Solved Virus - can't install Malwarebytes - access is denied

Denio · Jan 24, 2012

Cpu is still on 100 %

may be it slightly changed... but so it still remains slow..

OTL logfile created on: 1/25/2012 12:27:26 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Kolacek\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 403.28 Mb Available Physical Memory | 39.40% Memory free
2.40 Gb Paging File | 1.88 Gb Available in Paging File | 78.20% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 28.06 Gb Total Space | 17.04 Gb Free Space | 60.72% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 44.35 Gb Free Space | 19.05% Space Free | Partition Type: NTFS
Drive E: | 86.43 Gb Total Space | 47.74 Gb Free Space | 55.24% Space Free | Partition Type: NTFS

Computer Name: DENIO | User Name: Kolacek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/23 21:27:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kolacek\Desktop\OTL.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/21 08:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/07/03 14:38:24 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/05/12 23:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ovislink\Common\RalinkRegistryWriter.exe

========== Modules (No Company Name) ==========

MOD - [2012/01/23 19:18:19 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/12/21 08:24:51 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Creative Service for CDROM Access)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/05/12 23:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\Ovislink\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)
SRV - [2007/02/27 16:19:14 | 000,123,064 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XI.SP1a\Win32\RpcDataSrv.exe -- (SandraDataSrv)
SRV - [2007/02/27 16:19:10 | 001,323,184 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XI.SP1a\RpcSandraSrv.exe -- (SandraTheSrv)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/18 09:27:18 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/08/18 15:50:50 | 000,009,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\dumpdrv.sys -- (DumpDrv)
DRV - [2008/07/29 23:44:44 | 000,619,136 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2008/04/13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 23:05:40 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2006/11/09 17:07:56 | 000,020,384 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XI.SP1a\sandra.sys -- (SANDRA)
DRV - [2004/05/05 20:48:40 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2003/06/09 02:45:04 | 000,116,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMUPIA2K.SYS -- (emupia)
DRV - [2003/06/09 02:44:52 | 000,136,448 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS -- (ctsfm2k)
DRV - [2003/06/09 02:44:36 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTPRXY2K.SYS -- (ctprxy2k)
DRV - [2003/06/09 02:44:32 | 000,113,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/06/09 02:44:22 | 000,494,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2003/06/09 02:42:58 | 000,186,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTAC32K.SYS -- (ctac32k)
DRV - [2003/06/09 02:42:44 | 000,135,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HAP16V2K.SYS -- (hap16v2k)
DRV - [2003/06/09 02:42:28 | 000,819,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003/03/05 11:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PFMODNT.SYS -- (PfModNT)
DRV - [2001/08/17 13:02:32 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidgame.sys -- (hidgame)
DRV - [2001/08/17 11:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 11:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 11:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 11:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-329068152-1580818891-1957994488-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-329068152-1580818891-1957994488-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 28 FF 38 07 DA CC 01 [binary data]
IE - HKU\S-1-5-21-329068152-1580818891-1957994488-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/23 21:17:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/23 20:43:03 | 000,000,000 | ---D | M]

[2011/05/18 09:53:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kolacek\Application Data\Mozilla\Extensions
[2012/01/23 21:17:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/21 08:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/21 05:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.moz-backup
[2011/12/21 05:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\13.0.782.112\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\13.0.782.112\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\13.0.782.112\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Kolacek\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\plugins/avgnpss.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Documents and Settings\Kolacek\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1203_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Kolacek\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\

O1 HOSTS File: ([2012/01/24 23:18:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O3 - HKU\S-1-5-21-329068152-1580818891-1957994488-1004\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe ()
O4 - HKLM..\Run: [kX Mixer] C:\Program Files\kX Audio Driver\3550\kxmixer.exe (Eugene Gavrilov)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-329068152-1580818891-1957994488-1004..\Run: [Uniblue ProcessQuickLink 2] C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe (Uniblue)
O4 - HKU\S-1-5-21-329068152-1580818891-1957994488-1004..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-329068152-1580818891-1957994488-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-329068152-1580818891-1957994488-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-329068152-1580818891-1957994488-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-329068152-1580818891-1957994488-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC541501-9314-4A2E-930E-E250381D8E13}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kolacek\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kolacek\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/16 22:19:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/24 23:56:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/01/24 22:06:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/01/24 18:39:17 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Documents and Settings\Kolacek\Desktop\boot_cleaner.exe
[2012/01/24 18:34:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/01/24 18:34:17 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Kolacek\Desktop\aswMBR.exe
[2012/01/24 15:00:03 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2012/01/24 13:11:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kolacek\Start Menu\Programs\HiJackThis
[2012/01/24 13:11:51 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/01/24 11:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2012/01/24 11:29:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ProcessQuickLink 2
[2012/01/24 11:29:02 | 000,422,432 | ---- | C] (Uniblue ) -- C:\Documents and Settings\Kolacek\Desktop\processquicklink2.exe
[2012/01/24 00:33:00 | 001,692,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Kolacek\Desktop\avg_remover_stf_x86_2012_1796.exe
[2012/01/23 23:38:37 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Kolacek\Desktop\dds.scr
[2012/01/23 23:35:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kolacek\Application Data\Malwarebytes
[2012/01/23 23:35:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/23 23:34:55 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/23 23:34:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/23 23:32:01 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kolacek\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/23 22:56:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/23 22:48:57 | 001,263,344 | ---- | C] (ESET) -- C:\Documents and Settings\Kolacek\Desktop\eset_nod32_antivirus_live_installer.exe
[2012/01/23 21:51:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2012/01/23 21:31:35 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Kolacek\Desktop\esetsmartinstaller_enu.exe
[2012/01/23 21:29:19 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kolacek\Desktop\TFC.exe
[2012/01/23 21:26:25 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kolacek\Desktop\OTL.exe
[2012/01/23 20:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kolacek\Application Data\Sun
[2012/01/23 20:15:48 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/23 20:12:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/23 20:12:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/23 20:12:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/23 20:12:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/23 20:12:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/23 20:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012/01/23 20:04:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/23 20:02:38 | 004,388,468 | R--- | C] (Swearware) -- C:\Documents and Settings\Kolacek\Desktop\ComboFix.exe
[2012/01/23 18:57:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kolacek\Start Menu\Programs\Pontifex II
[2012/01/23 18:57:05 | 000,000,000 | ---D | C] -- C:\Program Files\Pontifex II
[2012/01/23 18:57:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AirLive Wireless
[2012/01/23 18:31:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2012/01/23 18:30:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/01/23 18:14:11 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/01/23 10:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/01/23 10:00:03 | 000,000,000 | ---D | C] -- C:\Program Files\Memory Washer
[2012/01/23 09:59:58 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2011/07/10 17:58:12 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/25 00:24:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/24 23:18:15 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/24 21:24:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/24 21:13:43 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Kolacek\Desktop\SystemLook.exe
[2012/01/24 19:58:44 | 004,388,468 | R--- | M] (Swearware) -- C:\Documents and Settings\Kolacek\Desktop\ComboFix.exe
[2012/01/24 19:02:21 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Kolacek\Desktop\MBR.dat
[2012/01/24 18:51:32 | 000,044,607 | ---- | M] () -- C:\Documents and Settings\Kolacek\Desktop\bootkit_remover.zip
[2012/01/24 18:40:50 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/24 18:38:00 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/01/24 18:34:44 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Kolacek\Desktop\aswMBR.exe
[2012/01/24 18:34:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/24 13:12:03 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\Kolacek\Desktop\HiJackThis.lnk
[2012/01/24 13:11:01 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Kolacek\Desktop\HijackThis.msi
[2012/01/24 11:40:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/24 11:29:27 | 000,000,827 | ---- | M] () -- C:\Documents and Settings\Kolacek\Application Data\Microsoft\Internet Explorer\Quick Launch\ProcessQuickLink 2.lnk
[2012/01/24 11:29:26 | 000,000,809 | ---- | M] () -- C:\Documents and Settings\Kolacek\Desktop\ProcessQuickLink 2.lnk
[2012/01/24 11:29:06 | 000,422,432 | ---- | M] (Uniblue ) -- C:\Documents and Settings\Kolacek\Desktop\processquicklink2.exe
[2012/01/24 06:37:36 | 000,191,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/24 06:36:46 | 000,024,672 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-0000000D-00001102-00000002-80221102}.rfx
[2012/01/24 06:36:46 | 000,024,672 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-0000000D-00001102-00000002-80221102}.rfx
[2012/01/24 06:36:46 | 000,016,420 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-0000000D-00001102-00000002-80221102}.rfx
[2012/01/24 06:36:46 | 000,016,420 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000000-00000000-0000000D-00001102-00000002-80221102}.rfx
[2012/01/24 06:36:46 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2012/01/24 06:36:46 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2012/01/24 06:36:46 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000000-00000000-0000000D-00001102-00000002-80221102}.dat
[2012/01/24 06:36:46 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-0000000D-00001102-00000002-80221102}.dat
[2012/01/24 06:07:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/24 05:52:37 | 000,519,104 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/24 05:52:36 | 000,093,802 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/24 00:33:22 | 001,692,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Kolacek\Desktop\avg_remover_stf_x86_2012_1796.exe
[2012/01/23 23:38:48 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Kolacek\Desktop\dds.scr
[2012/01/23 23:36:23 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Kolacek\Desktop\xxyi4ph9.exe
[2012/01/23 23:35:33 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/23 23:33:44 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kolacek\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/23 22:49:16 | 001,263,344 | ---- | M] (ESET) -- C:\Documents and Settings\Kolacek\Desktop\eset_nod32_antivirus_live_installer.exe
[2012/01/23 21:31:41 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Kolacek\Desktop\esetsmartinstaller_enu.exe
[2012/01/23 21:29:57 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kolacek\Desktop\TFC.exe
[2012/01/23 21:29:34 | 000,869,194 | ---- | M] () -- C:\Documents and Settings\Kolacek\Desktop\SecurityCheck.exe
[2012/01/23 21:27:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kolacek\Desktop\OTL.exe
[2012/01/23 21:27:35 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Kolacek\Desktop\rkill.exe
[2012/01/23 21:17:59 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Kolacek\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/23 20:15:53 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/23 20:01:35 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Kolacek\Desktop\MBRCheck.exe
[2012/01/22 21:25:34 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\Kolacek\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/21 08:43:48 | 000,000,128 | ---- | M] () -- C:\WINDOWS\entpack.ini
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/24 21:13:39 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Kolacek\Desktop\SystemLook.exe
[2012/01/24 19:02:21 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Kolacek\Desktop\MBR.dat
[2012/01/24 18:50:53 | 000,044,607 | ---- | C] () -- C:\Documents and Settings\Kolacek\Desktop\bootkit_remover.zip
[2012/01/24 18:40:49 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/24 18:35:25 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/01/24 13:11:52 | 000,002,451 | ---- | C] () -- C:\Documents and Settings\Kolacek\Desktop\HiJackThis.lnk
[2012/01/24 13:10:51 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Kolacek\Desktop\HijackThis.msi
[2012/01/24 11:29:27 | 000,000,827 | ---- | C] () -- C:\Documents and Settings\Kolacek\Application Data\Microsoft\Internet Explorer\Quick Launch\ProcessQuickLink 2.lnk
[2012/01/24 11:29:26 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\Kolacek\Desktop\ProcessQuickLink 2.lnk
[2012/01/23 23:35:34 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Kolacek\Desktop\xxyi4ph9.exe
[2012/01/23 23:35:32 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/23 21:28:58 | 000,869,194 | ---- | C] () -- C:\Documents and Settings\Kolacek\Desktop\SecurityCheck.exe
[2012/01/23 21:23:40 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Kolacek\Desktop\rkill.exe
[2012/01/23 20:15:53 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/01/23 20:15:50 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/23 20:12:44 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/23 20:12:44 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/23 20:12:44 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/23 20:12:44 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/23 20:12:44 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/23 20:01:34 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Kolacek\Desktop\MBRCheck.exe
[2012/01/23 17:55:01 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/10/15 17:14:36 | 000,000,035 | ---- | C] () -- C:\WINDOWS\reversi.ini
[2011/10/15 08:19:41 | 000,000,128 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2011/10/14 16:03:35 | 000,000,133 | ---- | C] () -- C:\WINDOWS\SYMGAMES.INI
[2011/08/23 18:35:25 | 000,159,845 | ---- | C] () -- C:\WINDOWS\Marsu-Fix Uninstaller.exe
[2011/07/16 19:27:42 | 000,014,640 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011/07/16 19:27:42 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt2870.bin
[2011/07/10 18:10:52 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000000-00000000-0000000D-00001102-00000002-80221102}.dat
[2011/07/10 18:10:52 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-0000000D-00001102-00000002-80221102}.dat
[2011/07/10 17:59:46 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2011/07/10 17:59:46 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2011/07/10 17:58:23 | 000,035,674 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2011/07/10 17:58:23 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2011/07/10 17:58:19 | 000,251,970 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2011/07/10 17:58:19 | 000,189,490 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2011/07/10 17:58:19 | 000,142,968 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT
[2011/07/10 17:58:19 | 000,114,972 | ---- | C] () -- C:\WINDOWS\System32\ctbasicw.dat
[2011/07/10 17:58:19 | 000,053,674 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2011/07/10 17:58:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2011/07/10 17:58:17 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2011/07/10 17:58:17 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE
[2011/07/10 17:58:17 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2011/07/10 17:58:17 | 000,000,192 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2011/07/10 17:58:05 | 000,000,128 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2011/07/10 15:52:05 | 000,000,509 | ---- | C] () -- C:\WINDOWS\System32\InTLub1.sys
[2011/07/09 13:53:23 | 000,000,033 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2011/07/06 19:17:48 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2011/07/06 19:17:48 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/06/28 08:42:09 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2011/06/11 01:31:11 | 000,000,053 | ---- | C] () -- C:\WINDOWS\soko.ini
[2011/05/18 10:13:49 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/18 10:13:39 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/18 10:13:39 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/05/18 10:12:35 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/05/18 10:10:54 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\ZSHP1020.EXE
[2011/05/18 10:04:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/05/18 09:53:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/05/18 09:29:25 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/05/18 09:28:56 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/05/18 09:28:53 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/05/18 09:28:47 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2011/05/18 09:28:24 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/05/17 09:50:42 | 000,070,656 | ---- | C] () -- C:\Documents and Settings\Kolacek\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/16 23:14:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/05/16 23:11:09 | 000,191,384 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/16 22:37:06 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2011/05/16 22:26:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/05/16 21:32:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/05/15 23:57:50 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\mnt.exe
[2011/05/15 23:35:49 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2011/05/15 23:35:45 | 000,519,104 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

Denio · Jan 24, 2012

2

[2011/05/15 23:35:39 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2011/05/15 23:35:38 | 000,093,802 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/15 23:19:27 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2011/05/15 23:19:17 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2011/05/15 23:14:26 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2011/05/15 23:10:12 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011/05/15 23:09:35 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2011/05/15 23:09:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2011/05/15 23:08:07 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\setupol.exe
[2011/05/15 23:07:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2011/05/15 23:04:37 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/01/07 21:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/07/16 19:27:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AirLive Wireless
[2011/08/21 20:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/08/17 20:27:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/08/23 18:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/12/02 13:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2012/01/24 00:40:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/07/26 12:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stentec
[2011/08/17 20:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kolacek\Application Data\AVG10
[2011/08/25 20:46:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kolacek\Application Data\BSplayer PRO
[2011/05/18 10:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kolacek\Application Data\BWMonitor
[2011/07/11 16:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kolacek\Application Data\Crayon Physics Deluxe
[2011/05/18 09:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kolacek\Application Data\DAEMON Tools
[2011/07/25 10:31:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kolacek\Application Data\fltk.org
[2011/07/07 11:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kolacek\Application Data\Hoyle
[2011/07/06 20:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kolacek\Application Data\Hoyle FaceCreator
[2011/07/26 15:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kolacek\Application Data\Stentec
[2012/01/24 19:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kolacek\Application Data\uTorrent
[2011/05/18 10:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kolacek\Application Data\WeatherWatcher
[2011/05/18 10:32:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kolacek\Application Data\WeatherWatcherLive
[2012/01/24 18:40:50 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011/05/16 22:19:20 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/05/16 21:19:17 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/01/23 20:15:53 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012/01/24 23:56:51 | 000,011,195 | ---- | M] () -- C:\ComboFix.txt
[2011/05/16 22:19:20 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/05/16 22:19:20 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/05/16 22:19:20 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 15:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 15:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/01/24 11:40:54 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2011/07/19 12:21:21 | 000,001,227 | ---- | M] () -- C:\rapport.txt
[2012/01/23 21:26:25 | 000,000,310 | ---- | M] () -- C:\rkill.log

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2011/05/16 22:17:34 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/08/14 19:49:20 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 19:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2009/08/14 16:02:46 | 000,594,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
[2007/12/10 07:00:00 | 000,057,344 | ---- | M] (Zenographics, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\ZIMFPRNT.DLL

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2011/07/16 21:01:50 | 000,001,738 | -H-- | M] () -- C:\Documents and Settings\Kolacek\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2011/05/16 23:04:01 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2011/05/16 23:04:00 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2011/05/16 23:04:00 | 000,888,832 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2011/05/16 22:19:28 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >
[2011/05/16 22:18:13 | 000,006,011 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\ASPNETSetup.log
[2011/05/16 22:18:17 | 000,002,860 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\ASPNETSetup_00000.log
[2011/05/16 22:18:22 | 000,004,364 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\ASPNETSetup_00001.log
[2011/05/16 22:18:33 | 000,006,210 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\ASPNETSetup_00002.log
[2011/05/16 21:53:25 | 000,003,944 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\dd_wcf_CA_smci_20110516_205320_381.txt
[2011/05/16 21:53:26 | 000,003,598 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\dd_wcf_CA_smci_20110516_205326_169.txt
[2011/05/16 21:39:43 | 000,004,439 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\dd_wcf_retCA32D8.txt
[2011/05/16 21:39:36 | 000,003,803 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\dd_wcf_retCAB10.txt

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/05/16 22:32:32 | 000,000,060 | -HS- | M] () -- C:\Documents and Settings\Kolacek\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2011/05/16 22:32:32 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Kolacek\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2012/01/24 18:34:44 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Kolacek\Desktop\aswMBR.exe
[2012/01/24 00:33:22 | 001,692,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Kolacek\Desktop\avg_remover_stf_x86_2012_1796.exe
[2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Documents and Settings\Kolacek\Desktop\boot_cleaner.exe
[2012/01/24 19:58:44 | 004,388,468 | R--- | M] (Swearware) -- C:\Documents and Settings\Kolacek\Desktop\ComboFix.exe
[2012/01/23 21:31:41 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Kolacek\Desktop\esetsmartinstaller_enu.exe
[2012/01/23 22:49:16 | 001,263,344 | ---- | M] (ESET) -- C:\Documents and Settings\Kolacek\Desktop\eset_nod32_antivirus_live_installer.exe
[2012/01/24 14:59:50 | 038,808,920 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Kolacek\Desktop\FileFormatConverters.exe
[2012/01/23 23:33:44 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kolacek\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/23 20:01:35 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Kolacek\Desktop\MBRCheck.exe
[2012/01/23 17:50:00 | 008,068,864 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Kolacek\Desktop\mseinstall.exe
[2012/01/23 21:27:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kolacek\Desktop\OTL.exe
[2012/01/24 11:29:06 | 000,422,432 | ---- | M] (Uniblue ) -- C:\Documents and Settings\Kolacek\Desktop\processquicklink2.exe
[2012/01/23 21:27:35 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Kolacek\Desktop\rkill.exe
[2012/01/23 21:29:34 | 000,869,194 | ---- | M] () -- C:\Documents and Settings\Kolacek\Desktop\SecurityCheck.exe
[2012/01/24 21:13:43 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Kolacek\Desktop\SystemLook.exe
[2012/01/23 21:29:57 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kolacek\Desktop\TFC.exe
[2012/01/23 23:36:23 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Kolacek\Desktop\xxyi4ph9.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/05/16 22:32:32 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Kolacek\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >
Marsu-Fix Uninstaller.exe

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2012/01/24 23:55:18 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\Kolacek\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2009/01/30 18:40:22 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 13:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2008/04/14 13:00:00 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2007/04/02 22:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 14:42:10 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 22:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 04:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2008/04/14 13:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2008/04/14 13:00:00 | 000,018,052 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2008/04/14 13:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2007/04/02 22:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2007/04/02 22:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

Broni · Jan 24, 2012

Please download and run ListParts by Farbar (for 32-bit system)

Please download and run ListParts64 by Farbar (for 64-bit system)

Click on Scan button.

Scan result will open in Notepad.
Post it in your next reply.

============================================================

Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.

Denio · Jan 25, 2012

ListParts by Farbar
Ran by Kolacek on 25-01-2012 at 09:39:44
Windows XP (X86)
Running From: C:\Documents and Settings\Kolacek\Desktop
************************************************************

========================= Memory info ======================

Percentage of memory in use: 57%
Total physical RAM: 1023.48 MB
Available physical RAM: 430.48 MB
Total Pagefile: 2461.96 MB
Available Pagefile: 2000.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 2002.84 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:28.06 GB) (Free:16.72 GB) NTFS ==>[Drive with boot components (Windows XP)]
2 Drive d: () (Fixed) (Total:232.88 GB) (Free:44.36 GB) NTFS
3 Drive e: (Local Disk) (Fixed) (Total:86.43 GB) (Free:47.74 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 114 GB 0 B
Disk 1 Online 233 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 28 GB 32 KB
Partition 2 Extended 86 GB 28 GB
Partition 3 Logical 86 GB 28 GB

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 28 GB Healthy System (partition with boot components)

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E Local Disk NTFS Partition 86 GB Healthy

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 233 GB 32 KB

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D NTFS Partition 233 GB Healthy

****** End Of Log ******

Denio · Jan 25, 2012

Process PID CPU Private Bytes Working Set Description Company Name Command Line
System Idle Process 0 91.18 0 K 16 K
System 4 0 K 224 K
Interrupts n/a 1.96 0 K 0 K Hardware Interrupts and DPCs
smss.exe 440 172 K 424 K Windows NT Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe
csrss.exe 496 1,708 K 4,068 K Client Server Runtime Process Microsoft Corporation C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe 524 6,572 K 5,076 K Windows NT Logon Application Microsoft Corporation winlogon.exe
services.exe 568 1,776 K 4,436 K Services and Controller app Microsoft Corporation C:\WINDOWS\system32\services.exe
nvsvc32.exe 740 4,576 K 6,236 K NVIDIA Driver Helper Service, Version 266.58 NVIDIA Corporation C:\WINDOWS\system32\nvsvc32.exe
svchost.exe 816 3,000 K 4,860 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k DcomLaunch
wmiprvse.exe 2004 2,896 K 4,920 K WMI Microsoft Corporation C:\WINDOWS\system32\wbem\wmiprvse.exe
svchost.exe 860 1,736 K 4,272 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k rpcss
MsMpEng.exe 928 51,224 K 57,268 K Antimalware Service Executable Microsoft Corporation "C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe"
svchost.exe 964 24,840 K 37,420 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe 1072 2,356 K 3,320 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe 1272 1,360 K 3,688 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k NetworkService
svchost.exe 1380 4,736 K 6,504 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService
spoolsv.exe 1512 3,624 K 5,604 K Spooler SubSystem App Microsoft Corporation C:\WINDOWS\system32\spoolsv.exe
svchost.exe 1624 1,284 K 3,872 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService
mbamservice.exe 1760 2.94 92,108 K 91,176 K Malwarebytes Anti-Malware Malwarebytes Corporation "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe"
RalinkRegistryWriter.exe 1880 460 K 1,756 K RalinkRegistryWriter Ralink Technology, Corp. "C:\Program Files\Ovislink\Common\RalinkRegistryWriter.exe"
MsPMSPSv.exe 176 424 K 1,608 K WMDM PMSP Service Microsoft Corporation C:\WINDOWS\system32\MsPMSPSv.exe
alg.exe 2096 1,124 K 3,584 K Application Layer Gateway Service Microsoft Corporation C:\WINDOWS\System32\alg.exe
svchost.exe 3396 1,492 K 3,460 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k HTTPFilter
msiexec.exe 1132 4,524 K 8,308 K Windows® installer Microsoft Corporation C:\WINDOWS\system32\msiexec.exe /V
lsass.exe 580 3,928 K 2,044 K LSA Shell (Export Version) Microsoft Corporation C:\WINDOWS\system32\lsass.exe
explorer.exe 1220 17,272 K 25,892 K Windows Explorer Microsoft Corporation C:\WINDOWS\Explorer.EXE
rundll32.exe 2012 4,360 K 5,700 K Run a DLL as an App Microsoft Corporation "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
CTHELPER.EXE 2184 3,040 K 5,068 K CtHelper MFC Application Creative Technology Ltd "C:\WINDOWS\system32\CTHELPER.EXE"
mbamgui.exe 2240 3,164 K 6,020 K Malwarebytes Anti-Malware Malwarebytes Corporation "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
msseces.exe 2256 8,088 K 12,640 K Microsoft Security Client User Interface Microsoft Corporation "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
uTorrent.exe 2280 0.98 4,956 K 9,596 K µTorrent BitTorrent, Inc. "C:\Program Files\uTorrent\uTorrent.exe"
ProcessQuickLink2.exe 2304 608 K 2,496 K ProcessQuickLink2 Uniblue "C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe" /autostart
firefox.exe 1796 119,864 K 126,084 K Firefox Mozilla Corporation "C:\Program Files\Mozilla Firefox\firefox.exe"
plugin-container.exe 3592 0.98 18,916 K 22,872 K Plugin Container for Firefox Mozilla Corporation "C:\Program Files\Mozilla Firefox\plugin-container.exe" --channel=1796.75546b0.879628458 "C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll" - -greomni "C:\Program Files\Mozilla Firefox\omni.jar" 1796 "\\.\pipe\gecko-crash-server-pipe.1796" plugin
procexp.exe 3416 1.96 10,500 K 15,960 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Documents and Settings\Kolacek\Desktop\procexp.exe"
notepad.exe 1292 992 K 3,340 K Notepad Microsoft Corporation notepad C:\Documents and Settings\Kolacek\Desktop\Result.txt

Broni · Jan 25, 2012

System Idle Process (CPU NOT used) is listed at 91.18%, so I'm not sure where you can see CPU usage at 100%.

=================================================================

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O3 - HKU\S-1-5-21-329068152-1580818891-1957994488-1004\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
[2011/08/21 20:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/08/17 20:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kolacek\Application Data\AVG10

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

============================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Do NOT post JavaRa log.

=============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

Denio · Jan 25, 2012

When I do the OTL step i start bugging my computer so i freezes... are you sure you wrote the script properly ?
also wont install the ESET antivirus...

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 30
Adobe Flash Player 11.1.102.55
Adobe Reader X (10.1.2)
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

Denio · Jan 25, 2012

Farbar Service Scanner Version: 18-01-2012 01
Ran by Kolacek (administrator) on 25-01-2012 at 18:52:43
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
===========

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2011-05-15 23:34] - [2008-06-03 17:01] - 0126976 ____A (Microsoft Corporation) C51DE19619D50CBD03708647ACA10E70

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys
[2011-05-15 23:06] - [2010-07-08 16:26] - 0361600 ____A (Microsoft Corporation) 51E41F16ACD80B8B39C0AE703A213F09

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll
[2011-05-15 23:33] - [2008-04-28 17:07] - 0330752 ____A (Microsoft Corporation) 4F10A2FA76B5BD54CD68AFA94E8ADB39

C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2011-05-16 22:12] - [2010-05-06 11:16] - 0022520 ____A (Microsoft Corporation) FC1E3B06AE8D160B686C5D04B5E85371

C:\WINDOWS\system32\qmgr.dll
[2011-05-16 22:12] - [2009-04-19 11:19] - 0408576 ____A (Microsoft Corporation) F13D1AA04F1F02399EB87F011584B7C0

C:\WINDOWS\system32\es.dll
[2011-05-15 23:03] - [2008-07-07 23:23] - 0253952 ____A (Microsoft Corporation) F17F6226BDC0CD5F0BEF0DAF84D29BEC

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe
[2011-05-15 23:19] - [2008-10-03 14:54] - 0014848 ____A (Microsoft Corporation) 67E38B4A549833E02D4D1617B5DBC318

C:\WINDOWS\system32\rpcss.dll
[2011-05-15 23:07] - [2009-02-09 13:56] - 0401408 ____A (Microsoft Corporation) 9222562D44021B988B9F9F62207FB6F2

C:\WINDOWS\system32\services.exe
[2011-05-15 23:37] - [2009-12-23 18:05] - 0110592 ____A (Microsoft Corporation) C519E15665CD89A91AD383FCE3CB556A

Extra List:
=======
AegisP(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0B0000000500000001000000020000000300000004000000090000000A0000000600000007000000080000000B000000
IpSec Tag value is correct.

**** End of log ****

Broni · Jan 25, 2012

Try to run OTL fix from safe mode.

As for Eset scan try different browser.

Denio · Jan 25, 2012

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry value HKEY_USERS\S-1-5-21-329068152-1580818891-1957994488-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UpdReg deleted successfully.
C:\WINDOWS\Updreg.EXE moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Documents and Settings\All Users\Application Data\AVAST Software folder moved successfully.
C:\Documents and Settings\Kolacek\Application Data\AVG10\cfgall folder moved successfully.
C:\Documents and Settings\Kolacek\Application Data\AVG10 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Kolacek
->Temp folder emptied: 1102598 bytes
->Temporary Internet Files folder emptied: 309298 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 382259510 bytes
->Google Chrome cache emptied: 6396967 bytes
->Flash cache emptied: 12689 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 31031 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 372.00 mb

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: Kolacek
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Kolacek
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 01262012_010511

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Denio · Jan 26, 2012

C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\netbt.sys.vir Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP134\A0078282.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP134\A0078296.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP134\A0078309.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP134\A0078328.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP134\A0078343.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP134\A0078357.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP135\A0078377.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP135\A0078392.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP135\A0078405.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP135\A0078420.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP135\A0078439.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP135\A0078453.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP135\A0078472.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP136\A0078494.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP136\A0078509.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP136\A0078563.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP136\A0078578.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP137\A0078599.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP137\A0078613.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP137\A0078627.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP137\A0078644.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP137\A0078658.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP137\A0078672.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP137\A0078687.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP138\A0078707.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP138\A0078721.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP138\A0078735.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP139\A0078755.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP139\A0078769.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP139\A0078788.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP139\A0078802.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP139\A0078823.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP139\A0078841.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP140\A0078859.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP140\A0078873.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP140\A0078890.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP140\A0078908.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP140\A0078927.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP140\A0078942.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP140\A0078956.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP141\A0078970.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP141\A0078985.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP141\A0079005.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP141\A0079024.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP141\A0079039.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP141\A0079054.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP141\A0079069.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP141\A0079083.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP141\A0079101.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP141\A0079119.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP141\A0079135.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP141\A0079149.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP141\A0079163.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP141\A0079180.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP141\A0079194.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP141\A0079209.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP141\A0079224.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP141\A0079242.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP141\A0079257.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP141\A0079275.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP141\A0079290.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP141\A0079304.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP141\A0079318.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP141\A0079332.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP141\A0079351.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP141\A0079366.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP141\A0079384.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP141\A0079399.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP142\A0079418.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP142\A0079432.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP142\A0079446.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP142\A0079460.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP142\A0079474.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP142\A0079490.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP143\A0079515.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP143\A0079529.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP143\A0079543.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP143\A0079557.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP143\A0079574.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP143\A0080574.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP143\A0080589.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP143\A0080612.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP143\A0080630.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP143\A0080647.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP143\A0080697.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP143\A0080713.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP143\A0080727.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP143\A0080741.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP144\A0080756.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP144\A0081198.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP144\A0081218.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP144\A0081237.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP144\A0081259.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP145\A0081273.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP145\A0081287.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP145\A0081301.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP145\A0081316.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP145\A0081335.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP145\A0081350.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP145\A0081364.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP145\A0081378.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP145\A0081391.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP146\A0081411.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP146\A0081447.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP147\A0081471.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP147\A0082471.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP147\A0082484.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP147\A0082512.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP147\A0083512.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP147\A0083525.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP147\A0083538.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP147\A0083558.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP147\A0083575.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP147\A0083589.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP147\A0083603.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP147\A0083616.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP147\A0083630.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP147\A0083643.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP148\A0083662.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP148\A0083675.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP148\A0083688.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP148\A0083702.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP148\A0083761.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP148\A0083774.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP148\A0083787.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP148\A0083801.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP148\A0083837.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP148\A0083857.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP148\A0083874.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP149\A0083895.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP149\A0084895.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP149\A0084913.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP149\A0084926.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP150\A0085926.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP150\A0086926.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP150\A0087926.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP150\A0088926.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP150\A0089926.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP152\A0090701.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP154\A0091016.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP155\A0095281.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{56642AE4-1A37-481E-BB05-C70ED3ED6A65}\RP155\A0095469.sys Win32/Sirefef.CO trojan cleaned by deleting - quarantined
D:\My Documents\Dea\Za mobilne ngage i express music\(CD)\APLIKACIJE\SISTEM - ALATKE\KEYGENS\SeleQ V120.exe probably a variant of Win32/Agent.HSQJPXC trojan cleaned by deleting - quarantined
D:\My Documents\Dea\Za mobilne ngage i express music\Apps\Mp3 Player 2.15\keygen.exe probably a variant of Win32/Agent.FJIJZAV trojan cleaned by deleting - quarantined
D:\My Documents\Denio\Eset Nod32\NOD32.FiX.v2.2-nsane.exe Win32/RiskWare.HackAV.G application cleaned by deleting - quarantined
D:\My Documents\Denio\Programi\NOD32view3_05_1.exe probably a variant of Win32/RiskWare.HackAV.GJ application deleted - quarantined
D:\My Documents\Denio\Programi\Nod32 3.0.621.0 Finally with a fix\NOD32_v3_FiX_1.1-TemDono.exe Win32/RiskWare.HackAV.AJ application cleaned by deleting - quarantined
D:\My Documents\Games\Penguin\Uninstall.exe probably a variant of Win32/Spy.Agent.NXCYZXH trojan cleaned by deleting - quarantined
D:\My Documents\Programi\Eset Nod32\NOD32.FiX.v2.2-nsane.exe Win32/RiskWare.HackAV.G application cleaned by deleting - quarantined
D:\New Folder\Nod32 3.0.621.0 Finally with a fix\NOD32_v3_FiX_1.1-TemDono.exe Win32/RiskWare.HackAV.AJ application cleaned by deleting - quarantined
D:\Programi\unlocker1.8.6.exe Win32/Adware.ADON application deleted - quarantined
D:\Programi\Eset Nod32\NOD32.FiX.v2.2-nsane.exe Win32/RiskWare.HackAV.G application cleaned by deleting - quarantined
D:\Programi\Nero v8.3.2.1 [CiM & EMBRACE Keygen]\Nero-8.3.2.1_eng_trial.exe Win32/Toolbar.AskSBar application deleted - quarantined
D:\Programi\SiSoftware.Sandra.Pro.Home.XI.SP1a.v2007.4.11.22.Multilingual.Retail.Incl.Keymaker-ZWT\keygen.exe probably a variant of Win32/Agent.KUTVBPT trojan cleaned by deleting - quarantined
D:\Programi\Total Commander Ultima Prime 3.4+Key[h33t][Pirri]\Setup\tcup34.exe probably a variant of Win32/Spy.Agent.FQTFHDB trojan deleted - quarantined
D:\Programi\usb\USB stealer\modipdumer.exe probably a variant of Win32/Agent.KLXLBWG trojan cleaned by deleting - quarantined
E:\Games\Small games\Flash Games 8\Flash Games 8.exe probably a variant of Win32/Inject.EKYWOVO trojan deleted - quarantined

Broni · Jan 26, 2012

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

Denio · Jan 27, 2012

Thank you for your help

my computer isnt very faster than it was but I guess that all of the viruses are now gone so thanks anyway.

I wanted to ask you something:
my computer is old and does somebody on this forum have he knowledge what to buy , and change of the current parts so it runs faster? I assume that that is the problem... The cpu in the task manager is always on 99-100% and when I do the simplest task it is slower than before, when I bought him...

Broni · Jan 27, 2012

System Idle Process (CPU NOT used) is listed at 91.18%, so I'm not sure where you can see CPU usage at 100%.

...

Denio · Jan 28, 2012

Translation please not that smart

Broni · Jan 28, 2012

??........................

Denio · Jan 28, 2012

Its ok... thanks for help my computer is better

Broni · Jan 28, 2012

Way to go!!

Good luck and stay safe

Denio · Jan 29, 2012

Hey

I tried to reinstal XP, but I cant (I am booting it from the usb and itworked 3 times , because I dont have a CD reader ) so any chance you know how to do it??

Broni · Jan 29, 2012

Start new topic in Windows forum.

Solved Virus - can't install Malwarebytes - access is denied

Posts: 47 +0

Posts: 47 +0

Posts: 56,041 +517

Posts: 47 +0

Posts: 47 +0

Posts: 56,041 +517

Posts: 47 +0

Posts: 47 +0

Posts: 56,041 +517

Posts: 47 +0

Posts: 47 +0

Posts: 56,041 +517

Posts: 47 +0

Posts: 56,041 +517

Posts: 47 +0

Posts: 56,041 +517

Posts: 47 +0

Posts: 56,041 +517

Posts: 47 +0

Posts: 56,041 +517

Similar threads