Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBR Infected with " boot.tidserv "


  • This topic is locked This topic is locked
24 replies to this topic

#1 TehM1ZZL3

TehM1ZZL3

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NLD
  • Local time:03:26 AM

Posted 01 March 2011 - 03:31 PM

Hello,

Since about 1-2 weeks I cope with a serious problem on my computer. My Anti Virus software (Norton Internet Security 2011) is always on and tries to protect me against threats. Most of the time that goes well and he blocks attacks and deletes infected files and when I scan my system once a month or so he detects and deletes all threats he has found. However, now I have a kind of rootkind named by Norton as "boot.tidserv" that has infected my system. Before this post a global moderator (quietman7)(Link to the posts/logs: http://www.bleepingcomputer.com/forums/topic381774.html) was kind to help me. But, we didn't came to a real solution. This is partly because the scans couldn't find anything and he said that I should run ESET Online Scanner. I ran this program, but it took a very long time (more than 19 hours) to scan my computer because I have 6 x 500GB Samsung harddrives full of data (mainly downloaded appliations and games from the internet). So I decided to quit the scan because he marked in the .iso files keygens and iso's as infected files. As quietman7 explained me this is because they are protected by themself against Anti Virus software and that means they are immediately also recognized as a threat by the Anti Virus software.

I didn't want to run that scan because of my .iso are being deleted, and I also was quite sure it wouldn't help my boot.tidserv problem, because it was more likely that ESET Online Scanner would find other threats that actually doesn't have to be in contact with the problem I cope with now (I assume). The other thing that is a reasons is because it can be deeper into my system, that's why quietman7 has directed me to this section. I am able of doing something in DOS Prompt at low levels in your computer. So when it hasn't started Windows yet.

The progress before I came to this forum and since quietman7 helped me, briefly:

* 1-2 weeks ago: Norton gives a pop up message that says "Important Things Require Your Attention". I first was annoyed, but it came back popping up. At last I became curious and decided to search on Google on the name it gave "boot.tidserv". I immediately became scared because I read message it could send passwords and viewing remotely your files and stuff like that.
* Then I searched at the Norton site and they said I have to go to this site (Bleepingcomputer.com). I went to this site and then posted my post that you can read with the link above.
* Quietman7 was very kind to offer me help and he said I had to run a file named TDSSKiller.exe. I did that and reported the log.
* Then I scanned my computer with Malwarebytes Anti Malware and it detected some still and cleaned it up for me. Also a log is being reported in the other thread.
* Then I ran TDSSKiller and Malwarebytes again. This time they didn't give any threat.
* Also NIS 2011 (Norton) didn't give any threat this time. It looked like it was gone.
* Then I had to run the ESET Online Scanner. That failed because of my own action and was only partly done. He succeeded to scan the system disk (C:) succesfully anyways.
* Norton came up with a message again. It said "boot.tidserv" found. 3 times.
(I will try to post a screenshot when the message comes up again)
* Now it says that it succefully cleaned, but it said that also before.

So overall I am not sure whether the rootkit has been succefully killed yes or no, because Norton keeps coming up with the pop up.

I hope I provided enough information and could help me out.

Thanks in advance.


Yours faithfully,
Julian van Arkel

DSS LOG:


DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by TehM1ZZL3 at 21:25:19,43 on di 01-03-2011
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1033.18.4094.1673 [GMT 1:00]

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NeoSmart Technologies\iReboot\iRebootd.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Process Blocker\Process Blocker.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\ProgramData\TVersity\Media Server\MediaServer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Process Blocker\Tray Informer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\SABnzbd\SABnzbd.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Windows\Samsung\PanelMgr\caller64.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\ROCCAT\Kone Mouse\osd.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\GIGABYTE\ET5\GUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\notepad.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\TehM1ZZL3\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>
mSearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
uURLSearchHooks: Messenger Plus Live Netherlands Toolbar: {d2ab2732-a124-4fb2-8da5-4a6a9e379331} - C:\Program Files (x86)\Messenger_Plus_Live_Netherlands\tbMess.dll
mURLSearchHooks: Messenger Plus Live Netherlands Toolbar: {d2ab2732-a124-4fb2-8da5-4a6a9e379331} - C:\Program Files (x86)\Messenger_Plus_Live_Netherlands\tbMess.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Messenger Plus Live Netherlands Toolbar: {d2ab2732-a124-4fb2-8da5-4a6a9e379331} - C:\Program Files (x86)\Messenger_Plus_Live_Netherlands\tbMess.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Messenger Plus Live Netherlands Toolbar: {d2ab2732-a124-4fb2-8da5-4a6a9e379331} - C:\Program Files (x86)\Messenger_Plus_Live_Netherlands\tbMess.dll
TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [SRS iWOW] "C:\Program Files\SRS Labs\SRS iWOW for PC\SRS_iWOW_PC.exe" /hideme
mRun: [Kone] "C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE"
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe" /md I
mRun: [EasyTuneV] C:\Program Files (x86)\Gigabyte\ET5\ETcall.exe
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\TEHM1Z~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SABnzbd.lnk - C:\Program Files (x86)\SABnzbd\SABnzbd.exe
StartupFolder: C:\Users\TEHM1Z~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Xfire.lnk - C:\Program Files (x86)\Xfire\Xfire.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Verzenden naar OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
mRun-x64: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
mRun-x64: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
mRun-x64: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook

================= FIREFOX ===================

FF - ProfilePath - C:\Users\TEHM1Z~1\AppData\Roaming\Mozilla\Firefox\Profiles\h5yi9v66.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=ddr
FF - prefs.js: keyword.URL - hxxp://start.facemoods.com/results.php?f=5&a=ddr&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll
FF - component: C:\Users\TehM1ZZL3\AppData\Roaming\Mozilla\Firefox\Profiles\h5yi9v66.default\extensions\{d2ab2732-a124-4fb2-8da5-4a6a9e379331}\components\FFExternalAlert.dll
FF - component: C:\Users\TehM1ZZL3\AppData\Roaming\Mozilla\Firefox\Profiles\h5yi9v66.default\extensions\{d2ab2732-a124-4fb2-8da5-4a6a9e379331}\components\RadioWMPCore.dll
FF - component: C:\Users\TehM1ZZL3\AppData\Roaming\Mozilla\Firefox\Profiles\h5yi9v66.default\extensions\ffxtlbr@Facemoods.com\components\FFHst.dll
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.1970.7372\npCIDetect14.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\TehM1ZZL3\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\TehM1ZZL3\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\TehM1ZZL3\AppData\Roaming\Mozilla\Firefox\Profiles\h5yi9v66.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: Camifox: camifox@altmusictv.com - %profile%\extensions\camifox@altmusictv.com
FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com
FF - Ext: Platinum Hide IP: support@platinumhideip.com - %profile%\extensions\support@platinumhideip.com
FF - Ext: Real Hide IP: support@real-hide-ip.com - %profile%\extensions\support@real-hide-ip.com
FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
FF - Ext: Messenger Plus Live Netherlands Toolbar: {d2ab2732-a124-4fb2-8da5-4a6a9e379331} - %profile%\extensions\{d2ab2732-a124-4fb2-8da5-4a6a9e379331}
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn

============= SERVICES / DRIVERS ===============

R0 hotcore3;hc3ServiceName;C:\Windows\System32\drivers\hotcore3.sys [2010-5-30 37392]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1205000.07D\symds64.sys [2011-2-20 450608]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1205000.07D\symefa64.sys [2011-2-20 802864]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);C:\Windows\System32\drivers\tdrpm258.sys [2010-5-31 1477728]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110225.002\BHDrvx64.sys [2011-2-25 1124472]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110228.002\IDSviA64.sys [2011-3-1 476792]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1205000.07D\ironx64.sys [2011-2-20 171128]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1205000.07D\symnets.sys [2011-2-20 382072]
R2 afcdpsrv;Acronis Nonstop Backup service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-5-31 2480048]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-12-23 203776]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 iReboot;iReboot Background Service;C:\Program Files (x86)\NeoSmart Technologies\iReboot\iRebootd.exe [2008-4-27 9216]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-2-27 363344]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe [2011-2-20 130000]
R2 Process Blocker;Process Blocker;C:\Program Files\Process Blocker\Process Blocker.exe [2010-4-22 116952]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2010-5-24 11576]
R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-5-21 173352]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-1-27 2253688]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2010-5-31 252512]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-12-23 8120320]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-12-23 289792]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-12-23 115216]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-2-22 132656]
R3 KoneFltr;ROCCAT Kone;C:\Windows\System32\drivers\Kone.sys [2010-5-22 15488]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2009-10-7 327704]
R3 LVUVC64;Logitech QuickCam S7500(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288]
R3 MarkFun_NT;MarkFun_NT;C:\Program Files (x86)\GIGABYTE\ET5\MARKFUN.A64 [2011-2-26 19008]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-2-27 24152]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680]
S2 gupdate;Google Updateservice (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-24 136176]
S2 KMService;KMService;C:\Windows\system32\srvany.exe --> C:\Windows\system32\srvany.exe [?]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2011-2-22 21712]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-2-24 129440]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 51456888]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-2-24 20992]
S3 SRS_HDAL_Service;HD Audio Lab;C:\Windows\System32\drivers\SRS_HDAL_amd64.sys [2010-7-2 525040]
S3 SRS_iWowPC_Service;SRS Labs iWow PC;C:\Windows\System32\drivers\SRS_iWowPC_amd64.sys [2011-1-3 51200]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-24 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]

=============== Created Last 30 ================

2071-07-25 07:13:30 203576 ------w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2011-03-01 18:27:36 -------- d-----w- C:\Windows\System32\SPReview
2011-03-01 18:21:43 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-03-01 18:21:43 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-03-01 18:21:05 427520 ----a-w- C:\Windows\SysWow64\PortableDeviceStatus.dll
2011-03-01 18:21:04 547840 ----a-w- C:\Windows\SysWow64\PortableDeviceApi.dll
2011-03-01 18:21:04 2311168 ----a-w- C:\Windows\SysWow64\wpdshext.dll
2011-03-01 18:21:04 105984 ----a-w- C:\Windows\SysWow64\WPDShServiceObj.dll
2011-03-01 18:21:03 541184 ----a-w- C:\Windows\SysWow64\WMVSDECD.DLL
2011-03-01 18:21:03 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2011-03-01 18:21:02 983040 ----a-w- C:\Program Files (x86)\Windows Media Player\WMPDMC.exe
2011-03-01 18:21:01 902656 ----a-w- C:\Windows\SysWow64\WMADMOD.DLL
2011-03-01 18:19:51 221184 ----a-w- C:\Windows\SysWow64\Mystify.scr
2011-03-01 18:18:32 86528 ----a-w- C:\Windows\SysWow64\isoburn.exe
2011-03-01 18:17:41 488448 ----a-w- C:\Windows\SysWow64\evr.dll
2011-03-01 18:17:41 312168 ----a-w- C:\Windows\SysWow64\MCEWMDRMNDBootstrap.dll
2011-03-01 18:17:40 630784 ----a-w- C:\Windows\SysWow64\DXPTaskRingtone.dll
2011-03-01 18:17:36 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2011-03-01 18:15:57 1221632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\mip.exe
2011-03-01 18:13:37 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-03-01 18:12:47 974336 ----a-w- C:\Windows\System32\WFS.exe
2011-02-28 16:04:13 -------- d-----w- C:\Program Files (x86)\ESET
2011-02-27 16:46:23 65736 ----a-w- C:\Windows\System32\drivers\pxrts.sys
2011-02-27 16:46:22 -------- d-----w- C:\Program Files\Prevx
2011-02-27 16:46:09 -------- d-----w- C:\PROGRA~3\PrevxCSI
2011-02-27 12:58:23 -------- d-----w- C:\Users\TEHM1Z~1\AppData\Roaming\Malwarebytes
2011-02-27 12:58:14 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-27 12:58:13 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-02-27 12:58:10 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-02-27 12:58:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-02-26 20:25:43 85424 ----a-w- C:\Windows\System32\drivers\scdemu.sys
2011-02-26 20:25:43 -------- d-----w- C:\Program Files (x86)\PowerISO
2011-02-26 19:06:27 -------- d-----w- C:\Users\TEHM1Z~1\AppData\Local\Spotnet
2011-02-26 18:59:44 -------- d-----w- C:\Program Files (x86)\Spotnet
2011-02-26 18:59:44 -------- d-----w- C:\PROGRA~3\Spotnet
2011-02-26 17:44:58 -------- d-----w- C:\Users\TEHM1Z~1\AppData\Local\NPE
2011-02-26 10:26:32 -------- d-----w- C:\Program Files (x86)\SpeedFan
2011-02-26 10:22:13 24896 ----a-w- C:\Windows\ET5Drv.sys
2011-02-26 10:21:46 327168 ----a-w- C:\Windows\IsUninst.exe
2011-02-26 09:47:49 -------- d-----w- C:\Program Files\Core Temp
2011-02-24 19:13:05 -------- d-----w- C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2011-02-24 15:52:49 -------- d-----w- C:\Windows\System32\EventProviders
2011-02-24 15:46:59 72192 ----a-w- C:\Windows\SysWow64\regapi.dll
2011-02-24 15:44:43 6656 ----a-w- C:\Windows\System32\drivers\vms3cap.sys
2011-02-24 15:43:59 951680 ----a-w- C:\Windows\System32\drivers\ndis.sys
2011-02-24 15:11:40 -------- d-----w- C:\PROGRA~3\Futuremark
2011-02-24 15:06:24 -------- d-----w- C:\Program Files (x86)\Common Files\Futuremark Shared
2011-02-24 15:05:50 -------- d-----w- C:\Windows\45235788142C44BE8A4DDDE9A84492E5.TMP
2011-02-24 13:38:21 -------- d-----w- C:\Program Files (x86)\GIGABYTE
2011-02-24 13:37:54 25640 ----a-w- C:\Windows\gdrv.sys
2011-02-22 21:53:00 21712 ----a-w- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
2011-02-22 21:53:00 -------- d-----w- C:\Users\TEHM1Z~1\AppData\Local\eSupport.com
2011-02-21 14:53:30 -------- d-----w- C:\PROGRA~3\Intermedia Software
2011-02-21 14:53:27 -------- d-----w- C:\Program Files (x86)\Intermedia Software
2011-02-21 14:27:27 -------- d-----w- C:\Program Files (x86)\The KMPlayer
2011-02-20 15:22:18 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2011-02-20 14:48:08 802864 ----a-w- C:\Windows\System32\drivers\NISx64\1205000.07D\symefa64.sys
2011-02-20 14:48:08 735864 ----a-w- C:\Windows\System32\drivers\NISx64\1205000.07D\srtsp64.sys
2011-02-20 14:48:08 450608 ----a-w- C:\Windows\System32\drivers\NISx64\1205000.07D\symds64.sys
2011-02-20 14:48:08 40568 ----a-w- C:\Windows\System32\drivers\NISx64\1205000.07D\srtspx64.sys
2011-02-20 14:48:08 382072 ----a-w- C:\Windows\System32\drivers\NISx64\1205000.07D\symnets.sys
2011-02-20 14:48:08 171128 ----a-w- C:\Windows\System32\drivers\NISx64\1205000.07D\ironx64.sys
2011-02-20 14:48:03 -------- d-----w- C:\Windows\System32\drivers\NISx64\1205000.07D
2011-02-20 14:43:17 174640 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-02-20 14:43:17 -------- d-----w- C:\Program Files\Symantec
2011-02-20 14:43:17 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2011-02-20 14:42:45 -------- d-----w- C:\Program Files (x86)\Norton Internet Security
2011-02-20 14:42:40 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2011-02-20 14:19:33 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-02-20 12:33:56 715776 ----a-w- C:\Windows\System32\kerberos.dll
2011-02-20 12:33:56 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2011-02-20 12:33:54 3129344 ----a-w- C:\Windows\System32\win32k.sys
2011-02-20 12:33:52 612864 ----a-w- C:\Windows\System32\vbscript.dll
2011-02-20 12:33:51 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-02-20 12:33:34 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-02-20 12:33:34 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-02-20 12:33:29 214016 ----a-w- C:\Windows\System32\winsrv.dll
2011-02-20 12:30:41 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2011-02-20 12:30:41 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-20 12:30:41 366592 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-20 12:30:41 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-02-20 12:30:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-02-20 12:30:41 100864 ----a-w- C:\Windows\System32\fontsub.dll
2011-02-19 12:54:07 -------- d-----w- C:\Program Files (x86)\FTDv3.8
2011-02-18 22:32:20 61 --sh--w- C:\Windows\cnerolf.bin
2011-02-18 17:36:32 -------- d-----w- C:\Users\TEHM1Z~1\AppData\Roaming\Red Kawa
2011-02-17 21:08:22 -------- d-----w- C:\Fraps
2011-02-17 20:33:20 -------- d-----w- C:\Users\TEHM1Z~1\AppData\Roaming\MAXON
2011-02-17 18:50:04 -------- d-----w- C:\PROGRA~3\SafeNet Sentinel
2011-02-17 18:50:01 -------- d-----w- C:\Program Files (x86)\Vicon
2011-02-12 22:50:17 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2011-02-11 18:01:00 -------- d-----w- C:\Windows\SysWow64\RTCOM
2011-02-11 18:01:00 -------- d-----w- C:\Program Files\Realtek
2011-02-10 20:29:04 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2011-02-10 20:21:22 80984 ----a-w- C:\Windows\System32\MBWrp64.dll
2011-02-10 20:21:22 2838632 ----a-w- C:\Windows\System32\RtkAPO64.dll
2011-02-10 13:41:44 86016 ----a-w- C:\Windows\SysWow64\frapsvid.dll
2011-02-10 13:41:42 84992 ----a-w- C:\Windows\System32\frapsv64.dll
2011-02-05 17:28:40 -------- d-----w- C:\Users\TEHM1Z~1\AppData\Local\Real_Environment_Simulati
2011-02-05 11:28:34 -------- d-----w- C:\Users\TEHM1Z~1\AppData\Local\Microsoft Game Studios
2011-02-05 10:17:37 -------- d-----w- C:\Windows\PCHEALTH

==================== Find3M ====================

2011-03-01 18:32:51 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-03-01 18:32:51 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-01-25 17:54:04 2727912 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2011-01-25 12:58:04 2358888 ----a-w- C:\Windows\System32\RtPgEx64.dll
2011-01-24 13:20:12 638056 ----a-w- C:\Windows\System32\RtkApi64.dll
2011-01-24 12:29:00 1284712 ----a-w- C:\Windows\RtlExUpd.dll
2011-01-20 13:47:40 1943616 ----a-w- C:\Windows\System32\FMAPO64.dll
2011-01-04 18:25:40 83560 ----a-w- C:\Windows\System32\RCoInst64.dll
2010-12-23 18:06:36 64600 ----a-w- C:\Windows\System32\MBppld64.dll
2010-12-23 18:06:24 876120 ----a-w- C:\Windows\System32\MBAPO64.dll
2010-12-23 18:06:20 738392 ----a-w- C:\Windows\SysWow64\MBAPO32.dll
2010-12-07 11:17:20 51200 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2010-12-07 11:15:30 52736 ----a-w- C:\Windows\System32\OpenCL.dll
2010-12-04 19:39:19 869608 ----a-w- C:\Windows\SysWow64\SpoonUninstall.exe

============= FINISH: 21:26:50,68 ===============

Attach.txt is attached to this post as requested.


GMER log would not be neccesary I think. Because quietman7 didn't say it and I've got 64 bit not 32bit.

Attached Files


Edited by TehM1ZZL3, 02 March 2011 - 07:37 AM.

Intel Q8400
Gigabyte P35-DS3P (rev 1.0)
OCZ DDR 2 1066 4GB
Club3D HD4870 1GB
6 Samsung 500GB (3TB total)
Antec Ninehundred Case
Logitech G15 Keyboard
Roccat Kone Mouse
Logitech Z-5500 5.1 system
Iiyama ProLite E2607WS 26" LCD Screen


Xbox 360 - GT: TehM1ZZL360

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:26 PM

Posted 06 March 2011 - 08:54 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply



information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 TehM1ZZL3

TehM1ZZL3
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NLD
  • Local time:03:26 AM

Posted 06 March 2011 - 10:30 AM

Hello Gringo,

Many thanks for putting your time and effort for helping me.
Currently I'm busy with copying files from a data drive to another disk so that I can extend my system drive of Windows 7 because it's becoming too small. Of course I will not make that change yet before I'm sure the threat is gone, but I just began to copy some data.

I know that the DeFogger program will automatically restart my system. So I'll wait till my PC is ready transferring files and then I'll click on disable to restart.

You can expect a report from me in a few hours!
Intel Q8400
Gigabyte P35-DS3P (rev 1.0)
OCZ DDR 2 1066 4GB
Club3D HD4870 1GB
6 Samsung 500GB (3TB total)
Antec Ninehundred Case
Logitech G15 Keyboard
Roccat Kone Mouse
Logitech Z-5500 5.1 system
Iiyama ProLite E2607WS 26" LCD Screen


Xbox 360 - GT: TehM1ZZL360

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:26 PM

Posted 06 March 2011 - 10:40 AM

ok no problem I will be in and out most of the day today


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 TehM1ZZL3

TehM1ZZL3
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NLD
  • Local time:03:26 AM

Posted 06 March 2011 - 11:59 AM

The scan has ran smoothly. I had no problems he just scanned and opened the two logs afterwards without any error.

Thank you for your help.

Here are the log files:


.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by TehM1ZZL3 at 17:54:15,37 on zo 06-03-2011
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1033.18.4094.1744 [GMT 1:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NeoSmart Technologies\iReboot\iRebootd.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Process Blocker\Process Blocker.exe
C:\Program Files\Process Blocker\Tray Informer.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\SABnzbd\SABnzbd.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\Samsung\PanelMgr\caller64.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ROCCAT\Kone Mouse\osd.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Program Files (x86)\GIGABYTE\ET5\GUI.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\Xfire\xfire64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Raptr\raptr_ep32.exe
C:\Program Files (x86)\Raptr\raptr_ep64.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\TehM1ZZL3\Desktop\dds (1).scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>
mSearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
uURLSearchHooks: Messenger Plus Live Netherlands Toolbar: {d2ab2732-a124-4fb2-8da5-4a6a9e379331} - C:\Program Files (x86)\Messenger_Plus_Live_Netherlands\tbMess.dll
mURLSearchHooks: Messenger Plus Live Netherlands Toolbar: {d2ab2732-a124-4fb2-8da5-4a6a9e379331} - C:\Program Files (x86)\Messenger_Plus_Live_Netherlands\tbMess.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Messenger Plus Live Netherlands Toolbar: {d2ab2732-a124-4fb2-8da5-4a6a9e379331} - C:\Program Files (x86)\Messenger_Plus_Live_Netherlands\tbMess.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Messenger Plus Live Netherlands Toolbar: {d2ab2732-a124-4fb2-8da5-4a6a9e379331} - C:\Program Files (x86)\Messenger_Plus_Live_Netherlands\tbMess.dll
TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [SRS iWOW] "C:\Program Files\SRS Labs\SRS iWOW for PC\SRS_iWOW_PC.exe" /hideme
uRun: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
mRun: [Kone] "C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE"
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe" /md I
mRun: [EasyTuneV] C:\Program Files (x86)\Gigabyte\ET5\ETcall.exe
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [adm_tray.exe] C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
StartupFolder: C:\Users\TEHM1Z~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SABnzbd.lnk - C:\Program Files (x86)\SABnzbd\SABnzbd.exe
StartupFolder: C:\Users\TEHM1Z~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Xfire.lnk - C:\Program Files (x86)\Xfire\Xfire.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Verzenden naar OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
mRun-x64: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
mRun-x64: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
mRun-x64: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\TEHM1Z~1\AppData\Roaming\Mozilla\Firefox\Profiles\h5yi9v66.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=ddr
FF - prefs.js: keyword.URL - hxxp://start.facemoods.com/results.php?f=5&a=ddr&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll
FF - component: C:\Users\TehM1ZZL3\AppData\Roaming\Mozilla\Firefox\Profiles\h5yi9v66.default\extensions\{d2ab2732-a124-4fb2-8da5-4a6a9e379331}\components\FFExternalAlert.dll
FF - component: C:\Users\TehM1ZZL3\AppData\Roaming\Mozilla\Firefox\Profiles\h5yi9v66.default\extensions\{d2ab2732-a124-4fb2-8da5-4a6a9e379331}\components\RadioWMPCore.dll
FF - component: C:\Users\TehM1ZZL3\AppData\Roaming\Mozilla\Firefox\Profiles\h5yi9v66.default\extensions\ffxtlbr@Facemoods.com\components\FFHst.dll
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.1970.7372\npCIDetect14.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\TehM1ZZL3\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\TehM1ZZL3\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\TehM1ZZL3\AppData\Roaming\Mozilla\Firefox\Profiles\h5yi9v66.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: Camifox: camifox@altmusictv.com - %profile%\extensions\camifox@altmusictv.com
FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com
FF - Ext: Platinum Hide IP: support@platinumhideip.com - %profile%\extensions\support@platinumhideip.com
FF - Ext: Real Hide IP: support@real-hide-ip.com - %profile%\extensions\support@real-hide-ip.com
FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
FF - Ext: Messenger Plus Live Netherlands Toolbar: {d2ab2732-a124-4fb2-8da5-4a6a9e379331} - %profile%\extensions\{d2ab2732-a124-4fb2-8da5-4a6a9e379331}
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn
.
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;hc3ServiceName;C:\Windows\System32\drivers\hotcore3.sys [2010-5-30 37392]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1205000.07D\symds64.sys [2011-2-20 450608]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1205000.07D\symefa64.sys [2011-2-20 802864]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);C:\Windows\System32\drivers\tdrpm258.sys [2010-5-31 1477728]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110225.002\BHDrvx64.sys [2011-2-25 1124472]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110303.001\IDSviA64.sys [2011-3-4 476792]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1205000.07D\ironx64.sys [2011-2-20 171128]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1205000.07D\symnets.sys [2011-2-20 382072]
R2 afcdpsrv;Acronis Nonstop Backup service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-5-31 2480048]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-12-23 203776]
R2 iReboot;iReboot Background Service;C:\Program Files (x86)\NeoSmart Technologies\iReboot\iRebootd.exe [2008-4-27 9216]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-2-27 363344]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe [2011-2-20 130000]
R2 Process Blocker;Process Blocker;C:\Program Files\Process Blocker\Process Blocker.exe [2010-4-22 116952]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2010-5-24 11576]
R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-5-21 173352]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-1-27 2253688]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2010-5-31 252512]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-1-26 9085952]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-1-26 299520]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-12-23 115216]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-2-22 132656]
R3 KoneFltr;ROCCAT Kone;C:\Windows\System32\drivers\Kone.sys [2010-5-22 15488]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2009-10-7 327704]
R3 LVUVC64;Logitech QuickCam S7500(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288]
R3 MarkFun_NT;MarkFun_NT;C:\Program Files (x86)\GIGABYTE\ET5\MARKFUN.A64 [2011-2-26 19008]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-2-27 24152]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Updateservice (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-24 136176]
S2 KMService;KMService;C:\Windows\system32\srvany.exe --> C:\Windows\system32\srvany.exe [?]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2011-2-22 21712]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-2-24 129440]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 51456888]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-2-24 20992]
S3 SRS_HDAL_Service;HD Audio Lab;C:\Windows\System32\drivers\SRS_HDAL_amd64.sys [2010-7-2 525040]
S3 SRS_iWowPC_Service;SRS Labs iWow PC;C:\Windows\System32\drivers\SRS_iWowPC_amd64.sys [2011-1-3 51200]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-24 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
.
=============== Created Last 30 ================
.
2071-07-25 07:13:30 203576 ------w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2011-03-06 14:48:16 1966080 ----a-w- C:\Windows\SysWow64\xRaidSetup.exe
2011-03-06 14:48:16 151552 ----a-w- C:\Windows\SysWow64\xRaidAPI.dll
2011-03-06 14:48:16 -------- d-----w- C:\RaidTool
2011-03-06 14:48:04 -------- d-----w- C:\Windows\RaidTool
2011-03-06 14:47:18 98144 ----a-w- C:\Windows\System32\drivers\jraid.sys
2011-03-06 14:46:32 -------- d-----w- C:\Intel
2011-03-06 14:19:18 -------- d-----w- C:\NST
2011-03-06 14:16:38 -------- d-sh--w- C:\Boot
2011-03-02 21:38:59 -------- d-----w- C:\Users\TEHM1Z~1\AppData\Roaming\Raptr
2011-03-02 21:38:59 -------- d-----w- C:\Program Files (x86)\Raptr
2011-03-02 15:06:25 -------- d-----w- C:\Windows\rescache
2011-03-01 21:19:25 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-03-01 21:19:25 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-03-01 21:19:24 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-03-01 21:19:24 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-03-01 18:27:36 -------- d-----w- C:\Windows\System32\SPReview
2011-03-01 18:21:43 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-03-01 18:21:43 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-03-01 18:21:05 427520 ----a-w- C:\Windows\SysWow64\PortableDeviceStatus.dll
2011-03-01 18:21:04 547840 ----a-w- C:\Windows\SysWow64\PortableDeviceApi.dll
2011-03-01 18:21:04 2311168 ----a-w- C:\Windows\SysWow64\wpdshext.dll
2011-03-01 18:21:04 105984 ----a-w- C:\Windows\SysWow64\WPDShServiceObj.dll
2011-03-01 18:21:03 541184 ----a-w- C:\Windows\SysWow64\WMVSDECD.DLL
2011-03-01 18:21:03 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2011-03-01 18:21:02 983040 ----a-w- C:\Program Files (x86)\Windows Media Player\WMPDMC.exe
2011-03-01 18:21:01 902656 ----a-w- C:\Windows\SysWow64\WMADMOD.DLL
2011-03-01 18:19:51 221184 ----a-w- C:\Windows\SysWow64\Mystify.scr
2011-03-01 18:18:32 86528 ----a-w- C:\Windows\SysWow64\isoburn.exe
2011-03-01 18:17:41 488448 ----a-w- C:\Windows\SysWow64\evr.dll
2011-03-01 18:17:41 312168 ----a-w- C:\Windows\SysWow64\MCEWMDRMNDBootstrap.dll
2011-03-01 18:17:40 630784 ----a-w- C:\Windows\SysWow64\DXPTaskRingtone.dll
2011-03-01 18:17:36 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2011-03-01 18:15:57 1221632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\mip.exe
2011-03-01 18:13:37 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-03-01 18:12:47 974336 ----a-w- C:\Windows\System32\WFS.exe
2011-02-28 16:04:13 -------- d-----w- C:\Program Files (x86)\ESET
2011-02-27 16:46:23 65736 ----a-w- C:\Windows\System32\drivers\pxrts.sys
2011-02-27 16:46:22 -------- d-----w- C:\Program Files\Prevx
2011-02-27 16:46:09 -------- d-----w- C:\PROGRA~3\PrevxCSI
2011-02-27 12:58:23 -------- d-----w- C:\Users\TEHM1Z~1\AppData\Roaming\Malwarebytes
2011-02-27 12:58:14 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-27 12:58:13 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-02-27 12:58:10 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-02-27 12:58:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-02-26 20:25:43 85424 ----a-w- C:\Windows\System32\drivers\scdemu.sys
2011-02-26 20:25:43 -------- d-----w- C:\Program Files (x86)\PowerISO
2011-02-26 19:06:27 -------- d-----w- C:\Users\TEHM1Z~1\AppData\Local\Spotnet
2011-02-26 18:59:44 -------- d-----w- C:\Program Files (x86)\Spotnet
2011-02-26 18:59:44 -------- d-----w- C:\PROGRA~3\Spotnet
2011-02-26 17:44:58 -------- d-----w- C:\Users\TEHM1Z~1\AppData\Local\NPE
2011-02-26 10:26:32 -------- d-----w- C:\Program Files (x86)\SpeedFan
2011-02-26 10:22:13 24896 ----a-w- C:\Windows\ET5Drv.sys
2011-02-26 10:21:46 327168 ----a-w- C:\Windows\IsUninst.exe
2011-02-26 09:47:49 -------- d-----w- C:\Program Files\Core Temp
2011-02-24 19:13:05 -------- d-----w- C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2011-02-24 15:52:49 -------- d-----w- C:\Windows\System32\EventProviders
2011-02-24 15:46:59 72192 ----a-w- C:\Windows\SysWow64\regapi.dll
2011-02-24 15:44:43 6656 ----a-w- C:\Windows\System32\drivers\vms3cap.sys
2011-02-24 15:43:59 951680 ----a-w- C:\Windows\System32\drivers\ndis.sys
2011-02-24 15:11:40 -------- d-----w- C:\PROGRA~3\Futuremark
2011-02-24 15:06:24 -------- d-----w- C:\Program Files (x86)\Common Files\Futuremark Shared
2011-02-24 15:05:50 -------- d-----w- C:\Windows\45235788142C44BE8A4DDDE9A84492E5.TMP
2011-02-24 13:38:21 -------- d-----w- C:\Program Files (x86)\GIGABYTE
2011-02-24 13:37:54 25640 ----a-w- C:\Windows\gdrv.sys
2011-02-22 21:53:00 21712 ----a-w- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
2011-02-22 21:53:00 -------- d-----w- C:\Users\TEHM1Z~1\AppData\Local\eSupport.com
2011-02-21 14:53:30 -------- d-----w- C:\PROGRA~3\Intermedia Software
2011-02-21 14:53:27 -------- d-----w- C:\Program Files (x86)\Intermedia Software
2011-02-21 14:27:27 -------- d-----w- C:\Program Files (x86)\The KMPlayer
2011-02-20 15:22:18 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2011-02-20 14:48:08 802864 ----a-w- C:\Windows\System32\drivers\NISx64\1205000.07D\symefa64.sys
2011-02-20 14:48:08 735864 ----a-w- C:\Windows\System32\drivers\NISx64\1205000.07D\srtsp64.sys
2011-02-20 14:48:08 450608 ----a-w- C:\Windows\System32\drivers\NISx64\1205000.07D\symds64.sys
2011-02-20 14:48:08 40568 ----a-w- C:\Windows\System32\drivers\NISx64\1205000.07D\srtspx64.sys
2011-02-20 14:48:08 382072 ----a-w- C:\Windows\System32\drivers\NISx64\1205000.07D\symnets.sys
2011-02-20 14:48:08 171128 ----a-w- C:\Windows\System32\drivers\NISx64\1205000.07D\ironx64.sys
2011-02-20 14:48:03 -------- d-----w- C:\Windows\System32\drivers\NISx64\1205000.07D
2011-02-20 14:43:17 174640 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-02-20 14:43:17 -------- d-----w- C:\Program Files\Symantec
2011-02-20 14:43:17 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2011-02-20 14:42:45 -------- d-----w- C:\Program Files (x86)\Norton Internet Security
2011-02-20 14:42:40 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2011-02-20 14:19:33 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-02-20 12:33:56 715776 ----a-w- C:\Windows\System32\kerberos.dll
2011-02-20 12:33:56 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2011-02-20 12:33:54 3129344 ----a-w- C:\Windows\System32\win32k.sys
2011-02-20 12:33:52 612864 ----a-w- C:\Windows\System32\vbscript.dll
2011-02-20 12:33:51 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-02-20 12:33:34 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-02-20 12:33:34 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-02-20 12:33:29 214016 ----a-w- C:\Windows\System32\winsrv.dll
2011-02-20 12:30:41 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2011-02-20 12:30:41 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-20 12:30:41 366592 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-20 12:30:41 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-02-20 12:30:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-02-20 12:30:41 100864 ----a-w- C:\Windows\System32\fontsub.dll
2011-02-19 12:54:07 -------- d-----w- C:\Program Files (x86)\FTDv3.8
2011-02-18 22:32:20 61 --sh--w- C:\Windows\cnerolf.bin
2011-02-18 17:36:32 -------- d-----w- C:\Users\TEHM1Z~1\AppData\Roaming\Red Kawa
2011-02-17 21:08:22 -------- d-----w- C:\Fraps
2011-02-17 20:33:20 -------- d-----w- C:\Users\TEHM1Z~1\AppData\Roaming\MAXON
2011-02-17 18:50:04 -------- d-----w- C:\PROGRA~3\SafeNet Sentinel
2011-02-17 18:50:01 -------- d-----w- C:\Program Files (x86)\Vicon
2011-02-12 22:50:17 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2011-02-11 18:01:00 -------- d-----w- C:\Windows\SysWow64\RTCOM
2011-02-11 18:01:00 -------- d-----w- C:\Program Files\Realtek
2011-02-10 20:29:04 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2011-02-10 20:21:22 80984 ----a-w- C:\Windows\System32\MBWrp64.dll
2011-02-10 20:21:22 2838632 ----a-w- C:\Windows\System32\RtkAPO64.dll
2011-02-10 13:41:44 86016 ----a-w- C:\Windows\SysWow64\frapsvid.dll
2011-02-10 13:41:42 84992 ----a-w- C:\Windows\System32\frapsv64.dll
2011-02-05 17:28:40 -------- d-----w- C:\Users\TEHM1Z~1\AppData\Local\Real_Environment_Simulati
2011-02-05 11:28:34 -------- d-----w- C:\Users\TEHM1Z~1\AppData\Local\Microsoft Game Studios
2011-02-05 10:17:37 -------- d-----w- C:\Windows\PCHEALTH
.
==================== Find3M ====================
.
2011-03-01 18:32:51 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-03-01 18:32:51 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-01-26 22:37:22 9085952 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-01-26 22:22:20 22295040 ----a-w- C:\Windows\System32\atio6axx.dll
2011-01-26 22:00:46 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-01-26 22:00:32 596480 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-01-26 21:59:48 17204736 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-01-26 21:59:12 708608 ----a-w- C:\Windows\System32\aticfx64.dll
2011-01-26 21:56:30 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-01-26 21:56:16 479232 ----a-w- C:\Windows\System32\atieclxx.exe
2011-01-26 21:55:38 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-01-26 21:54:22 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-01-26 21:54:02 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-01-26 21:53:56 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-01-26 21:53:44 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-01-26 21:53:38 16384 ----a-w- C:\Windows\System32\atimuixx.dll
2011-01-26 21:53:34 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-01-26 21:53:28 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-01-26 21:49:46 4105728 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-01-26 21:40:04 4847616 ----a-w- C:\Windows\System32\atidxx64.dll
2011-01-26 21:32:48 1208320 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-01-26 21:32:14 1912832 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-01-26 21:32:02 3222016 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-01-26 21:28:54 4170752 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-01-26 21:27:54 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-01-26 21:27:52 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-01-26 21:27:44 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-01-26 21:27:42 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-01-26 21:27:32 6982144 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-01-26 21:25:52 5580800 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-01-26 21:24:20 3463680 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-01-26 21:22:00 5316096 ----a-w- C:\Windows\System32\atiumd64.dll
2011-01-26 21:20:46 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-01-26 21:14:16 354304 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-01-26 21:14:10 249856 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-01-26 21:13:58 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-01-26 21:13:54 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-01-26 21:13:54 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-01-26 21:13:52 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-01-26 21:13:44 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-01-26 21:13:34 299520 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-01-26 21:12:48 39936 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-01-26 21:12:42 30720 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-01-26 21:12:34 38400 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-01-26 21:12:26 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-01-26 21:11:48 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-01-26 21:08:48 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2011-01-26 21:08:48 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-01-26 21:08:42 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-01-26 21:08:42 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-01-25 17:54:04 2727912 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2011-01-25 12:58:04 2358888 ----a-w- C:\Windows\System32\RtPgEx64.dll
2011-01-24 13:20:12 638056 ----a-w- C:\Windows\System32\RtkApi64.dll
2011-01-24 12:29:00 1284712 ----a-w- C:\Windows\RtlExUpd.dll
2011-01-20 13:47:40 1943616 ----a-w- C:\Windows\System32\FMAPO64.dll
2011-01-04 18:25:40 83560 ----a-w- C:\Windows\System32\RCoInst64.dll
2010-12-23 18:06:36 64600 ----a-w- C:\Windows\System32\MBppld64.dll
2010-12-23 18:06:24 876120 ----a-w- C:\Windows\System32\MBAPO64.dll
2010-12-23 18:06:20 738392 ----a-w- C:\Windows\SysWow64\MBAPO32.dll
2010-12-07 11:17:20 51200 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2010-12-07 11:15:30 52736 ----a-w- C:\Windows\System32\OpenCL.dll
.
============= FINISH: 17:55:29,35 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 22-5-2010 12:33:26
System Uptime: 6-3-2011 15:25:16 (2 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | P35-DS3P
Processor: Intel® Core™2 Quad CPU Q8400 @ 2.66GHz | Socket 775 | 2667/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 117 GiB total, 11,003 GiB free.
D: is FIXED (NTFS) - 456 GiB total, 23,97 GiB free.
E: is FIXED (NTFS) - 466 GiB total, 191,849 GiB free.
F: is FIXED (NTFS) - 422 GiB total, 82,363 GiB free.
G: is FIXED (NTFS) - 280 GiB total, 40,847 GiB free.
H: is FIXED (NTFS) - 466 GiB total, 155,728 GiB free.
I: is FIXED (NTFS) - 446 GiB total, 80,561 GiB free.
J: is CDROM ()
K: is CDROM (CDFS)
L: is CDROM ()
M: is FIXED (NTFS) - 68 GiB total, 53,357 GiB free.
N: is FIXED (NTFS) - 15 GiB total, 0,554 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Multimedia-audiocontroller
Device ID: PCI\VEN_13F6&DEV_0111&SUBSYS_011113F6&REV_10\4&30D54F48&0&08F0
Manufacturer:
Name: Multimedia-audiocontroller
PNP Device ID: PCI\VEN_13F6&DEV_0111&SUBSYS_011113F6&REV_10\4&30D54F48&0&08F0
Service:
.
==== System Restore Points ===================
.
RP225: 6-3-2011 15:47:37 - Installed Gigabyte Raid Configurer
.
==== Installed Programs ======================
.
@BIOS
18 WoS Extreme Trucker 2 (v.1.0)
3D Driving-School
3DMark Vantage
AC3File 0.7b
AC3Filter 1.63b
Acronis Drive Monitor
Acronis True Image Home
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe After Effects CS5
Adobe After Effects CS5 Third Party Content
Adobe After Effects CS5 Third Party Royalty Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Community Help
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS5
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS5
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS5
Adobe Reader 9.3.2 - Nederlands
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
aerosoft's - FDC Live Cockpit
Age of Empires III
Age of Empires III - The Asian Dynasties
Age of Empires III - The WarChiefs
Airbus Series Vol.1 (FS X)
AMIP (remove only)
Any to Icon
Apache: Air Assault
Apple Application Support
Apple Software Update
ASIO4ALL
ATI Catalyst Registration
AviSynth 2.5
Battlefield 2™
Battlefield Heroes
Battlefield: Bad Company™ 2
BitTorrent
Bulletstorm
Burn My Files
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-core-static
CCC Help English
Citation X for FSX
Cities XL
ClassicPro© v1.14
Clutch
Crash Time 4 - The Syndicate
dBpoweramp [Calculate Audio CRC] Codec
dBpoweramp Dalet Codec
dBpoweramp DSP Effects
dBpoweramp FLAC Codec
dBpoweramp m4a Codec
dBpoweramp Monkeys Audio Codec
dBpoweramp Mp2 and BwfMp2 codec
dBpoweramp mp3 (Fraunhofer IIS) Codec
dBpoweramp Music Converter
dBpoweramp Ogg Vorbis Codec
dBpoweramp Real Audio (Helix) Encoder
dBPoweramp tooLame MP2 codec
dBpoweramp Wave64 Codec
dBpoweramp WavPack Codec
De Sims™ 3
De Sims™ 3 Ambities
De Sims™ 3 Luxe Accessoires
De Sims™ 3 Supersnelle Accessoires
De Sims™ 3 Wereldavonturen
DFX for Winamp
DiRT2
DiskAid 4.11
EasyBCD 2.0
EasyTune5
Emergency 2012
Emergency 4 Deluxe
ESET Online Scanner v3
F1 2010
facemoods
ffdshow v1.1.3476 [2010-06-15]
FIFA 11
FileZilla Client 3.3.5.1
FL Studio 9
Flight Simulator X
Flight Simulator X Service Pack 1
Fraps (remove only)
Futuremark SystemInfo
GameSpy Arcade
German Truck Simulator
Gigabyte Raid Configurer
Google Apps
Google Chrome
Google Earth
Google Update Helper
Google Updater
GRID
Gtk+ Runtime Environment 2.12.9-2
GTR Evolution
Haali Media Splitter
Hardcore
Helium Music Manager 7 (build 8670)
HHD Software Free Hex Editor Neo 4.95
honestech VHS to DVD 2.0
IL Download Manager
ImgBurn
iPhone Explorer 2.100
iReboot 1.1.0
Java Auto Updater
Java™ 6 Update 22
JDownloader
Junk Mail filter update
Just Flight - 757 Captain FSX
Malwarebytes' Anti-Malware
Medal of Honor ™
MEO Encryption Software
Messenger Plus! Live
Messenger_Plus_Live_Netherlands Toolbar
Microsoft .NET Framework 1.1
Microsoft Age of Empires II
Microsoft AutoRoute 2010
Microsoft Choice Guard
Microsoft Device Emulator version 2.0 - ENU
Microsoft Flight Simulator X
Microsoft Flight Simulator X: Acceleration
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft MapPoint Europe 2010
Microsoft Office Access database engine 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable Package
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox (3.6.14)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Namoroka (64-bit) (3.6.3)
Need for Speed™ Hot Pursuit
Need for Speed™ SHIFT
Norton Internet Security
NVIDIA PhysX
ObjectDock Plus
OpenAL
PC Navigator 9 9.0.39-1
PDF Settings CS5
Photoshop Camera Raw
Pixel Bender Toolkit
PoiZone
PokerStars
PowerISO
PSP Video 9 6
PunkBuster Services
QuickTime
Raptr
Rapture3D 2.3.22 Game
Real Environment Xtreme
Real Environment Xtreme - Overdrive
Realtek High Definition Audio Driver
RigNRoll (Remove Only)
ROCCAT Kone Mouse Driver
RollerCoaster Tycoon 2
RollerCoaster Tycoon 3 Platinum
SABnzbd (remove only)
Safari
Samsung CLX-3170 Series
Sawer
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Setup Utility 9
Ship Simulator Extremes
SmartFTP Client Setup Files 4.0 (x64) (remove only)
SmartSound Quicktracks Plugin
Sniper Elite
SpeedFan (remove only)
Split/Second
Spotnet
Stardock Impulse
Suite Shared Configuration CS4
System Requirements Lab CYRI
TeamViewer 5
TeamViewer 6
Test Drive Unlimited 2
The KMPlayer (remove only)
The Lord of the Rings FREE Trial
TI Connect 1.6
Toxic Biohazard
TVersity Codec Pack 1.4
TVersity Media Server 1.9.3
Ultimate-Coop 1.0
Unity Web Player
VFR Netherlands Area 1 v1.1
VFR Netherlands Area 2 v1.1
VFR Netherlands Area 3 v1.1
VFR Netherlands Area 4 v1.1
VFR Netherlands Area 5 v1.1
VFR Netherlands DTM v1.1
VFR Netherlands v1.1
Vicon boujou 5.0
Video Grabber Device Driver
VLC media player 1.1.3
VLC Setup Helper 3.01
voodoo camera tracker
Winamp
Winamp Applicatie Detect
Windows 7 Manager
Windows Live - Hulpprogramma voor uploaden
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
WinSCP 4.2.9
Wisdom-soft AutoScreenRecorder 3.0 Pro
Xfire (remove only)
Xiph QuickTime Components
Xiph.Org Open Codecs 0.84.17359
xrecode II 1.0.0.156
XviD MPEG-4 Codec
YouTube Downloader 2.5.5
Zoom Player (remove only)
.
==== End Of File ===========================
Intel Q8400
Gigabyte P35-DS3P (rev 1.0)
OCZ DDR 2 1066 4GB
Club3D HD4870 1GB
6 Samsung 500GB (3TB total)
Antec Ninehundred Case
Logitech G15 Keyboard
Roccat Kone Mouse
Logitech Z-5500 5.1 system
Iiyama ProLite E2607WS 26" LCD Screen


Xbox 360 - GT: TehM1ZZL360

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:26 PM

Posted 06 March 2011 - 03:51 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 TehM1ZZL3

TehM1ZZL3
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NLD
  • Local time:03:26 AM

Posted 06 March 2011 - 04:50 PM

Hello Gringo,

Thanks for your help again!

I have tried to run ComboFix, however no succes. My computer is running Windows 7 Ultimate Service Pack 1 (installed last week or so) 64 bit with a Dutch language package on it. Here are some pics to make it easy to understand for you and so that I have not to type endless texts that you have to read. I thought printscreens would be easier. So here you go:

First it gave this message.
Posted Image

When I click OK it said my antispyware protection was still on, that was true because I had to disable some more in Norton that could not be done with "Disable Firewall" and "Disable Anti-Virus" only. I had to go in the Norton Menu and click Antispyware to red as you see in the pic. Then it worked.

Posted Image

Posted Image

When I clicked on OK it said this. Quite weird? Has it to do with 64 bit? Or maybe it has to do with a written error in a filename Dutch to English in my Windows configuration if you know what I mean.
Posted Image

After I click okay the blue screen quites and nothing is happening anymore. I cannot find any logs in the folder were combofix was running, my C:\ system disk and my desktop. Nowhere is a log and I waited a few minutes. So it has been quit for sure I think.


Overall the computer is doing fine. No symptoms of spyware, virusses, redirection in internet, trojans whatsoever. However, the threat is maybe running deep inside my system brewing on a nasty plan and sending all my passwords to a bad person. I don't know if that is really happening, because I'm not a expert like you. So it may be here or it may not be here. But to keep it short: The system is running fine like it always did before. Only NIS gave the message, now it doesn't give it anymore for about 5 days since I posted this thread after the help of quiteman7. But what I said I don't know if it still in my PC. Also when NIS gave the message my computer was doing fine. So I never had a bad time that I was becoming frustrated because some things weren't working anymore. That was not a case anytime.


Thank you for your help!
BTW: I'm going to get some sleep now because I have to get up early next morning.

Cheers,
TehM1ZZL3

Edited by TehM1ZZL3, 06 March 2011 - 04:59 PM.

Intel Q8400
Gigabyte P35-DS3P (rev 1.0)
OCZ DDR 2 1066 4GB
Club3D HD4870 1GB
6 Samsung 500GB (3TB total)
Antec Ninehundred Case
Logitech G15 Keyboard
Roccat Kone Mouse
Logitech Z-5500 5.1 system
Iiyama ProLite E2607WS 26" LCD Screen


Xbox 360 - GT: TehM1ZZL360

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:26 PM

Posted 06 March 2011 - 05:29 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 TehM1ZZL3

TehM1ZZL3
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NLD
  • Local time:03:26 AM

Posted 07 March 2011 - 08:50 AM

That worked! Thank you.

Here's the log:


ComboFix 11-03-05.02 - TehM1ZZL3 07-03-2011 14:30:51.1.4 - x64 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1033.18.4094.3415 [GMT 1:00]
Gestart vanuit: c:\users\TehM1ZZL3\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\facemoods.com
c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\facemoods.crx
c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\facemoods.png
c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodsApp.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodsEng.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe
c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\uninstall.exe
D:\install.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-02-07 to 2011-03-07 ))))))))))))))))))))))))))))))
.
.
2071-07-25 07:13 . 2006-11-21 18:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2011-03-07 13:36 . 2011-03-07 13:36 -------- d-----w- c:\users\Mcx1-TEHM1ZZL3-PC\AppData\Local\temp
2011-03-07 13:36 . 2011-03-07 13:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-06 20:52 . 2011-03-06 20:52 -------- d-----w- c:\windows\SysWow64\Wat
2011-03-06 20:52 . 2011-03-06 20:52 -------- d-----w- c:\windows\system32\Wat
2011-03-06 15:21 . 2011-03-06 15:23 -------- d-----w- c:\users\TehM1ZZL3\AppData\Roaming\ImgBurn
2011-03-06 15:18 . 2011-03-06 15:18 -------- d-----w- c:\program files (x86)\ImgBurn
2011-03-06 14:48 . 2011-03-06 14:48 -------- d-----w- C:\RaidTool
2011-03-06 14:48 . 2008-03-19 18:54 151552 ----a-w- c:\windows\SysWow64\xRaidAPI.dll
2011-03-06 14:48 . 2007-11-19 19:28 1966080 ----a-w- c:\windows\SysWow64\xRaidSetup.exe
2011-03-06 14:48 . 2011-03-06 14:48 -------- d-----w- c:\windows\RaidTool
2011-03-06 14:47 . 2008-11-04 18:21 98144 ----a-w- c:\windows\system32\drivers\jraid.sys
2011-03-06 14:46 . 2011-03-06 14:46 -------- d-----w- C:\Intel
2011-03-06 14:46 . 2011-03-06 14:46 -------- d-----w- c:\program files (x86)\Intel
2011-03-06 14:19 . 2011-03-06 14:19 -------- d-----w- C:\NST
2011-03-06 14:16 . 2011-03-06 14:16 -------- d-----w- C:\Boot
2011-03-02 21:38 . 2011-03-06 22:16 -------- d-----w- c:\users\TehM1ZZL3\AppData\Roaming\Raptr
2011-03-02 21:38 . 2011-03-02 21:39 -------- d-----w- c:\program files (x86)\Raptr
2011-03-02 15:06 . 2011-03-02 15:08 -------- d-----w- c:\windows\rescache
2011-03-01 21:19 . 2011-01-07 12:17 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-01 21:19 . 2011-01-07 12:17 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-01 21:19 . 2011-01-07 07:46 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-03-01 21:19 . 2011-01-07 07:46 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-03-01 18:27 . 2011-03-01 18:27 -------- d-----w- c:\windows\system32\SPReview
2011-03-01 18:21 . 2010-11-05 01:53 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-03-01 18:21 . 2010-11-05 01:53 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-03-01 18:21 . 2010-11-20 12:20 427520 ----a-w- c:\windows\SysWow64\PortableDeviceStatus.dll
2011-03-01 18:21 . 2010-11-20 12:21 2311168 ----a-w- c:\windows\SysWow64\wpdshext.dll
2011-03-01 18:21 . 2010-11-20 12:21 105984 ----a-w- c:\windows\SysWow64\WPDShServiceObj.dll
2011-03-01 18:21 . 2010-11-20 12:20 547840 ----a-w- c:\windows\SysWow64\PortableDeviceApi.dll
2011-03-01 18:21 . 2010-11-20 12:21 541184 ----a-w- c:\windows\SysWow64\WMVSDECD.DLL
2011-03-01 18:21 . 2010-11-20 12:21 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2011-03-01 18:21 . 2010-11-20 12:17 983040 ----a-w- c:\program files (x86)\Windows Media Player\WMPDMC.exe
2011-03-01 18:21 . 2010-11-20 12:21 902656 ----a-w- c:\windows\SysWow64\WMADMOD.DLL
2011-03-01 18:19 . 2010-11-20 12:16 221184 ----a-w- c:\windows\SysWow64\Mystify.scr
2011-03-01 18:18 . 2010-11-20 12:17 86528 ----a-w- c:\windows\SysWow64\isoburn.exe
2011-03-01 18:17 . 2010-11-20 12:19 488448 ----a-w- c:\windows\SysWow64\evr.dll
2011-03-01 18:17 . 2010-11-05 02:11 312168 ----a-w- c:\windows\SysWow64\MCEWMDRMNDBootstrap.dll
2011-03-01 18:17 . 2010-11-20 12:18 630784 ----a-w- c:\windows\SysWow64\DXPTaskRingtone.dll
2011-03-01 18:17 . 2010-11-20 12:16 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2011-03-01 18:15 . 2010-11-20 12:17 1221632 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\mip.exe
2011-03-01 18:13 . 2010-11-20 13:27 2314752 ----a-w- c:\windows\system32\tquery.dll
2011-03-01 18:12 . 2010-11-20 13:27 1852928 ----a-w- c:\program files\DVD Maker\Pipeline.dll
2011-02-28 16:04 . 2011-02-28 16:04 -------- d-----w- c:\program files (x86)\ESET
2011-02-27 16:46 . 2011-02-27 16:46 65736 ----a-w- c:\windows\system32\drivers\pxrts.sys
2011-02-27 16:46 . 2011-02-27 16:46 -------- d-----w- c:\program files\Prevx
2011-02-27 16:46 . 2011-02-27 17:07 -------- d-----w- c:\programdata\PrevxCSI
2011-02-27 12:58 . 2011-02-27 12:58 -------- d-----w- c:\users\TehM1ZZL3\AppData\Roaming\Malwarebytes
2011-02-27 12:58 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-27 12:58 . 2011-02-27 12:58 -------- d-----w- c:\programdata\Malwarebytes
2011-02-27 12:58 . 2011-02-27 16:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-02-27 12:58 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-26 20:25 . 2011-02-26 20:25 -------- d-----w- c:\program files (x86)\PowerISO
2011-02-26 20:25 . 2009-03-15 10:32 85424 ----a-w- c:\windows\system32\drivers\scdemu.sys
2011-02-26 19:06 . 2011-02-26 19:06 -------- d-----w- c:\users\TehM1ZZL3\AppData\Local\Spotnet
2011-02-26 18:59 . 2011-02-26 19:33 -------- d-----w- c:\programdata\Spotnet
2011-02-26 18:59 . 2011-02-26 18:59 -------- d-----w- c:\program files (x86)\Spotnet
2011-02-26 17:44 . 2011-02-26 17:48 -------- d-----w- c:\users\TehM1ZZL3\AppData\Local\NPE
2011-02-26 10:26 . 2011-02-26 10:26 -------- d-----w- c:\program files (x86)\SpeedFan
2011-02-26 10:22 . 2006-12-12 14:07 24896 ----a-w- c:\windows\ET5Drv.sys
2011-02-26 10:21 . 1998-10-02 18:00 327168 ----a-w- c:\windows\IsUninst.exe
2011-02-26 09:47 . 2011-02-26 09:48 -------- d-----w- c:\program files\Core Temp
2011-02-24 21:13 . 2011-02-24 21:13 -------- d-----w- c:\users\Default\AppData\Roaming\Xfire
2011-02-24 19:13 . 2011-02-24 19:13 -------- d-----w- c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2011-02-24 15:52 . 2011-02-24 15:52 -------- d-----w- c:\windows\system32\EventProviders
2011-02-24 15:46 . 2010-11-20 12:21 40448 ----a-w- c:\windows\SysWow64\wtsapi32.dll
2011-02-24 15:44 . 2010-11-20 13:34 46464 ----a-w- c:\windows\system32\drivers\vmstorfl.sys
2011-02-24 15:43 . 2010-11-20 13:33 376192 ----a-w- c:\windows\system32\drivers\netio.sys
2011-02-24 15:11 . 2011-02-24 15:11 -------- d-----w- c:\programdata\Futuremark
2011-02-24 15:06 . 2011-02-24 15:06 -------- d-----w- c:\program files (x86)\Common Files\Futuremark Shared
2011-02-24 15:05 . 2011-02-24 15:05 -------- d-----w- c:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP
2011-02-24 14:45 . 2011-02-24 14:45 -------- d-----w- c:\programdata\Logitech
2011-02-24 14:45 . 2011-02-24 14:45 -------- d-----w- c:\program files (x86)\Logitech
2011-02-24 13:38 . 2011-02-26 10:21 -------- d-----w- c:\program files (x86)\GIGABYTE
2011-02-24 13:37 . 2011-02-24 14:40 25640 ----a-w- c:\windows\gdrv.sys
2011-02-22 21:53 . 2011-02-22 21:53 -------- d-----w- c:\users\TehM1ZZL3\AppData\Local\eSupport.com
2011-02-22 21:53 . 2011-02-22 21:53 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
2011-02-21 14:53 . 2011-02-21 14:53 -------- d-----w- c:\programdata\Intermedia Software
2011-02-21 14:53 . 2011-02-21 14:53 -------- d-----w- c:\program files (x86)\Intermedia Software
2011-02-21 14:27 . 2011-02-21 14:32 -------- d-----w- c:\program files (x86)\The KMPlayer
2011-02-20 15:22 . 2011-02-20 15:22 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2011-02-20 14:48 . 2011-02-20 14:59 -------- d-----w- c:\windows\system32\drivers\NISx64\1205000.07D
2011-02-20 14:43 . 2011-02-20 14:43 174640 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-02-20 14:43 . 2011-02-20 14:43 -------- d-----w- c:\program files\Symantec
2011-02-20 14:43 . 2011-02-20 14:43 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-02-20 14:42 . 2011-02-20 14:42 -------- d-----w- c:\program files (x86)\Norton Internet Security
2011-02-20 14:42 . 2011-02-20 14:42 -------- d-----w- c:\program files (x86)\NortonInstaller
2011-02-20 14:19 . 2010-08-21 04:59 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-02-20 12:33 . 2010-12-17 11:40 715776 ----a-w- c:\windows\system32\kerberos.dll
2011-02-20 12:33 . 2010-12-17 07:07 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2011-02-20 12:33 . 2011-01-05 06:56 3129344 ----a-w- c:\windows\system32\win32k.sys
2011-02-20 12:33 . 2011-01-05 10:34 612864 ----a-w- c:\windows\system32\vbscript.dll
2011-02-20 12:33 . 2011-01-05 05:55 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-02-20 12:33 . 2011-01-07 09:51 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-20 12:33 . 2011-01-07 06:01 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-02-20 12:33 . 2010-12-17 11:42 214016 ----a-w- c:\windows\system32\winsrv.dll
2011-02-20 12:30 . 2011-01-07 12:14 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-02-20 12:30 . 2011-01-07 09:20 366592 ----a-w- c:\windows\system32\atmfd.dll
2011-02-20 12:30 . 2011-01-07 07:45 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-02-20 12:30 . 2011-01-07 05:43 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-02-20 12:30 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll
2011-02-20 12:30 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2011-02-19 12:54 . 2011-02-19 12:54 -------- d-----w- c:\program files (x86)\FTDv3.8
2011-02-18 22:32 . 2011-02-18 22:32 61 --sh--w- c:\windows\cnerolf.bin
2011-02-18 17:36 . 2011-02-18 17:36 -------- d-----w- c:\users\TehM1ZZL3\AppData\Roaming\Red Kawa
2011-02-17 21:08 . 2011-02-18 20:16 -------- d-----w- C:\Fraps
2011-02-17 20:33 . 2011-02-17 20:47 -------- d-----w- c:\users\TehM1ZZL3\AppData\Roaming\MAXON
2011-02-17 18:50 . 2011-02-17 18:50 -------- d-----w- c:\programdata\SafeNet Sentinel
2011-02-17 18:50 . 2011-02-17 18:50 -------- d-----w- c:\program files (x86)\Vicon
2011-02-12 22:50 . 2011-02-24 21:11 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2011-02-12 22:50 . 2011-02-24 21:11 -------- d-----w- c:\users\TehM1ZZL3\AppData\Roaming\SystemRequirementsLab
2011-02-11 18:01 . 2011-02-11 18:01 -------- d-----w- c:\windows\SysWow64\RTCOM
2011-02-11 18:01 . 2011-02-11 18:01 -------- d-----w- c:\program files\Realtek
2011-02-10 20:29 . 2006-02-07 14:44 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2011-02-10 20:21 . 2011-01-25 12:58 2838632 ----a-w- c:\windows\system32\RtkAPO64.dll
2011-02-10 20:21 . 2010-07-02 18:40 80984 ----a-w- c:\windows\system32\MBWrp64.dll
2011-02-10 13:41 . 2011-02-10 13:41 86016 ----a-w- c:\windows\SysWow64\frapsvid.dll
2011-02-10 13:41 . 2011-02-10 13:41 84992 ----a-w- c:\windows\system32\frapsv64.dll
2011-02-05 17:28 . 2011-02-05 18:52 -------- d-----w- c:\users\TehM1ZZL3\AppData\Local\Real_Environment_Simulati
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-01 18:32 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-03-01 18:32 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-01-26 22:37 . 2011-01-26 22:37 9085952 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-01-26 22:22 . 2011-01-26 22:22 22295040 ----a-w- c:\windows\system32\atio6axx.dll
2011-01-26 22:00 . 2011-01-26 22:00 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-01-26 22:00 . 2010-12-23 15:22 596480 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-01-26 21:59 . 2011-01-26 21:59 17204736 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-01-26 21:59 . 2010-08-04 00:54 708608 ----a-w- c:\windows\system32\aticfx64.dll
2011-01-26 21:56 . 2011-01-26 21:56 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-01-26 21:56 . 2010-12-23 15:22 479232 ----a-w- c:\windows\system32\atieclxx.exe
2011-01-26 21:55 . 2010-12-23 15:22 203776 ----a-w- c:\windows\system32\atiesrxx.exe
2011-01-26 21:54 . 2011-01-26 21:54 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-01-26 21:54 . 2010-12-23 15:22 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-01-26 21:53 . 2011-01-26 21:53 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-01-26 21:53 . 2011-01-26 21:53 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-01-26 21:53 . 2011-01-26 21:53 16384 ----a-w- c:\windows\system32\atimuixx.dll
2011-01-26 21:53 . 2011-01-26 21:53 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-01-26 21:53 . 2011-01-26 21:53 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-01-26 21:49 . 2011-01-26 21:49 4105728 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-01-26 21:40 . 2009-07-13 21:59 4847616 ----a-w- c:\windows\system32\atidxx64.dll
2011-01-26 21:32 . 2011-01-26 21:32 1208320 ----a-w- c:\windows\system32\atiumd6v.dll
2011-01-26 21:32 . 2011-01-26 21:32 1912832 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-01-26 21:32 . 2011-01-26 21:32 3222016 ----a-w- c:\windows\system32\atiumd6a.dll
2011-01-26 21:28 . 2010-12-23 15:22 4170752 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-01-26 21:27 . 2011-01-26 21:27 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-01-26 21:27 . 2011-01-26 21:27 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-01-26 21:27 . 2011-01-26 21:27 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-01-26 21:27 . 2011-01-26 21:27 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-01-26 21:27 . 2011-01-26 21:27 6982144 ----a-w- c:\windows\system32\aticaldd64.dll
2011-01-26 21:25 . 2011-01-26 21:25 5580800 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-01-26 21:24 . 2010-12-23 15:22 3463680 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-01-26 21:22 . 2011-01-26 21:22 5316096 ----a-w- c:\windows\system32\atiumd64.dll
2011-01-26 21:20 . 2010-08-04 00:23 58880 ----a-w- c:\windows\system32\coinst.dll
2011-01-26 21:14 . 2010-12-23 15:22 354304 ----a-w- c:\windows\system32\atiadlxx.dll
2011-01-26 21:14 . 2011-01-26 21:14 249856 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-01-26 21:13 . 2011-01-26 21:13 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2011-01-26 21:13 . 2011-01-26 21:13 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-01-26 21:13 . 2011-01-26 21:13 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-01-26 21:13 . 2011-01-26 21:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-01-26 21:13 . 2011-01-26 21:13 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-01-26 21:13 . 2011-01-26 21:13 299520 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-01-26 21:12 . 2010-08-04 00:15 39936 ----a-w- c:\windows\system32\atiuxp64.dll
2011-01-26 21:12 . 2010-12-23 15:22 30720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-01-26 21:12 . 2010-12-23 15:22 38400 ----a-w- c:\windows\system32\atiu9p64.dll
2011-01-26 21:12 . 2010-12-23 15:22 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-01-26 21:11 . 2011-01-26 21:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-01-26 21:08 . 2011-01-26 21:08 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-01-26 21:08 . 2011-01-26 21:08 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-01-26 21:08 . 2011-01-26 21:08 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-01-26 21:08 . 2011-01-26 21:08 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-01-04 21:53 . 2009-08-18 11:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-01-04 21:53 . 2009-08-18 10:24 17816 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{d2ab2732-a124-4fb2-8da5-4a6a9e379331}"= "c:\program files (x86)\Messenger_Plus_Live_Netherlands\tbMess.dll" [2010-03-09 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{d2ab2732-a124-4fb2-8da5-4a6a9e379331}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{d2ab2732-a124-4fb2-8da5-4a6a9e379331}]
2010-03-09 09:06 2355224 ----a-w- c:\program files (x86)\Messenger_Plus_Live_Netherlands\tbMess.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{d2ab2732-a124-4fb2-8da5-4a6a9e379331}"= "c:\program files (x86)\Messenger_Plus_Live_Netherlands\tbMess.dll" [2010-03-09 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{d2ab2732-a124-4fb2-8da5-4a6a9e379331}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2010-11-20 12:20 442880 ----a-w- c:\windows\System32\ntshrui.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2011-02-16 53160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Kone"="c:\program files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE" [2009-09-15 180224]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2009-12-09 606208]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-03-27 5107232]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"EasyTuneV"="c:\program files (x86)\Gigabyte\ET5\ETcall.exe" [2007-08-14 20480]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"adm_tray.exe"="c:\program files (x86)\Acronis\DriveMonitor\adm_tray.exe" [2011-02-24 466768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
c:\users\TehM1ZZL3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SABnzbd.lnk - c:\program files (x86)\SABnzbd\SABnzbd.exe [2010-11-15 337408]
Xfire.lnk - c:\program files (x86)\Xfire\Xfire.exe [2010-7-9 3493776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R0 spldr;Security Processor Loader Driver; [x]
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110225.002\BHDrvx64.sys [2011-02-25 1124472]
R1 CSC;Offline Files-stuurprogramma;c:\windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [2010-11-20 102400]
R1 DhaHelper;DhaHelper;c:\windows\system32\drivers\dhahelper.sys [x]
R1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys [2009-07-13 40448]
R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110303.001\IDSvia64.sys [2010-11-09 476792]
R1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys [2009-07-13 24576]
R1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [2009-07-14 7680]
R1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys [2009-07-14 8192]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1205000.07D\Ironx64.SYS [2010-11-16 171128]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1205000.07D\SYMNETS.SYS [2010-12-01 382072]
R1 tdx;Stuurprogramma voor ondersteuning van NetIO Legacy TDI;c:\windows\system32\DRIVERS\tdx.sys [2010-11-20 119296]
R1 Wanarpv6;IPv6 ARP-stuurprogramma voor externe toegang;c:\windows\system32\DRIVERS\wanarp.sys [2010-11-20 88576]
R1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys [2009-07-14 12800]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-05-31 2480048]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-26 203776]
R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;c:\windows\System32\svchost.exe [2009-07-14 27136]
R2 BFE;Base Filtering Engine;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 CscService;Offline Files;c:\windows\System32\svchost.exe [2009-07-14 27136]
R2 DPS;Diagnostic Policy Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
R2 FDResPub;Function Discovery Resource Publication;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 gpsvc;Group Policy Client;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-24 136176]
R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 IPBusEnum;PnP-X IP Bus Enumerator;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 iphlpsvc;IP Helper;c:\windows\System32\svchost.exe [2009-07-14 27136]
R2 iReboot;iReboot Background Service;c:\program files (x86)\NeoSmart Technologies\iReboot\iRebootd.exe [2008-04-27 9216]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [2009-07-14 60928]
R2 luafv;Virtualisatie van UAC-bestanden;c:\windows\system32\drivers\luafv.sys [2009-07-13 113152]
R2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-06 191000]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
R2 Mcx2Svc;Media Center Extender Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 MMCSS;Multimedia Class Scheduler;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe [2010-11-24 130000]
R2 NlaSvc;Network Location Awareness;c:\windows\System32\svchost.exe [2009-07-14 27136]
R2 nsi;Network Store Interface Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [2009-07-14 651264]
R2 Process Blocker;Process Blocker;c:\program files\Process Blocker\Process Blocker.exe [2010-04-22 116952]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-08-13 11576]
R2 SysMain;Superfetch;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [2010-11-20 45056]
R2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-05-21 173352]
R2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
R2 UxSms;Desktop Window Manager Session Manager;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 AcpiPmi;ACPI Power Meter Driver;c:\windows\system32\drivers\acpipmi.sys [2010-11-20 12800]
R3 adp94xx;adp94xx;c:\windows\system32\DRIVERS\adp94xx.sys [2009-07-14 491088]
R3 adpahci;adpahci;c:\windows\system32\DRIVERS\adpahci.sys [2009-07-14 339536]
R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-05-31 252512]
R3 ALSysIO;ALSysIO;c:\users\TEHM1Z~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-26 9085952]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-26 299520]
R3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys [2010-11-20 107904]
R3 amdsbs;amdsbs;c:\windows\system32\DRIVERS\amdsbs.sys [2009-07-14 194128]
R3 AppID;AppID-stuurprogramma;c:\windows\system32\drivers\appid.sys [2010-11-20 61440]
R3 AppIDSvc;Application Identity;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 Appinfo;Application Information;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 arcsas;arcsas;c:\windows\system32\DRIVERS\arcsas.sys [2009-07-14 97856]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\DRIVERS\bxvbda.sys [2009-06-10 468480]
R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60a.sys [2009-06-10 270848]
R3 BDESVC;BitLocker Drive Encryption Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 bowser;Stuurprogramma voor browserondersteuning;c:\windows\system32\DRIVERS\bowser.sys [2009-07-13 90624]
R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\DRIVERS\BrFiltLo.sys [2009-06-10 18432]
R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\DRIVERS\BrFiltUp.sys [2009-06-10 8704]
R3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\Drivers\Brserid.sys [2009-07-14 286720]
R3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\Drivers\BrSerWdm.sys [2009-06-10 47104]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\Drivers\BrUsbMdm.sys [2009-06-10 14976]
R3 CertPropSvc;Certificate Propagation;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 circlass;Consumer IR Devices;c:\windows\system32\DRIVERS\circlass.sys [2009-07-14 45568]
R3 cpuz130;cpuz130;c:\users\TEHM1Z~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 defragsvc;Disk Defragmenter;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2011-02-22 21712]
R3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [2010-11-20 982912]
R3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\DRIVERS\evbda.sys [2009-06-10 3286016]
R3 elxstor;elxstor;c:\windows\system32\DRIVERS\elxstor.sys [2009-07-14 530496]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-02-20 132656]
R3 fdPHost;Function Discovery Provider Host;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [2009-07-13 34304]
R3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys [2009-07-14 55376]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-01-13 129440]
R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [2009-06-10 31232]
R3 HomeGroupListener;HomeGroup Listener;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 HomeGroupProvider;HomeGroup Provider;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 HpSAMD;HpSAMD;c:\windows\system32\drivers\HpSAMD.sys [2010-11-20 78720]
R3 iaStorV;Intel RAID Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys [2010-11-20 410496]
R3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys [2010-11-20 78848]
R3 iScsiPrt;iScsiPort Driver;c:\windows\system32\drivers\msiscsi.sys [2010-11-20 273792]
R3 KeyIso;CNG Key Isolation;c:\windows\system32\lsass.exe [2009-07-14 31232]
R3 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 LSI_FC;LSI_FC;c:\windows\system32\DRIVERS\lsi_fc.sys [2009-07-14 114752]
R3 LSI_SAS;LSI_SAS;c:\windows\system32\DRIVERS\lsi_sas.sys [2009-07-14 106560]
R3 LSI_SAS2;LSI_SAS2;c:\windows\system32\DRIVERS\lsi_sas2.sys [2009-07-14 65600]
R3 LSI_SCSI;LSI_SCSI;c:\windows\system32\DRIVERS\lsi_scsi.sys [2009-07-14 115776]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-06 30232]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
R3 LVUVC64;Logitech QuickCam S7500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
R3 MarkFun_NT;MarkFun_NT;c:\program files (x86)\GIGABYTE\ET5\markfun.a64 [2007-09-21 19008]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 24152]
R3 megasas;megasas;c:\windows\system32\DRIVERS\megasas.sys [2009-07-14 35392]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
R3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\system32\DRIVERS\monitor.sys [2009-07-13 30208]
R3 mpio;Microsoft Multi-Path Bus Driver;c:\windows\system32\drivers\mpio.sys [2010-11-20 155008]
R3 mpsdrv;Autorisatiestuurprogramma van Windows Firewall;c:\windows\system32\drivers\mpsdrv.sys [2009-07-14 77312]
R3 mrxsmb10;SMB 1.x mini-redirector;c:\windows\system32\DRIVERS\mrxsmb10.sys [2010-11-20 287744]
R3 mrxsmb20;SMB 2.0 mini-redirector;c:\windows\system32\DRIVERS\mrxsmb20.sys [2010-11-20 128000]
R3 msahci;msahci;c:\windows\system32\drivers\msahci.sys [2010-11-20 31104]
R3 msdsm;Microsoft Multi-Path Device Specific Module;c:\windows\system32\drivers\msdsm.sys [2010-11-20 140672]
R3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [2009-07-14 8192]
R3 MSiSCSI;Microsoft iSCSI Initiator Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 MsRPC;MsRPC; [x]
R3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\DRIVERS\MTConfig.sys [2009-07-14 15360]
R3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys [2009-07-14 318976]
R3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys [2009-07-14 35328]
R3 netprofm;Network List Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 nfrd960;nfrd960;c:\windows\system32\DRIVERS\nfrd960.sys [2009-07-14 51264]
R3 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [2010-11-20 166272]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PeerDistSvc;BranchCache;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 PerfHost;Performance Counter DLL Host;c:\windows\SysWow64\perfhost.exe [2009-07-14 20992]
R3 pla;Performance Logs & Alerts;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 ql2300;ql2300;c:\windows\system32\DRIVERS\ql2300.sys [2009-07-14 1524816]
R3 ql40xx;ql40xx;c:\windows\system32\DRIVERS\ql40xx.sys [2009-07-14 128592]
R3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys [2009-07-14 60416]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
R3 s3cap;s3cap;c:\windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
R3 scfilter;Klassefilterstuurprogramma voor smartcard-PnP;c:\windows\system32\DRIVERS\scfilter.sys [2010-11-20 29696]
R3 SCPolicySvc;Smart Card Removal Policy;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 SensrSvc;Adaptive Brightness;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 SessionEnv;Remote Desktop Configuration;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys [2009-07-14 13824]
R3 SiSRaid4;SiSRaid4;c:\windows\system32\DRIVERS\sisraid4.sys [2009-07-14 80464]
R3 Smb;Bericht-georiënteerd TCP/IP- en TCP/IPv6-protocol (SMB-sessie);c:\windows\system32\DRIVERS\smb.sys [2009-07-14 93184]
R3 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe [2010-11-20 3524608]
R3 sppuinotify;SPP Notification Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 SRS_HDAL_Service;HD Audio Lab;c:\windows\system32\drivers\SRS_HDAL_amd64.sys [2010-07-02 525040]
R3 SRS_iWowPC_Service;SRS Labs iWow PC;c:\windows\system32\drivers\srs_iWowPC_amd64.sys [2008-11-17 51200]
R3 srv2;Stuurprogramma Server SMB 2.xxx;c:\windows\system32\DRIVERS\srv2.sys [2010-11-20 413184]
R3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [2010-11-20 167936]
R3 stexstor;stexstor;c:\windows\system32\DRIVERS\stexstor.sys [2009-07-14 24656]
R3 storvsc;storvsc;c:\windows\system32\drivers\storvsc.sys [2010-11-20 34688]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TabletInputService;Tablet PC Input Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 TBS;TPM Base Services;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [2010-11-20 194048]
R3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [2010-11-20 39424]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\system32\DRIVERS\tunnel.sys [2010-11-20 125440]
R3 UI0Detect;Interactive Services Detection;c:\windows\system32\UI0Detect.exe [2009-07-14 40960]
R3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\drivers\uliagpkx.sys [2009-07-14 64592]
R3 UmRdpService;Remote Desktop Services UserMode Port Redirector;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\system32\drivers\usbcir.sys [2009-07-14 100352]
R3 VaultSvc;Credential Manager;c:\windows\system32\lsass.exe [2009-07-14 31232]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vhdmp;vhdmp;c:\windows\system32\drivers\vhdmp.sys [2010-11-20 215936]
R3 VMBusHID;VMBusHID;c:\windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
R3 vsmraid;vsmraid;c:\windows\system32\DRIVERS\vsmraid.sys [2009-07-14 161872]
R3 vwifibus;Virtual WiFi Bus Driver;c:\windows\System32\drivers\vwifibus.sys [2009-07-14 24576]
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys [2009-07-14 27776]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-06 1255736]
R3 wbengine;Block Level Backup Engine Service;c:\windows\system32\wbengine.exe [2010-11-20 1504256]
R3 WbioSrvc;Windows Biometric Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 wcncsvc;Windows Connect Now - Config Registrar;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 Wd;Wd;c:\windows\system32\DRIVERS\wd.sys [2009-07-14 21056]
R3 WdiServiceHost;Diagnostic Service Host;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 WdiSystemHost;Diagnostic System Host;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 Wecsvc;Windows Event Collector;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 wercplsupport;Problem Reports and Solutions Control Panel Support;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 WerSvc;Windows Error Reporting Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 WIMMount;WIMMount;c:\windows\system32\drivers\wimmount.sys [2009-07-14 22096]
R3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 WinRM;Windows Remote Management (WS-Management);c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 Wlansvc;WLAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 WPDBusEnum;Portable Device Enumerator Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 WwanSvc;WWAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 27136]
R4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-06-10 89920]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-25 834544]
S0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys [2010-11-20 27008]
S0 CLFS;Common Log (CLFS);c:\windows\System32\CLFS.sys [2009-07-14 367696]
S0 CNG;CNG;c:\windows\System32\Drivers\cng.sys [2010-11-20 459248]
S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [2009-07-14 70224]
S0 fvevol;Filterstuurprogramma Bitlocker-stationsvergrendeling;c:\windows\System32\DRIVERS\fvevol.sys [2010-11-20 223248]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2009-09-29 37392]
S0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [2010-11-20 14720]
S0 KSecPkg;KSecPkg;c:\windows\System32\Drivers\ksecpkg.sys [2010-11-20 152960]
S0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys [2009-07-14 15424]
S0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [2009-07-14 50768]
S0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
S0 storflt;Schijf - Filterstuurprogramma voor Virtual Machine-busaccelerator;c:\windows\system32\drivers\vmstorfl.sys [2010-11-20 46464]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1205000.07D\SYMDS64.SYS [2010-10-21 450608]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1205000.07D\SYMEFA64.SYS [2010-11-18 802864]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [2010-05-31 1477728]
S0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;c:\windows\system32\drivers\vdrvroot.sys [2009-07-14 36432]
S0 vmbus;Virtual Machine-bus;c:\windows\system32\drivers\vmbus.sys [2010-11-20 199552]
S0 volmgr;Volume Manager Driver;c:\windows\system32\drivers\volmgr.sys [2010-11-20 71552]
S0 volmgrx;Dynamisch Volumebeheer;c:\windows\System32\drivers\volmgrx.sys [2010-11-20 363392]
S1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys [2009-07-13 45056]
S2 Power;Power;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 ProfSvc;User Profile Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 RpcEptMapper;RPC Endpoint Mapper;c:\windows\system32\svchost.exe [2009-07-14 27136]
S3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\system32\drivers\1394ohci.sys [2010-11-20 229888]
S3 CompositeBus;Composite Bus Enumerator Driver;c:\windows\system32\drivers\CompositeBus.sys [2010-11-20 38912]
S3 KoneFltr;ROCCAT Kone;c:\windows\system32\drivers\Kone.sys [2008-12-11 15488]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\DRIVERS\rdpbus.sys [2009-07-14 24064]
S3 umbus;UMBus Enumerator Driver;c:\windows\system32\drivers\umbus.sys [2010-11-20 48640]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS QWAVE wcncsvc
DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch
wcssvc REG_MULTI_SZ WcsPlugInService
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
msiscsi
schedule
SessionEnv
winmgmt
AppMgmt
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
sppuinotify
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
BthHFSrv
.
.
Inhoud van de 'Gedeelde Taken' map
.
2011-03-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-11-24 20:17]
.
2011-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-24 20:18]
.
2011-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-24 20:18]
.
2011-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-194789210-871825398-1821019218-1001Core.job
- c:\users\TehM1ZZL3\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-17 13:37]
.
2011-03-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-194789210-871825398-1821019218-1001UA.job
- c:\users\TehM1ZZL3\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-17 13:37]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2010-11-20 13:27 509952 ----a-w- c:\windows\System32\ntshrui.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
winmgmt
SessionEnv
browser
EapHost
schedule
hkmsvc
wercplsupport
ProfSvc
Themes
BDESVC
AppMgmt
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted
homegrouplistener
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
WdiServiceHost
sppuinotify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService
lanmanworkstation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
BthHFSrv
homegroupprovider
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>
IE: &Verzenden naar OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\TehM1ZZL3\AppData\Roaming\Mozilla\Firefox\Profiles\h5yi9v66.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=ddr
FF - prefs.js: keyword.URL - hxxp://start.facemoods.com/results.php?f=5&a=ddr&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: Camifox: camifox@altmusictv.com - %profile%\extensions\camifox@altmusictv.com
FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com
FF - Ext: Platinum Hide IP: support@platinumhideip.com - %profile%\extensions\support@platinumhideip.com
FF - Ext: Real Hide IP: support@real-hide-ip.com - %profile%\extensions\support@real-hide-ip.com
FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
FF - Ext: Messenger Plus Live Netherlands Toolbar: {d2ab2732-a124-4fb2-8da5-4a6a9e379331} - %profile%\extensions\{d2ab2732-a124-4fb2-8da5-4a6a9e379331}
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn
.
- - - - ORPHANS VERWIJDERD - - - -
.
BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll
Wow6432Node-HKCU-Run-SRS iWOW - c:\program files\SRS Labs\SRS iWOW for PC\SRS_iWOW_PC.exe
Wow6432Node-HKLM-Run-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe
Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-sacsvr
SafeBoot-vmms
AddRemove-dBpoweramp Dalet Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp FLAC Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp m4a Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Monkeys Audio Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Mp2 and BwfMp2 codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp mp3 (Fraunhofer IIS) Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Ogg Vorbis Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Real Audio (Helix) Encoder - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBPoweramp tooLame MP2 codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Wave64 Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp WavPack Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Calculate Audio CRC] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.3\uninstall.exe
AddRemove-Gtk+ Runtime Environment - c:\gtk\uninst.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_moh.exe
AddRemove-{10CD364B-FFCC-48BE-B469-B9622A033075} - c:\programdata\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}\Fences.exe
AddRemove-UnityWebPlayer - c:\users\TehM1ZZL3\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.5.0.125\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MarkFun_NT]
"ImagePath"="\??\c:\program files (x86)\GIGABYTE\ET5\markfun.a64"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DATA"="<settings expireTime=\"0\" productStatus=\"1\" obSize=\"0\" InstallTS=\"2145870353\" isSubsc=\"0\" version=\"12.0.1\" timeDiff=\"1\" oldDevice=\"\" authStatus_ts=\"0\" />"
"Device"="yM29zbvPzMnLvrm+x8fPzce+zro="
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2011-03-07 14:44:10 - machine werd herstart
ComboFix-quarantined-files.txt 2011-03-07 13:44
.
Pre-Run: 10.858.737.664 bytes beschikbaar
Post-Run: 21.132.165.120 bytes beschikbaar
.
- - End Of File - - 882B9EF64B128E9FA607EC75A8153677
Intel Q8400
Gigabyte P35-DS3P (rev 1.0)
OCZ DDR 2 1066 4GB
Club3D HD4870 1GB
6 Samsung 500GB (3TB total)
Antec Ninehundred Case
Logitech G15 Keyboard
Roccat Kone Mouse
Logitech Z-5500 5.1 system
Iiyama ProLite E2607WS 26" LCD Screen


Xbox 360 - GT: TehM1ZZL360

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:26 PM

Posted 08 March 2011 - 04:15 PM

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts

Clear your Java Cache

  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 TehM1ZZL3

TehM1ZZL3
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NLD
  • Local time:03:26 AM

Posted 08 March 2011 - 04:56 PM

Hello,

Thank you for your reply and your help Gringo!

I have succeeded with updating Java, clearing the cache and Temp File Cleaner. I still have to do MBAM and HijackThis, but I'll do that tomorrow because it is late here.

But I have a problem with my computer. He is doing not so fine anymore. After the ComboFix run yesterday it stopped doing good work. First of all my screen flickers all the time. It flickers like it refreshes: it goes very quick to low down and up (when you look at the LCD Screen) and it is like the screen of the PC (1920x1200) doesn't fit good.. Also on my second OS which I have installed again is flickering. It's a fresh copy without anything installed. I have a ATI HD4870. However, my PSU (power supply) is 450 Watts and 550 Watts is recommended. I also have replaced my processor (a E6600 first, now a Q8400) the first one had 65 watt and the new Q8400 is 95 watts of power a week ago. I asked my father and he helped me searching and said that it is quite for sure it has to do with my PSU. He says it is just in small steps becoming worse and you speeded it up with the replacment of the processor. I think that the ComboFix log was then just a coincidence that has actually nothing to do with it. Also I have 6 HDD's that may influence power use and a lot of fans in my case and neon tubes that eat the power out of the PSU.

The flickering was doing it sometimes before ComboFix, but not often like now it's doing the whole time even now I'm typing. First it did only in games. But now I have a second problem and that has to do with the combination of screen flickering and my sound: when I play a music/youtube video/video file etc.. it doesn't matter, it plays for a while good and then it scratches like it is hanging on a BSOD. You now hear that "DUNNHHGGGGGHUHUHGUHUHG" very short for only half a second or so and then it flickers at the same time with a very small time (about 0,25 seconds with a white screen as I can see). Then the musics goes on but sometimes it sounds like it is going up like a speaker that you are pitching with a DJ table.

My surround set hasn't problems because the Xbox 360 console is doing fine on Optical Output.

So, I'm about to buy a new Cooler Master PSU of 800 watts that will do the work definitely.

I will have the PSU Thursday, so probably Friday it's installed. Then I can do optimal work for scans etc..

Do you think it has to do with the ComboFix tool? Or just as you read my story the PSU indeed?

Thanks for your help and I'll try to report the logs tomorrow here.

Kind Regards,
TehM1ZZL3
Intel Q8400
Gigabyte P35-DS3P (rev 1.0)
OCZ DDR 2 1066 4GB
Club3D HD4870 1GB
6 Samsung 500GB (3TB total)
Antec Ninehundred Case
Logitech G15 Keyboard
Roccat Kone Mouse
Logitech Z-5500 5.1 system
Iiyama ProLite E2607WS 26" LCD Screen


Xbox 360 - GT: TehM1ZZL360

#12 TehM1ZZL3

TehM1ZZL3
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NLD
  • Local time:03:26 AM

Posted 09 March 2011 - 09:28 AM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5997

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

9-3-2011 15:09:42
mbam-log-2011-03-09 (15-09-42).txt

Scan type: Quick scan
Objects scanned: 227600
Time elapsed: 3 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



========================================

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:27:43, on 9-3-2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\SABnzbd\SABnzbd.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\ROCCAT\Kone Mouse\osd.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Program Files (x86)\Raptr\raptr_ep32.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TehM1ZZL3\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost; 127.0.0.1; <local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Messenger Plus Live Netherlands Toolbar - {d2ab2732-a124-4fb2-8da5-4a6a9e379331} - C:\Program Files (x86)\Messenger_Plus_Live_Netherlands\tbMess.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Messenger Plus Live Netherlands Toolbar - {d2ab2732-a124-4fb2-8da5-4a6a9e379331} - C:\Program Files (x86)\Messenger_Plus_Live_Netherlands\tbMess.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Messenger Plus Live Netherlands Toolbar - {d2ab2732-a124-4fb2-8da5-4a6a9e379331} - C:\Program Files (x86)\Messenger_Plus_Live_Netherlands\tbMess.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
O4 - HKLM\..\Run: [Kone] "C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe" /md I
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files (x86)\Gigabyte\ET5\ETcall.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [adm_tray.exe] C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: SABnzbd.lnk = C:\Program Files (x86)\SABnzbd\SABnzbd.exe
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iReboot Background Service (iReboot) - Unknown owner - C:\Program Files (x86)\NeoSmart Technologies\iReboot\iRebootd.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Process Blocker - Softros Systems, Inc. - C:\Program Files\Process Blocker\Process Blocker.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
O23 - Service: TVersity Media Server (TVersityMediaServer) - Unknown owner - C:\ProgramData\TVersity\Media Server\MediaServer.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 15781 bytes



It says cannot find IE Explorer version because I have permantely blocked IE with a tool called Process Blocker because I don't like it and I use Google Chrome instead all the time.


Thanks for your help!

Edited by TehM1ZZL3, 09 March 2011 - 09:29 AM.

Intel Q8400
Gigabyte P35-DS3P (rev 1.0)
OCZ DDR 2 1066 4GB
Club3D HD4870 1GB
6 Samsung 500GB (3TB total)
Antec Ninehundred Case
Logitech G15 Keyboard
Roccat Kone Mouse
Logitech Z-5500 5.1 system
Iiyama ProLite E2607WS 26" LCD Screen


Xbox 360 - GT: TehM1ZZL360

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:26 PM

Posted 09 March 2011 - 04:35 PM

:Remove unneeded startup entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
      O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe" /md I
      O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files (x86)\Gigabyte\ET5\ETcall.exe
      O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
      O4 - Startup: SABnzbd.lnk = C:\Program Files (x86)\SABnzbd\SABnzbd.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brakets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard and paste the results here in this topic
  • you may also find here C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 TehM1ZZL3

TehM1ZZL3
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NLD
  • Local time:03:26 AM

Posted 11 March 2011 - 12:51 PM

Hello Gringo,

Thank you for your help.

Sorry for my late reply, because I was replacing my Power Supply and that took some days. I decided to reinstall Windows 7 on a separate partition. The old system is still there and also my second system. To keep it short I have now 4 systems: 1 Windows XP, 1 Windows 7 I was always using as emergency system, 1 Windows 7 which was the normal daily system and now another Windows 7 as a new one. I decided to do this because the flicker problem of my ATI card has to do with software. I cannot fix the sound so I did this.

All my partiions are still intact that means that all data is also there.

I think that the rootkit can still be on Teh_Data_I (my data disk and MBR) I actually don't know what the MBR does on my data disk, but what I can remember is that a year ago or so I was experimenting with Mac OSX on PC and it failed so I had to recover the MBR and he placed it somewhere else.

Shall I do a Malwarebytes scan? Or what else do you advise? Maybe I must delete the MBR and make a new one and let the Windows recovery environment copy it to my system disk?


Thank you.
Intel Q8400
Gigabyte P35-DS3P (rev 1.0)
OCZ DDR 2 1066 4GB
Club3D HD4870 1GB
6 Samsung 500GB (3TB total)
Antec Ninehundred Case
Logitech G15 Keyboard
Roccat Kone Mouse
Logitech Z-5500 5.1 system
Iiyama ProLite E2607WS 26" LCD Screen


Xbox 360 - GT: TehM1ZZL360

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:26 PM

Posted 13 March 2011 - 11:59 AM

MBRCheck

Please also download MBRCheck to your desktop
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • a report called MBRcheck will be on your desktop
  • open this report
  • Right click on the screen and select > Select All
  • Press Control+C
  • now please copy that report to this thread

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users