Trojaner, kan ej starta Malware

[my-destiny]

OTL loggfil

 

OTL logfile created on: 12/11/2010 4:02:04 PM - Run

OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE

Windows 7 Home Premium (Version = 6.1.7600) - Type = System

Internet Explorer (Version = 8.0.7600.16385)

Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 144.04 Gb Total Space | 80.32 Gb Free Space | 55.76% Space Free | Partition Type: NTFS

Drive D: | 144.04 Gb Total Space | 142.07 Gb Free Space | 98.63% Space Free | Partition Type: NTFS

Drive X: | 282.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet001

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2010/11/10 13:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2010/11/01 12:31:32 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto] -- C:\Windows\System32\ASTSRV.EXE -- (astcc)

SRV - [2010/10/21 22:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)

SRV - [2010/08/30 09:16:09 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/02/19 07:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009/07/13 20:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)

SRV - [2009/07/13 20:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)

SRV - [2009/07/13 20:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\umpo.dll -- (Power)

SRV - [2009/07/13 20:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\themeservice.dll -- (Themes)

SRV - [2009/07/13 20:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)

SRV - [2009/07/13 20:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)

SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)

SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)

SRV - [2009/07/13 20:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)

SRV - [2009/07/13 20:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)

SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009/07/13 20:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)

SRV - [2009/07/13 20:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2009/07/13 20:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)

SRV - [2009/07/13 20:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)

SRV - [2009/07/13 20:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)

SRV - [2009/07/13 20:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV)

SRV - [2009/07/13 20:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)

SRV - [2009/07/13 20:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand] -- C:\Windows\System32\DRIVERS\ewusbfake.sys -- (hwusbfake)

DRV - File not found [Kernel | On_Demand] -- C:\Windows\System32\DRIVERS\ewusbmdm.sys -- (hwdatacard)

DRV - File not found [Kernel | On_Demand] -- C:\Windows\System32\DRIVERS\hidir.sys -- (HidIr)

DRV - File not found [Kernel | On_Demand] -- C:\Windows\System32\DRIVERS\ewusbnet.sys -- (ewusbnet)

DRV - File not found [Kernel | On_Demand] -- -- (.jmcr)

DRV - File not found [Kernel | On_Demand] -- -- (.hidir)

DRV - [2010/11/09 16:20:58 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2010/11/09 09:48:08 | 000,081,296 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)

DRV - [2010/09/13 09:27:54 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)

DRV - [2010/09/06 21:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2010/09/06 21:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2010/09/06 21:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)

DRV - [2010/08/19 14:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV - [2010/08/19 14:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV - [2010/08/19 14:42:36 | 000,021,072 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)

DRV - [2010/03/24 01:37:04 | 000,038,656 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\vbmaf29c.sys -- (vbmaf29c)

DRV - [2009/12/11 02:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\ksecpkg.sys -- (KSecPkg)

DRV - [2009/07/14 18:54:00 | 009,557,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2009/07/13 20:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)

DRV - [2009/07/13 20:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)

DRV - [2009/07/13 20:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)

DRV - [2009/07/13 20:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)

DRV - [2009/07/13 20:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)

DRV - [2009/07/13 20:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)

DRV - [2009/07/13 20:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)

DRV - [2009/07/13 20:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)

DRV - [2009/07/13 20:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot] -- C:\Windows\System32\drivers\amdxata.sys -- (amdxata)

DRV - [2009/07/13 20:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)

DRV - [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)

DRV - [2009/07/13 20:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)

DRV - [2009/07/13 20:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)

DRV - [2009/07/13 20:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)

DRV - [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)

DRV - [2009/07/13 20:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)

DRV - [2009/07/13 20:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2009/07/13 20:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)

DRV - [2009/07/13 20:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)

DRV - [2009/07/13 20:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)

DRV - [2009/07/13 20:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)

DRV - [2009/07/13 20:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)

DRV - [2009/07/13 20:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)

DRV - [2009/07/13 20:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)

DRV - [2009/07/13 20:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)

DRV - [2009/07/13 20:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)

DRV - [2009/07/13 20:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)

DRV - [2009/07/13 20:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)

DRV - [2009/07/13 20:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\vdrvroot.sys -- (vdrvroot)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)

DRV - [2009/07/13 20:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)

DRV - [2009/07/13 20:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)

DRV - [2009/07/13 20:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)

DRV - [2009/07/13 20:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)

DRV - [2009/07/13 20:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)

DRV - [2009/07/13 20:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)

DRV - [2009/07/13 20:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)

DRV - [2009/07/13 20:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)

DRV - [2009/07/13 20:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\cng.sys -- (CNG)

DRV - [2009/07/13 19:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2009/07/13 19:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)

DRV - [2009/07/13 19:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)

DRV - [2009/07/13 18:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)

DRV - [2009/07/13 18:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)

DRV - [2009/07/13 18:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)

DRV - [2009/07/13 18:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)

DRV - [2009/07/13 18:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)

DRV - [2009/07/13 18:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)

DRV - [2009/07/13 18:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)

DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009/07/13 18:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)

DRV - [2009/07/13 18:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)

DRV - [2009/07/13 18:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)

DRV - [2009/07/13 18:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\appid.sys -- (AppID)

DRV - [2009/07/13 18:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)

DRV - [2009/07/13 18:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\discache.sys -- (discache)

DRV - [2009/07/13 18:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)

DRV - [2009/07/13 18:11:24 | 000,080,896 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\i8042prt.sys -- (i8042prt)

DRV - [2009/07/13 18:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)

DRV - [2009/07/13 17:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/13 17:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)

DRV - [2009/07/13 17:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)

DRV - [2009/07/13 17:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)

DRV - [2009/07/13 17:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)

DRV - [2009/07/13 17:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)

DRV - [2009/07/13 17:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2009/07/13 17:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)

DRV - [2009/07/13 17:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)

DRV - [2009/07/13 17:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)

DRV - [2009/07/13 17:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2007/03/28 00:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

 

IE - HKU\Tina_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?ptnrS=ZVxdm008YYSE&ptb=tN2jWTVMAO2X7mipKI.Cag&n=77cfdee3

IE - HKU\Tina_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp

IE - HKU\Tina_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv

IE - HKU\Tina_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 47 68 14 0C 63 7F CB 01 [binary data]

IE - HKU\Tina_ON_C\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found

IE - HKU\Tina_ON_C\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found

IE - HKU\Tina_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\Tina_reserv_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/12/09 17:49:23 | 000,000,000 | ---D | M]

 

 

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKU\Tina_ON_C..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\53d905b8-0645-4d30-a5bd-09f013c32c37.com File not found

O4 - HKU\Tina_ON_C..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)

O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - Startup: Error locating startup folders.

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found

O13 - gopher Prefix: missing

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {19D6A3D5-EA50-4C3B-88F0-79627C325570} https://www.one.com/static/controls/IlosoftMultipleImageUpload.dll (IlosoftMultipleImageCtrl Class)

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/IWONBarInitialSetup1.0.1.1.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010/12/10 09:21:09 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW

[2010/12/10 08:49:45 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\Ny mapp

[2010/12/09 18:09:36 | 001,344,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Tina\Desktop\TDSSKiller.exe

[2010/12/09 17:49:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG

[2010/12/09 14:31:46 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\SUPERAntiSpyware.com

[2010/12/09 13:32:30 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\Malwarebytes

[2010/12/09 13:32:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/12/09 13:32:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/12/09 13:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/12/09 13:28:59 | 000,000,000 | ---D | C] -- C:\Users\Tina\Documents\Simply Super Software

[2010/12/09 12:02:25 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Local\Deployment

[2010/12/09 12:02:25 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Local\Apps

[2010/12/09 07:54:28 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\AVG

[2010/12/07 20:19:15 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2010/12/07 19:31:17 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\onOne Software

[2010/12/07 19:26:44 | 000,057,344 | ---- | C] (Nalpeiron Ltd.) -- C:\Windows\System32\ASTSRV.EXE

[2010/12/07 19:16:54 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Local\Threat Expert

[2010/12/07 19:10:46 | 000,227,840 | ---- | C] (Iterated Systems, Inc.) -- C:\Windows\System32\Deco_32.dll

[2010/12/07 19:10:46 | 000,061,440 | ---- | C] (Nalpeiron Ltd.) -- C:\Windows\System32\nlssrv32.exe

[2010/12/07 14:21:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE

[2010/12/07 14:21:11 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys

[2010/12/07 14:16:52 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Local\Sunbelt Software

[2010/12/07 09:09:51 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\benitakort

[2010/12/07 08:28:43 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\jillkort

[2010/12/06 18:47:51 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\julkort

[2010/12/05 16:13:04 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\ps_psd

[2010/12/05 13:13:56 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\ps_brushes

[2010/12/05 10:29:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe

[2010/12/04 17:59:09 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\and_man_created_dog

[2010/12/02 11:55:11 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2010/12/02 11:55:11 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\Adobe Mini Bridge CS5

[2010/11/28 09:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live

[2010/11/28 09:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2010/11/28 09:15:13 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll

[2010/11/28 09:15:13 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll

[2010/11/28 09:15:12 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL

[2010/11/28 09:13:20 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Local\Windows Live

[2010/11/28 09:13:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live

[2010/11/27 19:32:57 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\Mozilla

[2010/11/27 19:32:55 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\Octoshape

[2010/11/27 15:03:36 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2010/11/27 12:54:24 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\ps_styles

[2010/11/26 10:13:36 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\fonts

[2010/11/25 13:44:58 | 000,000,000 | ---D | C] -- C:\Program Files\virtualStudio

[2010/11/25 13:24:23 | 000,000,000 | ---D | C] -- C:\Users\Tina\Documents\Adobe Scripts

[2010/11/25 13:18:08 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player

[2010/11/25 13:16:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR

[2010/11/25 13:08:43 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\Adobe CS5

[2010/11/20 20:09:41 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2010/11/20 20:09:11 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2010/11/20 20:09:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2010/11/20 20:09:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2010/11/20 18:13:38 | 000,000,000 | ---D | C] -- C:\Users\Tina\Documents\Outlook Files

[2010/11/20 18:03:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER

[2010/11/20 18:03:20 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2010/11/20 18:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services

[2010/11/20 18:00:41 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Local\Microsoft Help

[2010/11/20 18:00:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office

[2010/11/18 16:09:09 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\OpenOffice.org

[2010/11/18 15:56:53 | 000,000,000 | ---D | C] -- C:\Program Files\JRE

[2010/11/18 15:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3

[2010/11/17 19:56:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2010/11/17 19:55:47 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

[2010/11/17 19:55:34 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2010/11/17 18:26:43 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip

[2010/11/17 17:57:50 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\AVG10

[2010/11/17 17:57:36 | 000,000,000 | ---D | C] -- C:\extensions

[2010/11/17 17:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent

[2010/11/17 17:56:18 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\uTorrent

[2010/11/17 17:55:57 | 000,000,000 | ---D | C] -- C:\Program Files\AVG

[2010/11/17 15:53:07 | 000,000,000 | ---D | C] -- C:\Program Files\MyWebSearch

[2010/11/17 15:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\FunWebProducts

[2010/11/17 14:22:19 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\jills_WP

[2010/11/17 13:35:28 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\wp_themes

[2010/11/14 17:41:58 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\towa

[2010/11/14 17:18:57 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\min_hemsida

[2010/11/14 08:22:37 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\salukivalparna

 

========== Files - Modified Within 30 Days ==========

 

[2010/12/11 09:53:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/12/11 09:52:12 | 2411,880,448 | -HS- | M] () -- C:\hiberfil.sys

[2010/12/11 06:23:53 | 000,065,536 | ---- | M] () -- C:\Users\Tina\Desktop\99a3d87d-365b-4689-a2a1-74bb4b9424db3.jpg

[2010/12/11 06:07:46 | 000,065,536 | ---- | M] () -- C:\Users\Tina\Desktop\50d9610d-cd66-420b-9591-bb510e51e4d03.jpg

[2010/12/11 06:07:46 | 000,016,384 | ---- | M] () -- C:\Users\Tina\Desktop\bfd32b4d-db3a-4cb2-89cf-4e18e678f1ab2.jpg

[2010/12/11 06:07:00 | 000,000,956 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2299478776-879816663-2023338606-1001UA.job

[2010/12/11 05:45:57 | 101,522,221 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm

[2010/12/10 12:07:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2299478776-879816663-2023338606-1001Core.job

[2010/12/10 09:59:04 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/12/10 09:59:04 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/12/10 08:42:11 | 000,625,772 | ---- | M] () -- C:\Windows\System32\perfh01D.dat

[2010/12/10 08:42:11 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/12/10 08:42:11 | 000,123,894 | ---- | M] () -- C:\Windows\System32\perfc01D.dat

[2010/12/10 08:42:11 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/12/09 18:35:32 | 000,089,088 | ---- | M] () -- C:\Users\Tina\Desktop\mbr.exe

[2010/12/09 18:33:22 | 000,080,384 | ---- | M] () -- C:\Users\Tina\Desktop\MBRCheck.exe

[2010/12/09 18:21:15 | 000,296,448 | ---- | M] () -- C:\Users\Tina\Desktop\qhyu2v0f.exe

[2010/12/09 18:09:25 | 001,230,779 | ---- | M] () -- C:\Users\Tina\Desktop\tdsskiller.zip

[2010/12/09 18:06:56 | 000,002,268 | ---- | M] () -- C:\Users\Tina\Documents\avg.csv

[2010/12/09 15:03:33 | 003,987,287 | ---- | M] () -- C:\Users\Tina\Desktop\ComboFix.exe

[2010/12/09 12:03:38 | 000,002,313 | ---- | M] () -- C:\Users\Tina\Desktop\Google Chrome.lnk

[2010/12/08 18:00:52 | 000,000,251 | ---- | M] () -- C:\Windows\xUninstall.bat

[2010/12/08 08:56:47 | 000,045,079 | ---- | M] () -- C:\Users\Tina\Desktop\bella-i-stallet-011_120307697.jpg

[2010/12/08 08:48:08 | 001,344,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tina\Desktop\TDSSKiller.exe

[2010/12/08 08:29:36 | 000,100,253 | ---- | M] () -- C:\Users\Tina\Desktop\1235595688_resized.jpg

[2010/12/07 20:40:39 | 000,981,310 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB

[2010/12/07 19:38:31 | 000,044,576 | ---- | M] () -- C:\Users\Tina\Desktop\isa.jpg

[2010/12/07 19:28:49 | 000,104,411 | ---- | M] () -- C:\Users\Tina\Desktop\1281823940.jpg

[2010/12/07 14:21:11 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys

[2010/12/03 11:47:05 | 000,504,184 | ---- | M] () -- C:\Users\Tina\Documents\whirlpool_adg_3550_nb_[ET][1].pdf

[2010/11/28 09:24:05 | 003,819,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/11/25 18:51:11 | 000,001,456 | ---- | M] () -- C:\Users\Tina\AppData\Local\Adobe Save for Web 12.0 Prefs

[2010/11/20 18:13:43 | 000,001,065 | ---- | M] () -- C:\Users\Tina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk

[2010/11/18 16:09:35 | 000,001,157 | ---- | M] () -- C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk

[2010/11/14 08:20:22 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

 

========== Files Created - No Company Name ==========

 

[2010/12/11 09:40:18 | 000,065,536 | ---- | C] () -- C:\Users\Tina\Desktop\99a3d87d-365b-4689-a2a1-74bb4b9424db3.jpg

[2010/12/11 09:38:52 | 000,065,536 | ---- | C] () -- C:\Users\Tina\Desktop\50d9610d-cd66-420b-9591-bb510e51e4d03.jpg

[2010/12/11 09:38:37 | 000,016,384 | ---- | C] () -- C:\Users\Tina\Desktop\bfd32b4d-db3a-4cb2-89cf-4e18e678f1ab2.jpg

[2010/12/11 05:45:57 | 101,522,221 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm

[2010/12/09 18:35:32 | 000,089,088 | ---- | C] () -- C:\Users\Tina\Desktop\mbr.exe

[2010/12/09 18:33:21 | 000,080,384 | ---- | C] () -- C:\Users\Tina\Desktop\MBRCheck.exe

[2010/12/09 18:21:15 | 000,296,448 | ---- | C] () -- C:\Users\Tina\Desktop\qhyu2v0f.exe

[2010/12/09 18:09:23 | 001,230,779 | ---- | C] () -- C:\Users\Tina\Desktop\tdsskiller.zip

[2010/12/09 18:06:56 | 000,002,268 | ---- | C] () -- C:\Users\Tina\Documents\avg.csv

[2010/12/09 15:03:29 | 003,987,287 | ---- | C] () -- C:\Users\Tina\Desktop\ComboFix.exe

[2010/12/09 12:03:38 | 000,002,313 | ---- | C] () -- C:\Users\Tina\Desktop\Google Chrome.lnk

[2010/12/09 12:02:50 | 000,000,956 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2299478776-879816663-2023338606-1001UA.job

[2010/12/09 12:02:47 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2299478776-879816663-2023338606-1001Core.job

[2010/12/08 08:57:51 | 000,045,079 | ---- | C] () -- C:\Users\Tina\Desktop\bella-i-stallet-011_120307697.jpg

[2010/12/08 08:31:55 | 000,100,253 | ---- | C] () -- C:\Users\Tina\Desktop\1235595688_resized.jpg

[2010/12/07 20:40:28 | 000,981,310 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB

[2010/12/07 19:38:45 | 000,044,576 | ---- | C] () -- C:\Users\Tina\Desktop\isa.jpg

[2010/12/07 19:28:57 | 000,104,411 | ---- | C] () -- C:\Users\Tina\Desktop\1281823940.jpg

[2010/12/03 11:47:04 | 000,504,184 | ---- | C] () -- C:\Users\Tina\Documents\whirlpool_adg_3550_nb_[ET][1].pdf

[2010/11/25 18:51:11 | 000,001,456 | ---- | C] () -- C:\Users\Tina\AppData\Local\Adobe Save for Web 12.0 Prefs

[2010/11/20 18:13:43 | 000,001,065 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk

[2010/11/18 16:09:35 | 000,001,157 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk

[2010/11/14 08:20:22 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2010/08/30 09:09:07 | 000,038,656 | ---- | C] () -- C:\Windows\System32\drivers\vbmaf29c.sys

[2009/07/13 19:02:54 | 000,245,248 | ---- | C] () -- C:\Windows\System32\DShowRdpFilter.dll

[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009/07/13 18:11:24 | 000,080,896 | ---- | C] () -- C:\Windows\System32\drivers\i8042prt.sys

 

========== LOP Check ==========

 

[2010/12/09 08:00:56 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\AVG

[2010/12/07 21:01:33 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\AVG10

[2010/11/27 15:03:36 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2010/12/07 21:01:32 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Notepad++

[2010/12/09 13:42:07 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Octoshape

[2010/12/07 19:31:17 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\onOne Software

[2010/11/18 16:09:09 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\OpenOffice.org

[2010/12/02 11:55:11 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2010/12/11 09:52:40 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\uTorrent

[2009/07/13 23:53:46 | 000,010,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

< End of report >

[Cecilia]

Ledsen att det blev en extra punkt i länken.

 

Men det var bra och i denna logg syns den skadliga drivrutinen som ska bort.

 

Vi ser om detta enklaste sättet fungerar. Starta datorn i felsäkert läge och kör TDSSKiller.

Klicka på Start Scan.

 

Om några hot hittas så välj Cure och klicka på Continue. Om inte Cure finns så välj Skip. Välj INTE Quarantine eller Delete.

Om något hittas som det inte går att välja Cure på skriv ner vilka alternativ som finns.

Startas om datorn i normalt läge.

 

Klistra in innehållet i loggen som du hittar i C:\ med namnet TDSSKiller följt av version och tidpunkt, samt det du skrev ner om eventuella möjliga alternativ.

[my-destiny]

Ok, kunde äntligen köra TDSSKiller, men när jag valt skip & continue, eftersom inte cure fanns, så kommer bara en tom ruta upp, alltså inget att klistra in i ngn logg :/

 

Här har du loggen iaf:

 

2010/12/11 18:13:47.0526 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40

2010/12/11 18:13:47.0526 ================================================================================

2010/12/11 18:13:47.0526 SystemInfo:

2010/12/11 18:13:47.0526

2010/12/11 18:13:47.0526 OS Version: 6.1.7600 ServicePack: 0.0

2010/12/11 18:13:47.0526 Product type: Workstation

2010/12/11 18:13:47.0526 ComputerName: TINA-DATOR

2010/12/11 18:13:47.0526 UserName: Tina

2010/12/11 18:13:47.0526 Windows directory: C:\Windows

2010/12/11 18:13:47.0526 System windows directory: C:\Windows

2010/12/11 18:13:47.0526 Processor architecture: Intel x86

2010/12/11 18:13:47.0526 Number of processors: 2

2010/12/11 18:13:47.0526 Page size: 0x1000

2010/12/11 18:13:47.0526 Boot type: Safe boot with network

2010/12/11 18:13:47.0526 ================================================================================

2010/12/11 18:13:47.0775 Initialize success

2010/12/11 18:16:02.0715 ================================================================================

2010/12/11 18:16:02.0715 Scan started

2010/12/11 18:16:02.0715 Mode: Manual;

2010/12/11 18:16:02.0715 ================================================================================

2010/12/11 18:16:03.0885 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys

2010/12/11 18:16:03.0932 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys

2010/12/11 18:16:03.0979 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

2010/12/11 18:16:04.0026 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

2010/12/11 18:16:04.0073 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

2010/12/11 18:16:04.0119 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

2010/12/11 18:16:04.0182 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys

2010/12/11 18:16:04.0260 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys

2010/12/11 18:16:04.0307 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys

2010/12/11 18:16:04.0369 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

2010/12/11 18:16:04.0431 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

2010/12/11 18:16:04.0463 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

2010/12/11 18:16:04.0494 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

2010/12/11 18:16:04.0541 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

2010/12/11 18:16:04.0572 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

2010/12/11 18:16:04.0603 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys

2010/12/11 18:16:04.0650 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

2010/12/11 18:16:04.0681 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys

2010/12/11 18:16:04.0728 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

2010/12/11 18:16:04.0837 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

2010/12/11 18:16:04.0884 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

2010/12/11 18:16:04.0946 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/12/11 18:16:04.0993 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

2010/12/11 18:16:05.0087 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys

2010/12/11 18:16:05.0211 AVGIDSDriver (1ca8e5fe74efd5826bbd76c0470e6ae4) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys

2010/12/11 18:16:05.0258 AVGIDSEH (b9b6e535b9b49c463f68f4bcdd232944) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

2010/12/11 18:16:05.0305 AVGIDSFilter (32a76fd3fc12d09c586730ef63b4b20b) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys

2010/12/11 18:16:05.0367 AVGIDSShim (84431da40330cdfd84a7b92bcf0d4a05) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys

2010/12/11 18:16:05.0430 Avgldx86 (1119e5bec6e749e0d292f0f84d48edba) C:\Windows\system32\DRIVERS\avgldx86.sys

2010/12/11 18:16:05.0492 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\Windows\system32\DRIVERS\avgmfx86.sys

2010/12/11 18:16:05.0523 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\Windows\system32\DRIVERS\avgrkx86.sys

2010/12/11 18:16:05.0570 Avgtdix (354e0fec3bfdfa9c369e0f67ac362f9f) C:\Windows\system32\DRIVERS\avgtdix.sys

2010/12/11 18:16:05.0679 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

2010/12/11 18:16:05.0726 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2010/12/11 18:16:05.0773 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2010/12/11 18:16:05.0820 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

2010/12/11 18:16:05.0867 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys

2010/12/11 18:16:05.0898 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2010/12/11 18:16:05.0929 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2010/12/11 18:16:05.0960 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2010/12/11 18:16:06.0007 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2010/12/11 18:16:06.0038 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2010/12/11 18:16:06.0069 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2010/12/11 18:16:06.0101 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

2010/12/11 18:16:06.0179 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2010/12/11 18:16:06.0241 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys

2010/12/11 18:16:06.0272 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

2010/12/11 18:16:06.0335 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2010/12/11 18:16:06.0413 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

2010/12/11 18:16:06.0428 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

2010/12/11 18:16:06.0475 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2010/12/11 18:16:06.0506 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

2010/12/11 18:16:06.0537 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

2010/12/11 18:16:06.0569 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

2010/12/11 18:16:06.0647 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys

2010/12/11 18:16:06.0693 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2010/12/11 18:16:06.0725 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

2010/12/11 18:16:06.0803 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2010/12/11 18:16:06.0834 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys

2010/12/11 18:16:06.0943 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

2010/12/11 18:16:07.0083 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

2010/12/11 18:16:07.0130 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

2010/12/11 18:16:07.0255 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2010/12/11 18:16:07.0286 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2010/12/11 18:16:07.0333 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

2010/12/11 18:16:07.0380 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2010/12/11 18:16:07.0411 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2010/12/11 18:16:07.0442 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/12/11 18:16:07.0489 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2010/12/11 18:16:07.0536 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2010/12/11 18:16:07.0567 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2010/12/11 18:16:07.0629 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys

2010/12/11 18:16:07.0676 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

2010/12/11 18:16:07.0707 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2010/12/11 18:16:07.0785 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys

2010/12/11 18:16:07.0817 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/12/11 18:16:07.0863 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

2010/12/11 18:16:07.0879 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

2010/12/11 18:16:07.0988 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

2010/12/11 18:16:08.0035 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

2010/12/11 18:16:08.0082 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

2010/12/11 18:16:08.0160 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

2010/12/11 18:16:08.0253 i8042prt (3a1dc8bac0ba85c93a600481a6626e17) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/12/11 18:16:08.0253 Suspicious file (Forged): C:\Windows\system32\DRIVERS\i8042prt.sys. Real md5: 3a1dc8bac0ba85c93a600481a6626e17, Fake md5: f151f0bdc47f4a28b1b20a0818ea36d6

2010/12/11 18:16:08.0253 i8042prt - detected Forged file (1)

2010/12/11 18:16:08.0300 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys

2010/12/11 18:16:08.0347 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

2010/12/11 18:16:08.0394 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

2010/12/11 18:16:08.0441 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

2010/12/11 18:16:08.0487 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/12/11 18:16:08.0550 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

2010/12/11 18:16:08.0581 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2010/12/11 18:16:08.0628 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2010/12/11 18:16:08.0675 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys

2010/12/11 18:16:08.0706 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/12/11 18:16:08.0784 JMCR (858c550ebbd243826a2193262c1b54a3) C:\Windows\system32\DRIVERS\jmcr.sys

2010/12/11 18:16:08.0815 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/12/11 18:16:08.0846 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

2010/12/11 18:16:08.0877 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys

2010/12/11 18:16:08.0940 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys

2010/12/11 18:16:09.0018 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2010/12/11 18:16:09.0080 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

2010/12/11 18:16:09.0111 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

2010/12/11 18:16:09.0127 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2010/12/11 18:16:09.0174 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2010/12/11 18:16:09.0221 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2010/12/11 18:16:09.0252 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

2010/12/11 18:16:09.0299 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

2010/12/11 18:16:09.0345 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2010/12/11 18:16:09.0377 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2010/12/11 18:16:09.0423 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

2010/12/11 18:16:09.0470 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

2010/12/11 18:16:09.0486 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

2010/12/11 18:16:09.0517 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys

2010/12/11 18:16:09.0564 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2010/12/11 18:16:09.0611 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

2010/12/11 18:16:09.0657 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/12/11 18:16:09.0689 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/12/11 18:16:09.0720 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/12/11 18:16:09.0751 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys

2010/12/11 18:16:09.0782 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys

2010/12/11 18:16:09.0829 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2010/12/11 18:16:09.0860 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2010/12/11 18:16:09.0876 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

2010/12/11 18:16:09.0954 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2010/12/11 18:16:09.0985 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/12/11 18:16:10.0016 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2010/12/11 18:16:10.0047 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2010/12/11 18:16:10.0094 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/12/11 18:16:10.0110 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2010/12/11 18:16:10.0141 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

2010/12/11 18:16:10.0188 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2010/12/11 18:16:10.0250 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2010/12/11 18:16:10.0328 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys

2010/12/11 18:16:10.0375 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2010/12/11 18:16:10.0422 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/12/11 18:16:10.0453 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/12/11 18:16:10.0484 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/12/11 18:16:10.0515 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

2010/12/11 18:16:10.0562 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

2010/12/11 18:16:10.0609 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

2010/12/11 18:16:10.0687 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

2010/12/11 18:16:10.0734 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

2010/12/11 18:16:10.0765 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

2010/12/11 18:16:10.0827 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys

2010/12/11 18:16:10.0890 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

2010/12/11 18:16:11.0155 nvlddmkm (e572ebf0a86a76e7cfcaab00648f0f83) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2010/12/11 18:16:11.0420 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys

2010/12/11 18:16:11.0436 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys

2010/12/11 18:16:11.0498 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

2010/12/11 18:16:11.0529 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

2010/12/11 18:16:11.0607 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

2010/12/11 18:16:11.0639 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

2010/12/11 18:16:11.0685 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

2010/12/11 18:16:11.0732 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys

2010/12/11 18:16:11.0763 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

2010/12/11 18:16:11.0795 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

2010/12/11 18:16:11.0826 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

2010/12/11 18:16:11.0873 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

2010/12/11 18:16:12.0013 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

2010/12/11 18:16:12.0044 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

2010/12/11 18:16:12.0122 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

2010/12/11 18:16:12.0185 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

2010/12/11 18:16:12.0247 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

2010/12/11 18:16:12.0294 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

2010/12/11 18:16:12.0325 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

2010/12/11 18:16:12.0372 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

2010/12/11 18:16:12.0419 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/12/11 18:16:12.0450 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/12/11 18:16:12.0481 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

2010/12/11 18:16:12.0512 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

2010/12/11 18:16:12.0543 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

2010/12/11 18:16:12.0575 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/12/11 18:16:12.0606 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

2010/12/11 18:16:12.0653 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

2010/12/11 18:16:12.0684 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys

2010/12/11 18:16:12.0731 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

2010/12/11 18:16:12.0809 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

2010/12/11 18:16:12.0871 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

2010/12/11 18:16:12.0933 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

2010/12/11 18:16:12.0996 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys

2010/12/11 18:16:13.0043 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2010/12/11 18:16:13.0105 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

2010/12/11 18:16:13.0136 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

2010/12/11 18:16:13.0167 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

2010/12/11 18:16:13.0230 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

2010/12/11 18:16:13.0245 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys

2010/12/11 18:16:13.0292 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys

2010/12/11 18:16:13.0323 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

2010/12/11 18:16:13.0370 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys

2010/12/11 18:16:13.0417 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2010/12/11 18:16:13.0448 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

2010/12/11 18:16:13.0495 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

2010/12/11 18:16:13.0557 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

2010/12/11 18:16:13.0651 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys

2010/12/11 18:16:13.0682 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys

2010/12/11 18:16:13.0729 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys

2010/12/11 18:16:13.0776 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

2010/12/11 18:16:13.0823 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

2010/12/11 18:16:13.0947 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys

2010/12/11 18:16:14.0041 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys

2010/12/11 18:16:14.0088 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

2010/12/11 18:16:14.0135 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

2010/12/11 18:16:14.0166 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys

2010/12/11 18:16:14.0197 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

2010/12/11 18:16:14.0228 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

2010/12/11 18:16:14.0306 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/12/11 18:16:14.0337 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

2010/12/11 18:16:14.0369 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

2010/12/11 18:16:14.0415 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys

2010/12/11 18:16:14.0478 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

2010/12/11 18:16:14.0509 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

2010/12/11 18:16:14.0540 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

2010/12/11 18:16:14.0587 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/12/11 18:16:14.0634 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

2010/12/11 18:16:14.0665 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys

2010/12/11 18:16:14.0696 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys

2010/12/11 18:16:14.0727 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys

2010/12/11 18:16:14.0743 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

2010/12/11 18:16:14.0790 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/12/11 18:16:14.0821 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/12/11 18:16:14.0868 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys

2010/12/11 18:16:14.0961 vbmaf29c (520c300389b9cf61fc33e71958eed084) C:\Windows\system32\drivers\vbmaf29c.sys

2010/12/11 18:16:14.0961 Suspicious file (NoAccess): C:\Windows\system32\drivers\vbmaf29c.sys. md5: 520c300389b9cf61fc33e71958eed084

2010/12/11 18:16:14.0977 vbmaf29c - detected Locked file (1)

2010/12/11 18:16:15.0024 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

2010/12/11 18:16:15.0071 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/12/11 18:16:15.0102 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

2010/12/11 18:16:15.0133 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys

2010/12/11 18:16:15.0180 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

2010/12/11 18:16:15.0211 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

2010/12/11 18:16:15.0242 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

2010/12/11 18:16:15.0273 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys

2010/12/11 18:16:15.0305 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

2010/12/11 18:16:15.0351 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys

2010/12/11 18:16:15.0398 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

2010/12/11 18:16:15.0429 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

2010/12/11 18:16:15.0476 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

2010/12/11 18:16:15.0507 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

2010/12/11 18:16:15.0539 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2010/12/11 18:16:15.0554 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2010/12/11 18:16:15.0679 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

2010/12/11 18:16:15.0726 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2010/12/11 18:16:15.0835 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

2010/12/11 18:16:15.0866 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

2010/12/11 18:16:15.0944 winbondcir (3fa87d56769838aac82fafc3e78fc732) C:\Windows\system32\DRIVERS\winbondcir.sys

2010/12/11 18:16:16.0053 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys

2010/12/11 18:16:16.0147 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

2010/12/11 18:16:16.0225 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

2010/12/11 18:16:16.0287 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

2010/12/11 18:16:16.0334 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/12/11 18:16:16.0428 ================================================================================

2010/12/11 18:16:16.0428 Scan finished

2010/12/11 18:16:16.0428 ================================================================================

2010/12/11 18:16:16.0459 Detected object count: 2

2010/12/11 18:18:40.0993 Forged file(i8042prt) - User select action: Skip

2010/12/11 18:18:40.0993 Locked file(vbmaf29c) - User select action: Skip

2010/12/11 18:19:12.0490 Deinitialize success

[Cecilia]

Det går framåt.

Vad fanns det att välja på mer än Skip för de två filerna?

 

Tillägg:

Pröva detta också:

 

Ta bort den ComboFix du har och ladda ner en ny till skrivbordet under nedladdningen byter du namn på den till iexplore.exe.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Starta datorn i felsäkert läge:

 

Start - Kör

Klistra/Skriv in:

"%userprofile%\desktop\iexplore.exe" /killall

 

Om du får igång ComboFix på det sättet starta sedan om i normalt läge och klistra in loggen C:\ComboFix.txt.

[my-destiny]

Jag kunde välja på Skip/Copy to quarantine/delete

[Cecilia]

Förlåt, jag la till lite i mitt förra inlägg medan du skrev ditt.

[my-destiny]

Näe, får inte igång ComboFix, samma problem som tidigare, laddar & stänger sedan ner.

[Cecilia]

Spara SystemLook på Skrivbordet från en av dessa länkar:

http://jpshortstuff.247fixes.com/SystemLook.exe

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe

 

Dubbelklicka på SystemLook-filen för att köra den.

 

Kopiera alla rader i rutan

:filefind 
i8042prt*.*

och klistra in i det stora textfältet i SýstemLook.

Tryck på knappen Look för att starta sökningen.

När det är klart så kommer Anteckningar upp med en logg, och den klistrar du in här. Om loggen inte kommer upp så finns den som SystemLook.txt på Skrivbordet.

[my-destiny]

SystemLook 04.09.10 by jpshortstuff

Log created at 20:09 on 11/12/2010 by Tina

Administrator - Elevation successful

 

========== filefind ==========

 

Searching for "i8042prt*.*"

C:\Windows\System32\drivers\i8042prt.sys --a---- 80896 bytes [23:11 13/07/2009] [23:11 13/07/2009] F151F0BDC47F4A28B1B20A0818EA36D6

C:\Windows\System32\drivers\sv-SE\i8042prt.sys.mui --a---- 10240 bytes [08:14 14/07/2009] [08:14 14/07/2009] 4FC0ACFBFDF391E7838DDD64FB0C6063

C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_x86_neutral_0c4a1880f2aa5a72\i8042prt.sys --a---- 80896 bytes [23:11 13/07/2009] [23:11 13/07/2009] F151F0BDC47F4A28B1B20A0818EA36D6

C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_x86_neutral_7a9084e0177406eb\i8042prt.sys --a---- 80896 bytes [23:11 13/07/2009] [23:11 13/07/2009] F151F0BDC47F4A28B1B20A0818EA36D6

C:\Windows\winsxs\x86_keyboard.inf.resources_31bf3856ad364e35_6.1.7600.16385_sv-se_139b29d615dfd01b\i8042prt.sys.mui --a---- 10240 bytes [08:14 14/07/2009] [08:14 14/07/2009] 4FC0ACFBFDF391E7838DDD64FB0C6063

C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.1.7600.16385_none_9724c3fc3a4c81ef\i8042prt.sys --a---- 80896 bytes [23:11 13/07/2009] [23:11 13/07/2009] F151F0BDC47F4A28B1B20A0818EA36D6

C:\Windows\winsxs\x86_msmouse.inf.resources_31bf3856ad364e35_6.1.7600.16385_sv-se_b6620d303f9951db\i8042prt.sys.mui --a---- 10240 bytes [08:14 14/07/2009] [08:14 14/07/2009] 4FC0ACFBFDF391E7838DDD64FB0C6063

C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_4e0a61a033aec8c3\i8042prt.sys --a---- 80896 bytes [23:11 13/07/2009] [23:11 13/07/2009] F151F0BDC47F4A28B1B20A0818EA36D6

 

-= EOF =-

 

 

[Cecilia]

Kopiera alla raderna i rutan och klistra in i Anteckningar.

:OTL
DRV - [2010/03/24 01:37:04 | 000,038,656 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\vbmaf29c.sys -- (vbmaf29c)
:Files
C:\Windows\System32\drivers\i8042prt.sys|C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_x86_neutral_0c4a1880f2aa5a72\i8042prt.sys /replace
C:\Windows\System32\drivers\vbmaf29c.sys|C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_x86_neutral_0c4a1880f2aa5a72\i8042prt.sys /replace

Kontrollera att det ser exakt likadant ut, t ex när det gäller radbrytningar.

Spara som filen otlfix.txt i mappen C:\.

 

Starta datorn från OTLPE-skivan.

 

Starta OTLPE-programmet på samma sätt som förut.

Svara och välj på samma sätt.

 

Dubbelklicka på rutan "Custom Scans/Fixes".

Det kommer upp en fråga om du vill hämta en fix från en fil. Välj då C:\otlfix.txt.

 

Klicka på "Run Fix".

När skanningen är klar så kommer loggfilen OTL.txt att sparas i mappen C:\.

 

Starta om datorn från hårddisken och klistra in loggfilen OTL.txt i ditt svar

[my-destiny]

Men se det ville datorn inte alls att jag skulle göra... Fick detta meddelande när jag försökte spara textfilen.

[my-destiny]

Hmm, testade att bara skriva något i anteckningar & spara som textfil under C, men det gick inte det heller.

[my-destiny]

Nu varnade AVG igen & scanningen hittade:

 

Scan "Sidebar gadget scan" completed.Infections;"8";"0";"8"Folders selected for scanning:;"Whole computer scan"Scan started:;"den 11 december 2010, 22:16:35"Scan finished:;"den 11 december 2010, 22:18:43 (2 minute(s) 8 second(s))"Total object scanned:;"732873"User who launched the scan:;"Tina"Infections;"File";"Infection";"Result";"C:\Windows\assembly\GAC_MSIL\Desktop.ini";"Trojan horse PSW.Agent.AJRW";"Infected";"C:\Windows\assembly\GAC_MSIL\Desktop.ini";"Trojan horse PSW.Agent.AJRW";"Infected";"C:\Windows\assembly\GAC_MSIL\Desktop.ini";"Trojan horse PSW.Agent.AJRW";"Infected";"C:\Windows\assembly\GAC_MSIL\Desktop.ini";"Trojan horse PSW.Agent.AJRW";"Infected";"C:\Program Files\Internet Explorer\iexplore.exe (812)";"Trojan horse PSW.Agent.AJRW";"Infected";"C:\Program Files\Internet Explorer\iexplore.exe (6096)";"Trojan horse PSW.Agent.AJRW";"Infected";"C:\Program Files\Internet Explorer\iexplore.exe (5772)";"Trojan horse PSW.Agent.AJRW";"Infected";"C:\Program Files\Internet Explorer\iexplore.exe (5700)";"Trojan horse PSW.Agent.AJRW";"Infected"

[Cecilia]

Du kan spara filen var som helst, även om på skrivbordet eller i Mina dokument, bara du kan hitta igen den när du har startat OTLPE.

[my-destiny]

Så, jag var tvungen att flytta filen i REATOGO-X-PE till B:\\documents and settings\deafult user\my documents ... Där var jag även tvungen att döpa om filen till scan.txt för några andra val gick inte att göra.

 

OTL logfile created on: 12/11/2010 4:02:04 PM - Run

OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE

Windows 7 Home Premium (Version = 6.1.7600) - Type = System

Internet Explorer (Version = 8.0.7600.16385)

Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 144.04 Gb Total Space | 80.32 Gb Free Space | 55.76% Space Free | Partition Type: NTFS

Drive D: | 144.04 Gb Total Space | 142.07 Gb Free Space | 98.63% Space Free | Partition Type: NTFS

Drive X: | 282.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet001

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2010/11/10 13:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2010/11/01 12:31:32 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto] -- C:\Windows\System32\ASTSRV.EXE -- (astcc)

SRV - [2010/10/21 22:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)

SRV - [2010/08/30 09:16:09 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/02/19 07:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009/07/13 20:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)

SRV - [2009/07/13 20:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)

SRV - [2009/07/13 20:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\umpo.dll -- (Power)

SRV - [2009/07/13 20:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\themeservice.dll -- (Themes)

SRV - [2009/07/13 20:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)

SRV - [2009/07/13 20:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)

SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)

SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)

SRV - [2009/07/13 20:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)

SRV - [2009/07/13 20:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)

SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009/07/13 20:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)

SRV - [2009/07/13 20:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2009/07/13 20:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)

SRV - [2009/07/13 20:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)

SRV - [2009/07/13 20:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)

SRV - [2009/07/13 20:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV)

SRV - [2009/07/13 20:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)

SRV - [2009/07/13 20:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand] -- C:\Windows\System32\DRIVERS\ewusbfake.sys -- (hwusbfake)

DRV - File not found [Kernel | On_Demand] -- C:\Windows\System32\DRIVERS\ewusbmdm.sys -- (hwdatacard)

DRV - File not found [Kernel | On_Demand] -- C:\Windows\System32\DRIVERS\hidir.sys -- (HidIr)

DRV - File not found [Kernel | On_Demand] -- C:\Windows\System32\DRIVERS\ewusbnet.sys -- (ewusbnet)

DRV - File not found [Kernel | On_Demand] -- -- (.jmcr)

DRV - File not found [Kernel | On_Demand] -- -- (.hidir)

DRV - [2010/11/09 16:20:58 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2010/11/09 09:48:08 | 000,081,296 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)

DRV - [2010/09/13 09:27:54 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)

DRV - [2010/09/06 21:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2010/09/06 21:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2010/09/06 21:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)

DRV - [2010/08/19 14:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV - [2010/08/19 14:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV - [2010/08/19 14:42:36 | 000,021,072 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)

DRV - [2010/03/24 01:37:04 | 000,038,656 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\vbmaf29c.sys -- (vbmaf29c)

DRV - [2009/12/11 02:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\ksecpkg.sys -- (KSecPkg)

DRV - [2009/07/14 18:54:00 | 009,557,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2009/07/13 20:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)

DRV - [2009/07/13 20:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)

DRV - [2009/07/13 20:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)

DRV - [2009/07/13 20:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)

DRV - [2009/07/13 20:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)

DRV - [2009/07/13 20:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)

DRV - [2009/07/13 20:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)

DRV - [2009/07/13 20:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)

DRV - [2009/07/13 20:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot] -- C:\Windows\System32\drivers\amdxata.sys -- (amdxata)

DRV - [2009/07/13 20:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)

DRV - [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)

DRV - [2009/07/13 20:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)

DRV - [2009/07/13 20:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)

DRV - [2009/07/13 20:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)

DRV - [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)

DRV - [2009/07/13 20:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)

DRV - [2009/07/13 20:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2009/07/13 20:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)

DRV - [2009/07/13 20:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)

DRV - [2009/07/13 20:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)

DRV - [2009/07/13 20:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)

DRV - [2009/07/13 20:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)

DRV - [2009/07/13 20:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)

DRV - [2009/07/13 20:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)

DRV - [2009/07/13 20:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)

DRV - [2009/07/13 20:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)

DRV - [2009/07/13 20:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)

DRV - [2009/07/13 20:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)

DRV - [2009/07/13 20:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\vdrvroot.sys -- (vdrvroot)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)

DRV - [2009/07/13 20:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)

DRV - [2009/07/13 20:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)

DRV - [2009/07/13 20:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)

DRV - [2009/07/13 20:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)

DRV - [2009/07/13 20:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)

DRV - [2009/07/13 20:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)

DRV - [2009/07/13 20:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)

DRV - [2009/07/13 20:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)

DRV - [2009/07/13 20:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\cng.sys -- (CNG)

DRV - [2009/07/13 19:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2009/07/13 19:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)

DRV - [2009/07/13 19:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)

DRV - [2009/07/13 18:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)

DRV - [2009/07/13 18:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)

DRV - [2009/07/13 18:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)

DRV - [2009/07/13 18:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)

DRV - [2009/07/13 18:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)

DRV - [2009/07/13 18:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)

DRV - [2009/07/13 18:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)

DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009/07/13 18:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)

DRV - [2009/07/13 18:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)

DRV - [2009/07/13 18:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)

DRV - [2009/07/13 18:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\appid.sys -- (AppID)

DRV - [2009/07/13 18:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)

DRV - [2009/07/13 18:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\discache.sys -- (discache)

DRV - [2009/07/13 18:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)

DRV - [2009/07/13 18:11:24 | 000,080,896 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\i8042prt.sys -- (i8042prt)

DRV - [2009/07/13 18:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)

DRV - [2009/07/13 17:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/13 17:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)

DRV - [2009/07/13 17:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)

DRV - [2009/07/13 17:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)

DRV - [2009/07/13 17:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)

DRV - [2009/07/13 17:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)

DRV - [2009/07/13 17:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2009/07/13 17:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)

DRV - [2009/07/13 17:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)

DRV - [2009/07/13 17:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)

DRV - [2009/07/13 17:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2007/03/28 00:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

 

IE - HKU\Tina_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?ptnrS=ZVxdm008YYSE&ptb=tN2jWTVMAO2X7mipKI.Cag&n=77cfdee3

IE - HKU\Tina_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp

IE - HKU\Tina_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv

IE - HKU\Tina_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 47 68 14 0C 63 7F CB 01 [binary data]

IE - HKU\Tina_ON_C\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found

IE - HKU\Tina_ON_C\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found

IE - HKU\Tina_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\Tina_reserv_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/12/09 17:49:23 | 000,000,000 | ---D | M]

 

 

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKU\Tina_ON_C..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\53d905b8-0645-4d30-a5bd-09f013c32c37.com File not found

O4 - HKU\Tina_ON_C..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)

O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - Startup: Error locating startup folders.

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found

O13 - gopher Prefix: missing

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {19D6A3D5-EA50-4C3B-88F0-79627C325570} https://www.one.com/static/controls/IlosoftMultipleImageUpload.dll (IlosoftMultipleImageCtrl Class)

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/IWONBarInitialSetup1.0.1.1.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010/12/10 09:21:09 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW

[2010/12/10 08:49:45 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\Ny mapp

[2010/12/09 18:09:36 | 001,344,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Tina\Desktop\TDSSKiller.exe

[2010/12/09 17:49:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG

[2010/12/09 14:31:46 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\SUPERAntiSpyware.com

[2010/12/09 13:32:30 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\Malwarebytes

[2010/12/09 13:32:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/12/09 13:32:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/12/09 13:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/12/09 13:28:59 | 000,000,000 | ---D | C] -- C:\Users\Tina\Documents\Simply Super Software

[2010/12/09 12:02:25 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Local\Deployment

[2010/12/09 12:02:25 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Local\Apps

[2010/12/09 07:54:28 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\AVG

[2010/12/07 20:19:15 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2010/12/07 19:31:17 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\onOne Software

[2010/12/07 19:26:44 | 000,057,344 | ---- | C] (Nalpeiron Ltd.) -- C:\Windows\System32\ASTSRV.EXE

[2010/12/07 19:16:54 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Local\Threat Expert

[2010/12/07 19:10:46 | 000,227,840 | ---- | C] (Iterated Systems, Inc.) -- C:\Windows\System32\Deco_32.dll

[2010/12/07 19:10:46 | 000,061,440 | ---- | C] (Nalpeiron Ltd.) -- C:\Windows\System32\nlssrv32.exe

[2010/12/07 14:21:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE

[2010/12/07 14:21:11 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys

[2010/12/07 14:16:52 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Local\Sunbelt Software

[2010/12/07 09:09:51 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\benitakort

[2010/12/07 08:28:43 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\jillkort

[2010/12/06 18:47:51 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\julkort

[2010/12/05 16:13:04 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\ps_psd

[2010/12/05 13:13:56 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\ps_brushes

[2010/12/05 10:29:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe

[2010/12/04 17:59:09 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\and_man_created_dog

[2010/12/02 11:55:11 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2010/12/02 11:55:11 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\Adobe Mini Bridge CS5

[2010/11/28 09:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live

[2010/11/28 09:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2010/11/28 09:15:13 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll

[2010/11/28 09:15:13 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll

[2010/11/28 09:15:12 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL

[2010/11/28 09:13:20 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Local\Windows Live

[2010/11/28 09:13:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live

[2010/11/27 19:32:57 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\Mozilla

[2010/11/27 19:32:55 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\Octoshape

[2010/11/27 15:03:36 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2010/11/27 12:54:24 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\ps_styles

[2010/11/26 10:13:36 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\fonts

[2010/11/25 13:44:58 | 000,000,000 | ---D | C] -- C:\Program Files\virtualStudio

[2010/11/25 13:24:23 | 000,000,000 | ---D | C] -- C:\Users\Tina\Documents\Adobe Scripts

[2010/11/25 13:18:08 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player

[2010/11/25 13:16:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR

[2010/11/25 13:08:43 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\Adobe CS5

[2010/11/20 20:09:41 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2010/11/20 20:09:11 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2010/11/20 20:09:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2010/11/20 20:09:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2010/11/20 18:13:38 | 000,000,000 | ---D | C] -- C:\Users\Tina\Documents\Outlook Files

[2010/11/20 18:03:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER

[2010/11/20 18:03:20 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2010/11/20 18:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services

[2010/11/20 18:00:41 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Local\Microsoft Help

[2010/11/20 18:00:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office

[2010/11/18 16:09:09 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\OpenOffice.org

[2010/11/18 15:56:53 | 000,000,000 | ---D | C] -- C:\Program Files\JRE

[2010/11/18 15:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3

[2010/11/17 19:56:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2010/11/17 19:55:47 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

[2010/11/17 19:55:34 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2010/11/17 18:26:43 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip

[2010/11/17 17:57:50 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\AVG10

[2010/11/17 17:57:36 | 000,000,000 | ---D | C] -- C:\extensions

[2010/11/17 17:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent

[2010/11/17 17:56:18 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\uTorrent

[2010/11/17 17:55:57 | 000,000,000 | ---D | C] -- C:\Program Files\AVG

[2010/11/17 15:53:07 | 000,000,000 | ---D | C] -- C:\Program Files\MyWebSearch

[2010/11/17 15:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\FunWebProducts

[2010/11/17 14:22:19 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\jills_WP

[2010/11/17 13:35:28 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\wp_themes

[2010/11/14 17:41:58 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\towa

[2010/11/14 17:18:57 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\min_hemsida

[2010/11/14 08:22:37 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\salukivalparna

 

========== Files - Modified Within 30 Days ==========

 

[2010/12/11 09:53:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/12/11 09:52:12 | 2411,880,448 | -HS- | M] () -- C:\hiberfil.sys

[2010/12/11 06:23:53 | 000,065,536 | ---- | M] () -- C:\Users\Tina\Desktop\99a3d87d-365b-4689-a2a1-74bb4b9424db3.jpg

[2010/12/11 06:07:46 | 000,065,536 | ---- | M] () -- C:\Users\Tina\Desktop\50d9610d-cd66-420b-9591-bb510e51e4d03.jpg

[2010/12/11 06:07:46 | 000,016,384 | ---- | M] () -- C:\Users\Tina\Desktop\bfd32b4d-db3a-4cb2-89cf-4e18e678f1ab2.jpg

[2010/12/11 06:07:00 | 000,000,956 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2299478776-879816663-2023338606-1001UA.job

[2010/12/11 05:45:57 | 101,522,221 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm

[2010/12/10 12:07:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2299478776-879816663-2023338606-1001Core.job

[2010/12/10 09:59:04 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/12/10 09:59:04 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/12/10 08:42:11 | 000,625,772 | ---- | M] () -- C:\Windows\System32\perfh01D.dat

[2010/12/10 08:42:11 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/12/10 08:42:11 | 000,123,894 | ---- | M] () -- C:\Windows\System32\perfc01D.dat

[2010/12/10 08:42:11 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/12/09 18:35:32 | 000,089,088 | ---- | M] () -- C:\Users\Tina\Desktop\mbr.exe

[2010/12/09 18:33:22 | 000,080,384 | ---- | M] () -- C:\Users\Tina\Desktop\MBRCheck.exe

[2010/12/09 18:21:15 | 000,296,448 | ---- | M] () -- C:\Users\Tina\Desktop\qhyu2v0f.exe

[2010/12/09 18:09:25 | 001,230,779 | ---- | M] () -- C:\Users\Tina\Desktop\tdsskiller.zip

[2010/12/09 18:06:56 | 000,002,268 | ---- | M] () -- C:\Users\Tina\Documents\avg.csv

[2010/12/09 15:03:33 | 003,987,287 | ---- | M] () -- C:\Users\Tina\Desktop\ComboFix.exe

[2010/12/09 12:03:38 | 000,002,313 | ---- | M] () -- C:\Users\Tina\Desktop\Google Chrome.lnk

[2010/12/08 18:00:52 | 000,000,251 | ---- | M] () -- C:\Windows\xUninstall.bat

[2010/12/08 08:56:47 | 000,045,079 | ---- | M] () -- C:\Users\Tina\Desktop\bella-i-stallet-011_120307697.jpg

[2010/12/08 08:48:08 | 001,344,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tina\Desktop\TDSSKiller.exe

[2010/12/08 08:29:36 | 000,100,253 | ---- | M] () -- C:\Users\Tina\Desktop\1235595688_resized.jpg

[2010/12/07 20:40:39 | 000,981,310 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB

[2010/12/07 19:38:31 | 000,044,576 | ---- | M] () -- C:\Users\Tina\Desktop\isa.jpg

[2010/12/07 19:28:49 | 000,104,411 | ---- | M] () -- C:\Users\Tina\Desktop\1281823940.jpg

[2010/12/07 14:21:11 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys

[2010/12/03 11:47:05 | 000,504,184 | ---- | M] () -- C:\Users\Tina\Documents\whirlpool_adg_3550_nb_[ET][1].pdf

[2010/11/28 09:24:05 | 003,819,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/11/25 18:51:11 | 000,001,456 | ---- | M] () -- C:\Users\Tina\AppData\Local\Adobe Save for Web 12.0 Prefs

[2010/11/20 18:13:43 | 000,001,065 | ---- | M] () -- C:\Users\Tina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk

[2010/11/18 16:09:35 | 000,001,157 | ---- | M] () -- C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk

[2010/11/14 08:20:22 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

 

========== Files Created - No Company Name ==========

 

[2010/12/11 09:40:18 | 000,065,536 | ---- | C] () -- C:\Users\Tina\Desktop\99a3d87d-365b-4689-a2a1-74bb4b9424db3.jpg

[2010/12/11 09:38:52 | 000,065,536 | ---- | C] () -- C:\Users\Tina\Desktop\50d9610d-cd66-420b-9591-bb510e51e4d03.jpg

[2010/12/11 09:38:37 | 000,016,384 | ---- | C] () -- C:\Users\Tina\Desktop\bfd32b4d-db3a-4cb2-89cf-4e18e678f1ab2.jpg

[2010/12/11 05:45:57 | 101,522,221 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm

[2010/12/09 18:35:32 | 000,089,088 | ---- | C] () -- C:\Users\Tina\Desktop\mbr.exe

[2010/12/09 18:33:21 | 000,080,384 | ---- | C] () -- C:\Users\Tina\Desktop\MBRCheck.exe

[2010/12/09 18:21:15 | 000,296,448 | ---- | C] () -- C:\Users\Tina\Desktop\qhyu2v0f.exe

[2010/12/09 18:09:23 | 001,230,779 | ---- | C] () -- C:\Users\Tina\Desktop\tdsskiller.zip

[2010/12/09 18:06:56 | 000,002,268 | ---- | C] () -- C:\Users\Tina\Documents\avg.csv

[2010/12/09 15:03:29 | 003,987,287 | ---- | C] () -- C:\Users\Tina\Desktop\ComboFix.exe

[2010/12/09 12:03:38 | 000,002,313 | ---- | C] () -- C:\Users\Tina\Desktop\Google Chrome.lnk

[2010/12/09 12:02:50 | 000,000,956 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2299478776-879816663-2023338606-1001UA.job

[2010/12/09 12:02:47 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2299478776-879816663-2023338606-1001Core.job

[2010/12/08 08:57:51 | 000,045,079 | ---- | C] () -- C:\Users\Tina\Desktop\bella-i-stallet-011_120307697.jpg

[2010/12/08 08:31:55 | 000,100,253 | ---- | C] () -- C:\Users\Tina\Desktop\1235595688_resized.jpg

[2010/12/07 20:40:28 | 000,981,310 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB

[2010/12/07 19:38:45 | 000,044,576 | ---- | C] () -- C:\Users\Tina\Desktop\isa.jpg

[2010/12/07 19:28:57 | 000,104,411 | ---- | C] () -- C:\Users\Tina\Desktop\1281823940.jpg

[2010/12/03 11:47:04 | 000,504,184 | ---- | C] () -- C:\Users\Tina\Documents\whirlpool_adg_3550_nb_[ET][1].pdf

[2010/11/25 18:51:11 | 000,001,456 | ---- | C] () -- C:\Users\Tina\AppData\Local\Adobe Save for Web 12.0 Prefs

[2010/11/20 18:13:43 | 000,001,065 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk

[2010/11/18 16:09:35 | 000,001,157 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk

[2010/11/14 08:20:22 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2010/08/30 09:09:07 | 000,038,656 | ---- | C] () -- C:\Windows\System32\drivers\vbmaf29c.sys

[2009/07/13 19:02:54 | 000,245,248 | ---- | C] () -- C:\Windows\System32\DShowRdpFilter.dll

[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009/07/13 18:11:24 | 000,080,896 | ---- | C] () -- C:\Windows\System32\drivers\i8042prt.sys

 

========== LOP Check ==========

 

[2010/12/09 08:00:56 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\AVG

[2010/12/07 21:01:33 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\AVG10

[2010/11/27 15:03:36 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2010/12/07 21:01:32 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Notepad++

[2010/12/09 13:42:07 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Octoshape

[2010/12/07 19:31:17 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\onOne Software

[2010/11/18 16:09:09 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\OpenOffice.org

[2010/12/02 11:55:11 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2010/12/11 09:52:40 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\uTorrent

[2009/07/13 23:53:46 | 000,010,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

< End of report >

[Cecilia]

Vad duktigt av dig att få igång det hela!

 

Kör TDSSKiller får vi se vad den säger nu.

 

Se om det finns någon logg i C:\_OTL\Moved Files också.

[my-destiny]

Ja, lite kan jag iaf

TDSSKiller ger samma resultat & val som tidigare efter continue bara en tom ruta.

En loggfil i Moved Files hittades:

========== OTL ==========

Unable to delete service\driver key.

========== FILES ==========

File\Folder C:\Windows\System32\drivers\i8042prt.sys|C:\Windows\System32\DriverSt not found.

File\Folder ore\FileRepository\keyboard.inf_x86_neutral_0c4a1880f2aa5a72\i8042prt not found.

Invalid replace specification: .sys

File\Folder C:\Windows\System32\drivers\vbmaf29c.sys|C:\Windows\System32\DriverSt not found.

File\Folder ore\FileRepository\keyboard.inf_x86_neutral_0c4a1880f2aa5a72\i8042prt not found.

Invalid replace specification: .sys

 

OTLPE by OldTimer - Version 3.1.43.0 log created on 12122010_003725

[Cecilia]

Jag tror att du har fått extra radbrytningar i scan.txt så att OTLPE inte förstår var filerna finns. Du behöver se till att inställningen Format - Automatiskt radbyte inte har någon bock och att scan.txt är 5 rader. Jag repeterar dem här:

 

:OTL
DRV - [2010/03/24 01:37:04 | 000,038,656 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\vbmaf29c.sys -- (vbmaf29c)
:Files
C:\Windows\System32\drivers\i8042prt.sys|C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_x86_neutral_0c4a1880f2aa5a72\i8042prt.sys /replace
C:\Windows\System32\drivers\vbmaf29c.sys|C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_x86_neutral_0c4a1880f2aa5a72\i8042prt.sys /replace

 

Om scan.txt ser ut så där är det möjligt att OTLPE har svårt med de långa raderna. I så fall använd en scan.txt som ser ut så här:

:OTL
DRV - [2010/03/24 01:37:04 | 000,038,656 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\vbmaf29c.sys -- (vbmaf29c)
:Files
C:\i8042prt.sys|C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_x86_neutral_0c4a1880f2aa5a72\i8042prt.sys
C:\Windows\System32\drivers\i8042prt.sys|C:\i8042prt.sys /replace
C:\Windows\System32\drivers\vbmaf29c.sys|C:\i8042prt.sys /replace

[my-destiny]

OTL log:

 

 

OTL logfile created on: 12/11/2010 4:02:04 PM - Run

OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE

Windows 7 Home Premium (Version = 6.1.7600) - Type = System

Internet Explorer (Version = 8.0.7600.16385)

Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 144.04 Gb Total Space | 80.32 Gb Free Space | 55.76% Space Free | Partition Type: NTFS

Drive D: | 144.04 Gb Total Space | 142.07 Gb Free Space | 98.63% Space Free | Partition Type: NTFS

Drive X: | 282.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet001

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2010/11/10 13:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2010/11/01 12:31:32 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto] -- C:\Windows\System32\ASTSRV.EXE -- (astcc)

SRV - [2010/10/21 22:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)

SRV - [2010/08/30 09:16:09 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/02/19 07:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009/07/13 20:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)

SRV - [2009/07/13 20:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)

SRV - [2009/07/13 20:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\umpo.dll -- (Power)

SRV - [2009/07/13 20:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\themeservice.dll -- (Themes)

SRV - [2009/07/13 20:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)

SRV - [2009/07/13 20:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)

SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)

SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)

SRV - [2009/07/13 20:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)

SRV - [2009/07/13 20:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)

SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009/07/13 20:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)

SRV - [2009/07/13 20:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2009/07/13 20:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)

SRV - [2009/07/13 20:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)

SRV - [2009/07/13 20:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)

SRV - [2009/07/13 20:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV)

SRV - [2009/07/13 20:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)

SRV - [2009/07/13 20:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand] -- C:\Windows\System32\DRIVERS\ewusbfake.sys -- (hwusbfake)

DRV - File not found [Kernel | On_Demand] -- C:\Windows\System32\DRIVERS\ewusbmdm.sys -- (hwdatacard)

DRV - File not found [Kernel | On_Demand] -- C:\Windows\System32\DRIVERS\hidir.sys -- (HidIr)

DRV - File not found [Kernel | On_Demand] -- C:\Windows\System32\DRIVERS\ewusbnet.sys -- (ewusbnet)

DRV - File not found [Kernel | On_Demand] -- -- (.jmcr)

DRV - File not found [Kernel | On_Demand] -- -- (.hidir)

DRV - [2010/11/09 16:20:58 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2010/11/09 09:48:08 | 000,081,296 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)

DRV - [2010/09/13 09:27:54 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)

DRV - [2010/09/06 21:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2010/09/06 21:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2010/09/06 21:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)

DRV - [2010/08/19 14:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV - [2010/08/19 14:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV - [2010/08/19 14:42:36 | 000,021,072 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)

DRV - [2010/03/24 01:37:04 | 000,038,656 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\vbmaf29c.sys -- (vbmaf29c)

DRV - [2009/12/11 02:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\ksecpkg.sys -- (KSecPkg)

DRV - [2009/07/14 18:54:00 | 009,557,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2009/07/13 20:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)

DRV - [2009/07/13 20:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)

DRV - [2009/07/13 20:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)

DRV - [2009/07/13 20:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)

DRV - [2009/07/13 20:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)

DRV - [2009/07/13 20:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)

DRV - [2009/07/13 20:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)

DRV - [2009/07/13 20:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)

DRV - [2009/07/13 20:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot] -- C:\Windows\System32\drivers\amdxata.sys -- (amdxata)

DRV - [2009/07/13 20:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)

DRV - [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)

DRV - [2009/07/13 20:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)

DRV - [2009/07/13 20:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)

DRV - [2009/07/13 20:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)

DRV - [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)

DRV - [2009/07/13 20:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)

DRV - [2009/07/13 20:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2009/07/13 20:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)

DRV - [2009/07/13 20:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)

DRV - [2009/07/13 20:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)

DRV - [2009/07/13 20:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)

DRV - [2009/07/13 20:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)

DRV - [2009/07/13 20:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)

DRV - [2009/07/13 20:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)

DRV - [2009/07/13 20:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)

DRV - [2009/07/13 20:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)

DRV - [2009/07/13 20:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)

DRV - [2009/07/13 20:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)

DRV - [2009/07/13 20:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\vdrvroot.sys -- (vdrvroot)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)

DRV - [2009/07/13 20:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)

DRV - [2009/07/13 20:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)

DRV - [2009/07/13 20:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)

DRV - [2009/07/13 20:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)

DRV - [2009/07/13 20:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)

DRV - [2009/07/13 20:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)

DRV - [2009/07/13 20:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)

DRV - [2009/07/13 20:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)

DRV - [2009/07/13 20:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\cng.sys -- (CNG)

DRV - [2009/07/13 19:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2009/07/13 19:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)

DRV - [2009/07/13 19:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)

DRV - [2009/07/13 18:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)

DRV - [2009/07/13 18:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)

DRV - [2009/07/13 18:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)

DRV - [2009/07/13 18:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)

DRV - [2009/07/13 18:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)

DRV - [2009/07/13 18:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)

DRV - [2009/07/13 18:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)

DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009/07/13 18:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)

DRV - [2009/07/13 18:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)

DRV - [2009/07/13 18:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)

DRV - [2009/07/13 18:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\appid.sys -- (AppID)

DRV - [2009/07/13 18:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)

DRV - [2009/07/13 18:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\discache.sys -- (discache)

DRV - [2009/07/13 18:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)

DRV - [2009/07/13 18:11:24 | 000,080,896 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\i8042prt.sys -- (i8042prt)

DRV - [2009/07/13 18:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)

DRV - [2009/07/13 17:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/13 17:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)

DRV - [2009/07/13 17:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)

DRV - [2009/07/13 17:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)

DRV - [2009/07/13 17:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)

DRV - [2009/07/13 17:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)

DRV - [2009/07/13 17:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2009/07/13 17:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)

DRV - [2009/07/13 17:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)

DRV - [2009/07/13 17:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)

DRV - [2009/07/13 17:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2007/03/28 00:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

 

IE - HKU\Tina_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?ptnrS=ZVxdm008YYSE&ptb=tN2jWTVMAO2X7mipKI.Cag&n=77cfdee3

IE - HKU\Tina_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp

IE - HKU\Tina_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv

IE - HKU\Tina_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 47 68 14 0C 63 7F CB 01 [binary data]

IE - HKU\Tina_ON_C\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found

IE - HKU\Tina_ON_C\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found

IE - HKU\Tina_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\Tina_reserv_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/12/09 17:49:23 | 000,000,000 | ---D | M]

 

 

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKU\Tina_ON_C..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\53d905b8-0645-4d30-a5bd-09f013c32c37.com File not found

O4 - HKU\Tina_ON_C..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)

O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - Startup: Error locating startup folders.

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found

O13 - gopher Prefix: missing

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {19D6A3D5-EA50-4C3B-88F0-79627C325570} https://www.one.com/static/controls/IlosoftMultipleImageUpload.dll (IlosoftMultipleImageCtrl Class)

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/IWONBarInitialSetup1.0.1.1.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010/12/10 09:21:09 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW

[2010/12/10 08:49:45 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\Ny mapp

[2010/12/09 18:09:36 | 001,344,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Tina\Desktop\TDSSKiller.exe

[2010/12/09 17:49:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG

[2010/12/09 14:31:46 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\SUPERAntiSpyware.com

[2010/12/09 13:32:30 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\Malwarebytes

[2010/12/09 13:32:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/12/09 13:32:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/12/09 13:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/12/09 13:28:59 | 000,000,000 | ---D | C] -- C:\Users\Tina\Documents\Simply Super Software

[2010/12/09 12:02:25 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Local\Deployment

[2010/12/09 12:02:25 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Local\Apps

[2010/12/09 07:54:28 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\AVG

[2010/12/07 20:19:15 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2010/12/07 19:31:17 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\onOne Software

[2010/12/07 19:26:44 | 000,057,344 | ---- | C] (Nalpeiron Ltd.) -- C:\Windows\System32\ASTSRV.EXE

[2010/12/07 19:16:54 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Local\Threat Expert

[2010/12/07 19:10:46 | 000,227,840 | ---- | C] (Iterated Systems, Inc.) -- C:\Windows\System32\Deco_32.dll

[2010/12/07 19:10:46 | 000,061,440 | ---- | C] (Nalpeiron Ltd.) -- C:\Windows\System32\nlssrv32.exe

[2010/12/07 14:21:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE

[2010/12/07 14:21:11 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys

[2010/12/07 14:16:52 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Local\Sunbelt Software

[2010/12/07 09:09:51 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\benitakort

[2010/12/07 08:28:43 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\jillkort

[2010/12/06 18:47:51 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\julkort

[2010/12/05 16:13:04 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\ps_psd

[2010/12/05 13:13:56 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\ps_brushes

[2010/12/05 10:29:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe

[2010/12/04 17:59:09 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\and_man_created_dog

[2010/12/02 11:55:11 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2010/12/02 11:55:11 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\Adobe Mini Bridge CS5

[2010/11/28 09:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live

[2010/11/28 09:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2010/11/28 09:15:13 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll

[2010/11/28 09:15:13 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll

[2010/11/28 09:15:12 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL

[2010/11/28 09:13:20 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Local\Windows Live

[2010/11/28 09:13:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live

[2010/11/27 19:32:57 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\Mozilla

[2010/11/27 19:32:55 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\Octoshape

[2010/11/27 15:03:36 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2010/11/27 12:54:24 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\ps_styles

[2010/11/26 10:13:36 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\fonts

[2010/11/25 13:44:58 | 000,000,000 | ---D | C] -- C:\Program Files\virtualStudio

[2010/11/25 13:24:23 | 000,000,000 | ---D | C] -- C:\Users\Tina\Documents\Adobe Scripts

[2010/11/25 13:18:08 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player

[2010/11/25 13:16:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR

[2010/11/25 13:08:43 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\Adobe CS5

[2010/11/20 20:09:41 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2010/11/20 20:09:11 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2010/11/20 20:09:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2010/11/20 20:09:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2010/11/20 18:13:38 | 000,000,000 | ---D | C] -- C:\Users\Tina\Documents\Outlook Files

[2010/11/20 18:03:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER

[2010/11/20 18:03:20 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2010/11/20 18:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services

[2010/11/20 18:00:41 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Local\Microsoft Help

[2010/11/20 18:00:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office

[2010/11/18 16:09:09 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\OpenOffice.org

[2010/11/18 15:56:53 | 000,000,000 | ---D | C] -- C:\Program Files\JRE

[2010/11/18 15:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3

[2010/11/17 19:56:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2010/11/17 19:55:47 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

[2010/11/17 19:55:34 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2010/11/17 18:26:43 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip

[2010/11/17 17:57:50 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\AVG10

[2010/11/17 17:57:36 | 000,000,000 | ---D | C] -- C:\extensions

[2010/11/17 17:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent

[2010/11/17 17:56:18 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\uTorrent

[2010/11/17 17:55:57 | 000,000,000 | ---D | C] -- C:\Program Files\AVG

[2010/11/17 15:53:07 | 000,000,000 | ---D | C] -- C:\Program Files\MyWebSearch

[2010/11/17 15:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\FunWebProducts

[2010/11/17 14:22:19 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\jills_WP

[2010/11/17 13:35:28 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\wp_themes

[2010/11/14 17:41:58 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\towa

[2010/11/14 17:18:57 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\min_hemsida

[2010/11/14 08:22:37 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\salukivalparna

 

========== Files - Modified Within 30 Days ==========

 

[2010/12/11 09:53:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/12/11 09:52:12 | 2411,880,448 | -HS- | M] () -- C:\hiberfil.sys

[2010/12/11 06:23:53 | 000,065,536 | ---- | M] () -- C:\Users\Tina\Desktop\99a3d87d-365b-4689-a2a1-74bb4b9424db3.jpg

[2010/12/11 06:07:46 | 000,065,536 | ---- | M] () -- C:\Users\Tina\Desktop\50d9610d-cd66-420b-9591-bb510e51e4d03.jpg

[2010/12/11 06:07:46 | 000,016,384 | ---- | M] () -- C:\Users\Tina\Desktop\bfd32b4d-db3a-4cb2-89cf-4e18e678f1ab2.jpg

[2010/12/11 06:07:00 | 000,000,956 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2299478776-879816663-2023338606-1001UA.job

[2010/12/11 05:45:57 | 101,522,221 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm

[2010/12/10 12:07:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2299478776-879816663-2023338606-1001Core.job

[2010/12/10 09:59:04 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/12/10 09:59:04 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/12/10 08:42:11 | 000,625,772 | ---- | M] () -- C:\Windows\System32\perfh01D.dat

[2010/12/10 08:42:11 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/12/10 08:42:11 | 000,123,894 | ---- | M] () -- C:\Windows\System32\perfc01D.dat

[2010/12/10 08:42:11 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/12/09 18:35:32 | 000,089,088 | ---- | M] () -- C:\Users\Tina\Desktop\mbr.exe

[2010/12/09 18:33:22 | 000,080,384 | ---- | M] () -- C:\Users\Tina\Desktop\MBRCheck.exe

[2010/12/09 18:21:15 | 000,296,448 | ---- | M] () -- C:\Users\Tina\Desktop\qhyu2v0f.exe

[2010/12/09 18:09:25 | 001,230,779 | ---- | M] () -- C:\Users\Tina\Desktop\tdsskiller.zip

[2010/12/09 18:06:56 | 000,002,268 | ---- | M] () -- C:\Users\Tina\Documents\avg.csv

[2010/12/09 15:03:33 | 003,987,287 | ---- | M] () -- C:\Users\Tina\Desktop\ComboFix.exe

[2010/12/09 12:03:38 | 000,002,313 | ---- | M] () -- C:\Users\Tina\Desktop\Google Chrome.lnk

[2010/12/08 18:00:52 | 000,000,251 | ---- | M] () -- C:\Windows\xUninstall.bat

[2010/12/08 08:56:47 | 000,045,079 | ---- | M] () -- C:\Users\Tina\Desktop\bella-i-stallet-011_120307697.jpg

[2010/12/08 08:48:08 | 001,344,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tina\Desktop\TDSSKiller.exe

[2010/12/08 08:29:36 | 000,100,253 | ---- | M] () -- C:\Users\Tina\Desktop\1235595688_resized.jpg

[2010/12/07 20:40:39 | 000,981,310 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB

[2010/12/07 19:38:31 | 000,044,576 | ---- | M] () -- C:\Users\Tina\Desktop\isa.jpg

[2010/12/07 19:28:49 | 000,104,411 | ---- | M] () -- C:\Users\Tina\Desktop\1281823940.jpg

[2010/12/07 14:21:11 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys

[2010/12/03 11:47:05 | 000,504,184 | ---- | M] () -- C:\Users\Tina\Documents\whirlpool_adg_3550_nb_[ET][1].pdf

[2010/11/28 09:24:05 | 003,819,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/11/25 18:51:11 | 000,001,456 | ---- | M] () -- C:\Users\Tina\AppData\Local\Adobe Save for Web 12.0 Prefs

[2010/11/20 18:13:43 | 000,001,065 | ---- | M] () -- C:\Users\Tina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk

[2010/11/18 16:09:35 | 000,001,157 | ---- | M] () -- C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk

[2010/11/14 08:20:22 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

 

========== Files Created - No Company Name ==========

 

[2010/12/11 09:40:18 | 000,065,536 | ---- | C] () -- C:\Users\Tina\Desktop\99a3d87d-365b-4689-a2a1-74bb4b9424db3.jpg

[2010/12/11 09:38:52 | 000,065,536 | ---- | C] () -- C:\Users\Tina\Desktop\50d9610d-cd66-420b-9591-bb510e51e4d03.jpg

[2010/12/11 09:38:37 | 000,016,384 | ---- | C] () -- C:\Users\Tina\Desktop\bfd32b4d-db3a-4cb2-89cf-4e18e678f1ab2.jpg

[2010/12/11 05:45:57 | 101,522,221 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm

[2010/12/09 18:35:32 | 000,089,088 | ---- | C] () -- C:\Users\Tina\Desktop\mbr.exe

[2010/12/09 18:33:21 | 000,080,384 | ---- | C] () -- C:\Users\Tina\Desktop\MBRCheck.exe

[2010/12/09 18:21:15 | 000,296,448 | ---- | C] () -- C:\Users\Tina\Desktop\qhyu2v0f.exe

[2010/12/09 18:09:23 | 001,230,779 | ---- | C] () -- C:\Users\Tina\Desktop\tdsskiller.zip

[2010/12/09 18:06:56 | 000,002,268 | ---- | C] () -- C:\Users\Tina\Documents\avg.csv

[2010/12/09 15:03:29 | 003,987,287 | ---- | C] () -- C:\Users\Tina\Desktop\ComboFix.exe

[2010/12/09 12:03:38 | 000,002,313 | ---- | C] () -- C:\Users\Tina\Desktop\Google Chrome.lnk

[2010/12/09 12:02:50 | 000,000,956 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2299478776-879816663-2023338606-1001UA.job

[2010/12/09 12:02:47 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2299478776-879816663-2023338606-1001Core.job

[2010/12/08 08:57:51 | 000,045,079 | ---- | C] () -- C:\Users\Tina\Desktop\bella-i-stallet-011_120307697.jpg

[2010/12/08 08:31:55 | 000,100,253 | ---- | C] () -- C:\Users\Tina\Desktop\1235595688_resized.jpg

[2010/12/07 20:40:28 | 000,981,310 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB

[2010/12/07 19:38:45 | 000,044,576 | ---- | C] () -- C:\Users\Tina\Desktop\isa.jpg

[2010/12/07 19:28:57 | 000,104,411 | ---- | C] () -- C:\Users\Tina\Desktop\1281823940.jpg

[2010/12/03 11:47:04 | 000,504,184 | ---- | C] () -- C:\Users\Tina\Documents\whirlpool_adg_3550_nb_[ET][1].pdf

[2010/11/25 18:51:11 | 000,001,456 | ---- | C] () -- C:\Users\Tina\AppData\Local\Adobe Save for Web 12.0 Prefs

[2010/11/20 18:13:43 | 000,001,065 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk

[2010/11/18 16:09:35 | 000,001,157 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk

[2010/11/14 08:20:22 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2010/08/30 09:09:07 | 000,038,656 | ---- | C] () -- C:\Windows\System32\drivers\vbmaf29c.sys

[2009/07/13 19:02:54 | 000,245,248 | ---- | C] () -- C:\Windows\System32\DShowRdpFilter.dll

[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009/07/13 18:11:24 | 000,080,896 | ---- | C] () -- C:\Windows\System32\drivers\i8042prt.sys

 

========== LOP Check ==========

 

[2010/12/09 08:00:56 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\AVG

[2010/12/07 21:01:33 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\AVG10

[2010/11/27 15:03:36 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2010/12/07 21:01:32 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Notepad++

[2010/12/09 13:42:07 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Octoshape

[2010/12/07 19:31:17 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\onOne Software

[2010/11/18 16:09:09 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\OpenOffice.org

[2010/12/02 11:55:11 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2010/12/11 09:52:40 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\uTorrent

[2009/07/13 23:53:46 | 000,010,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

< End of report >

 

 

Moved Files:

 

 

========== OTL ==========

Service\Driver key vbmaf29c not found.

C:\Windows\System32\drivers\vbmaf29c.sys moved successfully.

========== FILES ==========

File C:\Windows\System32\drivers\i8042prt.sys successfully replaced with C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_x86_neutral_0c4a1880f2aa5a72\i8042prt.sys

File C:\Windows\System32\drivers\vbmaf29c.sys successfully replaced with C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_x86_neutral_0c4a1880f2aa5a72\i8042prt.sys

 

OTLPE by OldTimer - Version 3.1.43.0 log created on 12122010_022232

 

Under tiden jag skrev det här inlägget så poppar AVG upp med en massa nya hot om Trojaner

 

[Cecilia]

Låt inte AVG sätta filer i karantän eller ta bort dem, men klistra in vad AVG rapporterar om det är något annat än tidigare.

 

Det ser ut som att OTLPE gjorde vad den skulle men kör TDSSKiller för att få det bekräftat.

[my-destiny]

Jaha, datorn hängde sig, när jag scannade med AVG igen efter omstart så hittade den nu ingenting.

[my-destiny]

Körde TDSSKiller & den svarar Infection not found

[Cecilia]

Låter ju utmärkt!

 

Gå till mappen c:\program files\Malwarebytes' Anti-Malware och byt namn på iExplore.exe tillbaka till mbam.exe. Kör sedan MBAM, kom ihåg att uppdatera innan du skannar igenom datorn. Om något hittas så klistra in loggen.

 

God natt!

[my-destiny]

Det går inte att köra mbam.exe, jag stängde av internetanslutning samt AVG, svarta förnstret dyker upp i en halv sekund, sedan händer inget mer.

 

God morgon

[my-destiny]

Har startat mbam flera ggr, en gång fick jag uppdatera programmet, men sedan är det kört, det bara stänger ner.