Jump to content

Shell.exe, DWM.exe and svchoost.exe -- problem


Recommended Posts

Hello,

First of all I must say MWB is a great application!

Now I have a little problem, concerning Shell.exe, DWM.exe and svchoost.exe which are identified as trojans. I am running the latest Malwarebytes and it detects those three executables and lets me quaranten them and then delete them, but of course they reappar next time I start windows. Upon quickscanning it also detects some 9 related objects.

Here's the result from scan:

LOG:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5150

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

2010-11-20 02:19:10

mbam-log-2010-11-20 (02-19-10).txt

Scan type: Full scan (C:\|)

Objects scanned: 365004

Time elapsed: 1 hour(s), 21 minute(s), 49 second(s)

Memory Processes Infected: 2

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 2

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

C:\Users\Johan\AppData\Roaming\Microsoft\svchost.exe (Backdoor.Bot) -> Unloaded process successfully.

C:\Users\Johan\AppData\Local\Temp\dwm.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Data: c:\users\johan\appdata\local\temp\dwm.exe -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\Users\Johan\AppData\Roaming\Microsoft\Windows\shell.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\Johan\AppData\Roaming\Microsoft\stor.cfg (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Johan\AppData\Roaming\Microsoft\svchost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Users\Johan\AppData\Roaming\Microsoft\Windows\shell.exe (Trojan.Shell) -> Quarantined and deleted successfully.

C:\Users\Johan\AppData\Local\Temp\dwm.exe (Trojan.Agent) -> Quarantined and deleted successfully.

PROTECTION LOG:

02:18:16 Johan DETECTION C:\Users\Johan\AppData\Roaming\Microsoft\svchost.exe Backdoor.Bot QUARANTINE

02:18:17 Johan ERROR Quarantine failed: DeleteFile failed with error code 5

02:18:21 Johan DETECTION C:\Users\Johan\AppData\Local\Temp\dwm.exe Trojan.Agent QUARANTINE

02:18:21 Johan DETECTION C:\Users\Johan\AppData\Local\Temp\dwm.exe Trojan.Agent DENY

02:18:23 Johan ERROR Quarantine failed: DeleteFile failed with error code 5

02:18:30 Johan DETECTION C:\Users\Johan\AppData\Roaming\Microsoft\Windows\shell.exe Trojan.Shell QUARANTINE

02:18:40 Johan DETECTION C:\Users\Johan\AppData\Local\Temp\dwm.exe Trojan.Agent DENY

02:22:56 Johan MESSAGE Protection started successfully

02:23:01 Johan MESSAGE IP Protection started successfully

11:42:20 Johan MESSAGE Protection started successfully

11:42:24 Johan MESSAGE IP Protection started successfully

11:42:51 Johan DETECTION C:\USERS\JOHAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\SHELL.EXE Trojan.Shell QUARANTINE

11:42:52 Johan ERROR Quarantine failed: UtilityReadFile failed with error code 2

11:42:52 Johan DETECTION C:\USERS\JOHAN\APPDATA\ROAMING\MICROSOFT\SVCHOST.EXE Backdoor.Bot QUARANTINE

11:42:53 Johan ERROR Quarantine failed: UtilityReadFile failed with error code 2

11:42:57 Johan DETECTION C:\USERS\JOHAN\APPDATA\LOCAL\TEMP\DWM.EXE Trojan.Agent QUARANTINE

11:42:58 Johan ERROR Quarantine failed: UtilityReadFile failed with error code 2

11:48:18 Johan DETECTION C:\USERS\JOHAN\APPDATA\LOCAL\TEMP\DWM.EXE Trojan.Agent DENY

11:55:05 Johan MESSAGE Protection started successfully

11:55:09 Johan MESSAGE IP Protection started successfully

12:01:31 Johan DETECTION C:\USERS\JOHAN\APPDATA\LOCAL\TEMP\DWM.EXE Trojan.Agent QUARANTINE

12:01:32 Johan ERROR Quarantine failed: UtilityReadFile failed with error code 2

12:08:36 Johan MESSAGE Protection started successfully

12:08:41 Johan MESSAGE IP Protection started successfully

15:10:58 Johan DETECTION C:\USERS\JOHAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\SHELL.EXE Trojan.Shell QUARANTINE

15:10:59 Johan ERROR Quarantine failed: UtilityReadFile failed with error code 2

15:10:59 Johan DETECTION C:\USERS\JOHAN\APPDATA\ROAMING\MICROSOFT\SVCHOST.EXE Backdoor.Bot QUARANTINE

15:11:00 Johan ERROR Quarantine failed: UtilityReadFile failed with error code 2

15:11:01 Johan DETECTION C:\USERS\JOHAN\APPDATA\LOCAL\TEMP\DWM.EXE Trojan.Agent QUARANTINE

15:11:02 Johan ERROR Quarantine failed: UtilityReadFile failed with error code 2

Here's the DDS log:

DDS (Ver_10-11-10.01) - NTFS_AMD64

Run by Johan at 15:14:46,95 on 2010-11-20

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18

Microsoft Windows 7 Professional 6.1.7600.0.1252.46.1033.18.6142.4202 [GMT 1:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Steam\steam.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\taskmgr.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Johan\Downloads\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = http=127.0.0.1:50370

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Windows Live inloggningshj

Attach.zip

Link to post
Share on other sites

Hello ,

And :) My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the Quick Scan button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please Download Rootkit Unhooker Save it to your desktop.

  • extract RKUnhooker to your desktop
    • Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file -
      you can get a free one from here -
    http://www.7-zip.org/

  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

"just click on Cancel, then Accept".

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

Link to post
Share on other sites

Hello,

Here's the OTL:

OTL logfile created on: 2010-11-22 17:33:55 - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Johan\Desktop

64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

6,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 80,00% Memory free

12,00 Gb Paging File | 11,00 Gb Available in Paging File | 90,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465,75 Gb Total Space | 117,93 Gb Free Space | 25,32% Space Free | Partition Type: NTFS

Computer Name: JOHAN-PC | User Name: Johan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010-11-22 17:33:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Johan\Desktop\OTL.exe

PRC - [2010-10-28 19:44:18 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2010-09-07 16:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2010-09-07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2010-06-07 16:05:06 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2010-04-29 14:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2010-04-29 14:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2010-03-07 12:56:15 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2009-10-14 15:42:38 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe

PRC - [2009-10-14 15:42:38 | 000,104,408 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe

PRC - [2009-07-20 03:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

========== Modules (SafeList) ==========

MOD - [2010-11-22 17:33:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Johan\Desktop\OTL.exe

MOD - [2010-08-21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

MOD - [2009-07-20 03:00:00 | 000,057,344 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\x86\GameHook.dll

MOD - [2009-07-20 03:00:00 | 000,038,912 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\x86\lgscroll.dll

MOD - [2009-06-10 22:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b

5\msvcr80.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)

SRV:64bit: - [2010-09-07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)

SRV:64bit: - [2010-09-07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)

SRV:64bit: - [2010-09-07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2009-07-20 11:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2010-11-09 15:20:32 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2010-06-07 16:05:06 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2010-04-29 14:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010-03-07 12:56:15 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2009-10-14 15:42:38 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)

SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010-09-14 18:08:39 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2010-09-07 15:47:33 | 000,061,008 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2010-04-29 14:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2010-04-17 23:49:15 | 000,311,968 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)

DRV:64bit: - [2009-10-15 17:52:19 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)

DRV:64bit: - [2009-09-23 09:42:58 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)

DRV:64bit: - [2009-07-14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009-07-14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009-07-14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009-06-17 17:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)

DRV:64bit: - [2009-06-17 17:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2009-06-17 17:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2009-06-10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009-06-10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)

DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2007-04-12 15:29:04 | 000,828,416 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudax3.sys -- (cmuda3)

DRV - [2010-07-12 19:49:03 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)

DRV - [2007-02-07 19:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-104771432-2638573790-3335432285-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-104771432-2638573790-3335432285-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv

IE - HKU\S-1-5-21-104771432-2638573790-3335432285-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F4 B7 C7 28 25 62 CB 01 [binary data]

IE - HKU\S-1-5-21-104771432-2638573790-3335432285-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-104771432-2638573790-3335432285-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

========== FireFox ==========

FF - prefs.js..network.proxy.http: "127.0.0.1"

FF - prefs.js..network.proxy.http_port: 50370

FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010-10-28 19:44:19 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010-10-28 19:44:19 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010-10-28 17:15:23 | 000,000,000 | ---D | M]

[2010-09-08 10:59:05 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\Mozilla\Extensions

[2010-09-08 10:59:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johan\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2009-10-13 19:05:10 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\su10segj.default\extensions

[2010-11-21 13:27:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010-09-09 07:37:48 | 000,001,470 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\allaannonser-sv-SE.xml

[2010-09-09 07:37:49 | 000,002,670 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\prisjakt-sv-SE.xml

[2010-09-09 07:37:49 | 000,000,948 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\tyda-sv-SE.xml

[2010-09-09 07:37:49 | 000,001,174 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-sv-SE.xml

[2010-09-09 07:37:49 | 000,000,647 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-sv-SE.xml

O1 HOSTS File: ([2010-03-26 14:48:12 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O4:64bit: - HKLM..\Run: [CmPCIaudio] C:\Windows\Syswow64\cmicnfg3.CPL (C-Media Corporation)

O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe ()

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [sSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-104771432-2638573790-3335432285-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKU\S-1-5-21-104771432-2638573790-3335432285-1001 Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{1aa5a365-b821-11de-a303-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE -- File not found

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe -- File not found

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\SETUP.EXE -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-11-22 17:34:31 | 000,719,574 | ---- | C] (UG North ) -- C:\Users\Johan\Desktop\RkU3.8.388.590.exe

[2010-11-22 17:33:18 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Johan\Desktop\OTL.exe

[2010-11-20 12:23:32 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure

[2010-11-10 14:47:52 | 000,000,000 | ---D | C] -- C:\Users\Johan\AppData\Local\Activision

[2010-11-08 20:49:40 | 000,000,000 | ---D | C] -- C:\Users\Johan\AppData\Local\Octoshape

[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-11-22 17:33:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Johan\Desktop\OTL.exe

[2010-11-22 17:29:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010-11-22 17:29:26 | 535,683,071 | -HS- | M] () -- C:\hiberfil.sys

[2010-11-22 11:42:22 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010-11-22 11:42:22 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010-11-20 15:35:58 | 000,002,738 | ---- | M] () -- C:\Users\Johan\Desktop\Attach.zip

[2010-11-20 15:17:23 | 000,296,448 | ---- | M] () -- C:\Users\Johan\Desktop\bq0okyq9.exe

[2010-11-17 14:47:43 | 000,000,221 | ---- | M] () -- C:\Users\Johan\Desktop\Call of Duty Black Ops.url

[2010-11-17 14:47:43 | 000,000,221 | ---- | M] () -- C:\Users\Johan\Desktop\Call of Duty Black Ops - Multiplayer.url

[2010-11-14 20:42:27 | 000,234,280 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2010-11-14 20:42:27 | 000,234,280 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2010-11-10 12:48:21 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010-11-10 12:48:21 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010-11-10 12:48:21 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010-11-08 14:08:43 | 000,000,007 | ---- | M] () -- C:\Users\Johan\Desktop\SOV TIDIGT!!!!!!!!!!!!!!!!!!!!!!!.rtf

[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-11-20 15:35:58 | 000,002,738 | ---- | C] () -- C:\Users\Johan\Desktop\Attach.zip

[2010-11-20 15:17:22 | 000,296,448 | ---- | C] () -- C:\Users\Johan\Desktop\bq0okyq9.exe

[2010-11-17 14:47:43 | 000,000,221 | ---- | C] () -- C:\Users\Johan\Desktop\Call of Duty Black Ops.url

[2010-11-17 14:47:43 | 000,000,221 | ---- | C] () -- C:\Users\Johan\Desktop\Call of Duty Black Ops - Multiplayer.url

[2010-11-08 14:08:43 | 000,000,007 | ---- | C] () -- C:\Users\Johan\Desktop\SOV TIDIGT!!!!!!!!!!!!!!!!!!!!!!!.rtf

[2010-06-30 21:34:50 | 000,000,617 | ---- | C] () -- C:\Users\Johan\AppData\Roaming\myMPQ.ini

[2010-06-07 18:46:11 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2010-02-21 00:09:12 | 000,000,343 | ---- | C] () -- C:\Windows\doom3.ini

[2009-11-25 15:10:43 | 000,722,382 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2009-11-25 15:10:43 | 000,000,220 | ---- | C] () -- C:\Windows\ODBCINST.INI

[2009-10-14 01:01:40 | 000,007,605 | ---- | C] () -- C:\Users\Johan\AppData\Local\Resmon.ResmonCfg

[2009-10-13 19:08:36 | 000,000,564 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi

[2009-10-13 19:08:35 | 000,000,727 | ---- | C] () -- C:\Windows\cmudax3.ini

[2009-08-07 19:51:34 | 000,178,430 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009-07-13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2007-01-16 14:49:22 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\VMix.dll

========== LOP Check ==========

[2010-09-20 15:13:42 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\.minecraft

[2010-10-10 16:14:28 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\Audacity

[2010-03-25 16:28:17 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\Command and Conquer 4

[2009-11-25 18:18:04 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\ConceptDraw MINDMAP

[2009-11-25 18:17:52 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\ConceptDraw MindMap 6

[2009-11-25 18:18:11 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\CSOdessa

[2010-09-14 18:19:50 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\DAEMON Tools Lite

[2010-07-26 21:28:23 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\DarkRadiant

[2010-09-20 19:54:19 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\Dropbox

[2009-11-25 18:15:27 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\FileZilla

[2010-07-26 16:10:11 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\gtk-2.0

[2009-10-25 11:31:52 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\Helios

[2010-06-17 16:27:41 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\IrfanView

[2010-07-18 23:18:21 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\Leadertech

[2010-08-29 14:29:11 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\Octoshape

[2010-10-18 01:04:31 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\OpenOffice.org

[2009-11-23 21:29:00 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\Registry Mechanic

[2010-11-21 19:16:17 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\Spotify

[2010-04-04 02:05:39 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\SystemRequirementsLab

[2010-02-26 14:20:38 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\The Creative Assembly

[2010-09-08 10:59:03 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\Thunderbird

[2010-11-16 17:30:27 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\uTorrent

[2010-11-16 11:47:00 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:D1B5B4F1

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:8CE646EE

< End of report >

Here's the Extra:

OTL Extras logfile created on: 2010-11-22 17:33:55 - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Johan\Desktop

64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

6,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 80,00% Memory free

12,00 Gb Paging File | 11,00 Gb Available in Paging File | 90,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465,75 Gb Total Space | 117,93 Gb Free Space | 25,32% Space Free | Partition Type: NTFS

Computer Name: JOHAN-PC | User Name: Johan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-104771432-2638573790-3335432285-1001\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer

"{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java 6 Update 16 (64-bit)

"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

"{4723f199-fa64-4233-8e6e-9fccc95a18ef}" = Python 2.6.5 (64-bit)

"{64A3A4F4-B792-11D6-A78A-00B0D0160160}" = Java SE Development Kit 6 Update 16 (64-bit)

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper

"C-Media PCI Audio Driver" = Aureon 5.1 PCI

"DarkRadiant_is1" = DarkRadiant 1.3.2 x64

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0A5DAE9E-DD2A-40D1-9AEB-06F31133A9DE}" = OpenOffice.org 3.2

"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III

"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6

"{0E93710D-31E5-477C-8A4B-5032B484BE74}" = Windows Live inloggningsassistenten

"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java 6 Update 18

"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable

"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company

Link to post
Share on other sites

Hi, RKU will not run on most 64 bit systems. Please run the following fix, followed by an updated, full MBAM scan and post me the logs of both.

OTL FIX

------------

We need to run an OTL Fix

  1. Please reopen otlDesktopIcon.png on your desktop.
  2. Copy and Paste the following code into the customFix.png textbox.
    :otl
    IE - HKU\S-1-5-21-104771432-2638573790-3335432285-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 50370

    :commands
    [emptytemp]


  3. Push runFixbutton.png
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click btnOK.png.
  6. A report will open. Copy and Paste that report in your next reply.

Link to post
Share on other sites

Here's the OTL log

All processes killed

========== OTL ==========

HKU\S-1-5-21-104771432-2638573790-3335432285-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

Prefs.js: "127.0.0.1" removed from network.proxy.http

Prefs.js: 50370 removed from network.proxy.http_port

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Johan

->Temp folder emptied: 781095915 bytes

->Temporary Internet Files folder emptied: 53838401 bytes

->Java cache emptied: 31578860 bytes

->FireFox cache emptied: 104492547 bytes

->Flash cache emptied: 1183324 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 557056 bytes

%systemroot%\System32 .tmp files removed: 1619120 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 7990088 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67697 bytes

RecycleBin emptied: 2738 bytes

Total Files Cleaned = 937,00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 11222010_192520

Files\Folders moved on Reboot...

C:\Users\Johan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File\Folder C:\Users\Johan\AppData\Local\Temp\uppg2.pdf not found!

File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Here's the MBAM log of a full scan

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5171

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

2010-11-22 20:35:26

mbam-log-2010-11-22 (20-35-26).txt

Scan type: Full scan (C:\|)

Objects scanned: 361895

Time elapsed: 1 hour(s), 2 minute(s), 59 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Yet again I get a warning from MBAM telling me to block DWM.exe, as said here;

00:39:15 Johan DETECTION C:\USERS\JOHAN\APPDATA\LOCAL\TEMP\DWM.EXE Trojan.Agent QUARANTINE

00:39:16 Johan ERROR Quarantine failed: UtilityReadFile failed with error code 2

This blocking message came like 4 hours after I scanned; so in a period of 5 hours nothing happened untill now O_o

Link to post
Share on other sites

Hello,

Here's OTL.text;

OTL logfile created on: 2010-11-23 16:39:21 - Run 3

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Johan\Desktop

64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 71,00% Memory free

12,00 Gb Paging File | 10,00 Gb Available in Paging File | 83,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465,75 Gb Total Space | 118,76 Gb Free Space | 25,50% Space Free | Partition Type: NTFS

Computer Name: JOHAN-PC | User Name: Johan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010-11-22 17:33:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Johan\Desktop\OTL.exe

PRC - [2010-10-28 19:44:18 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2010-09-07 16:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2010-09-07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2010-06-07 16:05:06 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2010-04-29 14:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2010-04-29 14:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2010-03-07 12:56:15 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2009-10-14 15:42:38 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe

PRC - [2009-10-14 15:42:38 | 000,104,408 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe

PRC - [2009-07-20 03:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

========== Modules (SafeList) ==========

MOD - [2010-11-22 17:33:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Johan\Desktop\OTL.exe

MOD - [2010-08-21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

MOD - [2009-07-20 03:00:00 | 000,057,344 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\x86\GameHook.dll

MOD - [2009-07-20 03:00:00 | 000,038,912 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\x86\lgscroll.dll

MOD - [2009-06-10 22:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b

5\msvcr80.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)

SRV:64bit: - [2010-09-07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)

SRV:64bit: - [2010-09-07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)

SRV:64bit: - [2010-09-07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2009-07-20 11:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2010-11-09 15:20:32 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2010-06-07 16:05:06 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2010-04-29 14:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010-03-07 12:56:15 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2009-10-14 15:42:38 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)

SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010-09-14 18:08:39 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2010-09-07 15:47:33 | 000,061,008 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2010-04-29 14:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2010-04-17 23:49:15 | 000,311,968 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)

DRV:64bit: - [2009-10-15 17:52:19 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)

DRV:64bit: - [2009-09-23 09:42:58 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)

DRV:64bit: - [2009-07-14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009-07-14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009-07-14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009-06-17 17:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)

DRV:64bit: - [2009-06-17 17:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2009-06-17 17:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2009-06-10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009-06-10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)

DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2007-04-12 15:29:04 | 000,828,416 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudax3.sys -- (cmuda3)

DRV - [2010-11-22 17:42:42 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\Normandy.sys -- (Normandy)

DRV - [2010-07-12 19:49:03 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)

DRV - [2007-02-07 19:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-104771432-2638573790-3335432285-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-104771432-2638573790-3335432285-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv

IE - HKU\S-1-5-21-104771432-2638573790-3335432285-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F4 B7 C7 28 25 62 CB 01 [binary data]

IE - HKU\S-1-5-21-104771432-2638573790-3335432285-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010-10-28 19:44:19 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010-10-28 19:44:19 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010-10-28 17:15:23 | 000,000,000 | ---D | M]

[2010-09-08 10:59:05 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\Mozilla\Extensions

[2010-09-08 10:59:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johan\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2009-10-13 19:05:10 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\su10segj.default\extensions

[2010-11-22 17:42:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010-09-09 07:37:48 | 000,001,470 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\allaannonser-sv-SE.xml

[2010-09-09 07:37:49 | 000,002,670 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\prisjakt-sv-SE.xml

[2010-09-09 07:37:49 | 000,000,948 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\tyda-sv-SE.xml

[2010-09-09 07:37:49 | 000,001,174 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-sv-SE.xml

[2010-09-09 07:37:49 | 000,000,647 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-sv-SE.xml

O1 HOSTS File: ([2010-03-26 14:48:12 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O4:64bit: - HKLM..\Run: [CmPCIaudio] C:\Windows\Syswow64\cmicnfg3.CPL (C-Media Corporation)

O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe ()

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [sSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-104771432-2638573790-3335432285-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKU\S-1-5-21-104771432-2638573790-3335432285-1001 Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{1aa5a365-b821-11de-a303-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{1aa5a365-b821-11de-a303-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE -- File not found

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe -- File not found

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\SETUP.EXE -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-11-22 19:25:20 | 000,000,000 | ---D | C] -- C:\_OTL

[2010-11-22 17:34:31 | 000,719,574 | ---- | C] (UG North ) -- C:\Users\Johan\Desktop\RkU3.8.388.590.exe

[2010-11-22 17:33:18 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Johan\Desktop\OTL.exe

[2010-11-20 12:23:32 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure

[2010-11-10 14:47:52 | 000,000,000 | ---D | C] -- C:\Users\Johan\AppData\Local\Activision

[2010-11-08 20:49:40 | 000,000,000 | ---D | C] -- C:\Users\Johan\AppData\Local\Octoshape

========== Files - Modified Within 30 Days ==========

[2010-11-23 16:26:28 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010-11-23 16:26:28 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010-11-23 16:19:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010-11-23 16:19:04 | 535,683,071 | -HS- | M] () -- C:\hiberfil.sys

[2010-11-22 17:42:42 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys

[2010-11-22 17:33:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Johan\Desktop\OTL.exe

[2010-11-20 15:17:23 | 000,296,448 | ---- | M] () -- C:\Users\Johan\Desktop\bq0okyq9.exe

[2010-11-17 14:47:43 | 000,000,221 | ---- | M] () -- C:\Users\Johan\Desktop\Call of Duty Black Ops.url

[2010-11-17 14:47:43 | 000,000,221 | ---- | M] () -- C:\Users\Johan\Desktop\Call of Duty Black Ops - Multiplayer.url

[2010-11-14 20:42:27 | 000,234,280 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2010-11-14 20:42:27 | 000,234,280 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2010-11-10 12:48:21 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010-11-10 12:48:21 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010-11-10 12:48:21 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010-11-08 14:08:43 | 000,000,007 | ---- | M] () -- C:\Users\Johan\Desktop\SOV TIDIGT!!!!!!!!!!!!!!!!!!!!!!!.rtf

========== Files Created - No Company Name ==========

[2010-11-22 17:38:59 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys

[2010-11-20 15:17:22 | 000,296,448 | ---- | C] () -- C:\Users\Johan\Desktop\bq0okyq9.exe

[2010-11-17 14:47:43 | 000,000,221 | ---- | C] () -- C:\Users\Johan\Desktop\Call of Duty Black Ops.url

[2010-11-17 14:47:43 | 000,000,221 | ---- | C] () -- C:\Users\Johan\Desktop\Call of Duty Black Ops - Multiplayer.url

[2010-11-08 14:08:43 | 000,000,007 | ---- | C] () -- C:\Users\Johan\Desktop\SOV TIDIGT!!!!!!!!!!!!!!!!!!!!!!!.rtf

[2010-06-30 21:34:50 | 000,000,617 | ---- | C] () -- C:\Users\Johan\AppData\Roaming\myMPQ.ini

[2010-06-07 18:46:11 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2010-02-21 00:09:12 | 000,000,343 | ---- | C] () -- C:\Windows\doom3.ini

[2009-11-25 15:10:43 | 000,722,382 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2009-11-25 15:10:43 | 000,000,220 | ---- | C] () -- C:\Windows\ODBCINST.INI

[2009-10-14 01:01:40 | 000,007,605 | ---- | C] () -- C:\Users\Johan\AppData\Local\Resmon.ResmonCfg

[2009-10-13 19:08:36 | 000,000,564 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi

[2009-10-13 19:08:35 | 000,000,727 | ---- | C] () -- C:\Windows\cmudax3.ini

[2009-08-07 19:51:34 | 000,178,430 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009-07-13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2007-01-16 14:49:22 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\VMix.dll

========== LOP Check ==========

[2010-09-20 15:13:42 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\.minecraft

[2010-10-10 16:14:28 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\Audacity

[2010-03-25 16:28:17 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\Command and Conquer 4

[2009-11-25 18:18:04 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\ConceptDraw MINDMAP

[2009-11-25 18:17:52 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\ConceptDraw MindMap 6

[2009-11-25 18:18:11 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\CSOdessa

[2010-09-14 18:19:50 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\DAEMON Tools Lite

[2010-07-26 21:28:23 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\DarkRadiant

[2010-09-20 19:54:19 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\Dropbox

[2009-11-25 18:15:27 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\FileZilla

[2010-07-26 16:10:11 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\gtk-2.0

[2009-10-25 11:31:52 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\Helios

[2010-06-17 16:27:41 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\IrfanView

[2010-07-18 23:18:21 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\Leadertech

[2010-08-29 14:29:11 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\Octoshape

[2010-10-18 01:04:31 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\OpenOffice.org

[2009-11-23 21:29:00 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\Registry Mechanic

[2010-11-21 19:16:17 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\Spotify

[2010-04-04 02:05:39 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\SystemRequirementsLab

[2010-02-26 14:20:38 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\The Creative Assembly

[2010-09-08 10:59:03 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\Thunderbird

[2010-11-16 17:30:27 | 000,000,000 | ---D | M] -- C:\Users\Johan\AppData\Roaming\uTorrent

[2010-11-16 11:47:00 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:D1B5B4F1

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:8CE646EE

< End of report >

Link to post
Share on other sites

Hi, first of all, lets also check for rootkits.

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

  • Double-click on MBRCheck.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  • It will open a black screen with some data on it...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will be created on the desktop.
  • Copy and paste the contents of that log in your next reply.

Link to post
Share on other sites

Hello again,

Here it is :D

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Professional

Windows Information: (build 7600), 64-bit

Base Board Manufacturer: ASUSTeK Computer INC.

BIOS Manufacturer: Phoenix Technologies, LTD

System Manufacturer: System manufacturer

System Product Name: System Product Name

Logical Drives Mask: 0x0000001c

Kernel Drivers (total 163):

0x02868000 \SystemRoot\system32\ntoskrnl.exe

0x0281F000 \SystemRoot\system32\hal.dll

0x00BC5000 \SystemRoot\system32\kdcom.dll

0x00C06000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll

0x00C13000 \SystemRoot\system32\PSHED.dll

0x00C27000 \SystemRoot\system32\CLFS.SYS

0x00C85000 \SystemRoot\system32\CI.dll

0x00D45000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00DE9000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x00E72000 \SystemRoot\System32\Drivers\spns.sys

0x00F98000 \SystemRoot\System32\Drivers\WMILIB.SYS

0x00FA1000 \SystemRoot\System32\Drivers\SCSIPORT.SYS

0x00E00000 \SystemRoot\system32\DRIVERS\ACPI.sys

0x00E57000 \SystemRoot\system32\DRIVERS\msisadrv.sys

0x00E61000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

0x010A7000 \SystemRoot\system32\DRIVERS\pci.sys

0x010DA000 \SystemRoot\System32\drivers\partmgr.sys

0x010EF000 \SystemRoot\system32\DRIVERS\volmgr.sys

0x01104000 \SystemRoot\System32\drivers\volmgrx.sys

0x01160000 \SystemRoot\system32\DRIVERS\pciide.sys

0x01167000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS

0x01177000 \SystemRoot\System32\drivers\mountmgr.sys

0x01191000 \SystemRoot\system32\DRIVERS\atapi.sys

0x0119A000 \SystemRoot\system32\DRIVERS\ataport.SYS

0x011C4000 \SystemRoot\system32\DRIVERS\amdxata.sys

0x01000000 \SystemRoot\system32\drivers\fltmgr.sys

0x0104C000 \SystemRoot\system32\drivers\fileinfo.sys

0x0125B000 \SystemRoot\System32\Drivers\Ntfs.sys

0x01434000 \SystemRoot\System32\Drivers\msrpc.sys

0x01492000 \SystemRoot\System32\Drivers\ksecdd.sys

0x014AC000 \SystemRoot\System32\Drivers\cng.sys

0x0151F000 \SystemRoot\System32\drivers\pcw.sys

0x01530000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x01642000 \SystemRoot\system32\drivers\ndis.sys

0x01734000 \SystemRoot\system32\drivers\NETIO.SYS

0x01794000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x01803000 \SystemRoot\System32\drivers\tcpip.sys

0x0153A000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x017BF000 \SystemRoot\system32\DRIVERS\vmstorfl.sys

0x01584000 \SystemRoot\system32\DRIVERS\volsnap.sys

0x017CF000 \SystemRoot\System32\Drivers\spldr.sys

0x017D7000 \SystemRoot\SysWOW64\speedfan.sys

0x01600000 \SystemRoot\System32\drivers\rdyboost.sys

0x017DE000 \SystemRoot\System32\Drivers\mup.sys

0x017F0000 \SystemRoot\System32\drivers\hwpolicy.sys

0x01200000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x015D0000 \SystemRoot\system32\DRIVERS\disk.sys

0x01400000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x01060000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x0108A000 \SystemRoot\System32\Drivers\Null.SYS

0x017F9000 \SystemRoot\System32\Drivers\Beep.SYS

0x01093000 \SystemRoot\System32\drivers\vga.sys

0x011CF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x00FD0000 \SystemRoot\System32\drivers\watchdog.sys

0x011F4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x00FE0000 \SystemRoot\system32\drivers\rdpencdd.sys

0x00FE9000 \SystemRoot\system32\drivers\rdprefmp.sys

0x00FF2000 \SystemRoot\System32\Drivers\Msfs.SYS

0x02C3B000 \SystemRoot\System32\Drivers\Npfs.SYS

0x02C4C000 \SystemRoot\system32\DRIVERS\tdx.sys

0x02C6A000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x02C77000 \SystemRoot\System32\Drivers\aswTdi.SYS

0x02C87000 \SystemRoot\system32\drivers\afd.sys

0x02D11000 \SystemRoot\System32\Drivers\aswRdr.SYS

0x02D1B000 \SystemRoot\System32\DRIVERS\netbt.sys

0x02D60000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x02D69000 \SystemRoot\system32\DRIVERS\pacer.sys

0x02D8F000 \SystemRoot\system32\DRIVERS\netbios.sys

0x02D9E000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x02DB9000 \SystemRoot\system32\DRIVERS\termdd.sys

0x02DCD000 \SystemRoot\System32\Drivers\SCDEmu.SYS

0x03A84000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x03AD5000 \SystemRoot\system32\drivers\nsiproxy.sys

0x03AE1000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x03AEC000 \SystemRoot\System32\drivers\discache.sys

0x03AFB000 \SystemRoot\system32\drivers\csc.sys

0x03B7E000 \SystemRoot\System32\Drivers\dfsc.sys

0x03B9C000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x03BAD000 \SystemRoot\System32\Drivers\aswSP.SYS

0x03BD0000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x03A00000 \SystemRoot\system32\DRIVERS\amdk8.sys

0x03A17000 \SystemRoot\system32\DRIVERS\serial.sys

0x03A34000 \SystemRoot\system32\DRIVERS\serenum.sys

0x03A40000 \SystemRoot\system32\DRIVERS\parport.sys

0x03A5D000 \SystemRoot\system32\DRIVERS\usbohci.sys

0x03CD6000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x03D2C000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x03D3D000 \SystemRoot\system32\DRIVERS\1394ohci.sys

0x0403E000 \SystemRoot\system32\drivers\cmudax3.sys

0x04154000 \SystemRoot\system32\drivers\portcls.sys

0x04191000 \SystemRoot\system32\drivers\drmk.sys

0x041B3000 \SystemRoot\system32\drivers\ks.sys

0x041F6000 \SystemRoot\system32\drivers\ksthunk.sys

0x03D7B000 \SystemRoot\system32\DRIVERS\nvm62x64.sys

0x0FE4C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

0x10ABA000 \SystemRoot\system32\DRIVERS\nvBridge.kmd

0x10ABC000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x10BB0000 \SystemRoot\System32\drivers\dxgmms1.sys

0x0FE00000 \SystemRoot\System32\Drivers\al6gk5qo.SYS

0x04000000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x04010000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x03C00000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x04026000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x03C24000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x03C53000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x03C6E000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x03C8F000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x04032000 \SystemRoot\system32\DRIVERS\rdpbus.sys

0x03CA9000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x03CB8000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x0FE45000 \SystemRoot\system32\DRIVERS\swenum.sys

0x03DDF000 \SystemRoot\system32\DRIVERS\umbus.sys

0x048ED000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x04947000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x0495C000 \SystemRoot\System32\Drivers\crashdmp.sys

0x0496A000 \SystemRoot\System32\Drivers\dump_dumpata.sys

0x04976000 \SystemRoot\System32\Drivers\dump_atapi.sys

0x0497F000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x04992000 \SystemRoot\System32\Drivers\LUsbFilt.Sys

0x000D0000 \SystemRoot\System32\win32k.sys

0x049A2000 \SystemRoot\System32\drivers\Dxapi.sys

0x049AE000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x049BC000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x049D5000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x049DE000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x049E0000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys

0x049F3000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x04800000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys

0x04814000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x04831000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0x0483F000 \SystemRoot\system32\DRIVERS\monitor.sys

0x00430000 \SystemRoot\System32\TSDDD.dll

0x00760000 \SystemRoot\System32\cdd.dll

0x0484D000 \SystemRoot\system32\drivers\luafv.sys

0x04870000 \??\C:\Windows\system32\drivers\aswMonFlt.sys

0x048AA000 \SystemRoot\System32\Drivers\aswFsBlk.SYS

0x048B3000 \SystemRoot\system32\drivers\WudfPf.sys

0x048D4000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x03A68000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x05281000 \SystemRoot\system32\drivers\HTTP.sys

0x05349000 \SystemRoot\system32\DRIVERS\bowser.sys

0x05367000 \SystemRoot\System32\drivers\mpsdrv.sys

0x0537F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x053AC000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x05200000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x05271000 \SystemRoot\system32\DRIVERS\lirsgt.sys

0x062B0000 \SystemRoot\system32\drivers\peauth.sys

0x06356000 \SystemRoot\System32\Drivers\secdrv.SYS

0x06361000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x0638E000 \SystemRoot\System32\drivers\tcpipreg.sys

0x06200000 \SystemRoot\System32\DRIVERS\srv2.sys

0x066F6000 \SystemRoot\System32\DRIVERS\srv.sys

0x0678C000 \??\C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys

0x06793000 \??\C:\Windows\system32\drivers\mbam.sys

0x06671000 \SystemRoot\system32\DRIVERS\asyncmac.sys

0x771B0000 \Windows\System32\ntdll.dll

0x47B20000 \Windows\System32\smss.exe

0xFF4D0000 \Windows\System32\apisetschema.dll

0xFFA20000 \Windows\System32\autochk.exe

0xFF440000 \Windows\System32\difxapi.dll

0xFF430000 \Windows\System32\nsi.dll

0xFF410000 \Windows\System32\sechost.dll

0xFF3F0000 \Windows\System32\imagehlp.dll

Processes (total 56):

0 System Idle Process

4 System

368 C:\Windows\System32\smss.exe

452 csrss.exe

504 C:\Windows\System32\wininit.exe

540 csrss.exe

564 C:\Windows\System32\services.exe

580 C:\Windows\System32\lsass.exe

588 C:\Windows\System32\lsm.exe

672 C:\Windows\System32\winlogon.exe

760 C:\Windows\System32\svchost.exe

832 C:\Windows\System32\nvvsvc.exe

872 C:\Windows\System32\svchost.exe

940 C:\Windows\System32\svchost.exe

1008 C:\Windows\System32\svchost.exe

384 C:\Windows\System32\svchost.exe

1048 C:\Windows\System32\svchost.exe

1152 C:\Windows\System32\svchost.exe

1220 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

1264 C:\Windows\System32\nvvsvc.exe

1624 C:\Windows\System32\dwm.exe

1648 C:\Windows\explorer.exe

1680 C:\Windows\System32\taskhost.exe

1756 C:\Windows\System32\spoolsv.exe

1784 C:\Windows\System32\svchost.exe

1916 C:\Windows\System32\svchost.exe

1968 C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe

1388 C:\Windows\SysWOW64\PnkBstrA.exe

1640 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

1300 C:\Windows\SysWOW64\rundll32.exe

1716 C:\Windows\System32\svchost.exe

1896 C:\Program Files\Java\jre6\bin\jusched.exe

2172 C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe

2252 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

2268 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

2276 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

2564 C:\Program Files\Logitech\SetPoint\SetPoint.exe

2648 C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

2760 C:\Program Files\Alwil Software\Avast5\AvastUI.exe

2872 C:\Windows\System32\svchost.exe

3004 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe

1372 C:\Windows\System32\SearchIndexer.exe

4076 C:\Program Files\Windows Media Player\wmpnetwk.exe

3412 C:\Windows\System32\svchost.exe

2632 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

988 C:\Windows\System32\svchost.exe

3516 C:\Program Files (x86)\Steam\steam.exe

2556 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

3732 C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

2628 C:\Program Files (x86)\Mozilla Firefox\firefox.exe

892 C:\Windows\System32\audiodg.exe

3820 C:\Windows\System32\SearchProtocolHost.exe

1324 C:\Windows\System32\SearchFilterHost.exe

2092 C:\Users\Johan\Desktop\MBRCheck.exe

2088 C:\Windows\System32\conhost.exe

2772 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000AAKS-07A7B0, Rev: 01.03B01

Size Device Name MBR Status

--------------------------------------------

465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected

SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

Link to post
Share on other sites

MBAM picks up the threat with the active protection on, which means it is blocked before installing ifself.

Can you reset your router (typically this is done by pressing the reset button for approx. 10 seconds when the router is powered off) and see if the threat is still detected afterwards.

Link to post
Share on other sites

Hello,

I've restarted the router but I still get the threat.

This is my firewall log, if it means anything:

Firewall log:

Wed Nov 24 10:30:02 2010 1 Blocked by DoS protection 83.255.48.1

Wed Nov 24 10:30:13 2010 1 Blocked by DoS protection 83.255.48.1

Wed Nov 24 10:30:13 2010 1 Blocked by DoS protection 83.255.48.1

Wed Nov 24 10:30:21 2010 1 Blocked by DoS protection 78.73.29.23

Wed Nov 24 10:30:21 2010 1 Blocked by DoS protection 78.73.29.23

Wed Nov 24 10:30:21 2010 1 Blocked by DoS protection 78.73.29.23

Wed Nov 24 10:30:21 2010 1 Blocked by DoS protection 78.73.29.23

Wed Nov 24 10:30:21 2010 1 Blocked by DoS protection 78.73.29.23

Wed Nov 24 10:30:21 2010 1 Blocked by DoS protection 78.73.29.23

Wed Nov 24 10:30:21 2010 1 Blocked by DoS protection 78.73.29.23

Wed Nov 24 10:30:30 2010 1 Blocked by DoS protection 83.255.48.1

Wed Nov 24 10:30:30 2010 1 Blocked by DoS protection 83.255.48.1

Wed Nov 24 10:30:46 2010 1 Blocked by DoS protection 83.255.48.1

Wed Nov 24 10:30:46 2010 1 Blocked by DoS protection 83.255.48.1

Wed Nov 24 10:30:50 2010 1 Blocked by DoS protection 83.255.48.1

Wed Nov 24 10:30:50 2010 1 Blocked by DoS protection 83.255.48.1

Wed Nov 24 10:31:29 2010 1 Blocked by DoS protection 83.255.48.1

Wed Nov 24 10:31:44 2010 1 Blocked by DoS protection 83.255.48.1

Wed Nov 24 10:31:44 2010 1 Blocked by DoS protection 83.255.48.1

Wed Nov 24 10:31:46 2010 1 Blocked by DoS protection 83.255.48.1

Wed Nov 24 10:31:46 2010 1 Blocked by DoS protection 83.255.48.1

Wed Nov 24 10:32:37 2010 1 Blocked by DoS protection 83.255.48.1

Wed Nov 24 10:32:46 2010 1 Blocked by DoS protection 83.255.48.1

Wed Nov 24 10:32:46 2010 1 Blocked by DoS protection 83.255.48.1

Wed Nov 24 10:33:19 2010 1 Blocked by DoS protection 83.255.48.1

Wed Nov 24 10:33:46 2010 1 Blocked by DoS protection 83.255.48.1

Wed Nov 24 10:33:46 2010 1 Blocked by DoS protection 83.255.48.1

Wed Nov 24 10:34:46 2010 1 Blocked by DoS protection 83.255.48.1

Wed Nov 24 10:34:46 2010 1 Blocked by DoS protection 83.255.48.1

Wed Nov 24 10:34:58 2010 1 Blocked by DoS protection 83.255.48.1

Wed Nov 24 10:35:46 2010 1 Blocked by DoS protection 83.255.48.1

Wed Nov 24 10:35:46 2010 1 Blocked by DoS protection 83.255.48.1

Link to post
Share on other sites

Hi again

OTL

-----

  1. Please download OTL from one of the following mirrors:

[*]Save it to your desktop.

[*]Double click on the otlDesktopIcon.png icon on your desktop.

[*]Copy and Paste the following code into the customFix.png textbox.

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

[*]Click the NONE button and Push runscanbutton.png

[*]A report will open. Copy and Paste that report in your next reply.

Link to post
Share on other sites

Hello,

Here's the report;

OTL logfile created on: 2010-11-25 20:44:33 - Run 4

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Johan\Desktop

64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

6,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 76,00% Memory free

12,00 Gb Paging File | 10,00 Gb Available in Paging File | 86,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465,75 Gb Total Space | 118,00 Gb Free Space | 25,34% Space Free | Partition Type: NTFS

Computer Name: JOHAN-PC | User Name: Johan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >

"ExcludeProfileDirs" = AppData\Local;AppData\LocalLow;$Recycle.Bin

"BuildNumber" = 7600

"FirstLogon" = 0

"ParseAutoexec" = 1

"Shell" = Explorer.exe -- [2009-10-31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation)

< End of report >

cheers!

Link to post
Share on other sites

Hello

Here's the log (pressing NONE before scan as before I assume)

OTL logfile created on: 2010-11-25 23:34:44 - Run 5

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Johan\Desktop

64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

6,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 79,00% Memory free

12,00 Gb Paging File | 11,00 Gb Available in Paging File | 89,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465,75 Gb Total Space | 118,00 Gb Free Space | 25,34% Space Free | Partition Type: NTFS

Computer Name: JOHAN-PC | User Name: Johan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows >

"Device" = Microsoft XPS Document Writer,winspool,Ne00:

"UserSelectedDefault" = 0

< End of report >

Link to post
Share on other sites

Please try the following:

Download TCPView from http://live.sysinternals.com/tcpview.exe

Once the file is downloaded, double-click on it to execute the program.

When the program starts, click on the Options menu option and uncheck Resolve addresses.

Then click on the File menu option and select Save as....

A window will open asking where you would like to save the log file. Save it to your desktop as tcpview.txt

Post me the contents of tcpview.txt

Link to post
Share on other sites

Hello,

Here's the logfile:

[system Process] 0 TCP 192.168.2.2 49376 93.158.110.162 80 TIME_WAIT

[system Process] 0 TCP 192.168.2.2 49546 93.158.110.154 80 TIME_WAIT

AvastSvc.exe 1224 TCP 127.0.0.1 12025 0.0.0.0 0 LISTENING

AvastSvc.exe 1224 TCP 127.0.0.1 12080 0.0.0.0 0 LISTENING

AvastSvc.exe 1224 TCP 127.0.0.1 12080 127.0.0.1 49270 ESTABLISHED

AvastSvc.exe 1224 TCP 127.0.0.1 12080 127.0.0.1 49476 ESTABLISHED

AvastSvc.exe 1224 TCP 127.0.0.1 12080 127.0.0.1 49552 ESTABLISHED

AvastSvc.exe 1224 TCP 127.0.0.1 12080 127.0.0.1 49553 ESTABLISHED

AvastSvc.exe 1224 TCP 127.0.0.1 12080 127.0.0.1 49554 ESTABLISHED

AvastSvc.exe 1224 TCP 127.0.0.1 12080 127.0.0.1 49555 ESTABLISHED

AvastSvc.exe 1224 TCP 127.0.0.1 12080 127.0.0.1 49556 ESTABLISHED

AvastSvc.exe 1224 TCP 127.0.0.1 12080 127.0.0.1 49557 ESTABLISHED

AvastSvc.exe 1224 TCP 127.0.0.1 12080 127.0.0.1 49565 ESTABLISHED

AvastSvc.exe 1224 TCP 127.0.0.1 12110 0.0.0.0 0 LISTENING

AvastSvc.exe 1224 TCP 127.0.0.1 12119 0.0.0.0 0 LISTENING

AvastSvc.exe 1224 TCP 127.0.0.1 12143 0.0.0.0 0 LISTENING

AvastSvc.exe 1224 TCP 127.0.0.1 12465 0.0.0.0 0 LISTENING

AvastSvc.exe 1224 TCP 127.0.0.1 12563 0.0.0.0 0 LISTENING

AvastSvc.exe 1224 TCP 127.0.0.1 12993 0.0.0.0 0 LISTENING

AvastSvc.exe 1224 TCP 127.0.0.1 12995 0.0.0.0 0 LISTENING

AvastSvc.exe 1224 TCP 192.168.2.2 49478 74.125.79.190 80 ESTABLISHED

AvastSvc.exe 1224 TCP 192.168.2.2 49558 74.125.79.102 80 ESTABLISHED

AvastSvc.exe 1224 TCP 192.168.2.2 49559 74.125.79.101 80 ESTABLISHED

AvastSvc.exe 1224 TCP 192.168.2.2 49560 74.125.79.101 80 ESTABLISHED

AvastSvc.exe 1224 TCP 192.168.2.2 49561 74.125.79.101 80 ESTABLISHED

AvastSvc.exe 1224 TCP 192.168.2.2 49562 74.125.79.102 80 ESTABLISHED

AvastSvc.exe 1224 TCP 192.168.2.2 49563 74.125.79.102 80 ESTABLISHED

AvastSvc.exe 1224 TCP 192.168.2.2 49564 74.125.79.102 80 ESTABLISHED

firefox.exe 2992 TCP 127.0.0.1 49169 127.0.0.1 49170 ESTABLISHED 7 7

firefox.exe 2992 TCP 127.0.0.1 49170 127.0.0.1 49169 ESTABLISHED 7 7

firefox.exe 2992 TCP 127.0.0.1 49187 127.0.0.1 49188 ESTABLISHED

firefox.exe 2992 TCP 127.0.0.1 49188 127.0.0.1 49187 ESTABLISHED

firefox.exe 2992 TCP 127.0.0.1 49270 127.0.0.1 12080 ESTABLISHED

firefox.exe 2992 TCP 127.0.0.1 49476 127.0.0.1 12080 ESTABLISHED

firefox.exe 2992 TCP 127.0.0.1 49552 127.0.0.1 12080 ESTABLISHED

firefox.exe 2992 TCP 127.0.0.1 49553 127.0.0.1 12080 ESTABLISHED

firefox.exe 2992 TCP 127.0.0.1 49554 127.0.0.1 12080 ESTABLISHED

firefox.exe 2992 TCP 127.0.0.1 49555 127.0.0.1 12080 ESTABLISHED

firefox.exe 2992 TCP 127.0.0.1 49556 127.0.0.1 12080 ESTABLISHED

firefox.exe 2992 TCP 127.0.0.1 49557 127.0.0.1 12080 ESTABLISHED

firefox.exe 2992 TCP 127.0.0.1 49565 127.0.0.1 12080 ESTABLISHED

lsass.exe 580 TCP 0.0.0.0 49157 0.0.0.0 0 LISTENING

lsass.exe 580 TCPV6 [0:0:0:0:0:0:0:0] 49157 [0:0:0:0:0:0:0:0] 0 LISTENING

PnkBstrA.exe 1788 UDP 127.0.0.1 44301 * *

services.exe 564 TCP 0.0.0.0 49156 0.0.0.0 0 LISTENING

services.exe 564 TCPV6 [0:0:0:0:0:0:0:0] 49156 [0:0:0:0:0:0:0:0] 0 LISTENING

steam.exe 1604 UDP 0.0.0.0 52094 * *

steam.exe 1604 UDP 0.0.0.0 62403 * * 13 1

Link to post
Share on other sites

It is indeed a nice little tool; it shows only the active connections at the moment when the report is created. A much more complete (but complicated) application that does this, is for example WireShark.

Please go to the following site: https://www.grc.com/x/ne.dll?bh0bkyd2

Click the Proceed button and then do both ports tests. Post me the summary of the results please.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.