50.0480 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/11/08 23:52:50.0511 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/11/08 23:52:50.0542 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/11/08 23:52:50.0573 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/11/08 23:52:50.0605 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2010/11/08 23:52:50.0651 lvpepf64 (4cb64d7458abd8396bcd389a69c8fc80) C:\Windows\system32\DRIVERS\lv302a64.sys
2010/11/08 23:52:50.0683 LVUSBS64 (0034f69d0007d3f77f6b96fa51228e85) C:\Windows\system32\DRIVERS\LVUSBS64.sys
2010/11/08 23:52:50.0729 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2010/11/08 23:52:50.0761 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/11/08 23:52:50.0792 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2010/11/08 23:52:50.0823 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2010/11/08 23:52:50.0870 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2010/11/08 23:52:50.0901 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2010/11/08 23:52:50.0917 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2010/11/08 23:52:50.0963 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2010/11/08 23:52:50.0979 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2010/11/08 23:52:51.0010 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2010/11/08 23:52:51.0041 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/11/08 23:52:51.0057 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/11/08 23:52:51.0073 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/11/08 23:52:51.0104 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2010/11/08 23:52:51.0119 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2010/11/08 23:52:51.0166 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2010/11/08 23:52:51.0182 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2010/11/08 23:52:51.0213 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/11/08 23:52:51.0244 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2010/11/08 23:52:51.0260 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/11/08 23:52:51.0275 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2010/11/08 23:52:51.0307 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2010/11/08 23:52:51.0353 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/11/08 23:52:51.0369 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2010/11/08 23:52:51.0400 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/11/08 23:52:51.0431 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2010/11/08 23:52:51.0463 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2010/11/08 23:52:51.0509 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2010/11/08 23:52:51.0572 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/11/08 23:52:51.0603 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/11/08 23:52:51.0634 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/11/08 23:52:51.0650 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/11/08 23:52:51.0681 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2010/11/08 23:52:51.0697 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2010/11/08 23:52:51.0728 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2010/11/08 23:52:51.0790 netr28ux (618c55b392238b9467f9113e13525c49) C:\Windows\system32\DRIVERS\netr28ux.sys
2010/11/08 23:52:51.0853 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/11/08 23:52:51.0884 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2010/11/08 23:52:51.0899 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2010/11/08 23:52:51.0946 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2010/11/08 23:52:51.0993 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2010/11/08 23:52:52.0040 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/11/08 23:52:52.0055 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2010/11/08 23:52:52.0102 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/11/08 23:52:52.0133 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/11/08 23:52:52.0165 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2010/11/08 23:52:52.0211 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2010/11/08 23:52:52.0227 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2010/11/08 23:52:52.0258 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2010/11/08 23:52:52.0289 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/11/08 23:52:52.0321 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2010/11/08 23:52:52.0352 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2010/11/08 23:52:52.0430 PID_PEPI (37ea62238e17ae88e4713d9246ca1c1c) C:\Windows\system32\DRIVERS\LV302V64.SYS
2010/11/08 23:52:52.0523 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2010/11/08 23:52:52.0555 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2010/11/08 23:52:52.0586 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2010/11/08 23:52:52.0633 PSI (b490d659791ab9dd83328541ebc4ef33) C:\Windows\system32\DRIVERS\psi_mf.sys
2010/11/08 23:52:52.0679 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2010/11/08 23:52:52.0773 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/11/08 23:52:52.0804 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2010/11/08 23:52:52.0835 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2010/11/08 23:52:52.0867 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/11/08 23:52:52.0898 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/11/08 23:52:52.0929 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/11/08 23:52:52.0945 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2010/11/08 23:52:52.0976 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2010/11/08 23:52:53.0069 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/11/08 23:52:53.0085 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/11/08 23:52:53.0132 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2010/11/08 23:52:53.0163 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2010/11/08 23:52:53.0179 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2010/11/08 23:52:53.0210 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2010/11/08 23:52:53.0257 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2010/11/08 23:52:53.0303 RSUSBSTOR (79bad3e977966af21df982def5a99c76) C:\Windows\system32\Drivers\RtsUStor.sys
2010/11/08 23:52:53.0350 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
2010/11/08 23:52:53.0397 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/11/08 23:52:53.0428 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2010/11/08 23:52:53.0475 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/11/08 23:52:53.0506 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2010/11/08 23:52:53.0537 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2010/11/08 23:52:53.0569 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2010/11/08 23:52:53.0615 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/11/08 23:52:53.0631 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/11/08 23:52:53.0647 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/11/08 23:52:53.0662 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/11/08 23:52:53.0709 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/11/08 23:52:53.0787 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/11/08 23:52:53.0881 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2010/11/08 23:52:53.0912 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2010/11/08 23:52:53.0959 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2010/11/08 23:52:54.0005 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2010/11/08 23:52:54.0052 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2010/11/08 23:52:54.0083 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2010/11/08 23:52:54.0130 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2010/11/08 23:52:54.0224 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2010/11/08 23:52:54.0302 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2010/11/08 23:52:54.0349 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2010/11/08 23:52:54.0380 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2010/11/08 23:52:54.0395 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2010/11/08 23:52:54.0442 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2010/11/08 23:52:54.0473 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2010/11/08 23:52:54.0536 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/11/08 23:52:54.0583 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2010/11/08 23:52:54.0614 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2010/11/08 23:52:54.0645 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2010/11/08 23:52:54.0692 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/11/08 23:52:54.0739 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2010/11/08 23:52:54.0785 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2010/11/08 23:52:54.0848 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2010/11/08 23:52:54.0879 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/11/08 23:52:54.0910 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2010/11/08 23:52:54.0926 usbehci (df9f9afc9aaabd8ed47975d44e38169a) C:\Windows\system32\DRIVERS\usbehci.sys
2010/11/08 23:52:54.0973 usbhub (372a91bc3c6603080a793880b0873785) C:\Windows\system32\DRIVERS\usbhub.sys
2010/11/08 23:52:54.0988 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2010/11/08 23:52:55.0035 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2010/11/08 23:52:55.0051 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/11/08 23:52:55.0082 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/11/08 23:52:55.0129 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/11/08 23:52:55.0160 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/11/08 23:52:55.0191 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2010/11/08 23:52:55.0222 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/11/08 23:52:55.0238 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2010/11/08 23:52:55.0269 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/11/08 23:52:55.0300 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2010/11/08 23:52:55.0331 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2010/11/08 23:52:55.0363 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/11/08 23:52:55.0394 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2010/11/08 23:52:55.0409 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/11/08 23:52:55.0456 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2010/11/08 23:52:55.0487 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/08 23:52:55.0503 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/08 23:52:55.0565 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2010/11/08 23:52:55.0597 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2010/11/08 23:52:55.0659 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/11/08 23:52:55.0690 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2010/11/08 23:52:55.0768 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/11/08 23:52:55.0831 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2010/11/08 23:52:55.0862 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2010/11/08 23:52:55.0893 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/11/08 23:52:55.0940 ================================================================================
2010/11/08 23:52:55.0940 Scan finished
2010/11/08 23:52:55.0940 ================================================================================
 
Very good :)

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OK :)

I ran OTL quick scan with the lines you wrote in red copied to the Custom Scans/Fixes box (I did not touch anything else). The first report is copied here (I post the second report in a separate post as the combined text was too long for one post):

The OTL.txt report:

OTL logfile created on: 08/11/2010 23:58:28 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Schmidt\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.53 Gb Total Space | 223.74 Gb Free Space | 77.54% Space Free | Partition Type: NTFS
Drive D: | 9.46 Gb Total Space | 0.95 Gb Free Space | 10.04% Space Free | Partition Type: NTFS

Computer Name: STATIONAER | User Name: Schmidt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/08 23:57:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Schmidt\Desktop\OTL.exe
PRC - [2010/10/05 07:05:55 | 002,067,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/08/30 09:29:12 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010/08/03 08:36:15 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
PRC - [2010/08/02 13:16:23 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2010/08/02 13:15:53 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/01/25 11:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2009/10/14 14:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2009/05/19 17:39:44 | 000,136,544 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009/02/10 08:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
PRC - [2008/11/20 09:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (SafeList) ==========

MOD - [2010/11/08 23:57:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Schmidt\Desktop\OTL.exe
MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\ezSharedSvcHost.exe -- (ezSharedSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/02 00:17:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2010/08/03 08:36:15 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/08/02 13:15:53 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/07/28 22:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/10/14 14:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/10 08:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/02 13:17:01 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/08/02 13:16:57 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/08/02 13:16:56 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/07/07 15:05:32 | 000,017,464 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/04/09 00:12:00 | 000,243,744 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/04 14:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/02 00:55:20 | 006,366,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/02/01 23:24:00 | 000,186,880 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009/10/08 01:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/08 01:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/05/09 20:50:48 | 000,050,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007/05/09 20:46:48 | 001,127,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2007/05/09 20:46:36 | 000,016,032 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQCON/5
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/CQCON/5
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQCON/5
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/CQCON/5

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQCON/5
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.houseofmagic.dk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.863
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.73
FF - prefs.js..extensions.enabledItems: omiazad@msn.com:1.0.5
FF - prefs.js..extensions.enabledItems: {FFA36170-80B1-4535-B0E3-A4569E497DD0}:3.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/10/27 08:15:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/08 14:30:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/08 14:46:32 | 000,000,000 | ---D | M]

[2010/08/02 13:54:36 | 000,000,000 | ---D | M] -- C:\Users\Schmidt\AppData\Roaming\mozilla\Extensions
[2010/11/08 16:39:58 | 000,000,000 | ---D | M] -- C:\Users\Schmidt\AppData\Roaming\mozilla\Firefox\Profiles\4wv6w9o3.default\extensions
[2010/09/12 19:39:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schmidt\AppData\Roaming\mozilla\Firefox\Profiles\4wv6w9o3.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/09/12 19:39:11 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Schmidt\AppData\Roaming\mozilla\Firefox\Profiles\4wv6w9o3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/03 20:20:28 | 000,000,000 | ---D | M] (Mouse Gestures Redox) -- C:\Users\Schmidt\AppData\Roaming\mozilla\Firefox\Profiles\4wv6w9o3.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
[2010/08/03 20:16:40 | 000,000,000 | ---D | M] -- C:\Users\Schmidt\AppData\Roaming\mozilla\Firefox\Profiles\4wv6w9o3.default\extensions\omiazad@msn.com
[2010/08/13 21:30:16 | 000,004,855 | ---- | M] () -- C:\Users\Schmidt\AppData\Roaming\Mozilla\FireFox\Profiles\4wv6w9o3.default\searchplugins\google-images.xml
[2010/08/13 16:00:47 | 000,001,504 | ---- | M] () -- C:\Users\Schmidt\AppData\Roaming\Mozilla\FireFox\Profiles\4wv6w9o3.default\searchplugins\imdb.xml
[2010/08/13 16:00:17 | 000,004,140 | ---- | M] () -- C:\Users\Schmidt\AppData\Roaming\Mozilla\FireFox\Profiles\4wv6w9o3.default\searchplugins\youtube.xml
[2010/11/08 16:34:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010/08/02 15:05:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/08 13:41:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/09/11 14:47:19 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2010/03/08 11:24:04 | 000,103,168 | ---- | M] (Midasplayer Ltd) -- C:\Program Files (x86)\mozilla firefox\plugins\npmidas.dll
[2010/11/08 14:30:44 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-co-uk.xml
[2010/11/08 14:30:45 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-da.xml
[2010/11/08 14:30:45 | 000,001,102 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-dk.xml

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [FullScreen] C:\BLOCK\CFG\flexbuild\FullScreen\launchFS.cmd File not found
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Schmidt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Google Sidewiki ... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki ... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: danid.dk ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: danid.dk ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: danid.dk ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: danid.dk ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: danid.dk ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: danid.dk ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.162.153.164 192.168.0.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/11/08 23:57:01 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Schmidt\Desktop\OTL.exe
[2010/11/08 23:51:44 | 001,330,776 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Schmidt\Desktop\TDSSKiller.exe
[2010/11/08 17:40:12 | 000,000,000 | ---D | C] -- C:\Users\Schmidt\Desktop\jakob
[2010/11/08 16:57:20 | 000,000,000 | ---D | C] -- C:\Users\Schmidt\AppData\Roaming\AVG9
[2010/11/08 16:41:35 | 000,000,000 | ---D | C] -- C:\Users\Schmidt\AppData\Roaming\Malwarebytes
[2010/11/08 16:41:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/08 16:41:28 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/08 16:41:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/08 16:41:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/11/08 16:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/11/08 14:50:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/11/08 14:46:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/06 16:32:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010/11/06 16:32:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64
[2010/11/06 16:32:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan
[2010/11/06 16:32:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64\0207030.022
[2010/11/06 16:32:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2010/11/06 13:32:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2010/10/31 09:11:56 | 000,000,000 | ---D | C] -- C:\Users\Schmidt\AppData\Roaming\Windows Live Writer
[2010/10/31 09:11:56 | 000,000,000 | ---D | C] -- C:\Users\Schmidt\AppData\Local\Windows Live Writer
[2010/10/31 05:57:50 | 000,000,000 | ---D | C] -- C:\Windows\da
[2010/10/31 05:57:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/10/31 05:56:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010/10/31 05:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/10/31 05:51:16 | 000,000,000 | ---D | C] -- C:\Users\Schmidt\AppData\Local\Windows Live
[2010/10/24 16:42:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/10/13 20:42:27 | 000,000,000 | ---D | C] -- C:\06794359eaf334fa119af69407d87e

========== Files - Modified Within 30 Days ==========

[2010/11/08 23:57:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Schmidt\Desktop\OTL.exe
[2010/11/08 23:51:32 | 001,215,581 | ---- | M] () -- C:\Users\Schmidt\Desktop\tdsskiller.zip
[2010/11/08 23:46:00 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/08 23:39:30 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/08 23:39:30 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/08 23:36:29 | 001,240,086 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/08 23:36:29 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/08 23:36:29 | 000,461,038 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat
[2010/11/08 23:36:29 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/08 23:36:29 | 000,076,536 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat
[2010/11/08 23:32:21 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/08 23:32:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/08 23:32:10 | 1408,720,896 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/08 23:05:28 | 000,000,007 | ---- | M] () -- C:\Users\Schmidt\Desktop\Nyt RTF-dokument.rtf
[2010/11/08 22:29:06 | 000,080,384 | ---- | M] () -- C:\Users\Schmidt\Desktop\MBRCheck.exe
[2010/11/08 19:01:11 | 000,000,502 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Schmidt.job
[2010/11/08 13:39:02 | 067,359,366 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/11/08 10:55:10 | 001,330,776 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Schmidt\Desktop\TDSSKiller.exe
[2010/11/06 18:18:54 | 000,002,350 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/11/06 16:32:08 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NSSx64\0207030.022\isolate.ini
[2010/11/01 13:53:33 | 000,000,000 | ---- | M] () -- C:\Users\Schmidt\temp.dat
[2010/10/31 11:04:52 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2010/10/14 04:45:16 | 000,341,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2010/11/08 23:51:29 | 001,215,581 | ---- | C] () -- C:\Users\Schmidt\Desktop\tdsskiller.zip
[2010/11/08 23:05:28 | 000,000,007 | ---- | C] () -- C:\Users\Schmidt\Desktop\Nyt RTF-dokument.rtf
[2010/11/08 22:29:06 | 000,080,384 | ---- | C] () -- C:\Users\Schmidt\Desktop\MBRCheck.exe
[2010/11/06 16:32:12 | 000,000,502 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Schmidt.job
[2010/11/06 16:32:08 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSSx64\0207030.022\isolate.ini
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/11/08 16:57:20 | 000,000,000 | ---D | M] -- C:\Users\Schmidt\AppData\Roaming\AVG9
[2010/08/03 12:52:24 | 000,000,000 | ---D | M] -- C:\Users\Schmidt\AppData\Roaming\Canon
[2010/08/02 17:35:40 | 000,000,000 | ---D | M] -- C:\Users\Schmidt\AppData\Roaming\Cryptomathic
[2010/09/11 14:48:45 | 000,000,000 | ---D | M] -- C:\Users\Schmidt\AppData\Roaming\Foxit Software
[2010/08/02 15:03:31 | 000,000,000 | ---D | M] -- C:\Users\Schmidt\AppData\Roaming\OpenOffice.org
[2010/10/06 13:26:57 | 000,000,000 | ---D | M] -- C:\Users\Schmidt\AppData\Roaming\Template
[2010/08/14 11:12:33 | 000,000,000 | ---D | M] -- C:\Users\Schmidt\AppData\Roaming\WildTangent
[2010/08/03 16:08:04 | 000,000,000 | ---D | M] -- C:\Users\Schmidt\AppData\Roaming\WinBatch
[2010/11/03 11:14:48 | 000,000,000 | ---D | M] -- C:\Users\Schmidt\AppData\Roaming\Windows Live Writer
[2010/10/31 11:04:52 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2010/11/07 05:56:00 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/05/10 02:42:38 | 000,002,492 | RHS- | M] () -- C:\DPC10PNSUMW661.INI
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/11/08 23:32:10 | 1408,720,896 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/03 16:13:27 | 000,004,797 | ---- | M] () -- C:\HPSA.log
[2007/11/07 07:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 07:44:20 | 000,075,280 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 07:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 07:44:20 | 000,090,128 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 07:44:20 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 07:44:20 | 000,094,224 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 07:44:20 | 000,080,400 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 07:44:20 | 000,078,864 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 07:44:20 | 000,074,768 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 07:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2010/11/08 23:32:10 | 1878,298,624 | -HS- | M] () -- C:\pagefile.sys
[2010/11/08 16:28:55 | 000,059,182 | ---- | M] () -- C:\TDSSKiller.2.4.7.0_08.11.2010_16.28.02_log.txt
[2010/11/08 23:57:51 | 000,059,182 | ---- | M] () -- C:\TDSSKiller.2.4.7.0_08.11.2010_23.52.38_log.txt
[2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 07:50:40 | 001,927,956 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 07:53:12 | 000,242,176 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2009/07/14 06:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 06:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 06:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 06:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 21:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/23 00:32:56 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/08/02 12:52:13 | 000,000,221 | -HS- | M] () -- C:\Users\Schmidt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/11/08 22:29:06 | 000,080,384 | ---- | M] () -- C:\Users\Schmidt\Desktop\MBRCheck.exe
[2010/11/08 23:57:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Schmidt\Desktop\OTL.exe
[2010/11/08 10:55:10 | 001,330,776 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Schmidt\Desktop\TDSSKiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 22:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/03 12:29:54 | 000,000,402 | -HS- | M] () -- C:\Users\Schmidt\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >
 
The Extras.txt report:

OTL Extras logfile created on: 08/11/2010 23:58:28 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Schmidt\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.53 Gb Total Space | 223.74 Gb Free Space | 77.54% Space Free | Partition Type: NTFS
Drive D: | 9.46 Gb Total Space | 0.95 Gb Free Space | 10.04% Space Free | Partition Type: NTFS

Computer Name: STATIONAER | User Name: Schmidt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series" = Canon MP640 series MP Drivers
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8BADD53C-3A6D-4D22-B8C5-56ACD699C17D}" = Digital Signatur
"{948B1FD6-9F98-47EE-AABF-8697F2FD44B0}" = ccc-utility64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D0F8B50E-0D86-4E49-9540-DF785CCAC5A5}" = Windows Live Family Safety
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E50A5077-1654-BEAE-986B-7B7133DA7C48}" = ATI Catalyst Install Manager
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"PC-Doctor for Windows" = Hardware Diagnostic Tools

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08235411-48C8-A293-8642-D9575891E7D9}" = Catalyst Control Center InstallProxy
"{08548558-3EC9-BD0B-3D09-632500268F59}" = CCC Help Portuguese
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{137B2CE7-30A2-4836-0830-707F1010F517}" = CCC Help English
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E87F5D4-3502-4F8E-86A5-61DE5AAD1060}" = Windows Live UX Platform Language Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{25F2A86D-E2E2-C2AD-8173-86C18632F214}" = CCC Help Chinese Traditional
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 22
"{2842077A-7895-5310-4F0C-42C83501E770}" = CCC Help Thai
"{2ACAB850-69A5-8090-08B7-D27CC6D8652C}" = CCC Help German
"{2BAD00A4-7FD1-61C5-10C3-8275723943AD}" = CCC Help Danish
"{2BF943D5-1468-589A-50E3-DD0ED6596022}" = Catalyst Control Center Graphics Full New
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34DB1D69-9FFC-7899-6F4D-22C4C15ADD54}" = CCC Help Polish
"{3D5A4684-26F8-4F06-93D7-009954F28AC6}" = OpenOffice.org 3.2
"{3F310D8D-AC3B-5478-5AEA-D2EF5D7437E7}" = CCC Help Swedish
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{595007B2-E139-535C-D723-4B0442FC40F5}" = CCC Help Italian
"{5A21C631-0494-7377-1E3B-99353E04F83B}" = CCC Help Japanese
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{695C04CF-CF98-FAD6-9590-6C555B2E2E79}" = CCC Help Chinese Standard
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F277272-77D6-1E03-B8BB-B408B26C5140}" = CCC Help Czech
"{7240A994-0ED4-4841-AD3B-5E5F72850F67}" = Catalyst Control Center Graphics Previews Vista
"{781E0319-15CD-4A4C-A47E-D9FFF697E7A1}" = Messenger Companion
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7C66E480-E42D-3664-B207-5CE9A706BC1F}" = Catalyst Control Center Graphics Light
"{7CAAA7B2-D9EA-2416-9D63-DDBC8E669059}" = CCC Help French
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84B4C4F4-F244-6A7E-EDC6-ECD46ACAAE59}" = CCC Help Greek
"{8628121F-843D-4564-BD62-A9B639D5B822}" = csp
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BADD53C-3A6D-4D22-B8C5-56ACD699C17D}" = Digital Signatur
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0406-0000-0000000FF1CE}" = Kompatibilitetspakke til Office 2007-systemet
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0406-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Danish)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AF4A82A7-F453-CE12-A942-E55FAC234387}" = ccc-core-static
"{B238D61F-3EEF-4716-BFEA-9903DEF045D9}" = Microsoft Works
"{B5B7E8FF-62F6-FA85-4C4A-83AAF816CE6E}" = CCC Help Spanish
"{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}" = HP Support Assistant
"{B8089767-9A45-0E84-FCDE-15698650FF17}" = CCC Help Hungarian
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C9496C0E-BE4C-7800-900B-5E66B958AEC1}" = CCC Help Russian
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EB1A6595-613F-9654-E58E-0876F8B0E8F3}" = Catalyst Control Center Localization All
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EDD1E22B-249A-5ED7-BA0A-C41BAA8256ED}" = CCC Help Korean
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F252C428-A4AE-C73E-031A-C451FDD660A9}" = CCC Help Norwegian
"{F67EA3C6-38B0-675A-E2F9-8C343DE1C826}" = Catalyst Control Center Graphics Full Existing
"{F686E613-03C4-085F-188A-9E5DC1455787}" = CCC Help Turkish
"{F7F7626C-4612-BF7B-38D5-07E247973A1A}" = Catalyst Control Center Core Implementation
"{F8CA8746-F561-61D7-A496-8D4C4E1F8A57}" = CCC Help Dutch
"{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
"{FCDDC9D3-5524-9AD1-651C-467910CC1903}" = CCC Help Finnish
"{FEFA2963-5192-420F-B984-A7CC0D8DD8DA}" = Photoshop 7
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVG9Uninstall" = AVG Free 9.0
"Canon MP640 series Brugerregistrering" = Canon MP640 series Brugerregistrering
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"EasyBits Magic Desktop" = Magic Desktop
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"Foxit Reader" = Foxit Reader
"Google Chrome" = Google Chrome
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"king.com" = king.com (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"My HP Game Console" = HP Game Console
"NSS" = Norton Security Scan
"OfficeTrial" = Prøveversion af Microsoft Office Home and Student 2007
"PDF Complete" = PDF Complete Special Edition
"Pixeline" = Pixeline
"Secunia PSI" = Secunia PSI
"Silke" = Silke
"VLC media player" = VLC media player 1.1.4
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT082124" = Blasterball 3
"WT082141" = FATE
"WT082168" = Penguins!
"WT082172" = Polar Bowler
"WT082192" = Bejeweled 2 Deluxe
"WT082200" = Chuzzle Deluxe
"WT082222" = Insaniquarium Deluxe
"WT082241" = Virtual Villagers - The Secret City
"WT082246" = Zuma Deluxe
"WT082396" = Diner Dash 2 Restaurant Rescue
"WT082409" = Mahjongg Artifacts
"WT082414" = Mystery P.I. - The Vegas Heist
"WT082422" = Wedding Dash
"WT082427" = Slingo Deluxe
"WT082439" = Bus Driver
"WT083492" = Agatha Christie - Death on the Nile
"WT083510" = Jewel Quest Solitaire
"WT083514" = Jewel Quest II
"WT083521" = Dream Chronicles
"WT083529" = Gem Shop

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Digital Signatur" = Digital Signatur

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
 
Hmm... I posted the OTL report as well, but was told that my post would not be visible until a moderator had approved it.
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O4 - HKLM..\Run: [] File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=====================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
I ran OTL with the fixes you posted. The report is copied below (I will now proceed with the three last scans described in your previous post and will report back when they are done):

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Schmidt
->Temp folder emptied: 479218 bytes
->Temporary Internet Files folder emptied: 8665004 bytes
->Java cache emptied: 8611294 bytes
->FireFox cache emptied: 106065377 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1017 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8040 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 8343936 bytes

Total Files Cleaned = 126.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Schmidt
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11092010_001903

Files\Folders moved on Reboot...
C:\Users\Schmidt\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
 
Okay, I'm back :)

1. I ran Security Check and will post the log below
2. I ran TFC. It wanted to restart the computer, so I did
3. Finally I deactivated AVG and ran the Eset scanner. It found no threats, thus no report. I then reenabled AVG.

The Security Check log:

Results of screen317's Security Check version 0.99.5
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
AVG Free 9.0
ESET Online Scanner v3
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
AVG9 successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player 10.1.102.64
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgemc.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````
 
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.
 
THANK YOU!!!

I ran OTL with the restore point fix and will post the log below. I will then proceed with the other steps and get bv
back as soon as I'm done :)

The OTL log:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Schmidt
->Temp folder emptied: 397 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 33085377 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2650 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 32.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Schmidt
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.17.3 log created on 11092010_014105

Files\Folders moved on Reboot...
C:\Users\Schmidt\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
 
Okay, I'm back :)

I have installed all the programs (FileHippo Update, WOT etc.) and have set Secunia PSI and the FileHippo Checker to run at startup. Tomorrow I will then talk my parents through the programs (it is around 2.30 AM in Denmark at the moment).

One last thing, though:
Just to make sure, I ran Bootkit Remover (the program that started all this fuzz), and it still reports an infected MBR ("PhysicalDrive0 Controlled by rootkit!" "Boot code on some of your physical discs is hidden by a rootkit.").

I then ran MBRCheck and it said everything is OK (the MBR is standard Windows 7). I have copied the log below.

I still think that there was a rootkit in the MBR in the beginning (since MBRCheck also reported a suspicious MBR), but I'm beginning to suspect, that the latest check done with Bootkit Remover is a false positive in some way. Could it be, that this program (that I chose to use on my own initiative, and that you did not ask me to use, I should add) is not compatible with Windows 7 64bit?

Please advice if you think I should do anything further :)

The latest MBRCheck log:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: FOXCONN
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: Hewlett-Packard
System Product Name: SG3-110SC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 183):
0x02A1E000 \SystemRoot\system32\ntoskrnl.exe
0x02FFA000 \SystemRoot\system32\hal.dll
0x00BC0000 \SystemRoot\system32\kdcom.dll
0x00C01000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C0E000 \SystemRoot\system32\PSHED.dll
0x00C22000 \SystemRoot\system32\CLFS.SYS
0x00C80000 \SystemRoot\system32\CI.dll
0x00D40000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00DE4000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E84000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00EDB000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00EE4000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00EEE000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F21000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F2E000 \SystemRoot\System32\drivers\partmgr.sys
0x00F43000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00F58000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FB4000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FCE000 \SystemRoot\system32\DRIVERS\amdsata.sys
0x00E00000 \SystemRoot\system32\DRIVERS\storport.sys
0x00E62000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01030000 \SystemRoot\system32\drivers\fltmgr.sys
0x0107C000 \SystemRoot\system32\drivers\fileinfo.sys
0x01219000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01090000 \SystemRoot\System32\Drivers\msrpc.sys
0x013BC000 \SystemRoot\System32\Drivers\ksecdd.sys
0x010EE000 \SystemRoot\System32\Drivers\cng.sys
0x013D6000 \SystemRoot\System32\drivers\pcw.sys
0x013E7000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0148E000 \SystemRoot\system32\drivers\ndis.sys
0x01580000 \SystemRoot\system32\drivers\NETIO.SYS
0x01400000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01601000 \SystemRoot\System32\drivers\tcpip.sys
0x0142B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01161000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01475000 \SystemRoot\System32\Drivers\spldr.sys
0x011AD000 \SystemRoot\System32\drivers\rdyboost.sys
0x015E0000 \SystemRoot\System32\Drivers\mup.sys
0x015F2000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01898000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x018D2000 \SystemRoot\system32\DRIVERS\disk.sys
0x018E8000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01957000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01981000 \SystemRoot\System32\Drivers\Null.SYS
0x0198A000 \SystemRoot\System32\Drivers\Beep.SYS
0x01991000 \SystemRoot\System32\drivers\vga.sys
0x0199F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x019C4000 \SystemRoot\System32\drivers\watchdog.sys
0x019D4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x019DD000 \SystemRoot\system32\drivers\rdpencdd.sys
0x019E6000 \SystemRoot\system32\drivers\rdprefmp.sys
0x019EF000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01800000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01811000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0182F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0183C000 \SystemRoot\System32\Drivers\avgtdia.sys
0x02C9B000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02CE0000 \SystemRoot\system32\drivers\afd.sys
0x02D6A000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02D73000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02D99000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02DAF000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02DBE000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02DD9000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02C00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02C51000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02C5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02C68000 \SystemRoot\System32\drivers\discache.sys
0x02C77000 \SystemRoot\System32\Drivers\dfsc.sys
0x02DED000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x0188D000 \SystemRoot\System32\Drivers\avgmfx64.sys
0x03A20000 \SystemRoot\System32\Drivers\avgldx64.sys
0x03A67000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03A8D000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x03AA2000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x048BF000 \SystemRoot\system32\DRIVERS\atipmdag.sys
0x03AD6000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04F23000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04F69000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04FC0000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x04800000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04856000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04867000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0488B000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x04894000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x048A4000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04FCB000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04FEF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03BCA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03A00000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x01000000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x00FE2000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0147D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x013F1000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04FFB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03CCF000 \SystemRoot\system32\DRIVERS\ks.sys
0x03D12000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03D24000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x03D7E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x042D5000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x0450D000 \SystemRoot\system32\drivers\portcls.sys
0x0454A000 \SystemRoot\system32\drivers\drmk.sys
0x0456C000 \SystemRoot\system32\drivers\ksthunk.sys
0x04572000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x04580000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x04599000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x045A2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x045A4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x045C1000 \SystemRoot\System32\Drivers\crashdmp.sys
0x045CF000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x045D9000 \SystemRoot\System32\Drivers\dump_amdsata.sys
0x045ED000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x050F9000 \SystemRoot\system32\DRIVERS\netr28ux.sys
0x051D5000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x051E2000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x051EF000 \SystemRoot\system32\DRIVERS\LVUSBS64.sys
0x0526E000 \SystemRoot\system32\DRIVERS\LV302V64.SYS
0x05380000 \SystemRoot\system32\DRIVERS\lv302a64.sys
0x05383000 \SystemRoot\system32\drivers\usbaudio.sys
0x00090000 \SystemRoot\System32\win32k.sys
0x0539E000 \SystemRoot\System32\drivers\Dxapi.sys
0x053AA000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x053B8000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005D0000 \SystemRoot\System32\TSDDD.dll
0x00620000 \SystemRoot\System32\cdd.dll
0x053C6000 \SystemRoot\system32\drivers\luafv.sys
0x05200000 \SystemRoot\system32\drivers\WudfPf.sys
0x05221000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x05000000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x05236000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x05249000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x04200000 \SystemRoot\system32\drivers\HTTP.sys
0x05053000 \SystemRoot\system32\DRIVERS\bowser.sys
0x05071000 \SystemRoot\System32\drivers\mpsdrv.sys
0x05089000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x03DA0000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x050B6000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x03C00000 \SystemRoot\system32\drivers\peauth.sys
0x05261000 \SystemRoot\System32\Drivers\secdrv.SYS
0x01918000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x053E9000 \SystemRoot\System32\drivers\tcpipreg.sys
0x062AE000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06315000 \SystemRoot\System32\DRIVERS\srv.sys
0x06271000 \SystemRoot\system32\DRIVERS\psi_mf.sys
0x77080000 \Windows\System32\ntdll.dll
0x47E70000 \Windows\System32\smss.exe
0xFF3A0000 \Windows\System32\apisetschema.dll
0xFF200000 \Windows\System32\autochk.exe
0xFF2C0000 \Windows\System32\usp10.dll
0xFF2B0000 \Windows\System32\lpk.dll
0xFF260000 \Windows\System32\Wldap32.dll
0xFF240000 \Windows\System32\imagehlp.dll
0xFF160000 \Windows\System32\advapi32.dll
0xFF0C0000 \Windows\System32\clbcatq.dll
0xFEF40000 \Windows\System32\urlmon.dll
0xFED30000 \Windows\System32\ole32.dll
0xFEC90000 \Windows\System32\comdlg32.dll
0x77250000 \Windows\System32\normaliz.dll
0xFEC70000 \Windows\System32\sechost.dll
0x76F60000 \Windows\System32\kernel32.dll
0xFEA10000 \Windows\System32\iertutil.dll
0xFE900000 \Windows\System32\msctf.dll
0xFE8B0000 \Windows\System32\ws2_32.dll
0xFE830000 \Windows\System32\difxapi.dll
0xFE820000 \Windows\System32\nsi.dll
0xFE7F0000 \Windows\System32\imm32.dll
0xFE6C0000 \Windows\System32\rpcrt4.dll
0xFE620000 \Windows\System32\msvcrt.dll
0xFD890000 \Windows\System32\shell32.dll
0xFD7B0000 \Windows\System32\oleaut32.dll
0xFD730000 \Windows\System32\shlwapi.dll
0x77240000 \Windows\System32\psapi.dll
0xFD550000 \Windows\System32\setupapi.dll
0xFD420000 \Windows\System32\wininet.dll
0x76E60000 \Windows\System32\user32.dll
0xFD3B0000 \Windows\System32\gdi32.dll
0xFD310000 \Windows\System32\comctl32.dll
0xFD2D0000 \Windows\System32\wintrust.dll
0xFD260000 \Windows\System32\KernelBase.dll
0xFD240000 \Windows\System32\devobj.dll
0xFD0D0000 \Windows\System32\crypt32.dll
0xFD090000 \Windows\System32\cfgmgr32.dll
0xFD080000 \Windows\System32\msasn1.dll

Processes (total 64):
0 System Idle Process
4 System
272 C:\Windows\System32\smss.exe
408 csrss.exe
488 C:\Windows\System32\wininit.exe
504 csrss.exe
512 C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
520 C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
576 C:\Windows\System32\services.exe
592 C:\Windows\System32\lsass.exe
600 C:\Windows\System32\lsm.exe
652 C:\Windows\System32\winlogon.exe
780 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
804 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\svchost.exe
424 C:\Windows\System32\atiesrxx.exe
332 C:\Windows\System32\svchost.exe
396 C:\Windows\System32\svchost.exe
1052 C:\Windows\System32\svchost.exe
1208 C:\Windows\System32\svchost.exe
1316 C:\Windows\System32\atieclxx.exe
1416 C:\Windows\System32\svchost.exe
1608 C:\Windows\System32\spoolsv.exe
1640 C:\Windows\System32\svchost.exe
1728 C:\Windows\System32\taskhost.exe
1832 C:\Windows\System32\dwm.exe
1920 C:\Windows\explorer.exe
1152 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
2148 C:\Windows\SysWOW64\ezSharedSvcHost.exe
2284 C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
2304 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2404 C:\Program Files (x86)\PDF Complete\pdfsvc.exe
2436 C:\Windows\System32\svchost.exe
2540 C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
2696 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2724 C:\Program Files (x86)\AVG\AVG9\avgemc.exe
2940 C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
2960 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
2984 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3096 C:\Windows\System32\svchost.exe
3188 C:\Windows\System32\svchost.exe
3404 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
3564 C:\Windows\System32\SearchIndexer.exe
3572 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3660 C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
3688 C:\Program Files (x86)\AVG\AVG9\avgtray.exe
3696 C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
3708 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3948 C:\Program Files\Windows Media Player\wmpnetwk.exe
3680 C:\Windows\System32\svchost.exe
4212 dllhost.exe
4584 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
4656 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
152 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
3000 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
3144 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
5044 C:\Program Files (x86)\Secunia\PSI\psi.exe
3928 C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
4132 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
4276 C:\Windows\System32\SearchProtocolHost.exe
4360 C:\Windows\System32\SearchFilterHost.exe
4944 C:\Users\Schmidt\Desktop\MBRCheck.exe
3752 C:\Windows\System32\conhost.exe
2140 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06507e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000048`28600000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200AAJS-60Z0A0, Rev: 03.03E03

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!
 
have set Secunia PSI and the FileHippo Checker to run at startup
Click to expand...
That's not necessary. It's little bit of an overkill.
It's enough, if you run them once in a while.

Regarding a rootkit...
I trust MBRCheck and since you're not reporting any other issues, I see no reason to worry.
Resetting MBR, like we did will get rid of any MBR infection.

Good luck and stay safe :)
 
Okay :)

I have talked with my mother and have located what seems to cause the popups (it happened again this morning). She is using an application on Facebook called "Cute Catz" and it seems to have been hijacked by hackers (in general, not on my parents' computer as such). In the application, you can "feed" your friends' cats, and when you click to do this, the popup appears asking you to install a virus killer (scareware). Of course (and luckily) my mother didn't do so when asked - I have rescanned with MBRCheck and it says that everything is still OK.

I did a bit of Google searching and found that Cute Catz' sister application "Pet Pupz" has had this problem: http://www.facebook.com/topic.php?uid=7235357217&topic=16546
At the same time, Cute Catz users on Facebook complain that their application isn't maintained/updated nearly as often as Pet Pupz, so perhaps it is still vulnerable to the hackers.

I also found a (Dutch) page where a user wrote that Bootkit Remover gave a warning ("Unknown MBR code" - not exacly a rootkit warning, but still), but MBRCheck said everything was OK. The user was told that Bootkit Remover was producing a false positive.
In Dutch: http://www.nucia.eu/forum/showthread.php?t=59345
Translated with Google Translate: http://translate.google.com/transla...p://www.nucia.eu/forum/showthread.php?t=59345

Thanks for helping me :)
 

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
2K
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
3K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
4K
Broni
Broni

Latest posts

Back