Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

http://www.xn--&-8ga.com/

Started by Hikson , Aug 11 2011 01:34 AM

  • This topic is locked This topic is locked

#1
Hikson
Posted 11 August 2011 - 01:34 AM

Hikson

    New Member

  • Member
  • Pip
  • 6 posts
Hi,

I have problems with Firefox opening new windows by itself. Each window has four tabs with the following addresses:
http://www.xn--&-8ga.com/
file:///C:/Windows/system32/
file:///C:/Windows/system32/T%E2%80%98%C3%91%C3%A5%C2%AD%C2%A6%C5%92M%E2%80%98%1A%C2%BD%C5%B8y%C2%A7d%C3%B9%11vU%C2%B0%C2%BEd%C2%B3%C3%A7%C3%94%0EA%C2%AE%C2%A0.%C3%82%C2%BB%C2%A1%C2%AE%11%C3%84%C3%ABF+5%C3%B8%C3%88%E2%80%94%C3%B7%C3%84%08%C3%BD%C3%87%13siB%C3%BD%E2%80%A1%E2%84%A2p%C2%B0%E2%84%A2%C3%BB%C3%BE:%C2%AF%C3%A3%04%5B%C3%94:%C5%BE%20%C3%A1%E2%80%A0H%0B%C2%BDA%E2%82%AC:%C3%A0%C2%9D%C3%84%C2%AA%C3%8A%C5%A0SH%C2%AB%C3%A7%E2%80%98%17%C2%A9%C2%A5:%112%C3%9C%C2%BB%60%0E$%C3%A7%C3%A3%C3%BD%%19xmG%15%C3%B2%C3%B0%C3%99%C2%8F%1F%C3%83b%C3%9Cc%C2%AE%E2%84%A2%C3%9Bj%1FV%C3%91*%C3%87~%E2%84%A2%C3%985S.%04f%C3%8B%C3%86%C3%8C%C3%8B%C3%A0%C2%A8%C3%A55I*D%C3%968%02%C3%8Ad%C3%8DC%E2%80%A0%C3%B7%C3%A8%E2%80%A0%E2%80%BAG%C5%92!%1C%C3%8A:%C2%A5k%C2%B7%C3%B5%5DADj%E2%80%A2%C3%B5S%C3%90l%C3%B9%05%1B%0Cn~%C2%A2%C3%B9%C2%A5%C3%9Fv%C2%8D%C2%AF2Y%C3%B4%C5%BE%C2%BF%C3%A2%E2%80%B9J?^%E2%80%99d%C2%9DTFl%C3%A4zg%C2%B5%C3%B2%7F%C3%91u%C5%BDn%E2%80%98%C2%B3%C3%B4p+%C3%A3f%C2%B5%C2%A9%E2%80%A6%C3%A6l%C3%918%03%C2%AA%C3%AC
http://www.xn--pda.com/

OTL Log:

OTL Extras logfile created on: 8/11/2011 10:31:03 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Catalin\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 67.11% Memory free
6.50 Gb Paging File | 5.05 Gb Available in Paging File | 77.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 70.30 Gb Free Space | 70.30% Space Free | Partition Type: NTFS
Drive D: | 495.00 Gb Total Space | 471.65 Gb Free Space | 95.28% Space Free | Partition Type: NTFS
Drive E: | 2.50 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CATALIN-PC | User Name: Catalin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01F81710-7F87-ECFC-BFD3-5F5C4045433A}" = AMD Media Foundation Decoders
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{11661616-6C82-1CA6-874A-2C7A5A7BF72C}" = ATI Catalyst Install Manager
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{3FCB20AD-FFFB-75AD-6A74-887ACED18CC3}" = Catalyst Control Center Graphics Previews Common
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54DBFEC2-ABD3-4088-7B71-353063908CFD}" = AMD VISION Engine Control Center
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6F2E5BB1-33E8-B06B-E965-19EE7117A445}" = AMD Drag and Drop Transcoding
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CD1D6AB-CD40-5E5B-72F2-8F258F58B905}" = CCC Help English
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{C885824E-188F-8206-E2C2-B32728D6E52A}" = Catalyst Control Center InstallProxy
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{F1FA508A-526F-CCA9-0998-D904BF1A80A1}" = ccc-utility
"{F8A2C087-24EA-E873-FBD9-C901E2EFF299}" = AMD Fuel
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Mozilla Firefox 5.0.1 (x86 en-US)" = Mozilla Firefox 5.0.1 (x86 en-US)
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"uTorrent" = µTorrent
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/9/2011 11:15:50 AM | Computer Name = Catalin-PC | Source = Bonjour Service | ID = 100
Description = 468: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/9/2011 11:23:05 AM | Computer Name = Catalin-PC | Source = Bonjour Service | ID = 100
Description = 468: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/9/2011 11:25:45 AM | Computer Name = Catalin-PC | Source = Bonjour Service | ID = 100
Description = 444: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/9/2011 11:28:10 AM | Computer Name = Catalin-PC | Source = Bonjour Service | ID = 100
Description = 480: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/9/2011 11:43:43 AM | Computer Name = Catalin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Keytro.exe, version: 0.0.0.0, time stamp:
0x4a72f2c2 Faulting module name: Keytro.exe, version: 0.0.0.0, time stamp: 0x4a72f2c2
Exception
code: 0xc0000005 Fault offset: 0x0000bdca Faulting process id: 0xfd0 Faulting application
start time: 0x01cc56ab1cf5b832 Faulting application path: D:\Program Files\StarCraft
II\Keytro.exe Faulting module path: D:\Program Files\StarCraft II\Keytro.exe Report
Id: 5c1aa05e-c29e-11e0-be54-00241d83f402

Error - 8/9/2011 11:43:59 AM | Computer Name = Catalin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Keytro.exe, version: 0.0.0.0, time stamp:
0x4a72f2c2 Faulting module name: Keytro.exe, version: 0.0.0.0, time stamp: 0x4a72f2c2
Exception
code: 0xc0000005 Fault offset: 0x0000bdca Faulting process id: 0x460 Faulting application
start time: 0x01cc56ab26fa9040 Faulting application path: D:\Program Files\StarCraft
II\Keytro.exe Faulting module path: D:\Program Files\StarCraft II\Keytro.exe Report
Id: 65556eb7-c29e-11e0-be54-00241d83f402

Error - 8/9/2011 11:48:49 AM | Computer Name = Catalin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Keytro.exe, version: 0.0.0.0, time stamp:
0x4a72f2c2 Faulting module name: Keytro.exe, version: 0.0.0.0, time stamp: 0x4a72f2c2
Exception
code: 0xc0000005 Fault offset: 0x0000bdca Faulting process id: 0x738 Faulting application
start time: 0x01cc56abd3a030b9 Faulting application path: D:\Program Files\StarCraft
II\Keytro.exe Faulting module path: D:\Program Files\StarCraft II\Keytro.exe Report
Id: 125d2dcf-c29f-11e0-be54-00241d83f402

Error - 8/9/2011 11:50:05 AM | Computer Name = Catalin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Keytro.exe, version: 0.0.0.0, time stamp:
0x4a72f2c2 Faulting module name: Keytro.exe, version: 0.0.0.0, time stamp: 0x4a72f2c2
Exception
code: 0xc0000005 Fault offset: 0x0000bdca Faulting process id: 0x1100 Faulting application
start time: 0x01cc56ac00f96f95 Faulting application path: D:\Program Files\StarCraft
II\Keytro.exe Faulting module path: D:\Program Files\StarCraft II\Keytro.exe Report
Id: 3f695cfb-c29f-11e0-be54-00241d83f402

Error - 8/9/2011 11:52:15 AM | Computer Name = Catalin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Keytro.exe, version: 0.0.0.0, time stamp:
0x4a72f2c2 Faulting module name: Keytro.exe, version: 0.0.0.0, time stamp: 0x4a72f2c2
Exception
code: 0xc0000005 Fault offset: 0x0000bdca Faulting process id: 0x750 Faulting application
start time: 0x01cc56ac4e8de2c3 Faulting application path: D:\Program Files\StarCraft
II\Keytro.exe Faulting module path: D:\Program Files\StarCraft II\Keytro.exe Report
Id: 8d2974ac-c29f-11e0-be54-00241d83f402

Error - 8/9/2011 11:52:25 AM | Computer Name = Catalin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Keytro.exe, version: 0.0.0.0, time stamp:
0x4a72f2c2 Faulting module name: Keytro.exe, version: 0.0.0.0, time stamp: 0x4a72f2c2
Exception
code: 0xc0000005 Fault offset: 0x0000bdca Faulting process id: 0x1370 Faulting application
start time: 0x01cc56ac54d15efe Faulting application path: D:\Program Files\StarCraft
II\Keytro.exe Faulting module path: D:\Program Files\StarCraft II\Keytro.exe Report
Id: 9340d731-c29f-11e0-be54-00241d83f402

[ System Events ]
Error - 8/7/2011 8:06:08 AM | Computer Name = Catalin-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 8/7/2011 8:06:17 AM | Computer Name = Catalin-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 8/7/2011 8:07:17 AM | Computer Name = Catalin-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Apple Mobile Device service,
but this action failed with the following error: %%1056

Error - 8/7/2011 8:13:52 AM | Computer Name = Catalin-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 3 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 8/7/2011 8:15:04 AM | Computer Name = Catalin-PC | Source = DCOM | ID = 10010
Description =

Error - 8/7/2011 5:04:28 PM | Computer Name = Catalin-PC | Source = DCOM | ID = 10010
Description =

Error - 8/8/2011 5:11:10 PM | Computer Name = Catalin-PC | Source = DCOM | ID = 10010
Description =

Error - 8/9/2011 7:56:32 AM | Computer Name = Catalin-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:36:46 AM on ?8/?9/?2011 was unexpected.

Error - 8/9/2011 8:19:19 AM | Computer Name = Catalin-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 8/9/2011 12:03:41 PM | Computer Name = Catalin-PC | Source = DCOM | ID = 10010
Description =


< End of report >
  • 0

Advertisements

#2
BlackOxide
Posted 11 August 2011 - 01:53 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hi, Hikson! Welcome to GeeksToGo! My name is BlackOxide and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :unsure:

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just incase you are unable to access this site.

Please note the following:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply, unless I specifically need you to attach them.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for me to analyse and fix your PC in the long run.
  • I will always try and respond to replies as soon as possible, but please be patient as some logs require more time than others to fully analyse.
  • If you are not sure of anything along the way, just ask.

OK, lets start :)



Could you do the following two scans for me please, then get back to me with the logs....


1)
OTL Quick Scan
  • Double click on the OTL icon to run it.
  • When the window appears, underneath Output at the top, make sure Standard Output is selected.
  • Tick the Scan All Users box at the top
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window.
  • Please post the contents of this log




2)
Download aswMBR.exe (1.8mb) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.

Posted Image


On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image




In your next reply
Please post the contents of...
OTL log
aswMBR log
  • 1

#3
Hikson
Posted 12 August 2011 - 04:04 AM

Hikson

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi

There is OTL Log:

OTL logfile created on: 8/12/2011 12:55:37 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Catalin\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 68.02% Memory free
6.50 Gb Paging File | 5.14 Gb Available in Paging File | 79.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 69.87 Gb Free Space | 69.87% Space Free | Partition Type: NTFS
Drive D: | 495.00 Gb Total Space | 471.65 Gb Free Space | 95.28% Space Free | Partition Type: NTFS
Drive E: | 2.50 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CATALIN-PC | User Name: Catalin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/11 10:30:21 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Catalin\Downloads\OTL.exe
PRC - [2011/08/04 22:52:00 | 000,411,432 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2011/08/04 22:51:50 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Program Files\Steam\Steam.exe
PRC - [2011/07/08 10:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/08 06:25:20 | 000,401,408 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/07/08 06:24:52 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/07/07 23:35:02 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2011/06/16 07:55:12 | 006,276,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/10/31 08:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 04:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (SafeList) ==========

MOD - [2011/08/11 10:30:21 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Catalin\Downloads\OTL.exe
MOD - [2009/07/14 04:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/04 22:52:00 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/07/08 06:24:52 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/07/07 23:35:02 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2009/07/14 04:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 04:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 04:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2011/07/08 07:14:40 | 008,312,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011/07/08 07:14:40 | 008,312,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/07/08 05:46:42 | 000,244,736 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/03/30 21:46:36 | 000,100,880 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010/12/02 12:13:22 | 000,018,304 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/02/18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009/07/14 04:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 04:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 04:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 02:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 02:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 02:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1838473638-3383583985-1516621463-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKU\S-1-5-21-1838473638-3383583985-1516621463-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1838473638-3383583985-1516621463-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1838473638-3383583985-1516621463-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E5 C7 B2 49 A5 4C CC 01 [binary data]
IE - HKU\S-1-5-21-1838473638-3383583985-1516621463-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1838473638-3383583985-1516621463-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://fgscs.ro/forum/"
FF - prefs.js..keyword.URL: "http://search.yahoo....ch?fr=ffds1&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/07 15:17:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/07/28 00:38:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Catalin\AppData\Roaming\Mozilla\Extensions
[2011/08/07 15:13:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Catalin\AppData\Roaming\Mozilla\Firefox\Profiles\y81ki0or.default\extensions
[2011/07/29 13:55:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Catalin\AppData\Roaming\Mozilla\Firefox\Profiles\y81ki0or.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/08/04 12:53:54 | 000,000,000 | ---D | M] ("Romanian spelling dictionary") -- C:\Users\Catalin\AppData\Roaming\Mozilla\Firefox\Profiles\y81ki0or.default\extensions\[email protected]
[2011/07/28 09:46:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/28 09:46:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/07/08 10:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 11:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/06/11 00:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1838473638-3383583985-1516621463-1001..\Run: [GameTracker] File not found
O4 - HKU\S-1-5-21-1838473638-3383583985-1516621463-1001..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1838473638-3383583985-1516621463-1001..\Run: [Steam] D:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1838473638-3383583985-1516621463-1001..\Run: [uTorrent] D:\Program Files\uTorrent\utorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1838473638-3383583985-1516621463-1001..\Run: [VOIPlay] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 00:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/09/17 20:53:33 | 000,000,043 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/10 13:26:32 | 000,000,000 | ---D | C] -- C:\Users\Catalin\Documents\StarCraft II
[2011/08/09 19:15:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2011/08/09 19:02:07 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\Systweak
[2011/08/09 17:25:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2011/08/08 16:56:50 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Local\PunkBuster
[2011/08/08 16:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
[2011/08/08 16:52:09 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/08/08 14:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2011/08/07 15:58:51 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\redsn0w
[2011/08/07 15:18:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/08/07 15:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/08/07 15:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/08/07 15:17:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/08/07 15:17:18 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/08/07 15:17:12 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/08/07 15:16:53 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/08/07 15:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/08/07 15:16:08 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\Yahoo!
[2011/08/07 15:06:52 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\Apple Computer
[2011/08/07 15:06:52 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Local\Apple Computer
[2011/08/07 15:06:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/08/07 15:06:43 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/08/07 15:01:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/08/07 15:01:33 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Local\Apple
[2011/08/07 15:01:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/08/07 13:54:57 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/08/06 17:13:51 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portforward.com
[2011/08/05 17:38:08 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\VOIPlay
[2011/08/05 12:57:20 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\ts3overlay
[2011/08/04 23:13:56 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\TS3Client
[2011/08/04 23:13:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2011/08/04 22:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2011/08/03 23:09:06 | 000,000,000 | ---D | C] -- C:\Users\Catalin\Documents\FGSCS
[2011/08/03 17:25:29 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Local\Microsoft Games
[2011/07/28 15:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2011/07/28 15:36:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2011/07/28 15:09:42 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Local\CrashRpt
[2011/07/28 15:06:46 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/07/28 15:06:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/07/28 14:25:20 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\WinRAR
[2011/07/28 14:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/07/28 13:56:40 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\uTorrent
[2011/07/28 13:56:40 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Local\uTorrent
[2011/07/28 12:11:38 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/07/28 09:50:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/07/28 09:50:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/07/28 09:45:56 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/07/28 08:45:24 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/07/28 08:45:18 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2011/07/28 00:57:34 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2011/07/28 00:57:19 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\Macromedia
[2011/07/28 00:57:19 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\Adobe
[2011/07/28 00:56:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2011/07/28 00:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2011/07/28 00:56:11 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/07/28 00:55:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2011/07/28 00:43:51 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Local\AMD
[2011/07/28 00:43:46 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\ATI
[2011/07/28 00:43:46 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Local\ATI
[2011/07/28 00:43:46 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/07/28 00:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2011/07/28 00:43:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011/07/28 00:43:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2011/07/28 00:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2011/07/28 00:43:05 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011/07/28 00:43:05 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/07/28 00:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/07/28 00:38:25 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\Mozilla
[2011/07/28 00:38:25 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Local\Mozilla
[2011/07/28 00:38:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/07/28 00:35:38 | 000,000,000 | R--D | C] -- C:\Users\Catalin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/07/28 00:35:38 | 000,000,000 | R--D | C] -- C:\Users\Catalin\Searches
[2011/07/28 00:35:38 | 000,000,000 | R--D | C] -- C:\Users\Catalin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/07/28 00:35:38 | 000,000,000 | -H-D | C] -- C:\Users\Catalin\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/07/28 00:35:30 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\Identities
[2011/07/28 00:35:29 | 000,000,000 | R--D | C] -- C:\Users\Catalin\Contacts
[2011/07/28 00:35:22 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Local\VirtualStore
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\AppData\Local\Temporary Internet Files
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\Templates
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\Start Menu
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\SendTo
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\Recent
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\PrintHood
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\NetHood
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\Documents\My Videos
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\Documents\My Pictures
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\Documents\My Music
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\My Documents
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\Local Settings
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\AppData\Local\History
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\Cookies
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\Application Data
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\AppData\Local\Application Data
[2011/07/28 00:35:17 | 000,000,000 | --SD | C] -- C:\Users\Catalin\AppData\Roaming\Microsoft
[2011/07/28 00:35:17 | 000,000,000 | R--D | C] -- C:\Users\Catalin\Videos
[2011/07/28 00:35:17 | 000,000,000 | R--D | C] -- C:\Users\Catalin\Saved Games
[2011/07/28 00:35:17 | 000,000,000 | R--D | C] -- C:\Users\Catalin\Pictures
[2011/07/28 00:35:17 | 000,000,000 | R--D | C] -- C:\Users\Catalin\Music
[2011/07/28 00:35:17 | 000,000,000 | R--D | C] -- C:\Users\Catalin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/07/28 00:35:17 | 000,000,000 | R--D | C] -- C:\Users\Catalin\Links
[2011/07/28 00:35:17 | 000,000,000 | R--D | C] -- C:\Users\Catalin\Favorites
[2011/07/28 00:35:17 | 000,000,000 | R--D | C] -- C:\Users\Catalin\Downloads
[2011/07/28 00:35:17 | 000,000,000 | R--D | C] -- C:\Users\Catalin\Documents
[2011/07/28 00:35:17 | 000,000,000 | R--D | C] -- C:\Users\Catalin\Desktop
[2011/07/28 00:35:17 | 000,000,000 | R--D | C] -- C:\Users\Catalin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/07/28 00:35:17 | 000,000,000 | -H-D | C] -- C:\Users\Catalin\AppData
[2011/07/28 00:35:17 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Local\Temp
[2011/07/28 00:35:17 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Local\Microsoft
[2011/07/28 00:35:17 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\Media Center Programs
[2011/07/28 00:32:08 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates
[2011/07/28 00:32:08 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
[2011/07/28 00:32:08 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011/07/28 00:32:08 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
[2011/07/28 00:32:08 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
[2011/07/28 00:32:08 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
[2011/07/28 00:32:08 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favorites
[2011/07/28 00:32:08 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents
[2011/07/28 00:32:08 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2011/07/28 00:32:08 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data
[2011/07/28 00:32:07 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
[2011/07/28 00:32:03 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

========== Files - Modified Within 30 Days ==========

[2011/08/12 12:55:00 | 000,615,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/12 12:55:00 | 000,103,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/12 12:54:04 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/12 12:54:04 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/12 12:53:27 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/08/12 12:48:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/12 12:48:35 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/11 22:34:31 | 000,000,087 | ---- | M] () -- C:\Users\Catalin\Desktop\httpwww.xn--&-8ga.com - Geeks to Go Forums.URL
[2011/08/10 13:33:39 | 000,000,752 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2011/08/09 19:15:26 | 000,000,931 | ---- | M] () -- C:\Users\Catalin\Desktop\Left 4 Dead 2.lnk
[2011/08/08 14:21:15 | 000,000,222 | ---- | M] () -- C:\Users\Catalin\Desktop\Counter-Strike.url
[2011/08/07 22:03:22 | 000,000,815 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/08/07 15:18:15 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/07 13:54:51 | 246,420,506 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/08/06 19:28:57 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2011/08/05 17:56:53 | 000,000,016 | -H-- | M] () -- C:\Users\Catalin\vaext
[2011/08/05 17:56:53 | 000,000,016 | -H-- | M] () -- C:\Users\Catalin\.vsysd
[2011/08/04 23:13:29 | 000,000,803 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2011/07/30 14:34:56 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/07/28 15:42:52 | 000,001,135 | ---- | M] () -- C:\Users\Catalin\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/07/28 15:42:52 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Messenger.lnk
[2011/07/28 15:41:38 | 000,000,630 | ---- | M] () -- C:\Users\Catalin\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/07/28 08:49:22 | 000,042,045 | ---- | M] () -- C:\Windows\System32\license.rtf
[2011/07/28 08:48:05 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011/07/28 08:45:58 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/07/28 00:36:43 | 000,001,411 | ---- | M] () -- C:\Users\Catalin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

========== Files Created - No Company Name ==========

[2011/08/11 22:34:31 | 000,000,087 | ---- | C] () -- C:\Users\Catalin\Desktop\httpwww.xn--&-8ga.com - Geeks to Go Forums.URL
[2011/08/11 10:37:25 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/08/10 13:26:32 | 000,000,752 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2011/08/09 15:53:44 | 000,000,931 | ---- | C] () -- C:\Users\Catalin\Desktop\Left 4 Dead 2.lnk
[2011/08/07 15:18:15 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/07 15:17:12 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/08/07 13:54:51 | 246,420,506 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/08/06 19:28:57 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2011/08/05 17:56:53 | 000,000,016 | -H-- | C] () -- C:\Users\Catalin\vaext
[2011/08/05 17:56:53 | 000,000,016 | -H-- | C] () -- C:\Users\Catalin\.vsysd
[2011/08/04 23:13:29 | 000,000,803 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2011/08/04 22:53:03 | 000,000,222 | ---- | C] () -- C:\Users\Catalin\Desktop\Counter-Strike.url
[2011/08/04 22:50:19 | 000,000,815 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/07/30 14:34:56 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/07/28 15:42:52 | 000,001,135 | ---- | C] () -- C:\Users\Catalin\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/07/28 15:42:52 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Messenger.lnk
[2011/07/28 13:56:53 | 000,000,630 | ---- | C] () -- C:\Users\Catalin\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/07/28 08:48:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/07/28 08:45:58 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/07/28 08:44:54 | 2616,057,856 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/28 00:38:18 | 000,001,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/07/28 00:36:43 | 000,001,411 | ---- | C] () -- C:\Users\Catalin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/28 00:35:39 | 000,001,417 | ---- | C] () -- C:\Users\Catalin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/07/28 00:35:17 | 000,000,290 | ---- | C] () -- C:\Users\Catalin\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/07/28 00:35:17 | 000,000,272 | ---- | C] () -- C:\Users\Catalin\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/07/07 23:37:28 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/05/13 18:01:54 | 000,234,142 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/03/17 20:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2009/07/14 07:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 07:33:53 | 000,266,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 05:05:48 | 000,615,122 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 05:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 05:05:48 | 000,103,496 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 05:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 05:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 05:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 03:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/14 02:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 02:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 02:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/11 00:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/07 01:39:53 | 000,132,096 | ---- | C] () -- C:\Windows\System32\gc.dll

========== LOP Check ==========

[2011/08/07 15:58:51 | 000,000,000 | ---D | M] -- C:\Users\Catalin\AppData\Roaming\redsn0w
[2011/08/09 19:06:51 | 000,000,000 | ---D | M] -- C:\Users\Catalin\AppData\Roaming\Systweak
[2011/08/05 12:57:32 | 000,000,000 | ---D | M] -- C:\Users\Catalin\AppData\Roaming\TS3Client
[2011/08/05 12:57:20 | 000,000,000 | ---D | M] -- C:\Users\Catalin\AppData\Roaming\ts3overlay
[2011/08/10 16:47:43 | 000,000,000 | ---D | M] -- C:\Users\Catalin\AppData\Roaming\uTorrent
[2011/08/05 17:38:13 | 000,000,000 | ---D | M] -- C:\Users\Catalin\AppData\Roaming\VOIPlay
[2009/07/14 07:53:46 | 000,010,850 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


And there is the aswMBR Log:

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-12 12:58:43
-----------------------------
12:58:43.294 OS Version: Windows 6.1.7600
12:58:43.295 Number of processors: 2 586 0x602
12:58:43.296 ComputerName: CATALIN-PC UserName: Catalin
12:58:43.620 Initialize success
13:00:20.618 AVAST engine defs: 11081200
13:00:39.586 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdePort3
13:00:39.591 Disk 0 Vendor: WDC_WD6400AAKS-65A7B2 01.03B01 Size: 610480MB BusType: 3
13:00:39.599 Device \Device\Ide\IdeDeviceP3T0L0-3 -> \??\IDE#DiskWDC_WD6400AAKS-65A7B2___________________01.03B01#5&1007d8de&0&1.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
13:00:39.607 Device \Driver\atapi -> DriverStartIo 861b6aea
13:00:41.627 Disk 0 MBR read successfully
13:00:41.637 Disk 0 MBR scan
13:00:41.650 Disk 0 Windows 7 default MBR code
13:00:41.662 Disk 0 scanning sectors +1248012288
13:00:41.749 Disk 0 scanning C:\Windows\system32\drivers
13:00:45.045 File: C:\Windows\system32\drivers\afd.sys **INFECTED** Win32:Alureon-FZ
13:00:48.880 Service scanning
13:00:50.045 Modules scanning
13:00:53.941 Disk 0 trace - called modules:
13:00:53.969 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x861b6ec5]<<
13:00:53.979 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f39030]
13:00:53.985 3 CLASSPNP.SYS[8bb8559e] -> nt!IofCallDriver -> [0x85a7c918]
13:00:53.992 5 ACPI.sys[8b5a53b2] -> nt!IofCallDriver -> \IdeDeviceP3T0L0-3[0x85aa5030]
13:00:54.001 [0x86220b28] -> IRP_MJ_CREATE -> 0x861b6ec5
13:00:54.582 AVAST engine scan C:\Windows
13:00:55.598 AVAST engine scan C:\Windows\system32
13:01:54.944 AVAST engine scan C:\Windows\system32\drivers
13:01:58.286 File: C:\Windows\system32\drivers\afd.sys **INFECTED** Win32:Alureon-FZ
13:02:02.056 AVAST engine scan C:\Users\Catalin
13:02:15.107 File: C:\Users\Catalin\AppData\Local\Temp\2491.tmp **INFECTED** Win32:Alureon-HI [Rtk]
13:02:15.215 File: C:\Users\Catalin\AppData\Local\Temp\2CE.tmp **INFECTED** Win32:Alureon-HI [Rtk]
13:02:15.250 File: C:\Users\Catalin\AppData\Local\Temp\2E13.tmp **INFECTED** Win32:Alureon-HI [Rtk]
13:02:15.277 File: C:\Users\Catalin\AppData\Local\Temp\386F.tmp **INFECTED** Win32:Alureon-HI [Rtk]
13:02:15.308 File: C:\Users\Catalin\AppData\Local\Temp\3AA.tmp **INFECTED** Win32:Alureon-HI [Rtk]
13:02:15.340 File: C:\Users\Catalin\AppData\Local\Temp\445.tmp **INFECTED** Win32:Alureon-HI [Rtk]
13:02:15.367 File: C:\Users\Catalin\AppData\Local\Temp\473E.tmp **INFECTED** Win32:Alureon-HI [Rtk]
13:02:15.391 File: C:\Users\Catalin\AppData\Local\Temp\5245.tmp **INFECTED** Win32:Alureon-HI [Rtk]
13:02:15.423 File: C:\Users\Catalin\AppData\Local\Temp\536F.tmp **INFECTED** Win32:Alureon-HI [Rtk]
13:02:15.449 File: C:\Users\Catalin\AppData\Local\Temp\5CE0.tmp **INFECTED** Win32:Alureon-HI [Rtk]
13:02:15.481 File: C:\Users\Catalin\AppData\Local\Temp\5DDA.tmp **INFECTED** Win32:Alureon-HI [Rtk]
13:02:15.502 File: C:\Users\Catalin\AppData\Local\Temp\67E7.tmp **INFECTED** Win32:Alureon-HI [Rtk]
13:02:15.526 File: C:\Users\Catalin\AppData\Local\Temp\68B3.tmp **INFECTED** Win32:Alureon-HI [Rtk]
13:02:15.758 File: C:\Users\Catalin\AppData\Local\Temp\9FC9.tmp **INFECTED** Win32:Alureon-HI [Rtk]
13:02:16.006 File: C:\Users\Catalin\AppData\Local\Temp\B28D.tmp **INFECTED** Win32:Alureon-HI [Rtk]
13:02:16.039 File: C:\Users\Catalin\AppData\Local\Temp\B4FD.tmp **INFECTED** Win32:Alureon-HI [Rtk]
13:02:16.071 File: C:\Users\Catalin\AppData\Local\Temp\B50D.tmp **INFECTED** Win32:Alureon-HI [Rtk]
13:02:16.105 File: C:\Users\Catalin\AppData\Local\Temp\B79C.tmp **INFECTED** Win32:Alureon-HI [Rtk]
13:02:16.149 File: C:\Users\Catalin\AppData\Local\Temp\B8E4.tmp **INFECTED** Win32:Alureon-HI [Rtk]
13:02:16.403 File: C:\Users\Catalin\AppData\Local\Temp\C004.tmp **INFECTED** Win32:Alureon-HI [Rtk]
13:02:16.485 File: C:\Users\Catalin\AppData\Local\Temp\C18B.tmp **INFECTED** Win32:Alureon-HI [Rtk]
13:02:16.524 File: C:\Users\Catalin\AppData\Local\Temp\C5F.tmp **INFECTED** Win32:Alureon-HI [Rtk]
13:02:16.618 File: C:\Users\Catalin\AppData\Local\Temp\CFFC.tmp **INFECTED** Win32:Alureon-HI [Rtk]
13:02:16.822 File: C:\Users\Catalin\AppData\Local\Temp\D5A.tmp **INFECTED** Win32:Alureon-HI [Rtk]
13:02:16.915 File: C:\Users\Catalin\AppData\Local\Temp\DAE5.tmp **INFECTED** Win32:Alureon-HI [Rtk]
13:02:16.964 File: C:\Users\Catalin\AppData\Local\Temp\DB70.tmp **INFECTED** Win32:Alureon-HI [Rtk]
13:02:17.006 File: C:\Users\Catalin\AppData\Local\Temp\DC4C.tmp **INFECTED** Win32:Alureon-HI [Rtk]
13:02:17.134 File: C:\Users\Catalin\AppData\Local\Temp\E0DD.tmp **INFECTED** Win32:Alureon-HI [Rtk]
13:02:17.195 File: C:\Users\Catalin\AppData\Local\Temp\E540.tmp **INFECTED** Win32:Alureon-HI [Rtk]
13:02:17.240 File: C:\Users\Catalin\AppData\Local\Temp\E63B.tmp **INFECTED** Win32:Alureon-HI [Rtk]
13:02:17.403 File: C:\Users\Catalin\AppData\Local\Temp\EBB6.tmp **INFECTED** Win32:Alureon-HI [Rtk]
13:02:17.448 File: C:\Users\Catalin\AppData\Local\Temp\EBB7.tmp **INFECTED** Win32:Alureon-HI [Rtk]
13:02:17.478 File: C:\Users\Catalin\AppData\Local\Temp\EC71.tmp **INFECTED** Win32:Alureon-HI [Rtk]
13:02:17.507 File: C:\Users\Catalin\AppData\Local\Temp\ECC0.tmp **INFECTED** Win32:Alureon-HI [Rtk]
13:02:17.537 File: C:\Users\Catalin\AppData\Local\Temp\EED2.tmp **INFECTED** Win32:Alureon-HI [Rtk]
13:02:17.649 File: C:\Users\Catalin\AppData\Local\Temp\F595.tmp **INFECTED** Win32:Alureon-HI [Rtk]
13:02:17.689 File: C:\Users\Catalin\AppData\Local\Temp\F5C5.tmp **INFECTED** Win32:Alureon-HI [Rtk]
13:02:17.731 File: C:\Users\Catalin\AppData\Local\Temp\F892.tmp **INFECTED** Win32:Alureon-HI [Rtk]
13:02:17.774 File: C:\Users\Catalin\AppData\Local\Temp\FE5B.tmp **INFECTED** Win32:Alureon-HI [Rtk]
13:02:17.819 File: C:\Users\Catalin\AppData\Local\Temp\FE9B.tmp **INFECTED** Win32:Alureon-HI [Rtk]
13:02:37.096 AVAST engine scan C:\ProgramData
13:02:57.004 Scan finished successfully
13:03:58.168 Disk 0 MBR has been saved successfully to "C:\Users\Catalin\Desktop\MBR.dat"
13:03:58.174 The log file has been saved successfully to "C:\Users\Catalin\Desktop\aswMBR.txt"
  • 0

#4
BlackOxide
Posted 12 August 2011 - 12:36 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hey,

Thanks for the logs. I do see a few infections present, so lets start getting them sorted now :)

Just follow the steps below and then get back to me with the relevant logs please.



1)
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.




2)
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
[2011/08/05 17:56:53 | 000,000,016 | -H-- | M] () -- C:\Users\Catalin\vaext
[2011/08/05 17:56:53 | 000,000,016 | -H-- | M] () -- C:\Users\Catalin\.vsysd

:Services

:Reg

:Files

:Commands
[purity]
[resethosts]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done.
  • A text file may appear when the comptuer reboots, just close this.
  • Open OTL again, copy and paste the following into the Custom Scans/Fixes area at the bottom

    C:\Users\Catalin\AppData\Local\Temp\*.tmp
  • Then click the Quick Scan button. Post the log it produces in your next reply.



In your next reply
Please post the contents of...
TDSSKiller log
OTL log
  • 0

#5
Hikson
Posted 12 August 2011 - 12:56 PM

Hikson

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi,

There is TDSSKiller Log:

2011/08/12 21:38:47.0277 1616 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/12 21:38:47.0461 1616 ================================================================================
2011/08/12 21:38:47.0461 1616 SystemInfo:
2011/08/12 21:38:47.0461 1616
2011/08/12 21:38:47.0462 1616 OS Version: 6.1.7600 ServicePack: 0.0
2011/08/12 21:38:47.0462 1616 Product type: Workstation
2011/08/12 21:38:47.0462 1616 ComputerName: CATALIN-PC
2011/08/12 21:38:47.0462 1616 UserName: Catalin
2011/08/12 21:38:47.0462 1616 Windows directory: C:\Windows
2011/08/12 21:38:47.0462 1616 System windows directory: C:\Windows
2011/08/12 21:38:47.0462 1616 Processor architecture: Intel x86
2011/08/12 21:38:47.0462 1616 Number of processors: 2
2011/08/12 21:38:47.0462 1616 Page size: 0x1000
2011/08/12 21:38:47.0462 1616 Boot type: Normal boot
2011/08/12 21:38:47.0462 1616 ================================================================================
2011/08/12 21:38:48.0374 1616 Initialize success
2011/08/12 21:39:01.0524 2356 ================================================================================
2011/08/12 21:39:01.0525 2356 Scan started
2011/08/12 21:39:01.0525 2356 Mode: Manual;
2011/08/12 21:39:01.0525 2356 ================================================================================
2011/08/12 21:39:01.0870 2356 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/08/12 21:39:01.0920 2356 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/08/12 21:39:01.0963 2356 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/08/12 21:39:01.0996 2356 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/12 21:39:02.0017 2356 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/12 21:39:02.0039 2356 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/12 21:39:02.0074 2356 AFD (45b3d812de52819db219a296d1a64fc9) C:\Windows\system32\drivers\afd.sys
2011/08/12 21:39:02.0077 2356 Suspicious file (Forged): C:\Windows\system32\drivers\afd.sys. Real md5: 45b3d812de52819db219a296d1a64fc9, Fake md5: ddc040fdb01ef1712a6b13e52afb104c
2011/08/12 21:39:02.0083 2356 AFD - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/08/12 21:39:02.0112 2356 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/08/12 21:39:02.0133 2356 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/08/12 21:39:02.0158 2356 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/08/12 21:39:02.0183 2356 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/08/12 21:39:02.0204 2356 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/08/12 21:39:02.0231 2356 amdiox86 (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys
2011/08/12 21:39:02.0244 2356 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/12 21:39:02.0419 2356 amdkmdag (335ace2a8e97439733f0f6a1bbd818d5) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/12 21:39:02.0600 2356 amdkmdap (0b1b116d30f133dc918287fd8e212f1e) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/08/12 21:39:02.0618 2356 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/12 21:39:02.0645 2356 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/08/12 21:39:02.0661 2356 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/12 21:39:02.0675 2356 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/08/12 21:39:02.0713 2356 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/08/12 21:39:02.0758 2356 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/08/12 21:39:02.0778 2356 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/12 21:39:02.0801 2356 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/12 21:39:02.0818 2356 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/08/12 21:39:02.0867 2356 AtiHDAudioService (45fe74599fba4070e7c7dac928896474) C:\Windows\system32\drivers\AtihdW73.sys
2011/08/12 21:39:03.0051 2356 atikmdag (335ace2a8e97439733f0f6a1bbd818d5) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/12 21:39:03.0136 2356 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/08/12 21:39:03.0166 2356 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/08/12 21:39:03.0198 2356 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/08/12 21:39:03.0226 2356 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/12 21:39:03.0245 2356 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/12 21:39:03.0261 2356 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/12 21:39:03.0283 2356 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/12 21:39:03.0317 2356 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/08/12 21:39:03.0332 2356 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/12 21:39:03.0348 2356 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/12 21:39:03.0364 2356 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/12 21:39:03.0380 2356 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/12 21:39:03.0404 2356 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/12 21:39:03.0422 2356 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/12 21:39:03.0468 2356 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/12 21:39:03.0503 2356 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/08/12 21:39:03.0522 2356 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/12 21:39:03.0545 2356 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/08/12 21:39:03.0568 2356 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/08/12 21:39:03.0584 2356 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/12 21:39:03.0600 2356 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/08/12 21:39:03.0633 2356 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/12 21:39:03.0662 2356 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/08/12 21:39:03.0696 2356 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/08/12 21:39:03.0715 2356 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/08/12 21:39:03.0742 2356 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/08/12 21:39:03.0796 2356 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/08/12 21:39:03.0827 2356 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/12 21:39:03.0867 2356 E1G60 (22ef8965101685add128f03a2b03ce16) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/08/12 21:39:03.0956 2356 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/08/12 21:39:04.0058 2356 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/12 21:39:04.0083 2356 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/08/12 21:39:04.0114 2356 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/08/12 21:39:04.0131 2356 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/08/12 21:39:04.0150 2356 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/12 21:39:04.0176 2356 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/08/12 21:39:04.0195 2356 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/08/12 21:39:04.0210 2356 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/12 21:39:04.0231 2356 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/08/12 21:39:04.0259 2356 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/08/12 21:39:04.0272 2356 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/12 21:39:04.0298 2356 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/12 21:39:04.0325 2356 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/12 21:39:04.0362 2356 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/08/12 21:39:04.0390 2356 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/12 21:39:04.0429 2356 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/08/12 21:39:04.0457 2356 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/12 21:39:04.0471 2356 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/12 21:39:04.0487 2356 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/12 21:39:04.0513 2356 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/12 21:39:04.0546 2356 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/12 21:39:04.0575 2356 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/08/12 21:39:04.0606 2356 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/08/12 21:39:04.0633 2356 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/12 21:39:04.0654 2356 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/12 21:39:04.0672 2356 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/08/12 21:39:04.0693 2356 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/12 21:39:04.0726 2356 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/08/12 21:39:04.0755 2356 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/12 21:39:04.0773 2356 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/12 21:39:04.0793 2356 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/08/12 21:39:04.0809 2356 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/08/12 21:39:04.0838 2356 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/08/12 21:39:04.0854 2356 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/08/12 21:39:04.0879 2356 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/12 21:39:04.0893 2356 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/12 21:39:04.0912 2356 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/12 21:39:04.0938 2356 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/12 21:39:04.0952 2356 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/12 21:39:04.0991 2356 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/12 21:39:05.0023 2356 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/12 21:39:05.0051 2356 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/12 21:39:05.0065 2356 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/12 21:39:05.0081 2356 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/12 21:39:05.0099 2356 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/08/12 21:39:05.0119 2356 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/12 21:39:05.0148 2356 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/12 21:39:05.0174 2356 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/08/12 21:39:05.0187 2356 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/12 21:39:05.0205 2356 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/12 21:39:05.0222 2356 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/12 21:39:05.0238 2356 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/08/12 21:39:05.0255 2356 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/08/12 21:39:05.0278 2356 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/12 21:39:05.0308 2356 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/08/12 21:39:05.0323 2356 mrxsmb (9e5dd4ef01aed723abf5342ef23ff012) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/12 21:39:05.0340 2356 mrxsmb10 (6532acbf612a8d340ef9e25e4fef21ee) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/12 21:39:05.0364 2356 mrxsmb20 (24d76abe5dcad22f19d105f76fdf0ce1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/12 21:39:05.0376 2356 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/08/12 21:39:05.0394 2356 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/08/12 21:39:05.0418 2356 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/08/12 21:39:05.0450 2356 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/12 21:39:05.0470 2356 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/08/12 21:39:05.0494 2356 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/12 21:39:05.0510 2356 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/12 21:39:05.0526 2356 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/08/12 21:39:05.0546 2356 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/08/12 21:39:05.0566 2356 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/12 21:39:05.0582 2356 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/08/12 21:39:05.0598 2356 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/12 21:39:05.0614 2356 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/08/12 21:39:05.0645 2356 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/12 21:39:05.0677 2356 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/08/12 21:39:05.0723 2356 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/12 21:39:05.0738 2356 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/12 21:39:05.0757 2356 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/12 21:39:05.0773 2356 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/12 21:39:05.0789 2356 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/08/12 21:39:05.0805 2356 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/12 21:39:05.0823 2356 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/12 21:39:05.0873 2356 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/12 21:39:05.0908 2356 nmwcd (712bc0c22ba00b2ba324c6b8df668ee7) C:\Windows\system32\drivers\ccdcmb.sys
2011/08/12 21:39:05.0920 2356 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/08/12 21:39:05.0940 2356 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/12 21:39:05.0986 2356 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/08/12 21:39:06.0033 2356 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/08/12 21:39:06.0058 2356 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/08/12 21:39:06.0074 2356 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/08/12 21:39:06.0101 2356 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/08/12 21:39:06.0115 2356 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/12 21:39:06.0141 2356 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/08/12 21:39:06.0162 2356 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/08/12 21:39:06.0180 2356 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/08/12 21:39:06.0199 2356 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/08/12 21:39:06.0219 2356 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/08/12 21:39:06.0250 2356 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/12 21:39:06.0264 2356 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/08/12 21:39:06.0293 2356 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/08/12 21:39:06.0410 2356 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/12 21:39:06.0500 2356 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/08/12 21:39:06.0556 2356 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/12 21:39:06.0608 2356 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/12 21:39:06.0655 2356 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/12 21:39:06.0686 2356 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/12 21:39:06.0698 2356 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/12 21:39:06.0714 2356 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/12 21:39:06.0743 2356 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/12 21:39:06.0761 2356 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/12 21:39:06.0777 2356 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/12 21:39:06.0801 2356 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/12 21:39:06.0825 2356 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/12 21:39:06.0847 2356 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/12 21:39:06.0872 2356 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/08/12 21:39:06.0906 2356 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/12 21:39:06.0932 2356 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/12 21:39:06.0946 2356 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/08/12 21:39:06.0970 2356 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/08/12 21:39:07.0009 2356 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/12 21:39:07.0048 2356 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/08/12 21:39:07.0081 2356 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/08/12 21:39:07.0110 2356 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/08/12 21:39:07.0139 2356 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/12 21:39:07.0176 2356 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/12 21:39:07.0212 2356 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/12 21:39:07.0237 2356 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/08/12 21:39:07.0262 2356 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/12 21:39:07.0303 2356 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/08/12 21:39:07.0316 2356 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/08/12 21:39:07.0332 2356 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/08/12 21:39:07.0348 2356 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/12 21:39:07.0373 2356 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/08/12 21:39:07.0389 2356 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/12 21:39:07.0405 2356 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/12 21:39:07.0421 2356 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/08/12 21:39:07.0452 2356 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/08/12 21:39:07.0485 2356 srv (50a83ca406c808bd35ac9141a0c7618f) C:\Windows\system32\DRIVERS\srv.sys
2011/08/12 21:39:07.0503 2356 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/12 21:39:07.0522 2356 srvnet (bd1433a32792fd0dc450479094fc435a) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/12 21:39:07.0574 2356 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/12 21:39:07.0602 2356 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/08/12 21:39:07.0618 2356 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/08/12 21:39:07.0638 2356 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/12 21:39:07.0713 2356 Tcpip (63170b9ee1d0ef0032f0408605671d1a) C:\Windows\system32\drivers\tcpip.sys
2011/08/12 21:39:07.0776 2356 TCPIP6 (63170b9ee1d0ef0032f0408605671d1a) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/12 21:39:07.0803 2356 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/12 21:39:07.0835 2356 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/08/12 21:39:07.0847 2356 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/08/12 21:39:07.0879 2356 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/12 21:39:07.0893 2356 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/12 21:39:07.0936 2356 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/12 21:39:07.0961 2356 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/12 21:39:07.0984 2356 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/12 21:39:07.0999 2356 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/12 21:39:08.0030 2356 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/08/12 21:39:08.0052 2356 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/12 21:39:08.0064 2356 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/12 21:39:08.0110 2356 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
2011/08/12 21:39:08.0124 2356 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/12 21:39:08.0139 2356 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/08/12 21:39:08.0155 2356 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/12 21:39:08.0186 2356 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/12 21:39:08.0206 2356 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/12 21:39:08.0230 2356 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/12 21:39:08.0254 2356 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/12 21:39:08.0266 2356 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/12 21:39:08.0292 2356 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/08/12 21:39:08.0312 2356 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/12 21:39:08.0336 2356 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/08/12 21:39:08.0363 2356 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/08/12 21:39:08.0388 2356 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/08/12 21:39:08.0404 2356 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/08/12 21:39:08.0429 2356 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/08/12 21:39:08.0456 2356 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/08/12 21:39:08.0470 2356 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/08/12 21:39:08.0493 2356 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/08/12 21:39:08.0508 2356 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/08/12 21:39:08.0535 2356 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/08/12 21:39:08.0553 2356 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/12 21:39:08.0581 2356 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/08/12 21:39:08.0602 2356 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/12 21:39:08.0619 2356 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/12 21:39:08.0632 2356 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/12 21:39:08.0672 2356 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/08/12 21:39:08.0689 2356 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/12 21:39:08.0738 2356 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/12 21:39:08.0756 2356 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/08/12 21:39:08.0830 2356 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/08/12 21:39:08.0859 2356 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/08/12 21:39:08.0905 2356 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/12 21:39:08.0946 2356 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/08/12 21:39:08.0961 2356 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/12 21:39:09.0002 2356 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/08/12 21:39:09.0015 2356 Boot (0x1200) (90d9e137d2477c557b82dbf7f2abb71c) \Device\Harddisk0\DR0\Partition0
2011/08/12 21:39:09.0036 2356 Boot (0x1200) (28aa37d0bc4a3c00afff8656d47f7781) \Device\Harddisk0\DR0\Partition1
2011/08/12 21:39:09.0058 2356 Boot (0x1200) (e5bef8b8e2867e7f75846ad3900b7930) \Device\Harddisk0\DR0\Partition2
2011/08/12 21:39:09.0062 2356 ================================================================================
2011/08/12 21:39:09.0062 2356 Scan finished
2011/08/12 21:39:09.0062 2356 ================================================================================
2011/08/12 21:39:09.0073 2968 Detected object count: 1
2011/08/12 21:39:09.0073 2968 Actual detected object count: 1
2011/08/12 21:39:34.0311 2968 AFD (45b3d812de52819db219a296d1a64fc9) C:\Windows\system32\drivers\afd.sys
2011/08/12 21:39:34.0315 2968 Suspicious file (Forged): C:\Windows\system32\drivers\afd.sys. Real md5: 45b3d812de52819db219a296d1a64fc9, Fake md5: ddc040fdb01ef1712a6b13e52afb104c
2011/08/12 21:39:34.0496 2968 Backup copy found, using it..
2011/08/12 21:39:34.0606 2968 C:\Windows\system32\drivers\afd.sys - will be cured after reboot
2011/08/12 21:39:34.0606 2968 Rootkit.Win32.TDSS.tdl3(AFD) - User select action: Cure
2011/08/12 21:40:15.0481 1108 Deinitialize success

And there is OTL Log:

OTL logfile created on: 8/12/2011 9:54:32 PM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Catalin\Desktop\OTL
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 69.36% Memory free
6.50 Gb Paging File | 5.23 Gb Available in Paging File | 80.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 83.08 Gb Free Space | 83.08% Space Free | Partition Type: NTFS
Drive D: | 495.00 Gb Total Space | 471.64 Gb Free Space | 95.28% Space Free | Partition Type: NTFS
Drive E: | 2.50 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CATALIN-PC | User Name: Catalin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/11 10:30:21 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Catalin\Desktop\OTL\OTL.exe
PRC - [2011/08/04 22:52:00 | 000,411,432 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2011/08/04 22:51:50 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Program Files\Steam\Steam.exe
PRC - [2011/07/08 10:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/08 06:25:20 | 000,401,408 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/07/08 06:24:52 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/07/07 23:35:02 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2011/06/16 07:55:12 | 006,276,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/10/31 08:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 04:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (SafeList) ==========

MOD - [2011/08/11 10:30:21 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Catalin\Desktop\OTL\OTL.exe
MOD - [2009/07/14 04:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/04 22:52:00 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/07/08 06:24:52 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/07/07 23:35:02 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2009/07/14 04:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 04:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 04:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2011/07/08 07:14:40 | 008,312,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011/07/08 07:14:40 | 008,312,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/07/08 05:46:42 | 000,244,736 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/03/30 21:46:36 | 000,100,880 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010/12/02 12:13:22 | 000,018,304 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/02/18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009/07/14 04:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 04:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 04:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 02:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 02:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 02:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E5 C7 B2 49 A5 4C CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://fgscs.ro/forum/"
FF - prefs.js..keyword.URL: "http://search.yahoo....ch?fr=ffds1&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/07 15:17:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/07/28 00:38:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Catalin\AppData\Roaming\Mozilla\Extensions
[2011/08/07 15:13:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Catalin\AppData\Roaming\Mozilla\Firefox\Profiles\y81ki0or.default\extensions
[2011/07/29 13:55:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Catalin\AppData\Roaming\Mozilla\Firefox\Profiles\y81ki0or.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/08/04 12:53:54 | 000,000,000 | ---D | M] ("Romanian spelling dictionary") -- C:\Users\Catalin\AppData\Roaming\Mozilla\Firefox\Profiles\y81ki0or.default\extensions\[email protected]
[2011/07/28 09:46:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/28 09:46:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/07/08 10:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 11:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/12 21:50:43 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [GameTracker] File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Steam] D:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] D:\Program Files\uTorrent\utorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [VOIPlay] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 00:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/09/17 20:53:33 | 000,000,043 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/12 21:53:03 | 000,000,000 | ---D | C] -- C:\Users\Catalin\Desktop\GTG
[2011/08/12 21:52:41 | 000,000,000 | ---D | C] -- C:\Users\Catalin\Desktop\TDSSKiller
[2011/08/12 21:50:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/12 13:05:29 | 000,000,000 | ---D | C] -- C:\Users\Catalin\Desktop\OTL
[2011/08/12 13:05:11 | 000,000,000 | ---D | C] -- C:\Users\Catalin\Desktop\aswMBR
[2011/08/10 13:26:32 | 000,000,000 | ---D | C] -- C:\Users\Catalin\Documents\StarCraft II
[2011/08/09 19:15:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2011/08/09 19:02:07 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\Systweak
[2011/08/09 17:25:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2011/08/08 16:56:50 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Local\PunkBuster
[2011/08/08 16:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
[2011/08/08 16:52:09 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/08/08 14:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2011/08/07 15:58:51 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\redsn0w
[2011/08/07 15:18:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/08/07 15:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/08/07 15:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/08/07 15:17:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/08/07 15:17:18 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/08/07 15:17:12 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/08/07 15:16:53 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/08/07 15:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/08/07 15:16:08 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\Yahoo!
[2011/08/07 15:06:52 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\Apple Computer
[2011/08/07 15:06:52 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Local\Apple Computer
[2011/08/07 15:06:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/08/07 15:06:43 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/08/07 15:01:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/08/07 15:01:33 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Local\Apple
[2011/08/07 15:01:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/08/07 13:54:57 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/08/06 17:13:51 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portforward.com
[2011/08/05 17:38:08 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\VOIPlay
[2011/08/05 12:57:20 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\ts3overlay
[2011/08/04 23:13:56 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\TS3Client
[2011/08/04 23:13:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2011/08/04 22:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2011/08/03 23:09:06 | 000,000,000 | ---D | C] -- C:\Users\Catalin\Documents\FGSCS
[2011/08/03 17:25:29 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Local\Microsoft Games
[2011/07/28 15:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2011/07/28 15:36:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2011/07/28 15:09:42 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Local\CrashRpt
[2011/07/28 15:06:46 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/07/28 15:06:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/07/28 14:25:20 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\WinRAR
[2011/07/28 14:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/07/28 13:56:40 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\uTorrent
[2011/07/28 13:56:40 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Local\uTorrent
[2011/07/28 12:11:38 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/07/28 09:50:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/07/28 09:50:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/07/28 09:45:56 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/07/28 08:45:24 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/07/28 08:45:18 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2011/07/28 00:57:34 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2011/07/28 00:57:19 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\Macromedia
[2011/07/28 00:57:19 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\Adobe
[2011/07/28 00:56:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2011/07/28 00:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2011/07/28 00:56:11 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/07/28 00:55:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2011/07/28 00:43:51 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Local\AMD
[2011/07/28 00:43:46 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\ATI
[2011/07/28 00:43:46 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Local\ATI
[2011/07/28 00:43:46 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/07/28 00:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2011/07/28 00:43:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011/07/28 00:43:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2011/07/28 00:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2011/07/28 00:43:05 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011/07/28 00:43:05 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/07/28 00:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/07/28 00:38:25 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\Mozilla
[2011/07/28 00:38:25 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Local\Mozilla
[2011/07/28 00:38:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/07/28 00:35:38 | 000,000,000 | R--D | C] -- C:\Users\Catalin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/07/28 00:35:38 | 000,000,000 | R--D | C] -- C:\Users\Catalin\Searches
[2011/07/28 00:35:38 | 000,000,000 | R--D | C] -- C:\Users\Catalin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/07/28 00:35:38 | 000,000,000 | -H-D | C] -- C:\Users\Catalin\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/07/28 00:35:30 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\Identities
[2011/07/28 00:35:29 | 000,000,000 | R--D | C] -- C:\Users\Catalin\Contacts
[2011/07/28 00:35:22 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Local\VirtualStore
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\AppData\Local\Temporary Internet Files
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\Templates
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\Start Menu
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\SendTo
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\Recent
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\PrintHood
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\NetHood
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\Documents\My Videos
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\Documents\My Pictures
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\Documents\My Music
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\My Documents
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\Local Settings
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\AppData\Local\History
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\Cookies
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\Application Data
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\AppData\Local\Application Data
[2011/07/28 00:35:17 | 000,000,000 | --SD | C] -- C:\Users\Catalin\AppData\Roaming\Microsoft
[2011/07/28 00:35:17 | 000,000,000 | R--D | C] -- C:\Users\Catalin\Videos
[2011/07/28 00:35:17 | 000,000,000 | R--D | C] -- C:\Users\Catalin\Saved Games
[2011/07/28 00:35:17 | 000,000,000 | R--D | C] -- C:\Users\Catalin\Pictures
[2011/07/28 00:35:17 | 000,000,000 | R--D | C] -- C:\Users\Catalin\Music
[2011/07/28 00:35:17 | 000,000,000 | R--D | C] -- C:\Users\Catalin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/07/28 00:35:17 | 000,000,000 | R--D | C] -- C:\Users\Catalin\Links
[2011/07/28 00:35:17 | 000,000,000 | R--D | C] -- C:\Users\Catalin\Favorites
[2011/07/28 00:35:17 | 000,000,000 | R--D | C] -- C:\Users\Catalin\Downloads
[2011/07/28 00:35:17 | 000,000,000 | R--D | C] -- C:\Users\Catalin\Documents
[2011/07/28 00:35:17 | 000,000,000 | R--D | C] -- C:\Users\Catalin\Desktop
[2011/07/28 00:35:17 | 000,000,000 | R--D | C] -- C:\Users\Catalin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/07/28 00:35:17 | 000,000,000 | -H-D | C] -- C:\Users\Catalin\AppData
[2011/07/28 00:35:17 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Local\Temp
[2011/07/28 00:35:17 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Local\Microsoft
[2011/07/28 00:35:17 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\Media Center Programs
[2011/07/28 00:32:08 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates
[2011/07/28 00:32:08 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
[2011/07/28 00:32:08 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011/07/28 00:32:08 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
[2011/07/28 00:32:08 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
[2011/07/28 00:32:08 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
[2011/07/28 00:32:08 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favorites
[2011/07/28 00:32:08 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents
[2011/07/28 00:32:08 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2011/07/28 00:32:08 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data
[2011/07/28 00:32:07 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
[2011/07/28 00:32:03 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

========== Files - Modified Within 30 Days ==========

[2011/08/12 21:51:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/12 21:51:41 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/12 21:50:43 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/08/12 21:47:11 | 000,615,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/12 21:47:11 | 000,103,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/12 21:46:17 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/12 21:46:17 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/12 12:53:27 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/08/10 13:33:39 | 000,000,752 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2011/08/09 19:15:26 | 000,000,931 | ---- | M] () -- C:\Users\Catalin\Desktop\Left 4 Dead 2.lnk
[2011/08/08 14:21:15 | 000,000,222 | ---- | M] () -- C:\Users\Catalin\Desktop\Counter-Strike.url
[2011/08/07 22:03:22 | 000,000,815 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/08/07 15:18:15 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/07 13:54:51 | 246,420,506 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/08/06 19:28:57 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2011/08/04 23:13:29 | 000,000,803 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2011/07/30 14:34:56 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/07/28 15:42:52 | 000,001,135 | ---- | M] () -- C:\Users\Catalin\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/07/28 15:42:52 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Messenger.lnk
[2011/07/28 15:41:38 | 000,000,630 | ---- | M] () -- C:\Users\Catalin\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/07/28 08:49:22 | 000,042,045 | ---- | M] () -- C:\Windows\System32\license.rtf
[2011/07/28 08:48:05 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011/07/28 08:45:58 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/07/28 00:36:43 | 000,001,411 | ---- | M] () -- C:\Users\Catalin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

========== Files Created - No Company Name ==========

[2011/08/11 10:37:25 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/08/10 13:26:32 | 000,000,752 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2011/08/09 15:53:44 | 000,000,931 | ---- | C] () -- C:\Users\Catalin\Desktop\Left 4 Dead 2.lnk
[2011/08/07 15:18:15 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/07 15:17:12 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/08/07 13:54:51 | 246,420,506 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/08/06 19:28:57 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2011/08/04 23:13:29 | 000,000,803 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2011/08/04 22:53:03 | 000,000,222 | ---- | C] () -- C:\Users\Catalin\Desktop\Counter-Strike.url
[2011/08/04 22:50:19 | 000,000,815 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/07/30 14:34:56 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/07/28 15:42:52 | 000,001,135 | ---- | C] () -- C:\Users\Catalin\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/07/28 15:42:52 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Messenger.lnk
[2011/07/28 13:56:53 | 000,000,630 | ---- | C] () -- C:\Users\Catalin\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/07/28 08:48:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/07/28 08:45:58 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/07/28 08:44:54 | 2616,057,856 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/28 00:38:18 | 000,001,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/07/28 00:36:43 | 000,001,411 | ---- | C] () -- C:\Users\Catalin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/28 00:35:39 | 000,001,417 | ---- | C] () -- C:\Users\Catalin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/07/28 00:35:17 | 000,000,290 | ---- | C] () -- C:\Users\Catalin\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/07/28 00:35:17 | 000,000,272 | ---- | C] () -- C:\Users\Catalin\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/07/07 23:37:28 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/05/13 18:01:54 | 000,234,142 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/03/17 20:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2009/07/14 07:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 07:33:53 | 000,266,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 05:05:48 | 000,615,122 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 05:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 05:05:48 | 000,103,496 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 05:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 05:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 05:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 03:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/14 02:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 02:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 02:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/11 00:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/07 01:39:53 | 000,132,096 | ---- | C] () -- C:\Windows\System32\gc.dll

========== LOP Check ==========

[2011/08/07 15:58:51 | 000,000,000 | ---D | M] -- C:\Users\Catalin\AppData\Roaming\redsn0w
[2011/08/09 19:06:51 | 000,000,000 | ---D | M] -- C:\Users\Catalin\AppData\Roaming\Systweak
[2011/08/05 12:57:32 | 000,000,000 | ---D | M] -- C:\Users\Catalin\AppData\Roaming\TS3Client
[2011/08/05 12:57:20 | 000,000,000 | ---D | M] -- C:\Users\Catalin\AppData\Roaming\ts3overlay
[2011/08/10 16:47:43 | 000,000,000 | ---D | M] -- C:\Users\Catalin\AppData\Roaming\uTorrent
[2011/08/05 17:38:13 | 000,000,000 | ---D | M] -- C:\Users\Catalin\AppData\Roaming\VOIPlay
[2009/07/14 07:53:46 | 000,011,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< C:\Users\Catalin\AppData\Local\Temp\*.tmp >
[63 C:\Users\Catalin\AppData\Local\Temp\*.tmp files -> C:\Users\Catalin\AppData\Local\Temp\*.tmp -> ]

< End of report >


Later Edit: I almost forgot, thank you very much for helping me, you are such a nice man :)

Edited by Hikson, 12 August 2011 - 01:02 PM.

  • 0

#6
BlackOxide
Posted 12 August 2011 - 01:20 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
No problem, you're welcome :)

TDSSKiller looks to have worked there, which is good to see. What we'll do now, is restore some of your folders which look to have been hidden by the malware. Then we'll do a scan with MBAM to see if this finds any other malware items.


1)
Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 6 and press Enter on the keyboard
  • Once finished, a log will appear. Please copy and paste this into your next reply.
  • Please reboot your PC to complete the process.
  • The log can also be found next to the RogueKiller file, called RKreport.txt.




2)
Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.




3)
OTL Quick Scan
  • Double click on the OTL icon to run it.
  • When the window appears, underneath Output at the top, make sure Standard Output is selected.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window.
  • Please post the contents of this log




In your next reply
Please post the contents of...
RogueKiller log
MBAM log
OTL log
  • 0

#7
Hikson
Posted 12 August 2011 - 02:00 PM

Hikson

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi,

There is RougeKiller Log:

RogueKiller V5.3.1 [08/06/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: Catalin [Admin rights]
Mode: Shortcuts HJfix -- Date : 08/12/2011 22:22:02

Bad processes: 0

File attributes restored:
Desktop: Success 1 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 3 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 82 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 2 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 31 / Fail 0
Backup: [NOT FOUND]

Drives:
[A:] \Device\Floppy0 -- 0x2 --> Skipped
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\HarddiskVolume4 -- 0x2 --> Restored
[G:] \Device\HarddiskVolume5 -- 0x2 --> Restored
[H:] \Device\HarddiskVolume6 -- 0x2 --> Restored
[I:] \Device\HarddiskVolume7 -- 0x2 --> Restored

Finished : << RKreport[1].txt >>
RKreport[1].txt

There is MBAM Log:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7449

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

8/12/2011 10:35:23 PM
mbam-log-2011-08-12 (22-35-23).txt

Scan type: Quick scan
Objects scanned: 151462
Time elapsed: 2 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 44

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Catalin\AppData\Local\Temp\2491.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\Users\Catalin\AppData\Local\Temp\2CE.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\Users\Catalin\AppData\Local\Temp\2E13.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\Users\Catalin\AppData\Local\Temp\386F.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\Users\Catalin\AppData\Local\Temp\3AA.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\Users\Catalin\AppData\Local\Temp\445.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\Users\Catalin\AppData\Local\Temp\473E.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\Users\Catalin\AppData\Local\Temp\5245.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\Users\Catalin\AppData\Local\Temp\536F.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\Users\Catalin\AppData\Local\Temp\5CE0.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\Users\Catalin\AppData\Local\Temp\5DDA.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\Users\Catalin\AppData\Local\Temp\67E7.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\Users\Catalin\AppData\Local\Temp\68B3.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\Users\Catalin\AppData\Local\Temp\9FC9.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\Users\Catalin\AppData\Local\Temp\messenger32.exe (PUP.PSW.MessenPass) -> Quarantined and deleted successfully.
c:\Users\Catalin\AppData\Local\Temp\C004.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\Users\Catalin\AppData\Local\Temp\C18B.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\Users\Catalin\AppData\Local\Temp\C5F.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\Users\Catalin\AppData\Local\Temp\CFFC.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\Users\Catalin\AppData\Local\Temp\Chrome32.exe (PUP.ChromePasswordTool) -> Quarantined and deleted successfully.
c:\Users\Catalin\AppData\Local\Temp\D5A.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\Users\Catalin\AppData\Local\Temp\DAE5.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\Users\Catalin\AppData\Local\Temp\DB70.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\Users\Catalin\AppData\Local\Temp\DC4C.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\Users\Catalin\AppData\Local\Temp\E0DD.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\Users\Catalin\AppData\Local\Temp\E540.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\Users\Catalin\AppData\Local\Temp\E63B.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\Users\Catalin\AppData\Local\Temp\EBB6.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\Users\Catalin\AppData\Local\Temp\EBB7.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\Users\Catalin\AppData\Local\Temp\EC71.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\Users\Catalin\AppData\Local\Temp\ECC0.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\Users\Catalin\AppData\Local\Temp\EED2.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\Users\Catalin\AppData\Local\Temp\B28D.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\Users\Catalin\AppData\Local\Temp\B4FD.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\Users\Catalin\AppData\Local\Temp\B50D.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\Users\Catalin\AppData\Local\Temp\B79C.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\Users\Catalin\AppData\Local\Temp\B8E4.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\Users\Catalin\AppData\Local\Temp\explorer32.exe (PUP.PSW.Passview) -> Quarantined and deleted successfully.
c:\Users\Catalin\AppData\Local\Temp\F595.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\Users\Catalin\AppData\Local\Temp\F5C5.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\Users\Catalin\AppData\Local\Temp\F892.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\Users\Catalin\AppData\Local\Temp\FE5B.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\Users\Catalin\AppData\Local\Temp\FE9B.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
c:\Users\Catalin\AppData\Local\Temp\firefox32.exe (PUP.PSW.PassFox) -> Quarantined and deleted successfully.

And there is OTL Log:

OTL logfile created on: 8/12/2011 10:44:50 PM - Run 4
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Catalin\Desktop\OTL
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 71.08% Memory free
6.50 Gb Paging File | 5.10 Gb Available in Paging File | 78.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 83.06 Gb Free Space | 83.06% Space Free | Partition Type: NTFS
Drive D: | 495.00 Gb Total Space | 471.64 Gb Free Space | 95.28% Space Free | Partition Type: NTFS
Drive E: | 2.50 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CATALIN-PC | User Name: Catalin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/11 10:30:21 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Catalin\Desktop\OTL\OTL.exe
PRC - [2011/08/04 22:52:00 | 000,411,432 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2011/08/04 22:51:50 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Program Files\Steam\Steam.exe
PRC - [2011/07/08 10:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/08 06:25:20 | 000,401,408 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/07/08 06:24:52 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/07/07 23:35:02 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/16 07:55:12 | 006,276,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/10/31 08:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 04:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (SafeList) ==========

MOD - [2011/08/11 10:30:21 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Catalin\Desktop\OTL\OTL.exe
MOD - [2009/07/14 04:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/04 22:52:00 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/07/08 06:24:52 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/07/07 23:35:02 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/07/14 04:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 04:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 04:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2011/07/08 07:14:40 | 008,312,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011/07/08 07:14:40 | 008,312,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/07/08 05:46:42 | 000,244,736 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/03/30 21:46:36 | 000,100,880 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010/12/02 12:13:22 | 000,018,304 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/02/18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009/07/14 04:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 04:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 04:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 02:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 02:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 02:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E5 C7 B2 49 A5 4C CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://fgscs.ro/forum/"
FF - prefs.js..keyword.URL: "http://search.yahoo....ch?fr=ffds1&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/07 15:17:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/07/28 00:38:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Catalin\AppData\Roaming\Mozilla\Extensions
[2011/08/07 15:13:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Catalin\AppData\Roaming\Mozilla\Firefox\Profiles\y81ki0or.default\extensions
[2011/07/29 13:55:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Catalin\AppData\Roaming\Mozilla\Firefox\Profiles\y81ki0or.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/08/04 12:53:54 | 000,000,000 | ---D | M] ("Romanian spelling dictionary") -- C:\Users\Catalin\AppData\Roaming\Mozilla\Firefox\Profiles\y81ki0or.default\extensions\[email protected]
[2011/07/28 09:46:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/28 09:46:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/07/08 10:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 11:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/12 21:50:43 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [GameTracker] File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Steam] D:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] File not found
O4 - HKCU..\Run: [VOIPlay] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 00:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/09/17 20:53:33 | 000,000,043 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/12 22:29:19 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\Malwarebytes
[2011/08/12 22:29:10 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/08/12 22:29:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/12 22:29:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/12 22:29:07 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/08/12 22:29:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/12 22:21:01 | 000,000,000 | ---D | C] -- C:\Users\Catalin\Desktop\RogueKiller
[2011/08/12 21:53:03 | 000,000,000 | ---D | C] -- C:\Users\Catalin\Desktop\GTG
[2011/08/12 21:52:41 | 000,000,000 | ---D | C] -- C:\Users\Catalin\Desktop\TDSSKiller
[2011/08/12 21:50:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/12 13:05:29 | 000,000,000 | ---D | C] -- C:\Users\Catalin\Desktop\OTL
[2011/08/12 13:05:11 | 000,000,000 | ---D | C] -- C:\Users\Catalin\Desktop\aswMBR
[2011/08/10 13:26:32 | 000,000,000 | ---D | C] -- C:\Users\Catalin\Documents\StarCraft II
[2011/08/09 19:15:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2011/08/09 19:02:07 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\Systweak
[2011/08/09 17:25:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2011/08/08 16:56:50 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Local\PunkBuster
[2011/08/08 16:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
[2011/08/08 16:52:09 | 000,000,000 | ---D | C] -- C:\Program Files\InstallShield Installation Information
[2011/08/08 14:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2011/08/07 15:58:51 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\redsn0w
[2011/08/07 15:18:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/08/07 15:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/08/07 15:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/08/07 15:17:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/08/07 15:17:18 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/08/07 15:17:12 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/08/07 15:16:53 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/08/07 15:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/08/07 15:16:08 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\Yahoo!
[2011/08/07 15:06:52 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\Apple Computer
[2011/08/07 15:06:52 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Local\Apple Computer
[2011/08/07 15:06:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/08/07 15:06:43 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/08/07 15:01:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/08/07 15:01:33 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Local\Apple
[2011/08/07 15:01:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/08/07 13:54:57 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/08/06 17:13:51 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portforward.com
[2011/08/05 17:38:08 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\VOIPlay
[2011/08/05 12:57:20 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\ts3overlay
[2011/08/04 23:13:56 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\TS3Client
[2011/08/04 23:13:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2011/08/04 22:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2011/08/03 23:09:06 | 000,000,000 | ---D | C] -- C:\Users\Catalin\Documents\FGSCS
[2011/08/03 17:25:29 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Local\Microsoft Games
[2011/07/28 15:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2011/07/28 15:36:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2011/07/28 15:09:42 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Local\CrashRpt
[2011/07/28 15:06:46 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/07/28 15:06:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/07/28 14:25:20 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\WinRAR
[2011/07/28 14:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/07/28 12:11:38 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/07/28 09:50:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/07/28 09:50:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/07/28 09:45:56 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/07/28 08:45:24 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/07/28 08:45:18 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2011/07/28 00:57:34 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2011/07/28 00:57:19 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\Macromedia
[2011/07/28 00:57:19 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\Adobe
[2011/07/28 00:56:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2011/07/28 00:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2011/07/28 00:56:11 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/07/28 00:55:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2011/07/28 00:43:51 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Local\AMD
[2011/07/28 00:43:46 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\ATI
[2011/07/28 00:43:46 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Local\ATI
[2011/07/28 00:43:46 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/07/28 00:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2011/07/28 00:43:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011/07/28 00:43:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2011/07/28 00:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2011/07/28 00:43:05 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011/07/28 00:43:05 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/07/28 00:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/07/28 00:38:25 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\Mozilla
[2011/07/28 00:38:25 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Local\Mozilla
[2011/07/28 00:38:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/07/28 00:35:38 | 000,000,000 | R--D | C] -- C:\Users\Catalin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/07/28 00:35:38 | 000,000,000 | R--D | C] -- C:\Users\Catalin\Searches
[2011/07/28 00:35:38 | 000,000,000 | R--D | C] -- C:\Users\Catalin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/07/28 00:35:38 | 000,000,000 | ---D | C] -- C:\Users\Catalin\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/07/28 00:35:30 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\Identities
[2011/07/28 00:35:29 | 000,000,000 | R--D | C] -- C:\Users\Catalin\Contacts
[2011/07/28 00:35:22 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Local\VirtualStore
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\AppData\Local\Temporary Internet Files
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\Templates
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\Start Menu
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\SendTo
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\Recent
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\PrintHood
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\NetHood
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\Documents\My Videos
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\Documents\My Pictures
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\Documents\My Music
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\My Documents
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\Local Settings
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\AppData\Local\History
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\Cookies
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\Application Data
[2011/07/28 00:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Catalin\AppData\Local\Application Data
[2011/07/28 00:35:17 | 000,000,000 | --SD | C] -- C:\Users\Catalin\AppData\Roaming\Microsoft
[2011/07/28 00:35:17 | 000,000,000 | R--D | C] -- C:\Users\Catalin\Videos
[2011/07/28 00:35:17 | 000,000,000 | R--D | C] -- C:\Users\Catalin\Saved Games
[2011/07/28 00:35:17 | 000,000,000 | R--D | C] -- C:\Users\Catalin\Pictures
[2011/07/28 00:35:17 | 000,000,000 | R--D | C] -- C:\Users\Catalin\Music
[2011/07/28 00:35:17 | 000,000,000 | R--D | C] -- C:\Users\Catalin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/07/28 00:35:17 | 000,000,000 | R--D | C] -- C:\Users\Catalin\Links
[2011/07/28 00:35:17 | 000,000,000 | R--D | C] -- C:\Users\Catalin\Favorites
[2011/07/28 00:35:17 | 000,000,000 | R--D | C] -- C:\Users\Catalin\Downloads
[2011/07/28 00:35:17 | 000,000,000 | R--D | C] -- C:\Users\Catalin\Documents
[2011/07/28 00:35:17 | 000,000,000 | R--D | C] -- C:\Users\Catalin\Desktop
[2011/07/28 00:35:17 | 000,000,000 | R--D | C] -- C:\Users\Catalin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/07/28 00:35:17 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Local\Temp
[2011/07/28 00:35:17 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Local\Microsoft
[2011/07/28 00:35:17 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData\Roaming\Media Center Programs
[2011/07/28 00:35:17 | 000,000,000 | ---D | C] -- C:\Users\Catalin\AppData
[2011/07/28 00:32:08 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates
[2011/07/28 00:32:08 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
[2011/07/28 00:32:08 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011/07/28 00:32:08 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
[2011/07/28 00:32:08 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
[2011/07/28 00:32:08 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
[2011/07/28 00:32:08 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favorites
[2011/07/28 00:32:08 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents
[2011/07/28 00:32:08 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2011/07/28 00:32:08 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data
[2011/07/28 00:32:07 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
[2011/07/28 00:32:03 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

========== Files - Modified Within 30 Days ==========

[2011/08/12 22:42:31 | 000,615,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/12 22:42:31 | 000,103,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/12 22:41:37 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/12 22:41:37 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/12 22:36:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/12 22:36:22 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/12 21:50:43 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/08/12 12:53:27 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/08/10 13:33:39 | 000,000,752 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2011/08/09 19:15:26 | 000,000,931 | ---- | M] () -- C:\Users\Catalin\Desktop\Left 4 Dead 2.lnk
[2011/08/08 14:21:15 | 000,000,222 | ---- | M] () -- C:\Users\Catalin\Desktop\Counter-Strike.url
[2011/08/07 22:03:22 | 000,000,815 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/08/07 15:18:15 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/07 13:54:51 | 246,420,506 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/08/06 19:28:57 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2011/08/04 23:13:29 | 000,000,803 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2011/07/30 14:34:56 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/07/28 15:42:52 | 000,001,135 | ---- | M] () -- C:\Users\Catalin\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/07/28 15:42:52 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Messenger.lnk
[2011/07/28 08:49:22 | 000,042,045 | ---- | M] () -- C:\Windows\System32\license.rtf
[2011/07/28 08:48:05 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011/07/28 08:45:58 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/07/28 00:36:43 | 000,001,411 | ---- | M] () -- C:\Users\Catalin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

========== Files Created - No Company Name ==========

[2011/08/11 10:37:25 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/08/10 13:26:32 | 000,000,752 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2011/08/09 15:53:44 | 000,000,931 | ---- | C] () -- C:\Users\Catalin\Desktop\Left 4 Dead 2.lnk
[2011/08/07 15:18:15 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/07 15:17:12 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/08/07 13:54:51 | 246,420,506 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/08/06 19:28:57 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2011/08/04 23:13:29 | 000,000,803 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2011/08/04 22:53:03 | 000,000,222 | ---- | C] () -- C:\Users\Catalin\Desktop\Counter-Strike.url
[2011/08/04 22:50:19 | 000,000,815 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/07/30 14:34:56 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/07/28 15:42:52 | 000,001,135 | ---- | C] () -- C:\Users\Catalin\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/07/28 15:42:52 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Messenger.lnk
[2011/07/28 08:48:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/07/28 08:45:58 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/07/28 08:44:54 | 2616,057,856 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/28 00:38:18 | 000,001,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/07/28 00:36:43 | 000,001,411 | ---- | C] () -- C:\Users\Catalin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/28 00:35:39 | 000,001,417 | ---- | C] () -- C:\Users\Catalin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/07/28 00:35:17 | 000,000,290 | ---- | C] () -- C:\Users\Catalin\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/07/28 00:35:17 | 000,000,272 | ---- | C] () -- C:\Users\Catalin\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/07/07 23:37:28 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/05/13 18:01:54 | 000,234,142 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/03/17 20:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2009/07/14 07:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 07:33:53 | 000,266,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 05:05:48 | 000,615,122 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 05:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 05:05:48 | 000,103,496 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 05:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 05:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 05:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 03:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/14 02:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 02:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 02:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/11 00:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/07 01:39:53 | 000,132,096 | ---- | C] () -- C:\Windows\System32\gc.dll

========== LOP Check ==========

[2011/08/07 15:58:51 | 000,000,000 | ---D | M] -- C:\Users\Catalin\AppData\Roaming\redsn0w
[2011/08/09 19:06:51 | 000,000,000 | ---D | M] -- C:\Users\Catalin\AppData\Roaming\Systweak
[2011/08/05 12:57:32 | 000,000,000 | ---D | M] -- C:\Users\Catalin\AppData\Roaming\TS3Client
[2011/08/05 12:57:20 | 000,000,000 | ---D | M] -- C:\Users\Catalin\AppData\Roaming\ts3overlay
[2011/08/05 17:38:13 | 000,000,000 | ---D | M] -- C:\Users\Catalin\AppData\Roaming\VOIPlay
[2009/07/14 07:53:46 | 000,012,104 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


And I have two more problems if you could help me:

1. In C:\Users\Catalin appeared two strange files, system protected:

- NTUSER.DAT
- ntuser.dat.LOG1
- ntuser.dat.LOG2

This files were not there when I installed Windows 7 (I had them before the virus)
Is there a problem? How I can remove them?

2. I deleted, not uninstalled a game (Call of Duty® 4 - Modern Warfare™) and now when I try to remove it from Programs and Features, after the Uninstall finishes I get the following error:

Title:
Unhandled Exception

Error itself:
Error Number: 0x80040702
Description: Failed to load DLL: FirewallInstallHelper

Setup will now terminate.
  • 0

#8
BlackOxide
Posted 13 August 2011 - 08:08 AM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts

1. In C:\Users\Catalin appeared two strange files, system protected:

- NTUSER.DAT
- ntuser.dat.LOG1
- ntuser.dat.LOG2

This files were not there when I installed Windows 7 (I had them before the virus)
Is there a problem? How I can remove them?

Those three files are perfectly normal and need to be in that folder. They contain settings related to your user account. Just leave them as they are. They have only become visible now, due to the tools we have used. They will disappear at the end once we're all done :unsure:



2. I deleted, not uninstalled a game (Call of Duty® 4 - Modern Warfare™) and now when I try to remove it from Programs and Features, after the Uninstall finishes I get the following error:

Title:
Unhandled Exception

Error itself:
Error Number: 0x80040702
Description: Failed to load DLL: FirewallInstallHelper

Setup will now terminate.

Okey dokey. We should be able to get that sorted shortly. We'll make sure the PC is clean from infections, then we'll have a go at getting this sorted :)




Could you do the following scan with Kaspersky, then get back to me with the log please.



1)
Kaspersky Virus Removal Tool

Click here to download the Kaspersky Virus Removal Tool.
  • Save it to your desktop.
  • Double click the setup file to run it.
  • Follow the onscreen prompts until it is installed
  • Click the Options button (the 'cog' icon), then make sure only the following are ticked:

  • System Memory
  • Hidden startup objects
  • Disk boot sectors
  • Local Disk (C:)
  • Also any other drives (Removable that you may have)


Leave the rest of the settings as they appear as default.

  • Then click on Automatic Scan
  • Now click the Start Scanning button, to run the scan
  • If a message appears asking how to handle an infection, tick the Apply to all objects box, then click Disinfection
  • If it says it cannot be Disinfected, then chooose the Delete option when prompted.
  • After the scan is complete, click the reports button ('Paper icon', next to the 'cog' icon) on the right hand side
  • Click Detected threats on the left
  • Now click the Save button, and save it as kaslog.txt to your Desktop
  • Please copy and paste the contents of kaslog.txt in your next reply.




2)
Could you tell me if you are still having trouble with Firefox opening those 4 tabs?



In your next reply
Please post the contents of...
Kaspersky log
Let me know if those tabs are still opening
  • 0

#9
Hikson
Posted 13 August 2011 - 01:32 PM

Hikson

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi,

The Kaspersky Log is too long; the forum redirects me to index page when I try to post the log, so I upload it to MediaFire: Download
And no, I don't have problems anymore with the opening tabs.
  • 0

#10
BlackOxide
Posted 14 August 2011 - 05:25 AM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Excellent, your logs now look good to me. I'll post my cleanup steps which will guide you through removing the tools we have used and change back settings that have been made as part of the fixes.

After you have done the cleanup steps, can you let me know whether those NTUser.dat files are still visible please. Once this has been done, we can then move on to trying to fully uninstall Call of Duty.






Good stuff, your logs now appear clean :)

Please go through the Cleanup section below and have a read of the other information which will help keep your PC protected


Thank you for following the procedures, your system now appears free from Malware. Below is a list of steps that are well worth following, they help finalize the fixes we have been doing and will help minimize the risk of a smilar situation happening again by protecting your PC and helping secure it.

Please make sure you follow the Cleanup stage just below.


========== CLEANUP ==========

Remove the Tools used in this cleanup

1)
Tools on the Desktop:
You can now safely remove aswMBR, TDSSKiller and RogueKiller from the Desktop (if present)

2)
Clear Junk/Temp Files
  • Run OTL, copy and paste the following into the Custom Scans/Fixes area at the bottom
    :Commands
[EMPTYTEMP]
:Files
attrib +h C:\Users\Catalin\NTUSER.DAT /c
attrib +h C:\Users\Catalin\ntuser.dat.LOG1 /c
attrib +h C:\Users\Catalin\ntuser.dat.LOG2 /c
  • Then Click Run Fix

3)
OTL Cleanup
  • Open OTL
  • Click the CleanUp button at the top, it will ask to reboot your PC, please allow it to do so

4)
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


========== Anti Malware Protection ==========

MalwareBytes Anti-Malware
This is an excellent Anti-Malware product. It is recommended to periodically run a Quick Scan to keep your PC as clean as possible. Remember to check for updates before running a scan, so click the Update tab along the top, then click Check for Updates.

Free Anti Virus Protection...
If you haven't got an AntiVirus or are thinking of changing, my personal recommendations are Microsoft Security Essentials and Avast, both are free to use. Remember though, you can only have one Anti Virus installed at any one given time.

Paid Anti Virus Protection...
If you want a bit more than just an Anti Virus and would like extra features such as Firewall and Anti Spam, you will have to look at purchasing an Anti Virus product. A lot of people do use free AV software as these products use the same virus databases as the paid ones, but some people prefer to have the extra features and the help and support that the paid products tend to offer. If you are looking into purchasing one, my recommendations would be Kaspersky Internet Security or ESET Smart Security. There are however many different ones out there and it is wise to just download trial versions to see which ones suit you best, before actually buying.



========== Updates ==========

Keeping your PC updated is vital in the battle against infections and exploits. There are many infections which will exploit loopholes within Windows itself, Java and Adobe Reader. Keeping these updated is a very good habit to get into.

Automatic Updates

Updates to your Operating System are vital in closing loopholes and fixing bugs which some infections exploit.
To keep your Windows updated, ensure that 'Automatic Updates' is enabled on your PC so updates are downloaded and installed automatically. Click on your version of Windows below to find out how...
Windows XP
Windows Vista
Windows 7

Java updates
  • Click the Start button
  • Click Control Panel
  • Double Click Java
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed
Adobe Reader updates
  • Open Adobe Reader
  • Click Help on the menu at the top
  • Click Check for Updates
  • Allow any updates to be downloaded and installed



========== Alternate Browsers ==========

Using an alternative web browser can help protect your PC from infections which exploit security holes within Internet Explorer. They can also be quicker to load pages and offer more tools and features such as Firefox's huge addon list.

Firefox - My personal choice, easy to use and has a large number of excellent addons that can be installed to help keep you away from malicious sites and reduce advertisements and popups etc. AdBlockPlus and WOT are very useful addons that are well worth having installed.

Google Chrome - Very nippy browser that's easy to use and is well worth a go if you are trying out different browsers.


Have fun and stay safe online :unsure:
BlackOxide




Let me know if the NTUser.dat files are still there. They should be hidden now though.
  • 0

#11
Hikson
Posted 14 August 2011 - 08:31 AM

Hikson

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi,

Yes, NTUser.dat files are still there, just one of them is now hidden.

And I have three more problems now; and a question:
NTUser.dat files
The full uninstallation of Call of Duty
I have a pirated Windows 7, can you help me remove the Windows Genuine information at the bottom of the screen? (I do not have enough money at the moment to buy a Windows)

Can you learn me to fight malware?
I am not an expert in English, so I ask you to learn me in private, because it could be more easier for me (On a chating program like Yahoo! Messenger)
  • 0

#12
BlackOxide
Posted 14 August 2011 - 10:38 AM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hey,

Just ignore the NTUser.dat file which is still visible, as long as you don't remove it, it will be fine.



I have a pirated Windows 7, can you help me remove the Windows Genuine information at the bottom of the screen? (I do not have enough money at the moment to buy a Windows)

Unfortunately I can no longer provide assistance, due to you having a pirated version of Windows.

We here at GeeksToGo will not assist you with issues relating to copied, pirated, or in any other way stolen programs. It is a direct violation of our TOS (Terms Of Service) to offer any assistance in this matter.

You are at a much greater risk of malware and security threats, due to Windows not being genuine. You are also much more likely to become reinfected due to this reason.

If you do purchase a legal version of Windows in the future, we here at GeeksToGo will then be happy to assist you.


This topic will now be closed in relation to the TOS matter.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP