[RodgeV]

Hello there. I've recently noticed my system running a tad too slow along with the fact that my NOD 32 pop warnings now and then about the system memory. I figured I'd ask for help here since I wasn't able to do it myself.

This thread carries quite the resemblance.
http://www.geekstogo...-trojan-solved/

If you happen to stumble upon any other viruses then I would be grateful if you'd help me with it too.

NOD32
-------
2012-04-17 17:10:02 Startup scanner file Operating memory » firefox.exe(3516) probably a variant of Win32/TrojanDownloader.Mebload.AR trojan unable to clean
2012-04-16 18:56:50 Startup scanner file Operating memory » firefox.exe(3516) probably a variant of Win32/TrojanDownloader.Mebload.AR trojan unable to clean
2012-04-15 19:34:05 Startup scanner file Operating memory » firefox.exe(2800) probably a variant of Win32/TrojanDownloader.Mebload.AR trojan unable to clean
2012-04-15 12:33:20 Startup scanner file Operating memory » firefox.exe(2800) probably a variant of Win32/TrojanDownloader.Mebload.AR trojan unable to clean
2012-04-12 14:34:29 Startup scanner file Operating memory » C:\Users\Rodge\AppData\Local\Temp\wpbt0.dll probably a variant of Win32/TrojanDownloader.Mebload.AR trojan unable to clean
2012-04-12 14:34:27 Startup scanner file Operating memory » firefox.exe(3524) probably a variant of Win32/TrojanDownloader.Mebload.AR trojan unable to clean



OTL report.


OTL logfile created on: 2012-04-17 17:23:24 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Rodge\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

7,91 Gb Total Physical Memory | 5,67 Gb Available Physical Memory | 71,64% Memory free
15,83 Gb Paging File | 12,50 Gb Available in Paging File | 78,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 39,59 Gb Free Space | 40,54% Space Free | Partition Type: NTFS
Drive D: | 1765,26 Gb Total Space | 553,80 Gb Free Space | 31,37% Space Free | Partition Type: NTFS

Computer Name: RODGE-PC | User Name: Rodge | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-04-17 17:18:56 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Rodge\Downloads\OTL.exe
PRC - [2012-03-22 19:31:34 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012-03-17 11:53:44 | 004,011,184 | ---- | M] (Spotify Ltd) -- D:\Program Files\Spotify\spotify.exe
PRC - [2012-03-14 18:47:57 | 000,740,216 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2012-03-13 06:36:40 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012-03-05 00:31:26 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Viktiga saker\Program\Steam\Steam.exe
PRC - [2012-03-01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012-02-29 14:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011-12-16 12:37:30 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011-12-16 12:37:26 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011-12-16 12:37:10 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2011-01-12 17:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe


========== Modules (No Company Name) ==========

MOD - [2012-03-21 22:01:03 | 020,297,512 | ---- | M] () -- D:\Viktiga saker\Program\Steam\bin\libcef.dll
MOD - [2012-03-21 22:01:03 | 001,099,576 | ---- | M] () -- D:\Viktiga saker\Program\Steam\bin\avcodec-53.dll
MOD - [2012-03-21 22:01:03 | 000,907,048 | ---- | M] () -- D:\Viktiga saker\Program\Steam\bin\chromehtml.dll
MOD - [2012-03-21 22:01:03 | 000,190,776 | ---- | M] () -- D:\Viktiga saker\Program\Steam\bin\avformat-53.dll
MOD - [2012-03-21 22:01:03 | 000,123,192 | ---- | M] () -- D:\Viktiga saker\Program\Steam\bin\avutil-51.dll
MOD - [2012-03-17 11:53:44 | 020,080,640 | ---- | M] () -- D:\Program Files\Spotify\Data\libcef.dll
MOD - [2012-03-14 19:09:49 | 008,527,520 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2012-03-13 06:36:53 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012-03-01 02:02:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2012-02-29 14:26:28 | 000,360,768 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011-12-08 17:38:24 | 000,607,456 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel® Capability Licensing Service Interface) Intel®
SRV:64bit: - [2011-01-12 17:44:02 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2011-01-12 17:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012-03-22 19:31:34 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012-03-01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012-02-29 14:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012-02-14 16:49:12 | 000,736,104 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2011-12-16 12:37:30 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011-12-16 12:37:26 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2011-12-16 12:37:10 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service) Intel®
SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012-03-14 21:18:18 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012-01-17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011-11-24 00:02:20 | 000,648,808 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011-11-22 16:21:46 | 000,395,752 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011-11-22 16:21:46 | 000,130,024 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011-11-10 01:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2011-04-15 05:08:26 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011-04-11 22:01:00 | 000,341,832 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys -- (LADF_RenderOnly)
DRV:64bit: - [2011-04-11 22:00:18 | 000,410,184 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys -- (LADF_CaptureOnly)
DRV:64bit: - [2010-12-21 16:04:06 | 000,170,640 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010-12-21 16:04:06 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010-12-21 14:47:38 | 000,125,296 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-11-20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010-06-11 15:37:14 | 000,015,368 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:64bit: - [2009-11-24 03:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009-11-24 03:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009-11-18 08:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009-09-16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv-SE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A9 B1 3A E3 A8 18 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Rodge\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2012-03-14 18:54:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-03-14 19:03:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012-03-14 18:54:38 | 000,000,000 | ---D | M]

[2012-03-14 19:06:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rodge\AppData\Roaming\Mozilla\Extensions
[2012-04-12 19:06:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rodge\AppData\Roaming\Mozilla\Firefox\Profiles\psuyle51.default\extensions
[2012-04-12 19:06:12 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\Rodge\AppData\Roaming\Mozilla\Firefox\Profiles\psuyle51.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2012-03-14 19:03:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012-03-13 06:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012-03-13 09:24:42 | 000,001,470 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allaannonser-sv-SE.xml
[2012-03-13 08:50:43 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012-03-13 09:24:42 | 000,002,670 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\prisjakt-sv-SE.xml
[2012-03-13 09:24:42 | 000,000,948 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\tyda-sv-SE.xml
[2012-03-13 09:24:42 | 000,001,174 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-sv-SE.xml
[2012-03-13 09:24:42 | 000,000,951 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-sv-SE.xml

O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [Spotify] D:\Program Files\Spotify\spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [WhatPulse] C:\Program Files (x86)\WhatPulse\WhatPulse.exe (WhatPulse.org)
O4 - Startup: C:\Users\Rodge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrering.lnk = C:\Program Files\Logitech Gaming Software\EReg\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1183C3C3-D29D-433A-B543-E49C5A60FA98}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5F0F797-E333-47B0-98AE-00FD51DA7BD5}: DhcpNameServer = 7.254.254.254
O20:64bit: - AppInit_DLLs: (C:\PROGRA~1\LUCIDL~1\VIRTU\APPINI~1.DLL) - File not found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\LUCIDL~1\VIRTU\x86\APPINI~1.DLL) - File not found
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{29b22632-6e02-11e1-8cf6-bc5ff40e22fd}\Shell - "" = AutoRun
O33 - MountPoints2\{29b22632-6e02-11e1-8cf6-bc5ff40e22fd}\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012-04-16 09:12:40 | 000,000,000 | ---D | C] -- C:\Users\Rodge\Desktop\MB
[2012-04-15 02:53:13 | 000,000,000 | ---D | C] -- C:\Users\Rodge\Documents\Almost Human
[2012-04-14 22:21:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012-04-14 22:21:27 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software
[2012-04-14 18:00:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012-04-14 14:24:16 | 000,000,000 | ---D | C] -- C:\Users\Rodge\AppData\Local\PunkBuster
[2012-04-14 13:56:34 | 000,000,000 | ---D | C] -- C:\Users\Rodge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2012-04-14 13:56:20 | 000,000,000 | ---D | C] -- C:\Users\Rodge\AppData\Local\Deployment
[2012-04-14 13:23:50 | 000,000,000 | ---D | C] -- C:\Users\Rodge\AppData\Roaming\Unity
[2012-04-14 13:17:14 | 000,000,000 | ---D | C] -- C:\Users\Rodge\AppData\Local\Unity
[2012-04-13 22:37:29 | 000,000,000 | ---D | C] -- C:\Users\Rodge\Desktop\Fallout NV Texture
[2012-04-13 18:29:26 | 000,000,000 | ---D | C] -- C:\Users\Rodge\AppData\Local\FalloutNV
[2012-04-13 13:58:50 | 000,000,000 | ---D | C] -- C:\Users\Rodge\Documents\Guild Wars 2
[2012-04-12 17:35:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fallout New Vegas
[2012-04-12 16:44:47 | 000,000,000 | ---D | C] -- C:\Users\Rodge\AppData\Roaming\local
[2012-04-12 14:18:22 | 000,000,000 | ---D | C] -- C:\Users\Rodge\AppData\Local\ESET
[2012-04-12 14:03:41 | 000,000,000 | ---D | C] -- C:\Users\Rodge\AppData\Local\Skyrim
[2012-04-12 14:00:44 | 000,000,000 | ---D | C] -- C:\Users\Rodge\AppData\Local\Black_Tree_Gaming
[2012-04-12 14:00:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
[2012-04-11 22:39:04 | 000,000,000 | ---D | C] -- C:\Users\Rodge\Desktop\Textures
[2012-04-11 21:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows
[2012-04-11 20:41:53 | 000,000,000 | ---D | C] -- C:\Users\Rodge\AppData\Roaming\WhatPulse
[2012-04-11 20:41:51 | 000,000,000 | ---D | C] -- C:\Users\Rodge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatPulse
[2012-04-11 20:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhatPulse
[2012-04-11 20:41:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WhatPulse
[2012-04-10 18:59:14 | 000,000,000 | ---D | C] -- C:\Users\Rodge\Documents\Wolfire
[2012-04-10 18:59:00 | 000,000,000 | ---D | C] -- C:\Users\Rodge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overgrowth
[2012-04-10 18:59:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overgrowth
[2012-04-08 15:59:01 | 000,000,000 | ---D | C] -- C:\Program Files\Xenocode
[2012-04-07 23:29:06 | 000,000,000 | ---D | C] -- C:\Users\Rodge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LucasArts
[2012-04-07 23:29:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts
[2012-04-05 22:51:13 | 000,000,000 | ---D | C] -- C:\Users\Rodge\Documents\Tunngle
[2012-04-05 22:51:13 | 000,000,000 | ---D | C] -- C:\Users\Rodge\AppData\Roaming\Tunngle
[2012-04-05 22:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Tunngle
[2012-04-05 22:51:10 | 000,031,232 | ---- | C] (Tunngle.net) -- C:\Windows\SysNative\drivers\tap0901t.sys
[2012-04-05 22:51:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
[2012-04-05 22:51:09 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Tunngle
[2012-04-05 22:51:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tunngle
[2012-04-04 23:16:10 | 000,000,000 | ---D | C] -- C:\Users\Rodge\AppData\Roaming\Mount&Blade Warband
[2012-04-04 23:15:48 | 000,000,000 | ---D | C] -- C:\Users\Rodge\AppData\Roaming\Sandbox
[2012-04-04 00:05:34 | 000,000,000 | ---D | C] -- C:\Users\Rodge\AppData\Local\Mumble
[2012-04-03 18:12:47 | 000,000,000 | ---D | C] -- C:\Users\Rodge\AppData\Roaming\Mumble
[2012-04-03 18:12:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
[2012-04-03 18:09:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mumble
[2012-04-03 09:40:58 | 000,000,000 | ---D | C] -- C:\Users\Rodge\AppData\Local\Red 5 Studios
[2012-04-01 10:00:56 | 000,000,000 | ---D | C] -- C:\Users\Rodge\AppData\Local\Adobe
[2012-04-01 00:33:19 | 000,000,000 | ---D | C] -- C:\Users\Rodge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012-04-01 00:31:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
[2012-04-01 00:04:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2012-03-31 00:11:51 | 000,419,840 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012-03-31 00:11:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2012-03-31 00:11:50 | 000,413,696 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012-03-31 00:11:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grinding Gear Games
[2012-03-24 16:22:18 | 000,000,000 | ---D | C] -- C:\Users\Rodge\AppData\Roaming\RenPy
[2012-03-24 16:08:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012-03-24 16:04:02 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012-03-24 16:03:34 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012-03-23 16:53:57 | 000,000,000 | ---D | C] -- C:\Users\Rodge\AppData\Local\TERA-Diagnostic
[2012-03-23 15:53:13 | 000,000,000 | ---D | C] -- C:\Users\Rodge\AppData\Local\TERA
[2012-03-22 21:46:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NV
[2012-03-22 21:46:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NV
[2012-03-22 21:39:53 | 000,000,000 | ---D | C] -- C:\Users\Rodge\Desktop\New folder
[2012-03-22 21:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012-03-22 21:38:56 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012-03-22 21:38:56 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012-03-22 21:05:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phyxion.net
[2012-03-22 21:05:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Phyxion.net
[2012-03-22 19:46:52 | 000,000,000 | ---D | C] -- C:\Users\Rodge\AppData\Local\Ubisoft Game Launcher
[2012-03-22 19:46:50 | 000,000,000 | ---D | C] -- C:\Users\Rodge\Documents\Assassin's Creed Revelations
[2012-03-22 19:31:33 | 000,000,000 | ---D | C] -- C:\Users\Rodge\AppData\Roaming\PunkBuster
[2012-03-22 19:31:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2012-03-22 18:25:03 | 000,000,000 | ---D | C] -- C:\Users\Rodge\AppData\Local\SKIDROW
[2012-03-22 18:25:03 | 000,000,000 | ---D | C] -- C:\Users\Rodge\Documents\Remedy
[2012-03-22 18:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remedy Entertainment
[2012-03-22 15:53:04 | 000,000,000 | ---D | C] -- C:\Users\Rodge\AppData\Local\Chromium
[2012-03-22 15:51:03 | 000,000,000 | ---D | C] -- C:\Users\Rodge\AppData\Roaming\The Creative Assembly
[2012-03-21 19:37:46 | 000,000,000 | ---D | C] -- C:\Users\Rodge\riotsGamesLogs
[2012-03-20 23:46:27 | 000,000,000 | ---D | C] -- C:\Users\Rodge\Documents\Real Warfare 2 - Teutonic order
[2012-03-20 23:45:10 | 000,000,000 | ---D | C] -- C:\Program Files\WMV9_VCM
[2012-03-20 23:45:10 | 000,000,000 | ---D | C] -- C:\Users\Rodge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WMV9 VCM
[2012-03-20 23:44:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1C Company
[2012-03-20 23:41:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1C Company
[2012-03-20 20:10:46 | 000,000,000 | ---D | C] -- C:\Users\Rodge\AppData\Roaming\LolClient
[2012-03-20 19:03:13 | 000,000,000 | ---D | C] -- C:\Users\Rodge\AppData\Local\TeknoGods
[2012-03-18 21:46:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YUMEMIRUKUSURI
[2012-03-18 21:46:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Peach Princess

========== Files - Modified Within 30 Days ==========

[2012-04-17 17:09:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-04-16 16:53:23 | 000,778,730 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-04-16 16:53:23 | 000,651,892 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-04-16 16:53:23 | 000,120,824 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-04-16 16:52:27 | 000,020,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-04-16 16:52:27 | 000,020,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-04-16 16:47:08 | 2077,900,799 | -HS- | M] () -- C:\hiberfil.sys
[2012-04-14 22:32:46 | 000,001,013 | ---- | M] () -- C:\Users\Rodge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrering.lnk
[2012-04-14 18:01:49 | 000,005,564 | ---- | M] () -- C:\Users\Rodge\Documents\cc_20120414_180146.reg
[2012-04-14 18:01:34 | 000,038,822 | ---- | M] () -- C:\Users\Rodge\Documents\cc_20120414_180118.reg
[2012-04-14 14:24:29 | 000,269,712 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012-04-14 14:24:29 | 000,269,712 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012-04-14 13:56:34 | 000,000,324 | ---- | M] () -- C:\Users\Rodge\Desktop\Ghost Recon Online.appref-ms
[2012-04-13 15:40:02 | 000,000,639 | ---- | M] () -- C:\Users\Rodge\Desktop\Play cRPG.lnk
[2012-04-07 04:33:59 | 000,267,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-04-05 23:09:54 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2012-04-05 22:51:10 | 000,000,965 | ---- | M] () -- C:\Users\Rodge\Application Data\Microsoft\Internet Explorer\Quick Launch\Tunngle beta.lnk
[2012-04-03 18:19:35 | 000,002,387 | ---- | M] () -- C:\Users\Rodge\Documents\MumbleAutomaticCertificateBackup.p12
[2012-04-01 03:10:14 | 000,423,478 | ---- | M] () -- C:\Users\Rodge\Desktop\1333241365550.jpg
[2012-03-31 00:11:51 | 000,419,840 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012-03-31 00:11:50 | 000,413,696 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012-03-22 21:24:38 | 000,001,745 | ---- | M] () -- C:\Users\Rodge\Documents\Sweclockers.rtf
[2012-03-22 19:31:35 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012-03-22 19:31:34 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe

========== Files Created - No Company Name ==========

[2012-04-14 22:32:46 | 000,001,013 | ---- | C] () -- C:\Users\Rodge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrering.lnk
[2012-04-14 18:01:47 | 000,005,564 | ---- | C] () -- C:\Users\Rodge\Documents\cc_20120414_180146.reg
[2012-04-14 18:01:20 | 000,038,822 | ---- | C] () -- C:\Users\Rodge\Documents\cc_20120414_180118.reg
[2012-04-14 14:24:29 | 000,269,712 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012-04-14 13:56:34 | 000,000,324 | ---- | C] () -- C:\Users\Rodge\Desktop\Ghost Recon Online.appref-ms
[2012-04-11 21:10:38 | 000,000,639 | ---- | C] () -- C:\Users\Rodge\Desktop\Play cRPG.lnk
[2012-04-05 23:09:54 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012-04-05 22:51:10 | 000,000,965 | ---- | C] () -- C:\Users\Rodge\Application Data\Microsoft\Internet Explorer\Quick Launch\Tunngle beta.lnk
[2012-04-05 02:10:34 | 000,133,632 | ---- | C] () -- C:\Users\Rodge\Desktop\MB.exe
[2012-04-03 18:19:35 | 000,002,387 | ---- | C] () -- C:\Users\Rodge\Documents\MumbleAutomaticCertificateBackup.p12
[2012-04-01 03:10:14 | 000,423,478 | ---- | C] () -- C:\Users\Rodge\Desktop\1333241365550.jpg
[2012-03-22 21:40:15 | 002,515,790 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012-03-22 21:38:56 | 000,011,770 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012-03-22 19:46:06 | 000,001,745 | ---- | C] () -- C:\Users\Rodge\Documents\Sweclockers.rtf
[2012-03-22 19:31:35 | 000,269,712 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012-03-22 19:31:35 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012-03-22 19:31:34 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012-03-14 22:22:04 | 000,763,730 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012-03-13 23:57:15 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012-03-13 23:57:15 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012-03-13 23:57:15 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012-03-13 23:57:15 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012-03-13 23:57:15 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012-02-29 14:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011-12-08 17:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== LOP Check ==========

[2012-04-14 18:06:45 | 000,000,000 | ---D | M] -- C:\Users\Rodge\AppData\Roaming\DAEMON Tools Lite
[2012-03-14 20:56:03 | 000,000,000 | ---D | M] -- C:\Users\Rodge\AppData\Roaming\Leadertech
[2012-04-12 16:44:47 | 000,000,000 | ---D | M] -- C:\Users\Rodge\AppData\Roaming\local
[2012-03-20 20:10:46 | 000,000,000 | ---D | M] -- C:\Users\Rodge\AppData\Roaming\LolClient
[2012-04-05 01:38:45 | 000,000,000 | ---D | M] -- C:\Users\Rodge\AppData\Roaming\Mount&Blade Warband
[2012-04-16 18:52:54 | 000,000,000 | ---D | M] -- C:\Users\Rodge\AppData\Roaming\Mumble
[2012-03-15 11:32:58 | 000,000,000 | ---D | M] -- C:\Users\Rodge\AppData\Roaming\Origin
[2012-03-22 19:31:33 | 000,000,000 | ---D | M] -- C:\Users\Rodge\AppData\Roaming\PunkBuster
[2012-03-24 16:22:18 | 000,000,000 | ---D | M] -- C:\Users\Rodge\AppData\Roaming\RenPy
[2012-04-04 23:15:48 | 000,000,000 | ---D | M] -- C:\Users\Rodge\AppData\Roaming\Sandbox
[2012-04-17 17:14:35 | 000,000,000 | ---D | M] -- C:\Users\Rodge\AppData\Roaming\Spotify
[2012-03-22 15:51:03 | 000,000,000 | ---D | M] -- C:\Users\Rodge\AppData\Roaming\The Creative Assembly
[2012-04-16 00:47:48 | 000,000,000 | ---D | M] -- C:\Users\Rodge\AppData\Roaming\Tunngle
[2012-04-14 13:23:50 | 000,000,000 | ---D | M] -- C:\Users\Rodge\AppData\Roaming\Unity
[2012-04-17 17:22:13 | 000,000,000 | ---D | M] -- C:\Users\Rodge\AppData\Roaming\uTorrent
[2012-03-31 21:12:46 | 000,000,000 | ---D | M] -- C:\Users\Rodge\AppData\Roaming\wargaming.net
[2012-04-16 16:48:36 | 000,000,000 | ---D | M] -- C:\Users\Rodge\AppData\Roaming\WhatPulse
[2009-07-14 07:08:49 | 000,008,302 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

[Advertisements]

Hello RodgeV and welcome to my office here at G2G!

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTE:

• Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
• Absence of symptoms does not always mean the computer is clean
• Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
• Please DO NOT run any scans or fix on your own without my direction.
• Please read all of my response through at least once before attempting to follow the procedures described.
• If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
• You must reply within 3 days or your topic will be closed

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O33 - MountPoints2\{29b22632-6e02-11e1-8cf6-bc5ff40e22fd}\Shell - "" = AutoRun
  O33 - MountPoints2\{29b22632-6e02-11e1-8cf6-bc5ff40e22fd}\Shell\AutoRun\command - "" = F:\Autorun.exe
  
  :Commands
  [purity]
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
• Check the boxes beside:
  
  
  • Verify Driver Digital Signature
  • Detect TDLFS file system
• then click OK.
• Click the Start Scan button to start the scan.
• If a suspicious object is detected, the default action will be Skip
• If malicious objects are found, they will show in the Scan results and offer three (3) options.
• Ensure Cure is selected for malicious objects
  
  
• Click Continue then Reboot now to finish the cleaning process.
• Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 3

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
• Accept the disclaimer and allow to update if it asks
  
  
  
  
• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 4

Please don't forget to include these items in your reply:

• OTL fix log
• TDSSKiller log
• Combofix log

It would be helpful if you could post each log in separate post

[maliprog]

Hello RodgeV and welcome to my office here at G2G!

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTE:

• Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
• Absence of symptoms does not always mean the computer is clean
• Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
• Please DO NOT run any scans or fix on your own without my direction.
• Please read all of my response through at least once before attempting to follow the procedures described.
• If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
• You must reply within 3 days or your topic will be closed

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O33 - MountPoints2\{29b22632-6e02-11e1-8cf6-bc5ff40e22fd}\Shell - "" = AutoRun
  O33 - MountPoints2\{29b22632-6e02-11e1-8cf6-bc5ff40e22fd}\Shell\AutoRun\command - "" = F:\Autorun.exe
  
  :Commands
  [purity]
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
• Check the boxes beside:
  
  
  • Verify Driver Digital Signature
  • Detect TDLFS file system
• then click OK.
• Click the Start Scan button to start the scan.
• If a suspicious object is detected, the default action will be Skip
• If malicious objects are found, they will show in the Scan results and offer three (3) options.
• Ensure Cure is selected for malicious objects
  
  
• Click Continue then Reboot now to finish the cleaning process.
• Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 3

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
• Accept the disclaimer and allow to update if it asks
  
  
  
  
• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 4

Please don't forget to include these items in your reply:

• OTL fix log
• TDSSKiller log
• Combofix log

It would be helpful if you could post each log in separate post

[RodgeV]

Added all three logs.

 ComboFix.log   21.96KB   162 downloads
 04182012_191101.log   4.33KB   109 downloads
 TDSSKiller.2.7.29.0_18.04.2012_19.15.30_log.txt   237.69KB   103 downloads

Edited by RodgeV, 18 April 2012 - 11:42 AM.

[maliprog]

Please post your logs next time instead attaching them. I'll post it for you this time.

ComboFix 12-04-18.01 - Rodge 2012-04-18 19:22:14.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.46.1033.18.8104.6134 [GMT 2:00]
Körs frĺn: c:\users\Rodge\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Windows
c:\programdata\Windows\ccdxmmde.dat
c:\programdata\windows\drss.dat
c:\programdata\Windows\msseedir.dll
c:\programdata\windows\xessmsxe.dat
c:\users\Rodge\AppData\Roaming\Local
c:\users\Rodge\AppData\Roaming\Local\FalloutNV\Fallout.ini
c:\users\Rodge\AppData\Roaming\Local\FalloutNV\FalloutPrefs.ini
c:\users\Rodge\AppData\Roaming\Local\FalloutNV\NVDLCList.txt
c:\users\Rodge\AppData\Roaming\Local\FalloutNV\plugins.txt
c:\users\Rodge\AppData\Roaming\Local\FalloutNV\RendererInfo.txt
.
.
(((((((((((((((((((((((( Filer skapade frĺn 2012-03-18 till 2012-04-18 ))))))))))))))))))))))))))))))
.
.
2012-04-18 17:25 . 2012-04-18 17:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-18 17:11 . 2012-04-18 17:11 -------- d-----w- C:\_OTL
2012-04-14 20:21 . 2012-04-14 20:22 -------- d-----w- c:\program files\Logitech Gaming Software
2012-04-14 16:00 . 2012-04-14 16:00 -------- d-----w- c:\program files\CCleaner
2012-04-14 12:24 . 2012-04-14 12:24 269712 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-04-14 12:24 . 2012-04-14 12:24 -------- d-----w- c:\users\Rodge\AppData\Local\PunkBuster
2012-04-14 11:56 . 2012-04-14 12:23 -------- d-----w- c:\users\Rodge\AppData\Local\Deployment
2012-04-14 11:23 . 2012-04-14 11:23 -------- d-----w- c:\users\Rodge\AppData\Roaming\Unity
2012-04-14 11:17 . 2012-04-14 11:17 -------- d-----w- c:\users\Rodge\AppData\Local\Unity
2012-04-13 16:29 . 2012-04-13 23:05 -------- d-----w- c:\users\Rodge\AppData\Local\FalloutNV
2012-04-12 12:18 . 2012-04-12 12:18 -------- d-----w- c:\users\Rodge\AppData\Local\ESET
2012-04-12 12:03 . 2012-04-12 12:03 -------- d-----w- c:\users\Rodge\AppData\Local\Skyrim
2012-04-12 12:00 . 2012-04-12 12:00 -------- d-----w- c:\users\Rodge\AppData\Local\Black_Tree_Gaming
2012-04-12 01:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 01:00 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 01:00 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 01:00 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 01:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 01:00 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 01:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 18:41 . 2012-04-18 14:58 -------- d-----w- c:\users\Rodge\AppData\Roaming\WhatPulse
2012-04-11 18:41 . 2012-04-11 18:41 -------- d-----w- c:\program files (x86)\WhatPulse
2012-04-08 13:59 . 2012-04-08 13:59 -------- d-----w- c:\program files\Xenocode
2012-04-07 21:20 . 2001-09-05 03:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-04-07 21:20 . 2001-09-05 03:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-04-07 21:20 . 2001-09-05 03:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-04-07 21:20 . 2001-09-05 03:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-04-05 20:51 . 2012-04-15 22:47 -------- d-----w- c:\users\Rodge\AppData\Roaming\Tunngle
2012-04-05 20:51 . 2012-04-14 16:34 -------- d-----w- c:\programdata\Tunngle
2012-04-05 20:51 . 2009-09-16 05:02 31232 ----a-w- c:\windows\system32\drivers\tap0901t.sys
2012-04-05 20:51 . 2012-04-05 20:51 -------- d-----w- c:\program files (x86)\Tunngle
2012-04-04 21:16 . 2012-04-04 23:38 -------- d-----w- c:\users\Rodge\AppData\Roaming\Mount&Blade Warband
2012-04-04 21:15 . 2012-04-04 21:15 -------- d-----w- c:\users\Rodge\AppData\Roaming\Sandbox
2012-04-03 22:05 . 2012-04-03 22:05 -------- d-----w- c:\users\Rodge\AppData\Local\Mumble
2012-04-03 16:12 . 2012-04-18 14:41 -------- d-----w- c:\users\Rodge\AppData\Roaming\Mumble
2012-04-03 16:09 . 2012-04-03 16:12 -------- d-----w- c:\program files (x86)\Mumble
2012-04-03 07:40 . 2012-04-03 07:40 -------- d-----w- c:\users\Rodge\AppData\Local\Red 5 Studios
2012-04-01 08:00 . 2012-04-01 08:01 -------- d-----w- c:\users\Rodge\AppData\Local\Adobe
2012-03-31 22:04 . 2012-03-31 22:31 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-03-30 22:11 . 2012-03-30 22:11 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2012-03-30 22:11 . 2012-03-30 22:11 133632 ----a-w- c:\windows\system32\OpenAL32.dll
2012-03-30 22:11 . 2012-03-30 22:11 -------- d-----w- c:\program files (x86)\OpenAL
2012-03-30 22:11 . 2012-03-30 22:11 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-03-30 22:11 . 2012-03-30 22:11 110592 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-03-24 14:22 . 2012-03-24 14:22 -------- d-----w- c:\users\Rodge\AppData\Roaming\RenPy
2012-03-24 14:05 . 2012-02-29 21:00 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
2012-03-24 14:05 . 2012-02-29 21:00 6074176 ----a-w- c:\windows\system32\nvcpl.dll
2012-03-24 14:05 . 2012-02-29 20:59 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-03-24 14:05 . 2012-02-29 20:59 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-03-24 14:05 . 2012-02-29 20:59 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-03-24 14:03 . 2012-04-18 17:27 -------- d-----w- c:\programdata\NVIDIA
2012-03-23 14:53 . 2012-03-23 17:16 -------- d-----w- c:\users\Rodge\AppData\Local\TERA-Diagnostic
2012-03-23 13:53 . 2012-03-23 13:53 -------- d-----w- c:\users\Rodge\AppData\Local\TERA
2012-03-22 19:46 . 2012-03-27 19:38 -------- d-----w- c:\windows\SysWow64\NV
2012-03-22 19:46 . 2012-03-27 19:38 -------- d-----w- c:\windows\system32\NV
2012-03-22 19:40 . 2012-04-18 14:51 -------- d-----w- c:\users\UpdatusUser
2012-03-22 19:40 . 2012-02-29 20:59 2515790 ----a-w- c:\windows\system32\nvcoproc.bin
2012-03-22 19:39 . 2012-03-22 19:39 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-03-22 19:05 . 2012-03-22 19:05 -------- d-----w- c:\program files (x86)\Phyxion.net
2012-03-22 17:46 . 2012-03-22 19:18 -------- d-----w- c:\users\Rodge\AppData\Local\Ubisoft Game Launcher
2012-03-22 17:31 . 2012-04-14 12:24 269712 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-22 17:31 . 2012-03-22 17:31 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-03-22 17:31 . 2012-03-22 17:31 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-03-22 17:31 . 2012-03-22 17:31 -------- d-----w- c:\users\Rodge\AppData\Roaming\PunkBuster
2012-03-22 17:31 . 2012-03-22 17:31 -------- d-----w- c:\program files (x86)\Ubisoft
2012-03-22 16:25 . 2012-03-22 16:25 -------- d-----w- c:\users\Rodge\AppData\Local\SKIDROW
2012-03-22 13:53 . 2012-03-22 13:53 -------- d-----w- c:\users\Rodge\AppData\Local\Chromium
2012-03-22 13:51 . 2012-03-22 13:51 -------- d-----w- c:\users\Rodge\AppData\Roaming\The Creative Assembly
2012-03-21 17:37 . 2012-04-07 21:29 -------- d-----w- c:\users\Rodge\riotsGamesLogs
2012-03-20 21:45 . 2012-03-20 21:45 -------- d-----w- c:\program files\WMV9_VCM
2012-03-20 21:41 . 2012-03-20 21:41 -------- d-----w- c:\program files (x86)\1C Company
2012-03-20 18:10 . 2012-03-20 18:10 -------- d-----w- c:\users\Rodge\AppData\Roaming\LolClient
2012-03-20 17:03 . 2012-03-20 17:03 -------- d-----w- c:\users\Rodge\AppData\Local\TeknoGods
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-17 10:08 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-03-17 10:08 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-03-17 09:34 . 2012-03-17 09:34 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-17 09:34 . 2012-03-17 09:34 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-17 09:34 . 2012-03-17 09:34 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-17 09:34 . 2012-03-17 09:34 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-17 09:34 . 2012-03-17 09:34 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-17 09:34 . 2012-03-17 09:34 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-17 09:34 . 2012-03-17 09:34 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-17 09:34 . 2012-03-17 09:34 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-17 09:34 . 2012-03-17 09:34 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-17 09:34 . 2012-03-17 09:34 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-17 09:34 . 2012-03-17 09:34 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-17 09:34 . 2012-03-17 09:34 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-17 09:34 . 2012-03-17 09:34 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-17 09:34 . 2012-03-17 09:34 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-17 09:34 . 2012-03-17 09:34 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-17 09:34 . 2012-03-17 09:34 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-17 09:34 . 2012-03-17 09:34 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-17 09:34 . 2012-03-17 09:34 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-17 09:34 . 2012-03-17 09:34 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-17 09:34 . 2012-03-17 09:34 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-17 09:34 . 2012-03-17 09:34 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-17 09:34 . 2012-03-17 09:34 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-17 09:34 . 2012-03-17 09:34 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-17 09:34 . 2012-03-17 09:34 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-17 09:34 . 2012-03-17 09:34 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-17 09:34 . 2012-03-17 09:34 448512 ----a-w- c:\windows\system32\html.iec
2012-03-17 09:34 . 2012-03-17 09:34 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-17 09:34 . 2012-03-17 09:34 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-17 09:34 . 2012-03-17 09:34 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-17 09:34 . 2012-03-17 09:34 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-17 09:34 . 2012-03-17 09:34 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-17 09:34 . 2012-03-17 09:34 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-17 09:34 . 2012-03-17 09:34 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-17 09:34 . 2012-03-17 09:34 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-14 19:18 . 2012-03-14 19:18 270912 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-03-14 17:09 . 2012-03-14 16:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-14 17:00 . 2012-03-14 17:00 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-14 03:27 . 2012-04-17 15:11 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E63C2B3B-1B87-494D-89A2-673BB7E0AB13}\mpengine.dll
2012-02-29 20:59 . 2012-03-24 14:05 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-29 12:26 . 2012-02-29 12:26 416064 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-02-23 08:18 . 2012-03-14 17:01 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 17:21 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 06:38 . 2012-03-14 17:21 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 17:21 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 17:21 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 17:21 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 17:21 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 17:21 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 17:22 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-17 10:28 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-17 10:28 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 17:21 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-03-14 740216]
"Spotify"="d:\program files\Spotify\spotify.exe" [2012-03-17 4011184]
"WhatPulse"="c:\program files (x86)\WhatPulse\WhatPulse.exe" [2011-11-15 3990528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Rodge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Produktregistrering.lnk - c:\program files\Logitech Gaming Software\EReg\eReg.exe [2012-4-14 517384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-02-14 736104]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-16 363800]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [x]
S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
.
.
--- Övriga tjänster/drivrutiner i minnet ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2918656]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Extra genomsökning -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Rodge\AppData\Roaming\Mozilla\Firefox\Profiles\psuyle51.default\
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LĹSTA REGISTERNYCKLAR ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andra processer som körs ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Sluttid: 2012-04-18 19:32:06 - datorn startades om.
ComboFix-quarantined-files.txt 2012-04-18 17:32
.
Före genomsökningen: 42 122 342 400 bytes free
Efter genomsökningen: 41 978 253 312 bytes free
.
- - End Of File - - AF8167E3E6EB423EE424206A7DF14223

[maliprog]

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right



Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan


Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post

[maliprog]

Hi RodgeV,

Are you still with me? Did you manage to run VRT?

[RodgeV]

Yeah, I'm still around. Sorry about that. I haven't completeted the last part yet but I'll run the scan later tonight and post the log afterwards.

[RodgeV]

 Kaspersky.txt   1.62KB   153 downloads

[maliprog]

First of all...

It is quite evident from the Kaspersky log that you have cracks/keygens residing on your computer. It would appear that downloading this type of material is the most likely cause of the infections and problems you are experiencing with your system. Using 'cracked' software is not only inviting a host of different types of virus and malware but is also illegal.

I would recommend you to remove all cracks from your system because next time you require assistance you may not get any help.

Next...

How is your system now? Any problems?

[RodgeV]

So far it's been good. I haven't gotten any warnings.


And about the cracked software. I actually buy most of the things I download afterwards. It's simply a way for me to check the quality before I buy it. It wouldn't be the case if I knew the things in question were of quality, which sadly isn't the case from time to time.

[maliprog]

Time to finish this

Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update

• Click Start, click Run, type sysdm.cpl, and then press ENTER.
• Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
• Click OK button

2. Delete Temp files

Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.

[maliprog]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.