Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Problems removing Win32:Malware-gen virus/worm

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Problems removing Win32:Malware-gen virus/worm

Unread postby Bearhug » June 1st, 2010, 1:25 pm

Here's what the new OTL scan says:

OTL logfile created on: 2010-06-01 19:19:17 - Run 2
OTL by OldTimer - Version 3.2.5.2 Folder = C:\Users\Bear\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 87,59 Gb Free Space | 37,63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BEAR-LAPTOP
Current User Name: Bear
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Windows\Temp\vrsd.tmp\svchost.exe ()
PRC - C:\Users\Bear\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Wacom_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Windows\System32\WTablet\Wacom_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
PRC - C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation)
PRC - C:\Windows\System32\wisptis.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Bear\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (vsmon) -- C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (TabletServiceWacom) -- C:\Windows\System32\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (UNS) Intel(R) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


========== Driver Services (SafeList) ==========

DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (hpdskflt) -- C:\Windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Company)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (rismc32) -- C:\Windows\System32\drivers\rismc32.sys (RICOH Company, Ltd.)
DRV - (RICOH SmartCard Reader) -- C:\Windows\System32\drivers\rismc32.sys (RICOH Company, Ltd.)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (HECI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (e1yexpress) Intel(R) -- C:\Windows\System32\drivers\e1y6232.sys (Intel Corporation)
DRV - (ADIHdAudAddService) -- C:\Windows\System32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (MfeAVFK) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\Windows\System32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (MfeBOPK) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (MfeRKDK) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (skfiltv) -- C:\Windows\System32\drivers\skfiltv.sys (Creative Technology Ltd.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 62 C2 2B 19 91 FD CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=sv"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: sv@dictionaries.addons.mozilla.org:1.41
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.81
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-06 00:32:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-05-13 15:38:06 | 000,000,000 | ---D | M]

[2010-01-26 00:45:34 | 000,000,000 | ---D | M] -- C:\Users\Bear\AppData\Roaming\Mozilla\Extensions
[2010-05-31 21:38:23 | 000,000,000 | ---D | M] -- C:\Users\Bear\AppData\Roaming\Mozilla\Firefox\Profiles\yto4mr2w.default\extensions
[2010-05-27 20:26:49 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Bear\AppData\Roaming\Mozilla\Firefox\Profiles\yto4mr2w.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010-04-30 17:46:10 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Bear\AppData\Roaming\Mozilla\Firefox\Profiles\yto4mr2w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-05-25 16:21:53 | 000,000,000 | ---D | M] -- C:\Users\Bear\AppData\Roaming\Mozilla\Firefox\Profiles\yto4mr2w.default\extensions\personas@christopher.beard
[2010-01-29 17:28:23 | 000,000,000 | ---D | M] -- C:\Users\Bear\AppData\Roaming\Mozilla\Firefox\Profiles\yto4mr2w.default\extensions\sv@dictionaries.addons.mozilla.org
[2010-05-27 20:31:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-04-01 13:57:37 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010-05-27 20:31:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-05-27 20:31:17 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010-05-29 14:21:55 | 000,397,052 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13702 more lines...
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: () - {F2F4AB8B-E946-43CA-9B49-117B86F704BC} - C:\Windows\System32\dydkrqv.dll File not found
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xportera till Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.co ... 1.71.0.cab (SysInfo Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0d7fa97f-0a4a-11df-b268-002186b191fc}\Shell - "" = AutoRun
O33 - MountPoints2\{0d7fa97f-0a4a-11df-b268-002186b191fc}\Shell\AutoRun\command - "" = F:\Start.exe -- File not found
O33 - MountPoints2\{ddbc38e4-275a-11df-a714-002186b191fc}\Shell - "" = AutoRun
O33 - MountPoints2\{ddbc38e4-275a-11df-a714-002186b191fc}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009-07-14 04:37:08 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010-05-31 22:19:42 | 000,998,736 | ---- | C] (Kaspersky Lab) -- C:\Users\Bear\Desktop\TDSSKiller.exe
[2010-05-31 22:15:18 | 000,000,000 | ---D | C] -- C:\Users\Bear\Desktop\Logs
[2010-05-31 22:11:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-05-31 22:10:27 | 000,000,000 | ---D | C] -- C:\Users\Bear\Desktop\tdsskiller
[2010-05-31 22:09:48 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Users\Bear\Desktop\OTL.exe
[2010-05-31 21:09:47 | 000,000,000 | ---D | C] -- C:\_OTM
[2010-05-31 21:08:43 | 000,518,656 | ---- | C] (OldTimer Tools) -- C:\Users\Bear\Desktop\OTM.exe
[2010-05-30 14:21:17 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Bear\Desktop\TFC.exe
[2010-05-29 17:54:17 | 000,000,000 | ---D | C] -- C:\Users\Bear\AppData\Local\ElevatedDiagnostics
[2010-05-29 14:17:19 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot
[2010-05-29 14:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010-05-29 12:50:12 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsregexp.dll
[2010-05-29 12:50:10 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcommdb.dll
[2010-05-29 12:50:10 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcomm.dll
[2010-05-29 12:50:07 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vswmi.dll
[2010-05-29 12:50:06 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zpeng25.dll
[2010-05-29 12:50:06 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vspubapi.dll
[2010-05-29 12:50:06 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsxml.dll
[2010-05-29 12:50:06 | 000,107,520 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsmonapi.dll
[2010-05-29 12:50:05 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsdata.dll
[2010-05-29 12:50:02 | 000,461,400 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\drivers\vsdatant.sys
[2010-05-29 12:50:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\ZoneLabs
[2010-05-29 12:50:01 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010-05-29 12:49:27 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2010-05-29 12:49:26 | 000,712,192 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsutil.dll
[2010-05-29 12:49:26 | 000,228,352 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsinit.dll
[2010-05-29 12:49:26 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2010-05-27 20:31:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010-05-27 20:31:26 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010-05-27 20:31:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010-05-27 20:31:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010-05-27 20:31:13 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010-05-27 10:58:39 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2010-05-27 10:36:30 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010-05-27 10:36:22 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010-05-27 07:30:51 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010-05-26 16:51:21 | 000,000,000 | ---D | C] -- C:\Users\Bear\AppData\Roaming\Malwarebytes
[2010-05-26 16:51:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010-05-26 16:51:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010-05-26 16:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-05-26 16:51:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010-05-24 13:18:31 | 000,000,000 | ---D | C] -- C:\Users\Bear\AppData\Roaming\Corel
[2010-05-24 13:18:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
[2010-05-24 13:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis
[2010-05-24 13:18:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2010-05-24 13:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
[2010-05-23 00:27:46 | 000,000,000 | ---D | C] -- C:\Program Files\WinSCP
[2010-05-14 10:32:54 | 000,000,000 | ---D | C] -- C:\Users\Bear\AppData\Local\GRAW2
[2010-05-14 10:32:54 | 000,000,000 | ---D | C] -- C:\ProgramData\GRAW2
[2010-05-14 10:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2010-05-13 15:38:06 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010-05-13 15:31:13 | 000,000,000 | ---D | C] -- C:\Users\Bear\AppData\Roaming\SystemRequirementsLab
[2010-05-10 12:36:49 | 000,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll
[2010-05-10 12:22:20 | 000,000,000 | ---D | C] -- C:\Users\Bear\Documents\Skolarbete
[2010-05-10 12:21:54 | 000,000,000 | ---D | C] -- C:\Users\Bear\Documents\Kvitton
[2010-05-10 08:20:06 | 000,000,000 | ---D | C] -- C:\Users\Bear\WUU
[2008-10-09 04:28:56 | 000,195,112 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2010-06-01 19:20:20 | 007,602,176 | -HS- | M] () -- C:\Users\Bear\NTUSER.DAT
[2010-06-01 19:12:00 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010-06-01 17:01:15 | 000,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010-06-01 17:01:15 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010-06-01 17:01:15 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010-06-01 09:25:16 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010-06-01 09:25:16 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010-06-01 09:23:00 | 000,100,908 | ---- | M] () -- C:\Users\Bear\Desktop\SystemLook.exe
[2010-06-01 09:18:57 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010-06-01 09:18:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-06-01 09:17:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-06-01 09:17:47 | 2412,195,840 | -HS- | M] () -- C:\hiberfil.sys
[2010-05-31 22:30:33 | 002,547,029 | -H-- | M] () -- C:\Users\Bear\AppData\Local\IconCache.db
[2010-05-31 22:09:49 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Bear\Desktop\OTL.exe
[2010-05-31 21:10:41 | 000,293,376 | ---- | M] () -- C:\Users\Bear\Desktop\iky8vj35.exe
[2010-05-31 21:08:45 | 000,518,656 | ---- | M] (OldTimer Tools) -- C:\Users\Bear\Desktop\OTM.exe
[2010-05-31 20:00:00 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010-05-30 21:44:36 | 000,966,423 | ---- | M] () -- C:\Users\Bear\Desktop\tdsskiller.zip
[2010-05-30 14:21:19 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\Bear\Desktop\TFC.exe
[2010-05-30 14:11:00 | 000,451,584 | ---- | M] () -- C:\Users\Bear\Desktop\CKScanner.exe
[2010-05-29 14:21:55 | 000,397,052 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010-05-29 12:50:26 | 000,420,800 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2010-05-29 12:50:13 | 000,001,036 | ---- | M] () -- C:\Users\Bear\Desktop\ZoneAlarm Security.lnk
[2010-05-27 20:31:17 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010-05-27 20:31:16 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010-05-27 20:31:16 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010-05-27 20:31:16 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010-05-27 10:58:39 | 000,002,981 | ---- | M] () -- C:\Users\Bear\Desktop\HiJackThis.lnk
[2010-05-27 10:36:23 | 000,000,973 | ---- | M] () -- C:\Users\Bear\Desktop\SpywareBlaster.lnk
[2010-05-27 09:57:04 | 313,159,715 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010-05-26 16:51:17 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-05-26 13:03:22 | 001,238,528 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\zpeng25.dll
[2010-05-26 13:03:16 | 000,712,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsutil.dll
[2010-05-26 13:03:16 | 000,110,080 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsxml.dll
[2010-05-26 13:03:16 | 000,103,936 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcommdb.dll
[2010-05-26 13:03:16 | 000,069,120 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcomm.dll
[2010-05-26 13:03:16 | 000,043,008 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\vswmi.dll
[2010-05-26 13:03:14 | 000,302,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\vspubapi.dll
[2010-05-26 13:03:14 | 000,228,352 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsinit.dll
[2010-05-26 13:03:14 | 000,112,128 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsdata.dll
[2010-05-26 13:03:14 | 000,107,520 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsmonapi.dll
[2010-05-26 13:03:14 | 000,058,368 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsregexp.dll
[2010-05-25 12:53:26 | 000,998,736 | ---- | M] (Kaspersky Lab) -- C:\Users\Bear\Desktop\TDSSKiller.exe
[2010-05-24 13:20:38 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2010-05-24 13:20:27 | 000,000,088 | RHS- | M] () -- C:\ProgramData\BDAF5E86DE.sys
[2010-05-23 00:51:32 | 000,000,600 | ---- | M] () -- C:\Users\Bear\AppData\Roaming\winscp.rnd
[2010-05-22 23:10:24 | 002,456,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010-05-22 15:35:14 | 000,125,840 | ---- | M] () -- C:\Users\Bear\AppData\Local\GDIPFONTCACHEV1.DAT
[2010-05-15 16:30:50 | 000,461,400 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\drivers\vsdatant.sys
[2010-05-12 11:21:16 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010-05-09 15:12:33 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010-05-06 22:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010-05-06 22:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010-05-06 22:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010-05-06 22:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010-05-06 22:34:10 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010-05-06 22:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

========== Files Created - No Company Name ==========

[2010-06-01 09:22:58 | 000,100,908 | ---- | C] () -- C:\Users\Bear\Desktop\SystemLook.exe
[2010-05-31 21:10:40 | 000,293,376 | ---- | C] () -- C:\Users\Bear\Desktop\iky8vj35.exe
[2010-05-31 19:17:32 | 000,004,030 | ---- | C] () -- C:\Users\Bear\AppData\Local\F2F4AB8B-E946-43CA-9B49-117B86F704BC.txt
[2010-05-30 21:44:30 | 000,966,423 | ---- | C] () -- C:\Users\Bear\Desktop\tdsskiller.zip
[2010-05-30 14:10:58 | 000,451,584 | ---- | C] () -- C:\Users\Bear\Desktop\CKScanner.exe
[2010-05-29 12:50:13 | 000,001,036 | ---- | C] () -- C:\Users\Bear\Desktop\ZoneAlarm Security.lnk
[2010-05-29 12:50:02 | 000,420,800 | -H-- | C] () -- C:\Windows\System32\drivers\vsconfig.xml
[2010-05-27 10:58:39 | 000,002,981 | ---- | C] () -- C:\Users\Bear\Desktop\HiJackThis.lnk
[2010-05-27 10:36:23 | 000,000,973 | ---- | C] () -- C:\Users\Bear\Desktop\SpywareBlaster.lnk
[2010-05-27 07:30:46 | 313,159,715 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010-05-26 16:51:17 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-05-24 13:18:32 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010-05-24 13:18:32 | 000,000,088 | RHS- | C] () -- C:\ProgramData\BDAF5E86DE.sys
[2010-05-24 13:15:27 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010-05-23 00:27:47 | 000,000,600 | ---- | C] () -- C:\Users\Bear\AppData\Roaming\winscp.rnd
[2010-03-15 01:57:08 | 000,025,262 | ---- | C] () -- C:\Windows\System32\xfisk.ini
[2010-01-27 17:14:31 | 000,001,209 | ---- | C] () -- C:\Windows\skSPcfg.ini
[2010-01-27 17:14:31 | 000,000,381 | ---- | C] () -- C:\Windows\skMCcfg.ini
[2010-01-26 09:35:30 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010-01-26 09:10:40 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010-01-26 00:50:55 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009-12-02 20:39:02 | 020,317,504 | ---- | C] () -- C:\Windows\System32\TrueSuiteCoInst02020000.dll
[2009-11-06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009-08-03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009-08-03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009-08-03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009-08-03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009-08-03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009-08-03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009-08-03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009-08-03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009-08-03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009-08-03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009-08-03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009-07-14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008-10-09 04:32:46 | 001,810,856 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008-10-09 04:31:10 | 000,034,856 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2007-09-13 08:27:36 | 000,000,052 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2006-05-19 19:39:58 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2006-03-09 17:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2002-10-16 00:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: ATAPI.SYS >
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: NDIS.SYS >
[2009-07-14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys
[2009-07-14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
Bearhug
Regular Member
 
Posts: 16
Joined: May 27th, 2010, 4:46 am
Advertisement
Register to Remove

Re: Problems removing Win32:Malware-gen virus/worm

Unread postby askey127 » June 1st, 2010, 3:39 pm

Bearhug,
Need to check out this one file:
Set Your Computer to Show All Files/Folders.

  • Click Start, Control Panel, Appearance and Personalization, Folder Options .
  • Under the Hidden files and folders heading, CHECK Show hidden files and folders.
  • UNCHECK Hide protected operating system files (recommended).
  • UNCHECK Hide file extensions for known file types.
  • Click Apply and OK.

Next
Upload a File to Jotti

Please go to jotti.org
Copy/paste this file and path into the white box at the top:
C:\Windows\system32\drivers\ndis.sys

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.

If you have trouble using jotti try Virustotal
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Problems removing Win32:Malware-gen virus/worm

Unread postby Bearhug » June 1st, 2010, 3:47 pm

Hey,

Unsure what to copy, but 0 of 20 scanners reported malware and here is the permalink:
http://virusscan.jotti.org/en/scanresult/f81430df38d322ca5ccd120dfd4ff14fdd2a109a/3737f24273442e79c3893c64cd71c0b26bd5a4b4
Bearhug
Regular Member
 
Posts: 16
Joined: May 27th, 2010, 4:46 am

Re: Problems removing Win32:Malware-gen virus/worm

Unread postby askey127 » June 1st, 2010, 3:55 pm

Bearhug,
Verify for me whether you still are getting Rootkit messages from Avast.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Problems removing Win32:Malware-gen virus/worm

Unread postby Bearhug » June 1st, 2010, 4:09 pm

Now it's been about 24 hours since Avast last reported the rootkit problems ("dydkrqv.dll" or "win32:rootkit-gen"), but during the day today ZoneAlarm has asked repeatedly if "svchost.exe" may access the internet, I assume this isn't one of the standard "svchost.exe" things or it would have been known by ZoneAlarm?

I have also gotten one or two new tabs open in firefox with questionable urls.

Well I'm unsure but the Avast warning pop-ups have gone away more or less, or at least became rarer.
Bearhug
Regular Member
 
Posts: 16
Joined: May 27th, 2010, 4:46 am

Re: Problems removing Win32:Malware-gen virus/worm

Unread postby askey127 » June 1st, 2010, 4:30 pm

Bear,
The Zonealarm messages may be legitimate.
Monitor the behavior for another day, and let me know what you see.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Problems removing Win32:Malware-gen virus/worm

Unread postby Bearhug » June 1st, 2010, 4:43 pm

Will do!
Bearhug
Regular Member
 
Posts: 16
Joined: May 27th, 2010, 4:46 am

Re: Problems removing Win32:Malware-gen virus/worm

Unread postby Bearhug » June 2nd, 2010, 5:06 am

So far the problems seems to be to a far less extent, Avast isn't warning about it anymore and I've only have one browser redirect. I still can't use windows update, not the built-in nor the web based one, both connects for barely a second and then decides they can't reach the windows update and the solution they give me is that my internet isn't working. Which it clearly is in all other instances. Seems fishy but if this isn't the work of the virus I guess we've done everything we can then. :)
Bearhug
Regular Member
 
Posts: 16
Joined: May 27th, 2010, 4:46 am

Re: Problems removing Win32:Malware-gen virus/worm

Unread postby askey127 » June 2nd, 2010, 6:29 am

Open Internet Explorer.
Click Tools, Internet Options.
Click the Security tab.
Click the Trusted Sites zone. Set the slider to Medium, if it is not already.
Click the Sites button.
Highlight all the items shown in the Websites box, and click Remove.
Make sure the checkbox at the bottom labeled "Require server verification......." is checked.
Click Close

Can you tell me if you remember installing a HOSTS file, and/or where it came from ?
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Problems removing Win32:Malware-gen virus/worm

Unread postby Bearhug » June 2nd, 2010, 7:25 am

The Internet Explorer options are set to just as you describe them to be, and I have not installed a HOSTS file and I checked the existing one (assuming it's under "C:\Windows\System32\drivers\etc\") and it contains nothing but comment lines starting with "#".
Bearhug
Regular Member
 
Posts: 16
Joined: May 27th, 2010, 4:46 am

Re: Problems removing Win32:Malware-gen virus/worm

Unread postby askey127 » June 2nd, 2010, 4:05 pm

Bearhug,
I would suggest looking at this very trustworthy web site http://www.mvps.org/winhelp2002/hosts.htm
dealing with HOSTS files, and following the instructions exactly for the download and install on your machine. It is one of the most useful safeguards you can use. It's passive, and it imposes no measurable penalty on speed of your machine.

If you go with it, be SURE to read the part about the DNS Client Service.
It usually has to be disabled before the HOSTS is installed, or the bootups and browser starts will take a long time.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Problems removing Win32:Malware-gen virus/worm

Unread postby Bearhug » June 2nd, 2010, 5:10 pm

Alright, quite a big read, gone through most of it. Seems sensible and so I've installed the HOSTS file also.

Well if that's it, I must say big thanks for your help! It's been really appreciated and I guess the windows update problem is something I'll have to go over with microsoft or similar since it's most likely not malware causing it?

Many bearhugs to you Askey! :)
Bearhug
Regular Member
 
Posts: 16
Joined: May 27th, 2010, 4:46 am

Re: Problems removing Win32:Malware-gen virus/worm

Unread postby askey127 » June 2nd, 2010, 6:10 pm

Bearhug,
I don't see any malware on your system right now.
Good luck in the future.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Problems removing Win32:Malware-gen virus/worm

Unread postby askey127 » June 3rd, 2010, 7:53 am

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 199 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware