Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

tdss rootkit&google redirect& possibly something else


  • This topic is locked This topic is locked
29 replies to this topic

#1 MsYvaine

MsYvaine

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:uk-london
  • Local time:03:30 PM

Posted 19 January 2012 - 05:38 PM

hello


first of all thank you guys for your help and time!

As i said i was redirected from another topic, this is the link to the problem and what i have done so far, please find all the details there:

http://www.bleepingcomputer.com/forums/topic434968.html#top

there are only a few things different from the initial problem:
1. google sometimes works and doesnt redirect
2. less random music&speech
3. MBAM runs occasionally
4. i already got that out of the blue switch of twice and win repair couldnt run the computer, leaving it for a couple of hours and than turning it back on worked


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Run by Babuci at 21:37:34 on 2012-01-19
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.36.1038.18.2038.1028 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\ProgramData\DatacardService\HWDeviceService.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Babuci\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Babuci\AppData\Roaming\cacaoweb\cacaoweb.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\slui.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = gamezona.org
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [cacaoweb] "c:\users\babuci\appdata\roaming\cacaoweb\cacaoweb.exe" -noplayer
uRun: [Registry Cleaner Scheduler] "c:\program files\cleanmypc\registry cleaner\RCHelper.exe" /startup
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
uRun: [HW_OPENEYE_OUC_T-Mobile Internet Manager] "c:\program files\t-mobile\internetmanager_h\updatedog\ouc.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [{78C32C87-B1D5-E031-2616-6C377E924CE7}] c:\users\babuci\appdata\roaming\nyenok\vuzaic.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [DataCardMonitor] c:\program files\t-mobile\internetmanager_h\DataCardMonitor.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [NielsenOnline] c:\program files\netratingsnetsight\netsight\NielsenOnline.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/hu/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 212.42.162.1 212.42.162.2
TCP: Interfaces\{005FB634-F894-488C-989C-5229D2A11010} : DhcpNameServer = 212.42.162.1 212.42.162.2
TCP: Interfaces\{005FB634-F894-488C-989C-5229D2A11010}\E4544574541425 : DhcpNameServer = 212.42.162.1 212.42.162.2
TCP: Interfaces\{AABF7DCE-85F0-4453-9016-6DCC74C75ED9} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 94.63.240.135 www.google.com
Hosts: 94.63.240.136 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\babuci\appdata\roaming\mozilla\firefox\profiles\hnb805t6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_&q={searchTerms}&mntrId=d0653b5e000000000000001b3825c5a7&tlver=1.4.35.10&
FF - component: c:\program files\netratingsnetsight\netsight\meter1\ffaddon\components\nsgkff36_meter1.dll
FF - component: c:\program files\t-mobile\internetmanager_h\ocx32\addon\components\bmboc_addon3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: cacaoweb: cacaoweb@cacaoweb.org - %profile%\extensions\cacaoweb@cacaoweb.org
FF - Ext: UserZoom survey tool: {0a9de085-6dc7-4bc8-b718-2b6b0921458d} - %profile%\extensions\{0a9de085-6dc7-4bc8-b718-2b6b0921458d}
FF - Ext: Bytemobile Optimization Client: ff-bmboc@bytemobile.com - c:\program files\t-mobile\internetmanager_h\ocx32\addon
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\DivXHTML5
FF - Ext: Nielsen: {D908A1CC-54B4-4af9-9BB4-964F5BD3CDB7} - c:\program files\netratingsnetsight\netsight\meter1\FFAddon
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 nnfwdk;Nielsen WFP Driver;c:\program files\netratingsnetsight\netsight\meter1\nnfwdk.sys [2012-1-16 22064]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2011-12-11 494424]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\datacardservice\hwdeviceservice.exe -/service --> c:\programdata\datacardservice\HWDeviceService.exe -/service [?]
R2 NielsenUpdate;Nielsen Update;c:\program files\netratingsnetsight\netsight\NielsenUpdate.exe [2012-1-16 306496]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2011-4-4 273960]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-12-17 73216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-29 20464]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 59392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google frissítési szolgáltatás (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-13 136176]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-29 652872]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-12-17 102784]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-3-7 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google frissítés Szolgáltatás (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-13 136176]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [2011-12-17 90112]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 WatAdminSvc;Windows aktiválási technológiák szolgáltatás;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-7 1343400]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2011-8-5 268512]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-01-19 19:17:28 -------- d-----w- c:\users\babuci\appdata\roaming\Nyenok
2012-01-19 19:17:28 -------- d-----w- c:\users\babuci\appdata\roaming\Aqupl
2012-01-19 15:19:26 -------- d-----w- c:\program files\ESET
2012-01-19 03:51:33 -------- d-----w- c:\users\babuci\appdata\local\{04A6163E-DD9E-490B-B745-5BEF27A71F34}
2012-01-19 03:51:08 -------- d-----w- c:\users\babuci\appdata\local\{C98D0EF4-974F-4A5F-9ABC-65DD1C3C4B95}
2012-01-18 15:35:30 -------- d-----w- c:\users\babuci\appdata\local\{FB38E1E5-B85D-4FBD-8E2E-0DA7D59EA08F}
2012-01-18 15:35:14 -------- d-----w- c:\users\babuci\appdata\local\{98EFB7E2-3955-42CC-A45F-58940E1537F8}
2012-01-18 01:14:24 -------- d-----w- c:\users\babuci\appdata\local\{9F63CAE7-A64F-4EB9-9A4D-0CE454989659}
2012-01-18 01:14:08 -------- d-----w- c:\users\babuci\appdata\local\{4BA52067-8205-4DDE-9CDF-818A1D1927AF}
2012-01-17 11:11:34 -------- d-----w- c:\users\babuci\appdata\local\{0FBD368D-8335-432C-AAA1-9450E3253946}
2012-01-17 11:11:08 -------- d-----w- c:\users\babuci\appdata\local\{73266893-A099-4211-9139-E03B11CFF523}
2012-01-16 17:21:42 -------- d-----w- c:\users\babuci\appdata\local\ElevatedDiagnostics
2012-01-16 15:19:56 -------- d-----w- c:\program files\NetRatingsNetSight
2012-01-15 15:53:25 -------- d-----w- c:\users\babuci\appdata\local\{8FD45CD3-9056-40F9-A1F1-6EE1D2D30BDF}
2012-01-15 15:52:56 -------- d-----w- c:\users\babuci\appdata\local\{80DE7EC5-A309-41E6-B65F-B27D2050663E}
2012-01-12 17:20:29 -------- d-----w- c:\users\babuci\appdata\local\{B07D49FC-0E15-4BA1-8FAE-1B23DC8FC75B}
2012-01-12 17:20:03 -------- d-----w- c:\users\babuci\appdata\local\{C62A7B51-C732-4BF9-AD21-94A33C9AD5B4}
2012-01-09 17:46:50 -------- d-----w- c:\users\babuci\appdata\local\{FAE6F8ED-5433-4D50-B87A-FC0E4FD4F602}
2012-01-09 17:46:35 -------- d-----w- c:\users\babuci\appdata\local\{6DEAF242-1E15-4BAA-9F77-5FC43F605932}
2012-01-08 16:57:30 -------- d-----w- c:\users\babuci\appdata\local\{509B5FCF-AB29-4DB3-9C00-BEB91307ED9D}
2012-01-08 16:57:14 -------- d-----w- c:\users\babuci\appdata\local\{9214D7BE-0DF2-4631-A336-51C462F38EE3}
2012-01-07 20:35:37 -------- d-----w- c:\users\babuci\appdata\local\{FABE9F00-30F6-4F5E-93CC-3B1EB3EBCE4A}
2012-01-07 20:35:24 -------- d-----w- c:\users\babuci\appdata\local\{F024B0D7-4CF7-459F-A9E6-512992A4282F}
2012-01-07 07:20:18 -------- d-----w- c:\users\babuci\appdata\local\{7CA3B575-1C17-4E76-8C96-750061F8ACF4}
2012-01-07 07:20:05 -------- d-----w- c:\users\babuci\appdata\local\{63153800-2BD0-488C-A3BF-CF55C1D42697}
2012-01-06 17:58:50 -------- d-----w- c:\users\babuci\appdata\local\{7C1623B4-E350-4D5F-9489-FDE966E0065D}
2012-01-05 19:19:18 -------- d-----w- c:\users\babuci\appdata\local\{7E2991AB-56A6-433E-9326-EC52337448EB}
2012-01-05 19:18:51 -------- d-----w- c:\users\babuci\appdata\local\{97D69C75-E528-44D8-BF43-268C84A972B7}
2011-12-30 19:32:22 -------- d-----w- c:\users\babuci\appdata\local\{21FC9553-D5E5-4B07-A3AD-F7051EFB6C3C}
2011-12-30 19:32:06 -------- d-----w- c:\users\babuci\appdata\local\{026308A1-AA77-477C-A44F-FCF6864307B3}
2011-12-29 13:36:44 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-28 16:08:04 -------- d-----w- c:\users\babuci\appdata\roaming\SUPERAntiSpyware.com
2011-12-28 16:07:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-12-28 16:07:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-28 13:45:28 3957104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-28 13:45:28 3901808 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-28 13:45:12 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-28 13:45:00 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-28 13:44:34 2340352 ----a-w- c:\windows\system32\win32k.sys
2011-12-28 13:44:08 708608 ----a-w- c:\program files\common files\system\wab32.dll
2011-12-28 13:43:55 1285488 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-12-28 13:37:52 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-12-28 13:37:52 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-12-28 13:37:52 59904 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-12-28 13:37:52 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-12-28 13:37:52 204288 ----a-w- c:\windows\system32\MSNP.ax
2011-12-28 13:37:37 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-12-28 13:37:37 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-12-28 13:30:55 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-12-28 13:30:55 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-12-28 13:30:55 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-12-28 13:30:34 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-12-28 13:28:50 759296 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2011-12-28 13:28:39 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-12-28 13:28:39 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-12-28 13:28:39 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-12-28 13:28:26 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-12-28 13:28:16 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-28 13:27:37 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-12-28 13:27:29 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-12-28 13:27:01 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-12-28 13:27:01 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-12-28 13:26:50 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-12-28 13:26:40 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-12-28 13:26:40 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-12-28 13:26:26 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-12-28 13:26:09 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-12-28 13:25:23 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-12-28 13:25:23 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-12-28 13:16:57 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-12-28 09:37:45 -------- d-----w- c:\users\babuci\appdata\local\{78C7A10A-F5BD-4943-8B3A-C13208166089}
2011-12-28 09:37:17 -------- d-----w- c:\users\babuci\appdata\local\{6B1E3D81-1E7C-4C58-9672-045E9CB70BFF}
2011-12-27 21:36:42 -------- d-----w- c:\users\babuci\appdata\local\{19EBCF07-D8C8-4B54-90CF-92D32BB04F75}
2011-12-27 21:36:27 -------- d-----w- c:\users\babuci\appdata\local\{15C7A713-49EE-4171-A08A-3341084507A9}
2011-12-27 08:41:12 -------- d-----w- c:\users\babuci\appdata\local\{0ED67DE3-87FF-4DF1-9225-EA1FD3B416CA}
2011-12-26 20:40:31 -------- d-----w- c:\users\babuci\appdata\local\{66243BF6-FAED-49F3-A1BF-74097C99DB81}
2011-12-26 20:40:14 -------- d-----w- c:\users\babuci\appdata\local\{3D634F48-1B33-4A63-B808-56DC8B5ADFCE}
2011-12-26 20:05:34 -------- d-----w- c:\users\babuci\appdata\local\{A96EC4F5-7CF6-444D-B5F5-E55C207B5435}
2011-12-26 20:04:54 -------- d-----w- c:\users\babuci\appdata\local\{CD8F0AF2-F921-4BB4-AE87-7F6964AAF5D3}
2011-12-25 09:00:30 -------- d-----w- c:\users\babuci\appdata\local\{E83E697D-7051-4BB1-AF1E-18BE111D5652}
2011-12-25 09:00:14 -------- d-----w- c:\users\babuci\appdata\local\{309402BA-24DA-45C1-8437-649FC0225F45}
2011-12-24 14:40:27 -------- d-----w- c:\users\babuci\appdata\local\{BA104F86-81C9-42A0-82F9-087BBF6287F1}
2011-12-24 14:40:02 -------- d-----w- c:\users\babuci\appdata\local\{5E0C78F6-C8FF-494B-B426-607A10E23824}
2011-12-23 17:37:59 -------- d-----w- c:\users\babuci\appdata\local\{02C859B2-07BA-4DA8-A97D-B3C5EA7EAC09}
2011-12-23 17:36:23 -------- d-----w- c:\users\babuci\appdata\local\{F10E48D2-64FD-42D5-9799-B2F5B62593C4}
2011-12-22 08:31:02 -------- d-----w- c:\users\babuci\appdata\local\{51E6AE0E-3E09-4FA0-B8FF-45B53118E916}
2011-12-22 08:30:26 -------- d-----w- c:\users\babuci\appdata\local\{D134C3E4-D6C5-4789-A9A9-FBCB9DF70765}
2011-12-21 07:00:43 -------- d-----w- c:\users\babuci\appdata\local\{BDCF1BB9-2F36-421C-87D5-EC6F682EF248}
2011-12-21 06:59:08 -------- d-----w- c:\users\babuci\appdata\local\{5CCCA1CA-C7F8-4A3F-BC81-4557C0B4A298}
.
==================== Find3M ====================
.
2011-12-28 13:46:53 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-28 13:46:11 981504 ----a-w- c:\windows\system32\wininet.dll
2011-12-28 13:46:11 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-28 13:46:11 386048 ----a-w- c:\windows\system32\html.iec
2011-12-28 13:46:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-19 19:51:58 187904 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-11-16 07:06:36 639224 ----a-w- c:\windows\system32\drivers\sptd.sys
.
============= FINISH: 21:44:23,83 ===============

ps.: as i was reading through the logs i noticed one thing that i have never knew existed on my computer: NielsenOnline

once again thanks for your help, i really want to avoid reinstalling the op system and id like to have a healthy computer

BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:30 AM

Posted 20 January 2012 - 03:01 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log.
3. Farbar Service Scanner log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
Agent ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 MsYvaine

MsYvaine
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:uk-london
  • Local time:03:30 PM

Posted 20 January 2012 - 05:14 AM

hello and nice to meet you

1.
i stick to you guys and solemly swear i dont ask anyone else for help, but you!
also, i do not want a reformat, but ready to do if absolutely necessary, i have
a copy of everything that is the most important saved on usb sticks, dvds and online (done it ages ago).
i have 2 questions:
a, my bank account password is saved on the computer, but it has 2 steps,
the first is the password, than i have to insert my bank card into a machine,
enter info from my card to the log-in page and than enter my pin to the machine
and it generates an 8 digit number that i have to enter online and then i can log-
on. Shall i change my password anyway?

b, is it possible to identify when this nasty thing got on my computer? im just
curious about it, if i could remove the previous infection completely or that was
the time when it all started.



2. TDSS report - no threats, no reboot, ran smoothly

09:12:51.0450 0928 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
09:12:51.0676 0928 ============================================================
09:12:51.0676 0928 Current date / time: 2012/01/20 09:12:51.0676
09:12:51.0677 0928 SystemInfo:
09:12:51.0677 0928
09:12:51.0677 0928 OS Version: 6.1.7600 ServicePack: 0.0
09:12:51.0677 0928 Product type: Workstation
09:12:51.0677 0928 ComputerName: BABUCI-PC
09:12:51.0678 0928 UserName: Babuci
09:12:51.0678 0928 Windows directory: C:\Windows
09:12:51.0678 0928 System windows directory: C:\Windows
09:12:51.0678 0928 Processor architecture: Intel x86
09:12:51.0678 0928 Number of processors: 2
09:12:51.0678 0928 Page size: 0x1000
09:12:51.0678 0928 Boot type: Normal boot
09:12:51.0678 0928 ============================================================
09:12:56.0303 0928 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:12:56.0505 0928 Initialize success
09:13:44.0402 0724 ============================================================
09:13:44.0402 0724 Scan started
09:13:44.0402 0724 Mode: Manual; SigCheck; TDLFS;
09:13:44.0402 0724 ============================================================
09:13:45.0940 0724 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
09:13:46.0196 0724 1394ohci - ok
09:13:46.0279 0724 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
09:13:46.0348 0724 ACPI - ok
09:13:46.0400 0724 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
09:13:46.0502 0724 AcpiPmi - ok
09:13:46.0589 0724 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
09:13:46.0667 0724 adp94xx - ok
09:13:46.0739 0724 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
09:13:46.0815 0724 adpahci - ok
09:13:46.0869 0724 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
09:13:46.0932 0724 adpu320 - ok
09:13:47.0041 0724 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
09:13:47.0169 0724 AFD - ok
09:13:47.0204 0724 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
09:13:47.0270 0724 agp440 - ok
09:13:47.0317 0724 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
09:13:47.0367 0724 aic78xx - ok
09:13:47.0429 0724 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
09:13:47.0480 0724 aliide - ok
09:13:47.0528 0724 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
09:13:47.0579 0724 amdagp - ok
09:13:47.0631 0724 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
09:13:47.0687 0724 amdide - ok
09:13:47.0736 0724 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
09:13:47.0822 0724 AmdK8 - ok
09:13:47.0878 0724 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
09:13:47.0972 0724 AmdPPM - ok
09:13:48.0020 0724 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
09:13:48.0070 0724 amdsata - ok
09:13:48.0123 0724 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
09:13:48.0181 0724 amdsbs - ok
09:13:48.0228 0724 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
09:13:48.0271 0724 amdxata - ok
09:13:48.0325 0724 ApfiltrService (e8a8e6072cb7e2032e85e7735daa511f) C:\Windows\system32\DRIVERS\Apfiltr.sys
09:13:48.0463 0724 ApfiltrService - ok
09:13:48.0512 0724 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
09:13:48.0652 0724 AppID - ok
09:13:48.0823 0724 AR5416 (c413e2e549488a5f1969decb5b03187a) C:\Windows\system32\DRIVERS\athw.sys
09:13:49.0023 0724 AR5416 - ok
09:13:49.0076 0724 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
09:13:49.0126 0724 arc - ok
09:13:49.0171 0724 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
09:13:49.0222 0724 arcsas - ok
09:13:49.0302 0724 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
09:13:49.0432 0724 AsyncMac - ok
09:13:49.0473 0724 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
09:13:49.0519 0724 atapi - ok
09:13:49.0627 0724 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys
09:13:49.0823 0724 athr - ok
09:13:49.0950 0724 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
09:13:50.0029 0724 b06bdrv - ok
09:13:50.0094 0724 b57nd60x (1fd21000184a9fe91b14b8b542a301c1) C:\Windows\system32\DRIVERS\b57nd60x.sys
09:13:50.0155 0724 b57nd60x - ok
09:13:50.0243 0724 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
09:13:50.0389 0724 Beep - ok
09:13:50.0445 0724 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
09:13:50.0523 0724 blbdrive - ok
09:13:50.0603 0724 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
09:13:50.0674 0724 bowser - ok
09:13:50.0718 0724 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:13:50.0795 0724 BrFiltLo - ok
09:13:50.0834 0724 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:13:50.0928 0724 BrFiltUp - ok
09:13:50.0997 0724 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
09:13:51.0097 0724 Brserid - ok
09:13:51.0148 0724 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
09:13:51.0239 0724 BrSerWdm - ok
09:13:51.0286 0724 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:13:51.0365 0724 BrUsbMdm - ok
09:13:51.0408 0724 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
09:13:51.0488 0724 BrUsbSer - ok
09:13:51.0532 0724 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
09:13:51.0612 0724 BTHMODEM - ok
09:13:51.0698 0724 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
09:13:51.0835 0724 cdfs - ok
09:13:51.0904 0724 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
09:13:51.0976 0724 cdrom - ok
09:13:52.0030 0724 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
09:13:52.0105 0724 circlass - ok
09:13:52.0173 0724 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
09:13:52.0239 0724 CLFS - ok
09:13:52.0315 0724 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
09:13:52.0381 0724 CmBatt - ok
09:13:52.0417 0724 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
09:13:52.0469 0724 cmdide - ok
09:13:52.0524 0724 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
09:13:52.0629 0724 CNG - ok
09:13:52.0662 0724 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
09:13:52.0712 0724 Compbatt - ok
09:13:52.0779 0724 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
09:13:52.0851 0724 CompositeBus - ok
09:13:52.0900 0724 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
09:13:52.0943 0724 crcdisk - ok
09:13:53.0050 0724 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
09:13:53.0137 0724 CSC - ok
09:13:53.0245 0724 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
09:13:53.0345 0724 DfsC - ok
09:13:53.0397 0724 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
09:13:53.0522 0724 discache - ok
09:13:53.0591 0724 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
09:13:53.0640 0724 Disk - ok
09:13:53.0751 0724 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
09:13:53.0838 0724 drmkaud - ok
09:13:53.0915 0724 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
09:13:54.0011 0724 DXGKrnl - ok
09:13:54.0187 0724 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
09:13:54.0470 0724 ebdrv - ok
09:13:54.0602 0724 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
09:13:54.0690 0724 elxstor - ok
09:13:54.0720 0724 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
09:13:54.0837 0724 ErrDev - ok
09:13:54.0977 0724 ew_hwusbdev (57c171ea22f0a7f068fcb0caedd1e8e7) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
09:13:55.0088 0724 ew_hwusbdev - ok
09:13:55.0136 0724 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
09:13:55.0260 0724 exfat - ok
09:13:55.0301 0724 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
09:13:55.0419 0724 fastfat - ok
09:13:55.0484 0724 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
09:13:55.0574 0724 fdc - ok
09:13:55.0640 0724 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
09:13:55.0688 0724 FileInfo - ok
09:13:55.0727 0724 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
09:13:55.0847 0724 Filetrace - ok
09:13:55.0885 0724 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
09:13:55.0948 0724 flpydisk - ok
09:13:55.0999 0724 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
09:13:56.0058 0724 FltMgr - ok
09:13:56.0172 0724 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
09:13:56.0222 0724 FsDepends - ok
09:13:56.0270 0724 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
09:13:56.0322 0724 fssfltr - ok
09:13:56.0418 0724 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
09:13:56.0469 0724 Fs_Rec - ok
09:13:56.0518 0724 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
09:13:56.0593 0724 fvevol - ok
09:13:56.0792 0724 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:13:56.0839 0724 gagp30kx - ok
09:13:56.0895 0724 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:13:56.0936 0724 GEARAspiWDM - ok
09:13:57.0028 0724 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
09:13:57.0113 0724 hcw85cir - ok
09:13:57.0173 0724 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
09:13:57.0271 0724 HdAudAddService - ok
09:13:57.0313 0724 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:13:57.0419 0724 HDAudBus - ok
09:13:57.0454 0724 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
09:13:57.0584 0724 HidBatt - ok
09:13:57.0806 0724 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
09:13:57.0960 0724 HidBth - ok
09:13:58.0062 0724 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
09:13:58.0191 0724 HidIr - ok
09:13:58.0241 0724 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
09:13:58.0329 0724 HidUsb - ok
09:13:58.0416 0724 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
09:13:58.0460 0724 HpSAMD - ok
09:13:58.0578 0724 HSF_DPV (227c3ba25012752bb7450235392c719f) C:\Windows\system32\DRIVERS\HSX_DPV.sys
09:13:58.0742 0724 HSF_DPV - ok
09:13:58.0796 0724 HSXHWAZL (4df5c76302dc2f8f3465966c8426a292) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
09:13:58.0898 0724 HSXHWAZL - ok
09:13:58.0948 0724 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
09:13:59.0135 0724 HTTP - ok
09:13:59.0188 0724 huawei_cdcacm (42a64382a0607b80c99c37170911b346) C:\Windows\system32\DRIVERS\ew_jucdcacm.sys
09:13:59.0300 0724 huawei_cdcacm - ok
09:13:59.0331 0724 huawei_enumerator (f44461e66f1b7dd267957fe9baa63ed0) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
09:13:59.0523 0724 huawei_enumerator - ok
09:13:59.0624 0724 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
09:13:59.0679 0724 hwpolicy - ok
09:13:59.0738 0724 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
09:13:59.0917 0724 i8042prt - ok
09:13:59.0985 0724 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
09:14:00.0074 0724 iaStorV - ok
09:14:00.0382 0724 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
09:14:00.0796 0724 igfx - ok
09:14:00.0882 0724 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
09:14:00.0930 0724 iirsp - ok
09:14:01.0057 0724 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
09:14:01.0100 0724 intelide - ok
09:14:01.0154 0724 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
09:14:01.0235 0724 intelppm - ok
09:14:01.0293 0724 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:14:01.0419 0724 IpFilterDriver - ok
09:14:01.0477 0724 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
09:14:01.0557 0724 IPMIDRV - ok
09:14:01.0597 0724 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
09:14:01.0736 0724 IPNAT - ok
09:14:01.0788 0724 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
09:14:01.0898 0724 IRENUM - ok
09:14:01.0932 0724 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
09:14:01.0988 0724 isapnp - ok
09:14:02.0031 0724 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
09:14:02.0096 0724 iScsiPrt - ok
09:14:02.0131 0724 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
09:14:02.0179 0724 kbdclass - ok
09:14:02.0219 0724 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
09:14:02.0320 0724 kbdhid - ok
09:14:02.0374 0724 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
09:14:02.0422 0724 KSecDD - ok
09:14:02.0468 0724 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
09:14:02.0531 0724 KSecPkg - ok
09:14:02.0649 0724 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
09:14:02.0822 0724 lltdio - ok
09:14:02.0916 0724 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:14:02.0967 0724 LSI_FC - ok
09:14:03.0000 0724 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:14:03.0076 0724 LSI_SAS - ok
09:14:03.0120 0724 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:14:03.0169 0724 LSI_SAS2 - ok
09:14:03.0208 0724 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:14:03.0259 0724 LSI_SCSI - ok
09:14:03.0290 0724 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
09:14:03.0506 0724 luafv - ok
09:14:03.0556 0724 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
09:14:03.0674 0724 LVPr2Mon - ok
09:14:03.0739 0724 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\Windows\system32\drivers\LVUSBSta.sys
09:14:03.0831 0724 LVUSBSta - ok
09:14:03.0883 0724 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
09:14:03.0956 0724 MBAMProtector - ok
09:14:04.0046 0724 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
09:14:04.0137 0724 mdmxsdk - ok
09:14:04.0177 0724 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
09:14:04.0223 0724 megasas - ok
09:14:04.0278 0724 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
09:14:04.0356 0724 MegaSR - ok
09:14:04.0436 0724 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
09:14:04.0602 0724 Modem - ok
09:14:04.0651 0724 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
09:14:04.0733 0724 monitor - ok
09:14:04.0776 0724 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
09:14:04.0822 0724 mouclass - ok
09:14:04.0856 0724 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
09:14:04.0916 0724 mouhid - ok
09:14:04.0963 0724 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
09:14:05.0019 0724 mountmgr - ok
09:14:05.0058 0724 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
09:14:05.0127 0724 mpio - ok
09:14:05.0163 0724 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
09:14:05.0330 0724 mpsdrv - ok
09:14:05.0369 0724 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
09:14:05.0459 0724 MRxDAV - ok
09:14:05.0508 0724 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:14:05.0603 0724 mrxsmb - ok
09:14:05.0654 0724 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:14:05.0728 0724 mrxsmb10 - ok
09:14:05.0776 0724 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:14:05.0860 0724 mrxsmb20 - ok
09:14:05.0890 0724 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
09:14:05.0936 0724 msahci - ok
09:14:05.0989 0724 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
09:14:06.0039 0724 msdsm - ok
09:14:06.0112 0724 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
09:14:06.0246 0724 Msfs - ok
09:14:06.0285 0724 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
09:14:06.0452 0724 mshidkmdf - ok
09:14:06.0491 0724 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
09:14:06.0545 0724 msisadrv - ok
09:14:06.0611 0724 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
09:14:06.0762 0724 MSKSSRV - ok
09:14:06.0809 0724 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
09:14:07.0028 0724 MSPCLOCK - ok
09:14:07.0062 0724 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
09:14:07.0213 0724 MSPQM - ok
09:14:07.0313 0724 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
09:14:07.0381 0724 MsRPC - ok
09:14:07.0467 0724 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
09:14:07.0528 0724 mssmbios - ok
09:14:07.0553 0724 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
09:14:07.0709 0724 MSTEE - ok
09:14:07.0745 0724 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
09:14:07.0838 0724 MTConfig - ok
09:14:07.0879 0724 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
09:14:07.0929 0724 Mup - ok
09:14:07.0997 0724 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
09:14:08.0096 0724 NativeWifiP - ok
09:14:08.0168 0724 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
09:14:08.0282 0724 NDIS - ok
09:14:08.0320 0724 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
09:14:08.0481 0724 NdisCap - ok
09:14:08.0520 0724 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
09:14:08.0661 0724 NdisTapi - ok
09:14:08.0710 0724 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
09:14:08.0862 0724 Ndisuio - ok
09:14:08.0897 0724 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
09:14:09.0035 0724 NdisWan - ok
09:14:09.0067 0724 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
09:14:09.0205 0724 NDProxy - ok
09:14:09.0251 0724 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
09:14:09.0456 0724 NetBIOS - ok
09:14:09.0510 0724 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
09:14:09.0648 0724 NetBT - ok
09:14:09.0825 0724 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
09:14:09.0886 0724 nfrd960 - ok
09:14:09.0985 0724 nnfwdk (5d2c822c2851acd7d78f4cf5e966ccd3) C:\Program Files\NetRatingsNetSight\NetSight\meter1\nnfwdk.sys
09:14:10.0025 0724 nnfwdk - ok
09:14:10.0075 0724 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
09:14:10.0235 0724 Npfs - ok
09:14:10.0286 0724 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
09:14:10.0410 0724 nsiproxy - ok
09:14:10.0516 0724 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
09:14:10.0690 0724 Ntfs - ok
09:14:10.0725 0724 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
09:14:10.0830 0724 Null - ok
09:14:10.0868 0724 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
09:14:10.0931 0724 nvraid - ok
09:14:10.0976 0724 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
09:14:11.0046 0724 nvstor - ok
09:14:11.0079 0724 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
09:14:11.0131 0724 nv_agp - ok
09:14:11.0175 0724 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
09:14:11.0240 0724 ohci1394 - ok
09:14:11.0310 0724 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
09:14:11.0422 0724 Parport - ok
09:14:11.0461 0724 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
09:14:11.0515 0724 partmgr - ok
09:14:11.0569 0724 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
09:14:11.0649 0724 Parvdm - ok
09:14:11.0712 0724 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
09:14:11.0769 0724 pci - ok
09:14:11.0841 0724 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
09:14:11.0888 0724 pciide - ok
09:14:11.0939 0724 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
09:14:12.0015 0724 pcmcia - ok
09:14:12.0055 0724 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
09:14:12.0110 0724 pcw - ok
09:14:12.0167 0724 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
09:14:12.0330 0724 PEAUTH - ok
09:14:12.0590 0724 PID_PEPI (4bb5ac2dd485b8eefccb977ee66a68ad) C:\Windows\system32\DRIVERS\LV302V32.SYS
09:14:12.0852 0724 PID_PEPI - ok
09:14:13.0046 0724 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
09:14:13.0228 0724 PptpMiniport - ok
09:14:13.0277 0724 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
09:14:13.0378 0724 Processor - ok
09:14:13.0449 0724 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
09:14:13.0608 0724 Psched - ok
09:14:13.0702 0724 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
09:14:13.0845 0724 ql2300 - ok
09:14:13.0901 0724 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
09:14:13.0982 0724 ql40xx - ok
09:14:14.0025 0724 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
09:14:14.0092 0724 QWAVEdrv - ok
09:14:14.0128 0724 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
09:14:14.0251 0724 RasAcd - ok
09:14:14.0288 0724 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:14:14.0516 0724 RasAgileVpn - ok
09:14:14.0575 0724 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:14:14.0749 0724 Rasl2tp - ok
09:14:14.0808 0724 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
09:14:14.0952 0724 RasPppoe - ok
09:14:14.0998 0724 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
09:14:15.0116 0724 RasSstp - ok
09:14:15.0157 0724 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
09:14:15.0316 0724 rdbss - ok
09:14:15.0358 0724 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
09:14:15.0463 0724 rdpbus - ok
09:14:15.0515 0724 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:14:15.0644 0724 RDPCDD - ok
09:14:15.0767 0724 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
09:14:15.0888 0724 RDPDR - ok
09:14:15.0924 0724 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
09:14:16.0052 0724 RDPENCDD - ok
09:14:16.0105 0724 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
09:14:16.0241 0724 RDPREFMP - ok
09:14:16.0289 0724 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
09:14:16.0422 0724 RDPWD - ok
09:14:16.0472 0724 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
09:14:16.0529 0724 rdyboost - ok
09:14:16.0695 0724 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
09:14:16.0837 0724 rspndr - ok
09:14:16.0882 0724 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
09:14:17.0037 0724 s3cap - ok
09:14:17.0109 0724 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
09:14:17.0156 0724 SASDIFSV - ok
09:14:17.0195 0724 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
09:14:17.0256 0724 SASKUTIL - ok
09:14:17.0299 0724 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
09:14:17.0349 0724 sbp2port - ok
09:14:17.0401 0724 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
09:14:17.0564 0724 scfilter - ok
09:14:17.0649 0724 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
09:14:17.0721 0724 sdbus - ok
09:14:17.0765 0724 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:14:17.0897 0724 secdrv - ok
09:14:18.0024 0724 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
09:14:18.0087 0724 Serenum - ok
09:14:18.0116 0724 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
09:14:18.0207 0724 Serial - ok
09:14:18.0254 0724 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
09:14:18.0362 0724 sermouse - ok
09:14:18.0471 0724 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
09:14:18.0612 0724 sffdisk - ok
09:14:18.0635 0724 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
09:14:18.0707 0724 sffp_mmc - ok
09:14:18.0734 0724 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
09:14:18.0817 0724 sffp_sd - ok
09:14:18.0860 0724 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
09:14:18.0942 0724 sfloppy - ok
09:14:19.0013 0724 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
09:14:19.0072 0724 sisagp - ok
09:14:19.0115 0724 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:14:19.0164 0724 SiSRaid2 - ok
09:14:19.0199 0724 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
09:14:19.0252 0724 SiSRaid4 - ok
09:14:19.0298 0724 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
09:14:19.0463 0724 Smb - ok
09:14:19.0561 0724 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
09:14:19.0619 0724 spldr - ok
09:14:19.0723 0724 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
09:14:19.0885 0724 srv - ok
09:14:19.0952 0724 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
09:14:20.0042 0724 srv2 - ok
09:14:20.0094 0724 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
09:14:20.0187 0724 SrvHsfHDA - ok
09:14:20.0266 0724 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
09:14:20.0397 0724 SrvHsfV92 - ok
09:14:20.0473 0724 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
09:14:20.0577 0724 SrvHsfWinac - ok
09:14:20.0616 0724 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
09:14:20.0722 0724 srvnet - ok
09:14:20.0811 0724 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
09:14:20.0860 0724 stexstor - ok
09:14:20.0915 0724 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
09:14:21.0006 0724 storflt - ok
09:14:21.0041 0724 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
09:14:21.0085 0724 storvsc - ok
09:14:21.0129 0724 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
09:14:21.0248 0724 swenum - ok
09:14:21.0446 0724 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
09:14:21.0599 0724 Tcpip - ok
09:14:21.0711 0724 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
09:14:21.0856 0724 TCPIP6 - ok
09:14:21.0910 0724 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
09:14:22.0042 0724 tcpipreg - ok
09:14:22.0099 0724 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
09:14:22.0257 0724 TDPIPE - ok
09:14:22.0297 0724 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
09:14:22.0428 0724 TDTCP - ok
09:14:22.0479 0724 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
09:14:22.0611 0724 tdx - ok
09:14:22.0650 0724 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
09:14:22.0707 0724 TermDD - ok
09:14:22.0885 0724 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:14:22.0990 0724 tssecsrv - ok
09:14:23.0037 0724 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
09:14:23.0190 0724 tunnel - ok
09:14:23.0231 0724 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
09:14:23.0279 0724 uagp35 - ok
09:14:23.0331 0724 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
09:14:23.0490 0724 udfs - ok
09:14:23.0592 0724 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
09:14:23.0670 0724 uliagpkx - ok
09:14:23.0706 0724 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
09:14:23.0770 0724 umbus - ok
09:14:23.0806 0724 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
09:14:23.0928 0724 UmPass - ok
09:14:23.0998 0724 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
09:14:24.0097 0724 USBAAPL - ok
09:14:24.0155 0724 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
09:14:24.0266 0724 usbaudio - ok
09:14:24.0299 0724 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
09:14:24.0374 0724 usbccgp - ok
09:14:24.0414 0724 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
09:14:24.0526 0724 usbcir - ok
09:14:24.0565 0724 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
09:14:24.0624 0724 usbehci - ok
09:14:24.0668 0724 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
09:14:24.0766 0724 usbhub - ok
09:14:24.0819 0724 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
09:14:24.0964 0724 usbohci - ok
09:14:25.0007 0724 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
09:14:25.0189 0724 usbprint - ok
09:14:25.0245 0724 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:14:25.0411 0724 USBSTOR - ok
09:14:25.0447 0724 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
09:14:25.0543 0724 usbuhci - ok
09:14:25.0638 0724 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
09:14:25.0688 0724 vdrvroot - ok
09:14:25.0735 0724 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
09:14:25.0836 0724 vga - ok
09:14:25.0878 0724 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
09:14:26.0010 0724 VgaSave - ok
09:14:26.0069 0724 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
09:14:26.0127 0724 vhdmp - ok
09:14:26.0172 0724 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
09:14:26.0218 0724 viaagp - ok
09:14:26.0275 0724 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
09:14:26.0370 0724 ViaC7 - ok
09:14:26.0419 0724 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
09:14:26.0460 0724 viaide - ok
09:14:26.0527 0724 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
09:14:26.0592 0724 vmbus - ok
09:14:26.0637 0724 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
09:14:26.0692 0724 VMBusHID - ok
09:14:26.0746 0724 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
09:14:26.0792 0724 volmgr - ok
09:14:26.0840 0724 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
09:14:26.0954 0724 volmgrx - ok
09:14:27.0000 0724 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
09:14:27.0064 0724 volsnap - ok
09:14:27.0142 0724 Vsdatant (24334b105bde93d82495358b219f7b76) C:\Windows\system32\DRIVERS\vsdatant.sys
09:14:27.0216 0724 Vsdatant - ok
09:14:27.0281 0724 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
09:14:27.0362 0724 vsmraid - ok
09:14:27.0423 0724 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
09:14:27.0489 0724 vwifibus - ok
09:14:27.0524 0724 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
09:14:27.0608 0724 vwififlt - ok
09:14:27.0744 0724 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
09:14:27.0801 0724 WacomPen - ok
09:14:27.0855 0724 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
09:14:27.0978 0724 WANARP - ok
09:14:27.0996 0724 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
09:14:28.0147 0724 Wanarpv6 - ok
09:14:28.0281 0724 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
09:14:28.0331 0724 Wd - ok
09:14:28.0390 0724 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
09:14:28.0471 0724 Wdf01000 - ok
09:14:28.0644 0724 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
09:14:28.0772 0724 WfpLwf - ok
09:14:28.0814 0724 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
09:14:28.0864 0724 WIMMount - ok
09:14:28.0935 0724 winachsf (8b976d4ca270110111df4f313da0e6e8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
09:14:29.0059 0724 winachsf - ok
09:14:29.0239 0724 winusb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\winusb.sys
09:14:29.0342 0724 winusb - ok
09:14:29.0431 0724 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
09:14:29.0515 0724 WmiAcpi - ok
09:14:29.0685 0724 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
09:14:29.0800 0724 ws2ifsl - ok
09:14:29.0909 0724 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
09:14:30.0017 0724 WudfPf - ok
09:14:30.0057 0724 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:14:30.0208 0724 WUDFRd - ok
09:14:30.0286 0724 XAudio (894f963be999ba9db5aac3aed55b115d) C:\Windows\system32\DRIVERS\XAudio32.sys
09:14:30.0357 0724 XAudio - ok
09:14:30.0475 0724 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
09:14:30.0730 0724 \Device\Harddisk0\DR0 - ok
09:14:30.0747 0724 Boot (0x1200) (aa9ea497a6f19eabb389c3117e8182d4) \Device\Harddisk0\DR0\Partition0
09:14:30.0749 0724 \Device\Harddisk0\DR0\Partition0 - ok
09:14:30.0821 0724 Boot (0x1200) (21530b00e29bdc844b379adb97aa9938) \Device\Harddisk0\DR0\Partition1
09:14:30.0825 0724 \Device\Harddisk0\DR0\Partition1 - ok
09:14:30.0857 0724 Boot (0x1200) (78f7f4ca6c828cd6352d38ca7eaf0a3d) \Device\Harddisk0\DR0\Partition2
09:14:30.0859 0724 \Device\Harddisk0\DR0\Partition2 - ok
09:14:30.0861 0724 ============================================================
09:14:30.0861 0724 Scan finished
09:14:30.0861 0724 ============================================================
09:14:30.0934 3256 Detected object count: 0
09:14:30.0934 3256 Actual detected object count: 0

3. Farbar Service Scanner Version: 18-01-2012 01
Ran by Babuci (administrator) on 20-01-2012 at 09:19:28
Microsoft Windows 7 Ultimate (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
===========

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2011-12-28 13:43] - [2011-12-28 13:43] - 1285488 ____A (Microsoft Corporation) 56C198AC82EFA622DD93E9E43575F79C

C:\Windows\system32\dnsrslvr.dll
[2011-12-28 13:27] - [2011-12-28 13:27] - 0132608 ____A (Microsoft Corporation) B15BE77A2BACF9C3177D27518AFE26A9

C:\Windows\system32\mpssvc.dll
[2009-07-13 23:53] - [2009-07-14 01:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

C:\Windows\system32\bfe.dll
[2009-07-13 23:54] - [2009-07-14 01:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll
[2009-07-13 23:23] - [2009-07-14 01:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

C:\Windows\system32\vssvc.exe
[2009-07-13 23:24] - [2009-07-14 01:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

C:\Windows\system32\wscsvc.dll
[2011-03-08 00:37] - [2010-12-21 05:38] - 0073728 ____A (Microsoft Corporation) A661A76333057B383A06E65F0073222F

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll
[2009-07-14 00:15] - [2009-07-14 01:16] - 1912832 ____A (Microsoft Corporation) A33408CC036F9C08142B11BE5E93F0A1

C:\Windows\system32\qmgr.dll
[2009-07-13 23:30] - [2009-07-14 01:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2009-07-13 23:33] - [2009-07-14 01:15] - 0135680 ____A (Microsoft Corporation) 9C231178CE4FB385F4B54B0A9080B8A4

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

4. unfortunatelly no log for OTL as it was not responding, it froze at the modules section, i tried it twice, i was about to include what
does it say in details as a reason when again the laptop switched off out of the blue, so that log is lost and im not sure about running it again.

5. status update:
- google redirects still
- no MBAM and the same message: Open event...error code:2
- when i turned it on this morning there was something new: a windows message saying the C: drive is running out of space and click to
see options to set space free - i didnt click, closed, or the message disappeared
- it switches off more frequently than ever before, there is a kind of "fuse blackout" noise when it switches off, if i turn it back on
immediatelly windows repair starts and usually says it couldnt fix the problem and shuts it down, if i wait a couple of mins i can run
windows without any problem
- sometimes mozilla "sticks", i minimize it and when clicking on the bar to open it again, it just wouldnt open, i have to close to be
able to access the browser again.
- sometimes i see a "ghost" window opening, more precisely: for a couple of seconds everything freezes and i see a window comming up and almost straightaway it vanishes and all the opened applications logos are back in order.

thank you and im looking forward to hearing from you

Edited by MsYvaine, 20 January 2012 - 05:29 AM.


#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:30 AM

Posted 20 January 2012 - 10:32 AM

Hi!

Okay, We'll do our best to remove this nasty infection, but no promises can be made.

a, my bank account password is saved on the computer, but it has 2 steps,
the first is the password, than i have to insert my bank card into a machine,
enter info from my card to the log-in page and than enter my pin to the machine
and it generates an 8 digit number that i have to enter online and then i can log-
on. Shall i change my password anyway?

That seems like a pretty interesting security procedure for verifying you are the owner of the card.

Yes, I still would change my password, if this were my computer.

b, is it possible to identify when this nasty thing got on my computer? im just
curious about it, if i could remove the previous infection completely or that was
the time when it all started.

The best answer I can give you is right around the same time you started experiencing issues with your computer.

--------


Thanks for the status update on how things are running with your computer.

It looks like this infection has messed with some of your services to prevent them from working properly.

Please run this utility below:

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 MsYvaine

MsYvaine
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:uk-london
  • Local time:03:30 PM

Posted 20 January 2012 - 07:41 PM

hello and im impressed by your prompt reply, thank you

about the bank, yes it is making sure that you are the authorized user of the card and also that you have it with you, sophisticated, hm?

bumped into problems - 1. checked the reference pages and i assumed id be fine, because i removed avast quite a while ago as it was messing up with java and adobe for some reason
downloaded combofix on the desktop, ran it, first nothing happened, searched for the combofix.txt file with 3 different methods, nothing came up, since its a bit late i wasnt quite sure if i really had clicked twice, so i started it again, when combofix was telling me:
the following real time scanners are active:
antivirus: avast
antispyware: avast
antivirus and intrusion prevention programs are known to interfere with combofix... and i should turn them off before clicking OK

i am 100% sure i did remove it and deleted all the components ages ago (used uninstall utility from avast.com as i saw they were still existing after removing the application), as i dont like that software and it was my ex's obsession (actually from whom i inherited the laptop)
anyway, i searched for it and this came up: Avast5 folder at C:\programdata\alwil software, modified 2012.01.21. 0:08 - pretty much now and the same folder with a different time for it and an avfast5.ini file at C:\programdata\alwil software\avast5

shall i remove them again?

also, please note that i uninstalled zonealarm as i couldnt run it and disable it

right now as im a bit stuck with the open combofix window and i cant "shoot it out", im going to restart the pc and hope to be able to edit this post and wait for your reply on what to do next.

EDIT: im back, smooth startup, and i just noticed there are 2 ini files on the desktop
1. contains:
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183

2. contains:
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799

looking forward to you

Edited by MsYvaine, 20 January 2012 - 07:51 PM.


#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:30 AM

Posted 21 January 2012 - 02:42 AM

Hi!

about the bank, yes it is making sure that you are the authorized user of the card and also that you have it with you, sophisticated, hm?

I really think that more banks should have something like that.

It would help avoid a ton of issues.

Can you please run this tool to see if Avast comes up as being listed as installed.

If so remove it using the tool.

We need to temporarily remove your Anti-Virus, as it interes with the fix I want to run. You can reinstall it again later. If you are not happy about doing this, please let me know before proceding

Download AppRemover and run it.

Click Next >>
Posted Image


Ensure "Remove Security Application" is collected and click Next >>
Posted Image


AppRemover will scan all the security applications on your PC
Posted Image

Select Any Avast entries from the applications offered and click Next >> twice.
Posted Image

Follow any further on-screen instructions. If asked to reboot,please do so.

Note: Please do not browse the internet or open any email attachments until your Anti-Virus is re-installed



I'd also like to have you download and run the Avast Uninstall Utility and see if that detects anything from Avast to remove.

avast! Uninstall Utility

Sometimes it's not possible to uninstall avast! the standard way - using the ADD/REMOVE PROGRAMS in control panel. In this case, you can use our uninstallation utility aswClear.

  • Download aswClear.exe on to your desktop
  • Start Windows in Safe Mode
  • Open (execute) the uninstall utility = aswClear.exe
  • If you installed avast! in a different folder than the default, browse for it. Note: Be careful! The content of any folder you choose will be deleted!
  • Click REMOVE
  • Restart your computer


=============

EDIT: im back, smooth startup, and i just noticed there are 2 ini files on the desktop

Those files are ones that are usually hidden. One of the tools we used set the option to show hidden files and folders. We'll change that setting back to default when we clean-up our tools later.

After doing the above, can you see if you're now able to run a successfully scan with ComboFix?

Let me know how you make out.

Kindest Regards,
Agent ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 MsYvaine

MsYvaine
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:uk-london
  • Local time:03:30 PM

Posted 21 January 2012 - 05:44 PM

right, this is getting annoying :(

opswat didnt find avast, but the avast remover did and i completed it
please note, that i did use this app to remove it before christmas and it was successful than... i really do not know how or when did it come back

when i restarted and loaded windows i noticed there was no internet connection, eventhough my workplace, where i am now, is set and saved i had to connect manually, also i tried to access bleeping computer and mozilla wouldnt open it, everything else loads, this is the only page among those that i checked that wouldnt load, an standard error page comes up like there was no connection or the page was down. --- now i know that supposedly it was down really.

im writing this in safe mode with connection and restart the computer to be able to run combofix and come back here to post the log

i do hope that i will be able to access this page later, because once i go home on sunday i wont have any other device to log on here, but this infected computer

update on the computer's behaviour: it didnt switch off in the last 24 hrs, but downloading(those applications) and loading webpages is at least 10times slower than used to be

EDIT: yeah baby, one step ahead, got a combofix log :)
once rebooted, but obviously the log says so..., while waiting for the log to appear MBAM error message appeared

here we go:
ComboFix 12-01-19.02 - Babuci 012.01.22. 0:14.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.36.1038.18.2038.1393 [GMT 0:00]
Running from: c:\users\Babuci\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\JMHL Loader
c:\users\Babuci\AppData\Local\b9dc94c5\U
c:\users\Babuci\AppData\Local\b9dc94c5\U\000000c0.@
c:\users\Babuci\AppData\Local\b9dc94c5\U\000000cb.@
c:\users\Babuci\AppData\Local\b9dc94c5\U\000000cf.@
c:\users\Babuci\AppData\Roaming\cacaoweb
c:\users\Babuci\AppData\Roaming\cacaoweb\cacaoweb.exe
c:\users\Babuci\AppData\Roaming\cacaoweb\npdfile.dat
c:\users\Babuci\AppData\Roaming\cacaoweb\storage.db
c:\users\Babuci\AppData\Roaming\Nyenok\vuzaic.exe
c:\users\Babuci\Desktop\cacaoweb.exe
c:\users\Babuci\WINDOWS
c:\windows\$NtUninstallKB11545$
c:\windows\$NtUninstallKB11545$\3118240965\@
c:\windows\$NtUninstallKB11545$\3118240965\bckfg.tmp
c:\windows\$NtUninstallKB11545$\3118240965\cfg.ini
c:\windows\$NtUninstallKB11545$\3118240965\Desktop.ini
c:\windows\$NtUninstallKB11545$\3118240965\keywords
c:\windows\$NtUninstallKB11545$\3118240965\kwrd.dll
c:\windows\$NtUninstallKB11545$\3118240965\L\xadqgnnk
c:\windows\$NtUninstallKB11545$\3118240965\U\00000001.@
c:\windows\$NtUninstallKB11545$\3118240965\U\00000002.@
c:\windows\$NtUninstallKB11545$\3118240965\U\00000004.@
c:\windows\$NtUninstallKB11545$\3118240965\U\80000000.@
c:\windows\$NtUninstallKB11545$\3118240965\U\80000004.@
c:\windows\$NtUninstallKB11545$\3118240965\U\80000032.@
c:\windows\$NtUninstallKB11545$\360133148
c:\windows\$NtUninstallKB53990$
c:\windows\$NtUninstallKB53990$\1821895204
c:\windows\$NtUninstallKB53990$\3118240965\@
c:\windows\$NtUninstallKB53990$\3118240965\L\xadqgnnk
c:\windows\$NtUninstallKB53990$\3118240965\loader.tlb
c:\windows\$NtUninstallKB53990$\3118240965\U\@00000001
c:\windows\$NtUninstallKB53990$\3118240965\U\@000000c0
c:\windows\$NtUninstallKB53990$\3118240965\U\@000000cb
c:\windows\$NtUninstallKB53990$\3118240965\U\@000000cf
c:\windows\$NtUninstallKB53990$\3118240965\U\@80000000
c:\windows\$NtUninstallKB53990$\3118240965\U\@800000c0
c:\windows\$NtUninstallKB53990$\3118240965\U\@800000cb
c:\windows\$NtUninstallKB53990$\3118240965\U\@800000cf
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\C_11433.NLS
c:\windows\Tasks\At1.job
c:\windows\Tasks\At2.job
.
Infected copy of c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe was found and disinfected
Restored copy from - c:\program files\Common Files\logishrd\LVMVFM\
.
.
((((((((((((((((((((((((( Files Created from 2011-12-22 to 2012-01-22 )))))))))))))))))))))))))))))))
.
.
2012-01-22 00:22 . 2012-01-22 00:23 -------- d-----w- c:\users\Babuci\AppData\Local\temp
2012-01-22 00:22 . 2012-01-22 00:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-21 23:24 . 2011-12-28 13:28 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2012-01-19 19:17 . 2012-01-22 00:21 -------- d-----w- c:\users\Babuci\AppData\Roaming\Nyenok
2012-01-19 19:17 . 2012-01-20 00:54 -------- d-----w- c:\users\Babuci\AppData\Roaming\Aqupl
2012-01-16 17:21 . 2012-01-16 17:21 -------- d-----w- c:\users\Babuci\AppData\Local\ElevatedDiagnostics
2012-01-16 15:19 . 2012-01-16 15:19 -------- d-----w- c:\program files\NetRatingsNetSight
2011-12-29 13:36 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-28 16:08 . 2011-12-28 16:08 -------- d-----w- c:\users\Babuci\AppData\Roaming\SUPERAntiSpyware.com
2011-12-28 16:07 . 2011-12-28 16:08 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-28 16:07 . 2011-12-28 16:07 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-12-28 13:45 . 2011-12-28 13:45 3957104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-28 13:45 . 2011-12-28 13:45 3901808 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-28 13:45 . 2011-12-28 13:45 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-28 13:45 . 2011-12-28 13:45 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-28 13:44 . 2011-12-28 13:44 2340352 ----a-w- c:\windows\system32\win32k.sys
2011-12-28 13:44 . 2011-12-28 13:44 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-12-28 13:43 . 2011-12-28 13:43 1285488 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-12-28 13:37 . 2011-12-28 13:37 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-12-28 13:37 . 2011-12-28 13:37 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-12-28 13:37 . 2011-12-28 13:37 59904 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-12-28 13:37 . 2011-12-28 13:37 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-12-28 13:37 . 2011-12-28 13:37 204288 ----a-w- c:\windows\system32\MSNP.ax
2011-12-28 13:37 . 2011-12-28 13:37 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-12-28 13:37 . 2011-12-28 13:37 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-12-28 13:30 . 2011-12-28 13:30 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-12-28 13:30 . 2011-12-28 13:30 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-12-28 13:30 . 2011-12-28 13:30 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-12-28 13:30 . 2011-12-28 13:30 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-12-28 13:28 . 2011-12-28 13:28 759296 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-12-28 13:28 . 2011-12-28 13:28 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-12-28 13:28 . 2011-12-28 13:28 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-12-28 13:28 . 2011-12-28 13:28 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-12-28 13:28 . 2011-12-28 13:28 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-12-28 13:27 . 2011-12-28 13:27 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-12-28 13:27 . 2011-12-28 13:27 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-12-28 13:27 . 2011-12-28 13:27 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-12-28 13:27 . 2011-12-28 13:27 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-12-28 13:26 . 2011-12-28 13:26 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-12-28 13:26 . 2011-12-28 13:26 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-12-28 13:26 . 2011-12-28 13:26 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-12-28 13:26 . 2011-12-28 13:26 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-12-28 13:26 . 2011-12-28 13:26 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-12-28 13:25 . 2011-12-28 13:25 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-12-28 13:25 . 2011-12-28 13:25 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-12-28 13:16 . 2011-10-19 22:15 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-19 19:51 . 2009-07-13 23:12 187904 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-11-16 07:06 . 2011-11-16 06:28 639224 ----a-w- c:\windows\system32\drivers\sptd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Registry Cleaner Scheduler"="c:\program files\CleanMyPC\Registry Cleaner\RCHelper.exe" [2011-10-06 1401224]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-11 619352]
"HW_OPENEYE_OUC_T-Mobile Internet Manager"="c:\program files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe" [2009-12-31 110592]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 4616064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-07-19 292208]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"DataCardMonitor"="c:\program files\T-Mobile\InternetManager_H\DataCardMonitor.exe" [2011-12-17 253952]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"NielsenOnline"="c:\program files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2011-05-03 47424]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google frissítési szolgáltatás (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-13 136176]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 102784]
R3 gupdatem;Google frissítés Szolgáltatás (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-13 136176]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2011-01-30 90112]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Windows aktiválási technológiák szolgáltatás;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-07 1343400]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 268512]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 nnfwdk;Nielsen WFP Driver;c:\program files\NetRatingsNetSight\NetSight\meter1\nnfwdk.sys [2010-10-04 22064]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 59392]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-11 494424]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [2010-11-16 264704]
S2 NielsenUpdate;Nielsen Update;c:\program files\NetRatingsNetSight\NetSight\NielsenUpdate.exe [2011-05-03 306496]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-01-30 73216]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-22 c:\windows\Tasks\DriverScanner.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2011-04-04 12:30]
.
2012-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-13 06:09]
.
2012-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-13 06:09]
.
.
------- Supplementary Scan -------
.
uStart Page = gamezona.org
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.3
FF - ProfilePath - c:\users\Babuci\AppData\Roaming\Mozilla\Firefox\Profiles\hnb805t6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_&q={searchTerms}&mntrId=d0653b5e000000000000001b3825c5a7&tlver=1.4.35.10&
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: cacaoweb: cacaoweb@cacaoweb.org - %profile%\extensions\cacaoweb@cacaoweb.org
FF - Ext: UserZoom survey tool: {0a9de085-6dc7-4bc8-b718-2b6b0921458d} - %profile%\extensions\{0a9de085-6dc7-4bc8-b718-2b6b0921458d}
FF - Ext: Bytemobile Optimization Client: ff-bmboc@bytemobile.com - c:\program files\T-Mobile\InternetManager_H\OCx32\addon
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - Ext: Nielsen: {D908A1CC-54B4-4af9-9BB4-964F5BD3CDB7} - c:\program files\NetRatingsNetSight\NetSight\meter1\FFAddon
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
HKCU-Run-cacaoweb - c:\users\Babuci\AppData\Roaming\cacaoweb\cacaoweb.exe
HKCU-Run-{78C32C87-B1D5-E031-2616-6C377E924CE7} - c:\users\Babuci\AppData\Roaming\Nyenok\vuzaic.exe
SafeBoot-32364677.sys
SafeBoot-39456272.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,69,d3,7a,30,55,91,2b,42,b6,94,8a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,69,d3,7a,30,55,91,2b,42,b6,94,8a,\
.
[HKEY_USERS\S-1-5-21-2303165819-2447248-2855647259-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2303165819-2447248-2855647259-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2303165819-2447248-2855647259-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:f7,0c,33,45,89,f0,ec,9a,28,fb,62,6b,03,86,17,c5,07,f2,43,d7,59,ca,b9,
f3,0d,e3,ee,8c,17,eb,71,b0,92,f8,11,67,cf,a1,82,04,5a,45,b8,d8,94,a0,e2,ac,\
"??"=hex:e0,ef,71,8c,49,15,1b,7b,f1,fb,0c,fc,b6,17,b6,46
.
[HKEY_USERS\S-1-5-21-2303165819-2447248-2855647259-1000\Software\SecuROM\License information*]
"datasecu"=hex:a2,c4,a2,1c,d8,e2,d6,03,74,66,0b,07,85,9e,fc,b7,86,80,33,aa,8c,
bb,3e,95,b2,cd,53,bb,bb,b3,01,76,66,61,8e,fc,87,7b,8e,15,fe,d2,e3,45,e4,ba,\
"rkeysecu"=hex:d8,9b,40,f5,96,60,2f,af,12,2d,40,4c,0d,12,5c,e4
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\users\Babuci\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-01-22 00:31:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-22 00:31
.
Pre-Run: 455 663 616 bájt szabad
Post-Run: 1 341 702 144 bájt szabad
.
- - End Of File - - C284E99CC682DBF0406704B2281FDBE3

EDIT:
ps - update:
google seems to work even with pictures - please note that i only tried for a couple of mins as im far over my bedtime (i do not mind!) ;)
could open MBAM, but still getting the error message at startup
no noise, no ad - well, so far
computer started to cool down - i mean physically
downloaded a youtube video, fairly quickly
babylon&ilivid search still appears to be somewhere - i hate those
cant think of anything else
good night!

Edited by MsYvaine, 22 January 2012 - 03:59 AM.


#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:30 AM

Posted 22 January 2012 - 05:57 AM

Hi MsYvaine!

Can you please provide me with the full error message you're receiving from MBAM when booting up your computer?

babylon&ilivid search still appears to be somewhere - i hate those

I'll remove the Babylon component I can see in Firefox for you.

If you don't use Net Ratings Net Sight from Nielsen then please remove it from Add/Remove Programs.

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::

ClearJavaCache::
Folder::
c:\users\Babuci\AppData\Roaming\Nyenok
c:\users\Babuci\AppData\Roaming\Aqupl
SecCenter::
{C37D8F93-0602-E43C-40AA-47DAD597F308}
{781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
FireFox::
FF - ProfilePath - c:\users\Babuci\AppData\Roaming\Mozilla\Firefox\Profiles\hnb805t6.default\
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_&q={searchTerms}&mntrId=d0653b5e000000000000001b3825c5a7&tlver=1.4.35.10&
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: cacaoweb: cacaoweb@cacaoweb.org - %profile%\extensions\cacaoweb@cacaoweb.org
FF - Ext: Nielsen: {D908A1CC-54B4-4af9-9BB4-964F5BD3CDB7} - c:\program files\NetRatingsNetSight\NetSight\meter1\FFAddon

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 MsYvaine

MsYvaine
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:uk-london
  • Local time:03:30 PM

Posted 22 January 2012 - 07:07 PM

hello

thanks for the prompt reply! it seems we may catch each other at the same time :)

okay, everything in order

1. the error message says: [open event] failed to perform desired action. error code: 2

please note: when this whole misery starteed this was the first symptom, i checked what are the solutions and did accordingly (removed MBAM, reboot, downloaded the remove utility, downloaded mbam, enter license again) and at next startup it appeared again. once again i tried to fix it - that time i was sure that i have something unwanted on my computer - i renamed the exe file, could run it, but at next reboot it was mbam.exe again and the message appeared again, ever since it is that way

2.combofix scripted:
ComboFix 12-01-21.02 - Babuci 012.01.22. 20:32:58.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.36.1038.18.2038.1337 [GMT 0:00]
Running from: c:\users\Babuci\Desktop\ComboFix.exe
Command switches used :: c:\users\Babuci\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\install.rdf
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\install.rdf
c:\users\Babuci\AppData\Roaming\Aqupl
c:\users\Babuci\AppData\Roaming\Mozilla\Firefox\Profiles\hnb805t6.default\extensions\cacaoweb@cacaoweb.org
c:\users\Babuci\AppData\Roaming\Mozilla\Firefox\Profiles\hnb805t6.default\extensions\cacaoweb@cacaoweb.org\chrome.manifest
c:\users\Babuci\AppData\Roaming\Mozilla\Firefox\Profiles\hnb805t6.default\extensions\cacaoweb@cacaoweb.org\chrome\content\cacaoweb.js
c:\users\Babuci\AppData\Roaming\Mozilla\Firefox\Profiles\hnb805t6.default\extensions\cacaoweb@cacaoweb.org\chrome\content\cacaoweb.xul
c:\users\Babuci\AppData\Roaming\Mozilla\Firefox\Profiles\hnb805t6.default\extensions\cacaoweb@cacaoweb.org\chrome\locale\de-DE\cacaoweb.properties
c:\users\Babuci\AppData\Roaming\Mozilla\Firefox\Profiles\hnb805t6.default\extensions\cacaoweb@cacaoweb.org\chrome\locale\en-US\cacaoweb.properties
c:\users\Babuci\AppData\Roaming\Mozilla\Firefox\Profiles\hnb805t6.default\extensions\cacaoweb@cacaoweb.org\chrome\locale\es-ES\cacaoweb.properties
c:\users\Babuci\AppData\Roaming\Mozilla\Firefox\Profiles\hnb805t6.default\extensions\cacaoweb@cacaoweb.org\chrome\locale\fr-FR\cacaoweb.properties
c:\users\Babuci\AppData\Roaming\Mozilla\Firefox\Profiles\hnb805t6.default\extensions\cacaoweb@cacaoweb.org\chrome\skin\cacaoweb.css
c:\users\Babuci\AppData\Roaming\Mozilla\Firefox\Profiles\hnb805t6.default\extensions\cacaoweb@cacaoweb.org\chrome\skin\ff_box.png
c:\users\Babuci\AppData\Roaming\Mozilla\Firefox\Profiles\hnb805t6.default\extensions\cacaoweb@cacaoweb.org\chrome\skin\ff_btn.png
c:\users\Babuci\AppData\Roaming\Mozilla\Firefox\Profiles\hnb805t6.default\extensions\cacaoweb@cacaoweb.org\chrome\skin\ff_btnmu.png
c:\users\Babuci\AppData\Roaming\Mozilla\Firefox\Profiles\hnb805t6.default\extensions\cacaoweb@cacaoweb.org\chrome\skin\icon.png
c:\users\Babuci\AppData\Roaming\Mozilla\Firefox\Profiles\hnb805t6.default\extensions\cacaoweb@cacaoweb.org\chrome\skin\tv-64-off.png
c:\users\Babuci\AppData\Roaming\Mozilla\Firefox\Profiles\hnb805t6.default\extensions\cacaoweb@cacaoweb.org\chrome\skin\tv-64.png
c:\users\Babuci\AppData\Roaming\Mozilla\Firefox\Profiles\hnb805t6.default\extensions\cacaoweb@cacaoweb.org\defaults\preferences\prefs.js
c:\users\Babuci\AppData\Roaming\Mozilla\Firefox\Profiles\hnb805t6.default\extensions\cacaoweb@cacaoweb.org\install.rdf
c:\users\Babuci\AppData\Roaming\Nyenok
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-12-22 to 2012-01-22 )))))))))))))))))))))))))))))))
.
.
2012-01-22 20:41 . 2012-01-22 20:43 -------- d-----w- c:\users\Babuci\AppData\Local\temp
2012-01-22 20:41 . 2012-01-22 20:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-21 23:24 . 2011-12-28 13:28 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2012-01-16 17:21 . 2012-01-16 17:21 -------- d-----w- c:\users\Babuci\AppData\Local\ElevatedDiagnostics
2011-12-29 13:36 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-28 16:08 . 2011-12-28 16:08 -------- d-----w- c:\users\Babuci\AppData\Roaming\SUPERAntiSpyware.com
2011-12-28 16:07 . 2011-12-28 16:08 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-28 16:07 . 2011-12-28 16:07 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-12-28 13:45 . 2011-12-28 13:45 3957104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-28 13:45 . 2011-12-28 13:45 3901808 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-28 13:45 . 2011-12-28 13:45 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-28 13:45 . 2011-12-28 13:45 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-28 13:44 . 2011-12-28 13:44 2340352 ----a-w- c:\windows\system32\win32k.sys
2011-12-28 13:44 . 2011-12-28 13:44 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-12-28 13:43 . 2011-12-28 13:43 1285488 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-12-28 13:37 . 2011-12-28 13:37 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-12-28 13:37 . 2011-12-28 13:37 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-12-28 13:37 . 2011-12-28 13:37 59904 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-12-28 13:37 . 2011-12-28 13:37 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-12-28 13:37 . 2011-12-28 13:37 204288 ----a-w- c:\windows\system32\MSNP.ax
2011-12-28 13:37 . 2011-12-28 13:37 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-12-28 13:37 . 2011-12-28 13:37 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-12-28 13:30 . 2011-12-28 13:30 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-12-28 13:30 . 2011-12-28 13:30 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-12-28 13:30 . 2011-12-28 13:30 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-12-28 13:30 . 2011-12-28 13:30 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-12-28 13:28 . 2011-12-28 13:28 759296 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-12-28 13:28 . 2011-12-28 13:28 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-12-28 13:28 . 2011-12-28 13:28 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-12-28 13:28 . 2011-12-28 13:28 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-12-28 13:28 . 2011-12-28 13:28 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-12-28 13:27 . 2011-12-28 13:27 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-12-28 13:27 . 2011-12-28 13:27 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-12-28 13:27 . 2011-12-28 13:27 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-12-28 13:27 . 2011-12-28 13:27 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-12-28 13:26 . 2011-12-28 13:26 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-12-28 13:26 . 2011-12-28 13:26 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-12-28 13:26 . 2011-12-28 13:26 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-12-28 13:26 . 2011-12-28 13:26 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-12-28 13:26 . 2011-12-28 13:26 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-12-28 13:25 . 2011-12-28 13:25 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-12-28 13:25 . 2011-12-28 13:25 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-12-28 13:16 . 2011-10-19 22:15 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-19 19:51 . 2009-07-13 23:12 187904 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-11-16 07:06 . 2011-11-16 06:28 639224 ----a-w- c:\windows\system32\drivers\sptd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Registry Cleaner Scheduler"="c:\program files\CleanMyPC\Registry Cleaner\RCHelper.exe" [2011-10-06 1401224]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-11 619352]
"HW_OPENEYE_OUC_T-Mobile Internet Manager"="c:\program files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe" [2009-12-31 110592]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 4616064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-07-19 292208]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"DataCardMonitor"="c:\program files\T-Mobile\InternetManager_H\DataCardMonitor.exe" [2011-12-17 253952]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google frissítési szolgáltatás (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-13 136176]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 102784]
R3 gupdatem;Google frissítés Szolgáltatás (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-13 136176]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2011-01-30 90112]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Windows aktiválási technológiák szolgáltatás;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-07 1343400]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 268512]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 59392]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-11 494424]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [2010-11-16 264704]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-01-30 73216]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-22 c:\windows\Tasks\DriverScanner.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2011-04-04 12:30]
.
2012-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-13 06:09]
.
2012-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-13 06:09]
.
.
------- Supplementary Scan -------
.
uStart Page = gamezona.org
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 212.42.162.1 212.42.162.2
FF - ProfilePath - c:\users\Babuci\AppData\Roaming\Mozilla\Firefox\Profiles\hnb805t6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: UserZoom survey tool: {0a9de085-6dc7-4bc8-b718-2b6b0921458d} - %profile%\extensions\{0a9de085-6dc7-4bc8-b718-2b6b0921458d}
FF - Ext: Bytemobile Optimization Client: ff-bmboc@bytemobile.com - c:\program files\T-Mobile\InternetManager_H\OCx32\addon
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,69,d3,7a,30,55,91,2b,42,b6,94,8a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,69,d3,7a,30,55,91,2b,42,b6,94,8a,\
.
[HKEY_USERS\S-1-5-21-2303165819-2447248-2855647259-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2303165819-2447248-2855647259-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2303165819-2447248-2855647259-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:f7,0c,33,45,89,f0,ec,9a,28,fb,62,6b,03,86,17,c5,07,f2,43,d7,59,ca,b9,
f3,0d,e3,ee,8c,17,eb,71,b0,92,f8,11,67,cf,a1,82,04,5a,45,b8,d8,94,a0,e2,ac,\
"??"=hex:e0,ef,71,8c,49,15,1b,7b,f1,fb,0c,fc,b6,17,b6,46
.
[HKEY_USERS\S-1-5-21-2303165819-2447248-2855647259-1000\Software\SecuROM\License information*]
"datasecu"=hex:a2,c4,a2,1c,d8,e2,d6,03,74,66,0b,07,85,9e,fc,b7,86,80,33,aa,8c,
bb,3e,95,b2,cd,53,bb,bb,b3,01,76,66,61,8e,fc,87,7b,8e,15,fe,d2,e3,45,e4,ba,\
"rkeysecu"=hex:d8,9b,40,f5,96,60,2f,af,12,2d,40,4c,0d,12,5c,e4
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\DellTPad\HidFind.exe
c:\windows\system32\conhost.exe
c:\users\Babuci\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-01-22 20:49:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-22 20:49
ComboFix2.txt 2012-01-22 00:31
.
Pre-Run: 931 397 632 bájt szabad
Post-Run: 1 126 858 752 bájt szabad
.
- - End Of File - - F2AC7B90777835AD3903BF11AC97293A

3.mbam
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.22.03

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Babuci :: BABUCI-PC [administrator]

2012.01.22. 20:52:46
mbam-log-2012-01-22 (20-52-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 172552
Time elapsed: 4 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

3. eset
C:\Qoobox\Quarantine\C\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe.vir Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Users\Babuci\AppData\Roaming\Nyenok\vuzaic.exe.vir a variant of Win32/Injector.NGY trojan

4. security check
Results of screen317's Security Check version 0.99.30
Windows 7 x86 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

SUPERAntiSpyware
CCleaner
CleanMyPC - Registry Cleaner
Java™ 6 Update 24
Java version out of date!
Adobe Flash Player 10.3.183.7 Flash Player out of Date!
Adobe Reader X 10.1.0 Adobe Reader out of Date!
Mozilla Firefox (3.6.25) Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

5. system update
mbam error appears - eventhough i had the full version it seems to be the free version now, but i reckon it would go after reinstallation
today there was a shut down - not meanwhile running the apps - this maybe a hardware issue? (probably would turn out once we finished and see if the problem still exists...)?
google is still fine
no random ad noises
after eset run the system speed boosted

previously i couldnt really use divxplayer plugin online, i thought it was a wrong version for certain sites, as i have seen references to different versions causing problems, now, because of a missclick, i noticed that it is working fine :)

just wondering - i had a problem with daemon tools, i couldnt install - or any similar, i thought it was the sptd problem, addressed it, spent weeks on dealing with it, couldnt resolve, so i just abandoned the problem.
this might have been caused by this or completely differnt reason?

we are not too far, are we?
cheers
monica

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:30 AM

Posted 23 January 2012 - 05:56 AM

Hi Monica!

We are definitely making some progress here.

today there was a shut down - not meanwhile running the apps - this maybe a hardware issue? (probably would turn out once we finished and see if the problem still exists...)?

It's possible that it's a hardware issue.

These threat(s) below are currently in Quarantine/System Restore and shall be removed when we clean up our tools later on.

C:\Qoobox\Quarantine\C\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe.vir Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Users\Babuci\AppData\Roaming\Nyenok\vuzaic.exe.vir a variant of Win32/Injector.NGY trojan

____________________________________________________

From the looks of your SecurityCheck log, I can see that we have some outdated programs that need to be updated.

Lets address those programs that need updating now!

Your SecurityCheck log indicates that your version of Flash Player is outdated. This is a vulnerability that needs to be addressed. Please remove the outdated version of Flash Player and then install the latest version.

Java Outdated

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform:
    • 32-bit Select: Windows x86 Offline.
    • 64-bit Select: Windows x64.
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u2-windows-i586-s.exe (or jre-7u2-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


NEXT



Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy
  • Go to Start > Control Panel > Add/Remove Programs
  • Remove ALL instances of Adobe Reader
  • Re-boot your computer as required.
  • Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader
Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.



NEXT:



Your version of Internet Explorer is outdated.



NEXT:



Update FireFox
You're currently using an outdated version of Firefox. The latest version of Firefox is 9.0.1.

You can get the latest version of Firefox by accessing the Posted Image menu in Firefox and then selecting About.

Please make sure that you check for updates again by selecting the Aboutmenu after updating to the latest version to make sure that you have in fact received the latest version.



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    
    :Reg
    
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    hklm\software\clients\startmenuinternet|command /rs
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



What outstanding issues (if any) are you still experiencing with your computer?

Kindest Regards,
Agent ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 MsYvaine

MsYvaine
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:uk-london
  • Local time:03:30 PM

Posted 24 January 2012 - 10:46 AM

hello,

sorry for being away for a while, got shattered a bit :S
so lets see:
everything updated - i havent used and wouldnt use ie.9. shall i just remove it?

1. OTL fix log

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
D:\downloads\cmd.bat deleted successfully.
D:\downloads\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP konfigur ci˘
A DNS-felold si gyorsˇt˘t r kirˇt‚se sikeresen megt”rt‚nt.
D:\downloads\cmd.bat deleted successfully.
D:\downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


[EMPTYTEMP]

User: All Users

User: Babuci
->Temp folder emptied: 1415864 bytes
->Temporary Internet Files folder emptied: 18516700 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 113714282 bytes
->Flash cache emptied: 17797 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1222841 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 109080 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 129,00 mb


[EMPTYFLASH]

User: All Users

User: Babuci
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01242012_140654

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...


2. OTL scan log

OTL logfile created on: 2012.01.24. 14:10:48 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = D:\downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040e | Country: Magyarország | Language: HUN | Date Format: yyyy.MM.dd.

1,99 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 60,69% Memory free
4,98 Gb Paging File | 4,01 Gb Available in Paging File | 80,68% Paging File free
Paging file location(s): C:\pagefile.sys 3057 3057 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 25,00 Gb Total Space | 1,63 Gb Free Space | 6,53% Space Free | Partition Type: NTFS
Drive D: | 207,00 Gb Total Space | 109,49 Gb Free Space | 52,89% Space Free | Partition Type: NTFS
Drive E: | 4,01 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: BABUCI-PC | User Name: Babuci | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.01.24 14:02:10 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.01.22 00:22:06 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2012.01.20 09:26:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\downloads\OTL.exe
PRC - [2011.12.28 13:31:13 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.12.11 23:26:11 | 000,619,352 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2011.12.11 23:26:11 | 000,494,424 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2011.12.09 00:44:22 | 004,616,064 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011.10.06 04:35:10 | 001,401,224 | ---- | M] (CleanMyPC Software) -- C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe
PRC - [2011.08.11 23:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011.08.05 11:29:56 | 000,159,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2011.07.28 23:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.07.19 05:09:25 | 000,056,032 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2011.07.19 05:09:23 | 000,292,208 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2011.07.19 05:09:23 | 000,054,640 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2011.07.19 05:09:23 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2011.06.06 11:55:28 | 000,059,392 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.01.21 12:30:36 | 000,025,464 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
PRC - [2010.11.16 13:37:38 | 000,264,704 | ---- | M] () -- C:\ProgramData\DatacardService\HWDeviceService.exe
PRC - [2010.11.16 13:37:30 | 000,230,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2009.12.31 14:13:52 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\Babuci\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
PRC - [2009.10.31 05:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.10.14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009.10.14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2009.07.14 01:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (No Company Name) ==========

MOD - [2012.01.24 14:08:43 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012.01.24 14:08:43 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012.01.24 14:02:09 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011.12.28 16:08:16 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011.12.28 16:08:16 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011.07.28 23:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.28 23:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.04.21 16:54:40 | 000,347,024 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madexcept_.bpl
MOD - [2011.04.21 16:54:40 | 000,179,088 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madbasic_.bpl
MOD - [2011.04.21 16:54:40 | 000,046,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\maddisAsm_.bpl
MOD - [2011.01.21 12:30:36 | 000,047,616 | ---- | M] () -- C:\Program Files\Uniblue\DriverScanner\cache.dll
MOD - [2009.10.14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009.10.14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (HWDeviceService.exe)
SRV - [2012.01.22 00:22:06 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.12.11 23:26:11 | 000,494,424 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011.08.11 23:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011.08.05 11:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011.08.05 11:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011.08.05 11:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011.06.06 11:55:28 | 000,059,392 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.04 01:00:54 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2011.03.07 20:05:24 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009.07.14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


========== Driver Services (SafeList) ==========

DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.07.22 16:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.19 05:09:23 | 000,255,096 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2011.07.12 21:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.04.04 01:00:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2011.04.04 00:59:14 | 001,606,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athw.sys -- (AR5416)
DRV - [2011.01.30 18:19:00 | 000,090,112 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2011.01.30 18:19:00 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010.07.27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2009.10.07 00:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009.07.14 01:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 01:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 01:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.13 23:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009.07.13 23:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.13 23:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.13 22:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.07.26 14:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008.07.26 14:22:34 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = gamezona.org
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "iLivid Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "iLivid Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: ff-bmboc@bytemobile.com:4.2.2
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon [2011.12.17 17:01:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.26 12:44:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.24 14:02:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.24 14:02:11 | 000,000,000 | ---D | M]

[2011.10.29 16:39:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Babuci\AppData\Roaming\mozilla\Extensions
[2012.01.24 13:58:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Babuci\AppData\Roaming\mozilla\Firefox\Profiles\hnb805t6.default\extensions
[2011.03.23 20:42:20 | 000,000,939 | ---- | M] () -- C:\Users\Babuci\AppData\Roaming\Mozilla\Firefox\Profiles\hnb805t6.default\searchplugins\conduit.xml
[2011.10.29 16:28:44 | 000,002,520 | ---- | M] () -- C:\Users\Babuci\AppData\Roaming\Mozilla\Firefox\Profiles\hnb805t6.default\searchplugins\SearchResults.xml
[2011.03.11 16:46:00 | 000,001,196 | ---- | M] () -- C:\Users\Babuci\AppData\Roaming\Mozilla\Firefox\Profiles\hnb805t6.default\searchplugins\winamp-search.xml
[2012.01.22 20:50:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.12.26 12:44:58 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.01.24 14:02:10 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.12.09 10:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.11.07 22:50:48 | 000,002,227 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011.03.03 17:03:30 | 000,000,760 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012.01.24 14:02:07 | 000,000,980 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-hu.xml
[2011.03.03 17:03:30 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\polymeta.xml
[2011.10.29 16:28:44 | 000,002,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2012.01.24 14:02:07 | 000,001,628 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\sztaki-en-hu.xml
[2012.01.24 14:02:07 | 000,000,974 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\vatera.xml
[2012.01.24 14:02:07 | 000,001,189 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-hu.xml

O1 HOSTS File: ([2012.01.24 14:06:56 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\InternetManager_H\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKCU..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKCU..\Run: [Registry Cleaner Scheduler] C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe (CleanMyPC Software)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/hu/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.120.4 212.42.162.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{005FB634-F894-488C-989C-5229D2A11010}: DhcpNameServer = 192.168.120.4 212.42.162.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2012.01.24 13:01:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.01.22 21:00:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.01.22 20:59:10 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Babuci\Desktop\esetsmartinstaller_enu.exe
[2012.01.22 20:46:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.01.22 20:41:33 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.01.22 20:41:33 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\temp
[2012.01.21 22:58:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.01.21 22:58:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.01.21 22:58:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.01.21 22:56:50 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.01.21 20:54:31 | 009,200,064 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Babuci\Desktop\AppRemover.exe
[2012.01.21 13:46:56 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{B09A0F1F-8174-48CD-AA13-EE0886E76AF4}
[2012.01.21 13:46:44 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{8C57F746-7885-4170-8660-366D764BC660}
[2012.01.21 00:46:36 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{AD367BA1-F8C0-4CC5-B573-E7B4503191A1}
[2012.01.21 00:46:25 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{66F411BE-5AFD-4428-B180-6EED496E498E}
[2012.01.21 00:38:52 | 000,317,200 | ---- | C] (AVAST Software) -- C:\Users\Babuci\Desktop\aswclear.exe
[2012.01.21 00:00:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.01.20 23:59:11 | 004,388,509 | R--- | C] (Swearware) -- C:\Users\Babuci\Desktop\ComboFix.exe
[2012.01.20 09:12:44 | 002,054,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Babuci\Desktop\tdsskiller.exe
[2012.01.20 07:59:06 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{9C1DD399-ABF0-4416-ADC5-968B89F9BAB9}
[2012.01.20 07:58:51 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{C9AE6B06-B1D2-42B2-9AC7-CEC8CF71DCDC}
[2012.01.19 21:36:01 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Babuci\Desktop\dds.scr
[2012.01.19 03:51:33 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{04A6163E-DD9E-490B-B745-5BEF27A71F34}
[2012.01.19 03:51:08 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{C98D0EF4-974F-4A5F-9ABC-65DD1C3C4B95}
[2012.01.18 15:35:30 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{FB38E1E5-B85D-4FBD-8E2E-0DA7D59EA08F}
[2012.01.18 15:35:14 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{98EFB7E2-3955-42CC-A45F-58940E1537F8}
[2012.01.18 01:14:24 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{9F63CAE7-A64F-4EB9-9A4D-0CE454989659}
[2012.01.18 01:14:08 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{4BA52067-8205-4DDE-9CDF-818A1D1927AF}
[2012.01.17 11:11:34 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{0FBD368D-8335-432C-AAA1-9450E3253946}
[2012.01.17 11:11:08 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{73266893-A099-4211-9139-E03B11CFF523}
[2012.01.16 17:21:42 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\ElevatedDiagnostics
[2012.01.15 15:53:25 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{8FD45CD3-9056-40F9-A1F1-6EE1D2D30BDF}
[2012.01.15 15:52:56 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{80DE7EC5-A309-41E6-B65F-B27D2050663E}
[2012.01.12 17:20:29 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{B07D49FC-0E15-4BA1-8FAE-1B23DC8FC75B}
[2012.01.12 17:20:03 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{C62A7B51-C732-4BF9-AD21-94A33C9AD5B4}
[2012.01.09 17:46:50 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{FAE6F8ED-5433-4D50-B87A-FC0E4FD4F602}
[2012.01.09 17:46:35 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{6DEAF242-1E15-4BAA-9F77-5FC43F605932}
[2012.01.08 16:57:30 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{509B5FCF-AB29-4DB3-9C00-BEB91307ED9D}
[2012.01.08 16:57:14 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{9214D7BE-0DF2-4631-A336-51C462F38EE3}
[2012.01.07 20:35:37 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{FABE9F00-30F6-4F5E-93CC-3B1EB3EBCE4A}
[2012.01.07 20:35:24 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{F024B0D7-4CF7-459F-A9E6-512992A4282F}
[2012.01.07 07:20:18 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{7CA3B575-1C17-4E76-8C96-750061F8ACF4}
[2012.01.07 07:20:05 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{63153800-2BD0-488C-A3BF-CF55C1D42697}
[2012.01.06 17:58:50 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{7C1623B4-E350-4D5F-9489-FDE966E0065D}
[2012.01.05 19:19:18 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{7E2991AB-56A6-433E-9326-EC52337448EB}
[2012.01.05 19:18:51 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{97D69C75-E528-44D8-BF43-268C84A972B7}
[2011.12.30 19:32:22 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{21FC9553-D5E5-4B07-A3AD-F7051EFB6C3C}
[2011.12.30 19:32:06 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{026308A1-AA77-477C-A44F-FCF6864307B3}
[2011.12.29 13:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.29 13:36:44 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.28 16:08:04 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Roaming\SUPERAntiSpyware.com
[2011.12.28 16:07:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.12.28 16:07:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.12.28 16:07:18 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.12.28 09:37:45 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{78C7A10A-F5BD-4943-8B3A-C13208166089}
[2011.12.28 09:37:17 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{6B1E3D81-1E7C-4C58-9672-045E9CB70BFF}
[2011.12.27 21:36:42 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{19EBCF07-D8C8-4B54-90CF-92D32BB04F75}
[2011.12.27 21:36:27 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{15C7A713-49EE-4171-A08A-3341084507A9}
[2011.12.27 08:41:12 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{0ED67DE3-87FF-4DF1-9225-EA1FD3B416CA}
[2011.12.26 20:40:31 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{66243BF6-FAED-49F3-A1BF-74097C99DB81}
[2011.12.26 20:40:14 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{3D634F48-1B33-4A63-B808-56DC8B5ADFCE}
[2011.12.26 20:05:34 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{A96EC4F5-7CF6-444D-B5F5-E55C207B5435}
[2011.12.26 20:04:54 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{CD8F0AF2-F921-4BB4-AE87-7F6964AAF5D3}

========== Files - Modified Within 30 Days ==========

[2012.01.24 14:09:44 | 000,001,994 | ---- | M] () -- C:\Users\Babuci\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012.01.24 14:08:05 | 000,001,012 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.24 14:08:05 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2012.01.24 14:07:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.24 14:07:52 | 1602,838,528 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.24 14:07:14 | 000,017,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.24 14:07:14 | 000,017,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.24 14:06:56 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012.01.24 13:27:00 | 000,001,016 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.24 13:17:00 | 000,001,363 | ---- | M] () -- C:\Users\Babuci\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012.01.24 13:14:09 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012.01.22 23:33:07 | 000,879,683 | ---- | M] () -- C:\Users\Babuci\Desktop\SecurityCheck.exe
[2012.01.22 20:59:55 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Babuci\Desktop\esetsmartinstaller_enu.exe
[2012.01.22 20:31:06 | 004,388,509 | R--- | M] (Swearware) -- C:\Users\Babuci\Desktop\ComboFix.exe
[2012.01.21 22:25:14 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.01.21 20:57:18 | 009,200,064 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Babuci\Desktop\AppRemover.exe
[2012.01.21 00:38:52 | 000,317,200 | ---- | M] (AVAST Software) -- C:\Users\Babuci\Desktop\aswclear.exe
[2012.01.20 09:12:10 | 002,054,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Babuci\Desktop\tdsskiller.exe
[2012.01.19 21:53:13 | 000,302,592 | ---- | M] () -- C:\Users\Babuci\Desktop\g4up9czj.exe
[2012.01.19 21:34:45 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Babuci\Desktop\dds.scr
[2012.01.19 21:33:30 | 000,000,000 | ---- | M] () -- C:\Users\Babuci\defogger_reenable
[2012.01.16 15:24:15 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_nnfwdk_01009.Wdf
[2011.12.29 13:36:45 | 000,001,047 | ---- | M] () -- C:\Users\Babuci\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2011.12.29 13:36:45 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011.12.28 16:07:21 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.12.28 15:53:27 | 000,302,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.28 13:48:53 | 000,000,112 | ---- | M] () -- C:\ProgramData\a51Ia0.dat
[2011.12.28 13:41:52 | 000,680,994 | ---- | M] () -- C:\Windows\System32\perfh00E.dat
[2011.12.28 13:41:52 | 000,651,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.28 13:41:52 | 000,169,528 | ---- | M] () -- C:\Windows\System32\perfc00E.dat
[2011.12.28 13:41:52 | 000,120,580 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.26 12:45:03 | 000,002,018 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2011.12.26 12:45:03 | 000,001,583 | ---- | M] () -- C:\Users\Babuci\Desktop\DivX Movies.lnk
[2011.12.26 12:44:56 | 000,001,038 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk

========== Files Created - No Company Name ==========

[2012.01.24 14:02:11 | 000,001,064 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.01.24 13:14:09 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012.01.22 23:33:03 | 000,879,683 | ---- | C] () -- C:\Users\Babuci\Desktop\SecurityCheck.exe
[2012.01.21 22:58:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.01.21 22:58:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.01.21 22:58:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.01.21 22:58:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.01.21 22:58:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.01.19 21:53:49 | 000,302,592 | ---- | C] () -- C:\Users\Babuci\Desktop\g4up9czj.exe
[2012.01.19 21:33:30 | 000,000,000 | ---- | C] () -- C:\Users\Babuci\defogger_reenable
[2012.01.16 15:24:15 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_nnfwdk_01009.Wdf
[2011.12.29 13:36:45 | 000,001,047 | ---- | C] () -- C:\Users\Babuci\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2011.12.29 13:36:45 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011.12.28 16:07:21 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.12.28 13:16:57 | 000,020,312 | ---- | C] () -- C:\Windows\System32\RegistryDefragBootTime.exe
[2011.12.22 12:53:08 | 000,000,000 | ---- | C] () -- C:\ProgramData\02BfSM1a.exe.b
[2011.12.22 11:06:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\K44Ylltw.exe_.b
[2011.12.22 11:01:41 | 000,000,112 | ---- | C] () -- C:\ProgramData\a51Ia0.dat
[2011.11.25 00:48:08 | 000,000,425 | ---- | C] () -- C:\Program Files\file_id.diz
[2011.11.19 02:41:26 | 000,000,000 | ---- | C] () -- C:\Users\Babuci\AppData\Local\{75C8F3E1-1F0B-4722-BA56-618641C2BFE7}
[2011.04.07 16:26:44 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.04.04 02:03:49 | 000,000,190 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.04.02 06:40:29 | 000,013,002 | -HS- | C] () -- C:\ProgramData\dcs020pnx6qb2cg757557o3g4oo7cl1yrtu055q0kf6f
[2011.03.16 05:50:31 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.03.16 05:50:31 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.03.13 11:10:12 | 000,100,712 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.03.07 19:59:24 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.10.07 00:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009.10.07 00:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009.07.26 17:41:44 | 000,287,518 | ---- | C] () -- C:\Windows\System32\perfi00E.dat
[2009.07.26 17:41:43 | 000,680,994 | ---- | C] () -- C:\Windows\System32\perfh00E.dat
[2009.07.26 17:41:43 | 000,169,528 | ---- | C] () -- C:\Windows\System32\perfc00E.dat
[2009.07.26 17:41:43 | 000,048,094 | ---- | C] () -- C:\Windows\System32\perfd00E.dat
[2009.07.14 04:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:33:53 | 000,302,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 02:05:48 | 000,651,648 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 02:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 02:05:48 | 000,120,580 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 02:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 02:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 02:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.13 23:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.13 23:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.07.26 13:42:52 | 000,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2005.10.15 13:25:20 | 000,028,672 | ---- | C] () -- C:\Windows\System32\myodbc3i.exe
[2005.10.15 13:25:20 | 000,011,776 | ---- | C] () -- C:\Windows\System32\myodbc3m.exe
[1997.06.14 02:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== LOP Check ==========

[2011.11.07 22:48:46 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\Babylon
[2011.04.03 22:14:59 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\CheckPoint
[2011.11.19 20:06:00 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\CleanMyPC Software
[2011.03.10 09:44:24 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\com.orbis.air.SkyPoker.7C82499D7E4526CADD9D1D1B010AFE250A7BEC27.1
[2011.11.29 05:47:31 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\DAEMON Tools Pro
[2011.11.12 00:22:06 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\DayTerium
[2011.11.27 22:09:30 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\ERS Game Studios
[2011.11.26 19:01:13 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\Frogwares
[2011.11.28 20:57:41 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\Games
[2011.11.13 12:14:16 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\GHISLER
[2011.12.11 23:25:13 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\IObit
[2011.09.07 22:26:43 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\Leadertech
[2011.11.27 00:58:20 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\MAI
[2011.12.09 22:14:11 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\MediaWmplay
[2011.03.08 02:20:23 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\OpenOffice.org
[2011.12.22 12:43:20 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\Opera
[2011.11.26 01:54:46 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\Orneon
[2011.11.09 20:43:00 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\PacificPoker
[2011.12.17 17:02:27 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\T-Mobile
[2011.12.17 17:19:03 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\T-Mobile Internet Manager
[2011.11.27 02:56:01 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\TOMI3
[2011.04.04 00:47:09 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\Uniblue
[2012.01.24 12:48:51 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\uTorrent
[2011.11.21 04:13:27 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\ValuSoft
[2011.11.23 00:15:44 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\VampireSaga
[2011.04.12 01:35:42 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\Windows Live Writer
[2012.01.24 14:08:05 | 000,000,330 | ---- | M] () -- C:\Windows\Tasks\DriverScanner.job
[2012.01.22 00:13:25 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012.01.24 14:02:07 | 000,716,352 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012.01.24 14:02:07 | 000,716,352 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012.01.24 14:02:07 | 000,716,352 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012.01.24 14:02:10 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012.01.24 14:02:10 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012.01.24 14:02:10 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012.01.24 13:14:09 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012.01.24 13:14:09 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012.01.24 13:14:09 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012.01.24 13:14:10 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012.01.24 13:14:10 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2011.12.10 15:20:28 | 000,949,104 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2011.12.10 15:20:28 | 000,949,104 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2011.12.10 15:20:28 | 000,949,104 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2011.12.10 15:20:28 | 000,949,104 | ---- | M] (Opera Software)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-12 22:39:14

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:4CD3F344
@Alternate Data Stream - 179 bytes -> C:\ProgramData\TEMP:C78DADEA
@Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:ECF54A0E
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:0C1258F3
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:5520ED93
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:AA0BC725
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:C0A9D0E7

< End of report >


3. update
mbam still says the error message - error code 2, shall i remove and reinstall it? thats waht the bleepingcomputer and mbam forum say about this problem, eventhough i did accordingly, it still remains, but that was the time when i started to have this infection what we just removed.

apart from this everything is fine, system speed boosted, temperature fine, no shut down

once we have finished this process can you please recommend which antimalware, spyware, antivirus and firewall softwares as defence shall i carry on using, purchase and get rid of?

also, i see program chuncks that were not completely removed, can you please tell me a device that would get rid of them?

NB.: i havent updated anything since ive been having issues, over 2 months now, otherwise i usually do update them.

thank you very much and let me know whats next

EDIT: the shut down happened again and i run the repair twice and they came with this result:

root cause found
unspecified changes to system configuration might ahve caused the problem
Repair action: system files integrity check and repair
result: failed. error code 0 = 490

than i abandoned the problem, left the laptop for a couple of hrs and later could run it fine

cheers and thank you for your continuing assistance and help!

Edited by MsYvaine, 24 January 2012 - 04:58 PM.


#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:30 AM

Posted 25 January 2012 - 02:19 AM

Hi Monica!

No worries!

I don't believe you can completely remove Internet Explorer and if you can, I don't believe it's easy to accomplish.

I'd still update Internet Explorer to the latest version, just in case you ever need it.

root cause found
unspecified changes to system configuration might ahve caused the problem
Repair action: system files integrity check and repair
result: failed. error code 0 = 490

Okay, I'm going to grab new logs from you below, and I'll look into the error message more than.

mbam still says the error message - error code 2, shall i remove and reinstall it? thats waht the bleepingcomputer and mbam forum say about this problem, eventhough i did accordingly, it still remains, but that was the time when i started to have this infection what we just removed.

Yeah, I'd like to have you do this for me:

MalwareBytes' Anti-Malware Uninstall

Please do the following:

  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
  • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
  • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
    Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

NEXT:


Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



Lets see if the above gets rid of the error message.

also, i see program chuncks that were not completely removed, can you please tell me a device that would get rid of them?

What programs are you still seeing signs of?

once we have finished this process can you please recommend which antimalware, spyware, antivirus and firewall softwares as defence shall i carry on using, purchase and get rid of?

I sure can. :)

I'd like to have you install an Anti-Virus program now.

No Anti-Virus Present

Looking over your log it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect cleans and erase harmful virus files on a computer
Web server or network.
Unchecked virus files can unintentionally be forwarded to others including trading partners and thereby spreading infection. Because new viruses regularly emerge anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present and will clean delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer then only one of them should be active in memory at a time.


NEXT:


OTL Fix

We need to run an OTL Fix

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    [2011.12.28 13:48:53 | 000,000,112 | ---- | M] () -- C:\ProgramData\a51Ia0.dat
    [2011.12.22 12:53:08 | 000,000,000 | ---- | C] () -- C:\ProgramData\02BfSM1a.exe.b
    [2011.12.22 11:06:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\K44Ylltw.exe_.b
    [2011.12.22 11:01:41 | 000,000,112 | ---- | C] () -- C:\ProgramData\a51Ia0.dat
    [2011.04.02 06:40:29 | 000,013,002 | -HS- | C] () -- C:\ProgramData\dcs020pnx6qb2cg757557o3g4oo7cl1yrtu055q0kf6f
    @Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:4CD3F344
    @Alternate Data Stream - 179 bytes -> C:\ProgramData\TEMP:C78DADEA
    @Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:ECF54A0E
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:0C1258F3
    @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:5520ED93
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:AA0BC725
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:C0A9D0E7
    :Reg
    
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    CREATERESTOREPOINT
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    "%WinDir%\$NtUninstallKB*$."
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Quick Scan button.
  • A report will open. Copy and Paste that report in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 MsYvaine

MsYvaine
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:uk-london
  • Local time:03:30 PM

Posted 25 January 2012 - 05:20 PM

hello,

thanks for being patient :)

so first things first:

i havent used ie for years now, i always left it as it was, but will update it in the future, previously i just couldnt bother.

about the error message&shut down - i researched it a bit and saw somewhere that removing the battery may help, so i did. i remember ages ago having that very disturbing bleep noise coming from my laptop when it was used unplugged - kinda ages ago - which usually indicates that the battery is failing, ever since i didnt have that noise, but neither was i using it unplugged longer than 30 mins.
i havent had a shut down, but it doesnt really mean anything i suppose as before i didnt have a shut down for days either... these are tricky machines ;)

MBAM is fine now, could register it again without any problem and did several reboots to see if it was coming back, nope, it wasnt, yeaaah

what i still see active is babylon search - i suppose it is a medium risk factor.., however i may be wrong. whenever i open a new mozilla tab, babylon search is the page that i get, eventhough i set google.com as deafult
also, i used to use game software and i uninstalled them, but can still see files on the desktop, but cant remove them, one particular is robing hood - legend of sherwood.

the logs:
1. Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.25.05

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Babuci :: BABUCI-PC [administrator]

2012.01.25. 21:28:01
mbam-log-2012-01-25 (21-28-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 169295
Time elapsed: 4 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

(i disabled MBAM before starating the fix and scan)
2. OTL fix
All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
C:\ProgramData\a51Ia0.dat moved successfully.
C:\ProgramData\02BfSM1a.exe.b moved successfully.
C:\Windows\System32\K44Ylltw.exe_.b moved successfully.
File C:\ProgramData\a51Ia0.dat not found.
C:\ProgramData\dcs020pnx6qb2cg757557o3g4oo7cl1yrtu055q0kf6f moved successfully.
ADS C:\ProgramData\TEMP:4CD3F344 deleted successfully.
ADS C:\ProgramData\TEMP:C78DADEA deleted successfully.
ADS C:\ProgramData\TEMP:ECF54A0E deleted successfully.
ADS C:\ProgramData\TEMP:0C1258F3 deleted successfully.
ADS C:\ProgramData\TEMP:5520ED93 deleted successfully.
ADS C:\ProgramData\TEMP:AA0BC725 deleted successfully.
ADS C:\ProgramData\TEMP:C0A9D0E7 deleted successfully.
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
D:\downloads\cmd.bat deleted successfully.
D:\downloads\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP konfigur ci˘
A DNS-felold si gyorsˇt˘t r kirˇt‚se sikeresen megt”rt‚nt.
D:\downloads\cmd.bat deleted successfully.
D:\downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


[EMPTYTEMP]

User: All Users

User: Babuci
->Temp folder emptied: 1046587207 bytes
->Temporary Internet Files folder emptied: 8477675 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 116205553 bytes
->Flash cache emptied: 3927 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 327240 bytes
RecycleBin emptied: 10829678 bytes

Total Files Cleaned = 1 128,00 mb


[EMPTYFLASH]

User: All Users

User: Babuci
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: All Users

User: Babuci
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01252012_215008

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\logishrd\LVPrcInj03.dll not found!

Registry entries deleted on Reboot...


3. OTL scan

OTL logfile created on: 2012.01.25. 21:54:20 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = D:\downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040e | Country: Magyarország | Language: HUN | Date Format: yyyy.MM.dd.

1,99 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,79% Memory free
4,98 Gb Paging File | 3,98 Gb Available in Paging File | 80,06% Paging File free
Paging file location(s): C:\pagefile.sys 3057 3057 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 25,00 Gb Total Space | 1,89 Gb Free Space | 7,57% Space Free | Partition Type: NTFS
Drive D: | 207,00 Gb Total Space | 109,41 Gb Free Space | 52,86% Space Free | Partition Type: NTFS
Drive E: | 4,01 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: BABUCI-PC | User Name: Babuci | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.01.24 14:02:10 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.01.22 00:22:06 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2012.01.20 09:26:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\downloads\OTL.exe
PRC - [2011.12.28 13:31:13 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.12.11 23:26:11 | 000,619,352 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2011.12.11 23:26:11 | 000,494,424 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2011.12.09 00:44:22 | 004,616,064 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011.10.06 04:35:10 | 001,401,224 | ---- | M] (CleanMyPC Software) -- C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe
PRC - [2011.08.11 23:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011.08.05 11:29:56 | 000,159,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2011.07.28 23:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.07.19 05:09:25 | 000,056,032 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2011.07.19 05:09:23 | 000,292,208 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2011.07.19 05:09:23 | 000,054,640 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2011.07.19 05:09:23 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2011.06.06 11:55:28 | 000,059,392 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.01.21 12:30:36 | 000,025,464 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
PRC - [2010.11.16 13:37:38 | 000,264,704 | ---- | M] () -- C:\ProgramData\DatacardService\HWDeviceService.exe
PRC - [2010.11.16 13:37:30 | 000,230,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2009.12.31 14:13:52 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\Babuci\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
PRC - [2009.10.31 05:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.10.14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009.10.14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2009.07.14 01:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (No Company Name) ==========

MOD - [2012.01.25 21:52:19 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012.01.25 21:52:19 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012.01.24 14:02:09 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011.12.28 16:08:16 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011.12.28 16:08:16 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011.08.26 00:40:57 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011.07.28 23:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.28 23:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.04.21 16:54:40 | 000,347,024 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madexcept_.bpl
MOD - [2011.04.21 16:54:40 | 000,179,088 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madbasic_.bpl
MOD - [2011.04.21 16:54:40 | 000,046,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\maddisAsm_.bpl
MOD - [2011.01.21 12:30:36 | 000,047,616 | ---- | M] () -- C:\Program Files\Uniblue\DriverScanner\cache.dll
MOD - [2009.10.14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009.10.14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (HWDeviceService.exe)
SRV - [2012.01.22 00:22:06 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.12.11 23:26:11 | 000,494,424 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011.08.11 23:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011.08.05 11:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011.08.05 11:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011.08.05 11:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011.06.06 11:55:28 | 000,059,392 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.04 01:00:54 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2011.03.07 20:05:24 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009.07.14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


========== Driver Services (SafeList) ==========

DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.07.22 16:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.19 05:09:23 | 000,255,096 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2011.07.12 21:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.04.04 01:00:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2011.04.04 00:59:14 | 001,606,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athw.sys -- (AR5416)
DRV - [2011.01.30 18:19:00 | 000,090,112 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2011.01.30 18:19:00 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010.07.27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2009.10.07 00:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009.07.14 01:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 01:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 01:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.13 23:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009.07.13 23:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.13 23:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.13 22:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.07.26 14:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008.07.26 14:22:34 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=100886&babsrc=HP_ss&mntrId=d0653b5e000000000000001b3825c5a7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "iLivid Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "iLivid Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: ff-bmboc@bytemobile.com:4.2.2
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon [2011.12.17 17:01:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.26 12:44:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.24 14:02:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.24 14:02:11 | 000,000,000 | ---D | M]

[2011.10.29 16:39:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Babuci\AppData\Roaming\mozilla\Extensions
[2012.01.25 15:21:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Babuci\AppData\Roaming\mozilla\Firefox\Profiles\hnb805t6.default\extensions
[2012.01.25 15:21:42 | 000,000,000 | ---D | M] ("Premiumplay Codec-C") -- C:\Users\Babuci\AppData\Roaming\mozilla\Firefox\Profiles\hnb805t6.default\extensions\crossriderapp435@crossrider.com
[2012.01.25 15:21:58 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Babuci\AppData\Roaming\mozilla\Firefox\Profiles\hnb805t6.default\extensions\ffxtlbr@babylon.com
[2011.03.23 20:42:20 | 000,000,939 | ---- | M] () -- C:\Users\Babuci\AppData\Roaming\Mozilla\Firefox\Profiles\hnb805t6.default\searchplugins\conduit.xml
[2011.10.29 16:28:44 | 000,002,520 | ---- | M] () -- C:\Users\Babuci\AppData\Roaming\Mozilla\Firefox\Profiles\hnb805t6.default\searchplugins\SearchResults.xml
[2011.03.11 16:46:00 | 000,001,196 | ---- | M] () -- C:\Users\Babuci\AppData\Roaming\Mozilla\Firefox\Profiles\hnb805t6.default\searchplugins\winamp-search.xml
[2012.01.22 20:50:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.12.26 12:44:58 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.01.24 14:02:10 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.12.09 10:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.01.25 15:21:22 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011.03.03 17:03:30 | 000,000,760 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012.01.24 14:02:07 | 000,000,980 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-hu.xml
[2011.03.03 17:03:30 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\polymeta.xml
[2011.10.29 16:28:44 | 000,002,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2012.01.24 14:02:07 | 000,001,628 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\sztaki-en-hu.xml
[2012.01.24 14:02:07 | 000,000,974 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\vatera.xml
[2012.01.24 14:02:07 | 000,001,189 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-hu.xml

O1 HOSTS File: ([2012.01.25 21:50:12 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Premiumplay Codec-C) - {11111111-1111-1111-1111-110011041135} - C:\Program Files\Premiumplay Codec-C\Premiumplay Codec-C.dll (WebPicks)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\InternetManager_H\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKCU..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKCU..\Run: [Registry Cleaner Scheduler] C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe (CleanMyPC Software)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/hu/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.120.4 212.42.162.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{005FB634-F894-488C-989C-5229D2A11010}: DhcpNameServer = 192.168.120.4 212.42.162.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point


SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012.01.25 21:26:04 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Roaming\Malwarebytes
[2012.01.25 21:26:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.25 21:25:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.25 21:25:58 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.01.25 21:25:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.01.25 21:20:30 | 000,066,896 | ---- | C] (Malwarebytes Corporation) -- C:\Users\Babuci\Desktop\mbam-clean.exe
[2012.01.25 15:21:43 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\Premiumplay Codec-C
[2012.01.25 15:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\Premiumplay Codec-C
[2012.01.25 15:21:34 | 000,000,000 | ---D | C] -- C:\codec-info
[2012.01.24 13:01:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.01.22 21:00:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.01.22 20:59:10 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Babuci\Desktop\esetsmartinstaller_enu.exe
[2012.01.22 20:46:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.01.22 20:41:33 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.01.22 20:41:33 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\temp
[2012.01.21 22:58:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.01.21 22:58:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.01.21 22:58:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.01.21 22:56:50 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.01.21 20:54:31 | 009,200,064 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Babuci\Desktop\AppRemover.exe
[2012.01.21 13:46:56 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{B09A0F1F-8174-48CD-AA13-EE0886E76AF4}
[2012.01.21 13:46:44 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{8C57F746-7885-4170-8660-366D764BC660}
[2012.01.21 00:46:36 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{AD367BA1-F8C0-4CC5-B573-E7B4503191A1}
[2012.01.21 00:46:25 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{66F411BE-5AFD-4428-B180-6EED496E498E}
[2012.01.21 00:38:52 | 000,317,200 | ---- | C] (AVAST Software) -- C:\Users\Babuci\Desktop\aswclear.exe
[2012.01.21 00:00:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.01.20 23:59:11 | 004,388,509 | R--- | C] (Swearware) -- C:\Users\Babuci\Desktop\ComboFix.exe
[2012.01.20 09:12:44 | 002,054,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Babuci\Desktop\tdsskiller.exe
[2012.01.20 07:59:06 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{9C1DD399-ABF0-4416-ADC5-968B89F9BAB9}
[2012.01.20 07:58:51 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{C9AE6B06-B1D2-42B2-9AC7-CEC8CF71DCDC}
[2012.01.19 21:36:01 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Babuci\Desktop\dds.scr
[2012.01.19 03:51:33 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{04A6163E-DD9E-490B-B745-5BEF27A71F34}
[2012.01.19 03:51:08 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{C98D0EF4-974F-4A5F-9ABC-65DD1C3C4B95}
[2012.01.18 15:35:30 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{FB38E1E5-B85D-4FBD-8E2E-0DA7D59EA08F}
[2012.01.18 15:35:14 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{98EFB7E2-3955-42CC-A45F-58940E1537F8}
[2012.01.18 01:14:24 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{9F63CAE7-A64F-4EB9-9A4D-0CE454989659}
[2012.01.18 01:14:08 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{4BA52067-8205-4DDE-9CDF-818A1D1927AF}
[2012.01.17 11:11:34 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{0FBD368D-8335-432C-AAA1-9450E3253946}
[2012.01.17 11:11:08 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{73266893-A099-4211-9139-E03B11CFF523}
[2012.01.16 17:21:42 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\ElevatedDiagnostics
[2012.01.15 15:53:25 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{8FD45CD3-9056-40F9-A1F1-6EE1D2D30BDF}
[2012.01.15 15:52:56 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{80DE7EC5-A309-41E6-B65F-B27D2050663E}
[2012.01.12 17:20:29 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{B07D49FC-0E15-4BA1-8FAE-1B23DC8FC75B}
[2012.01.12 17:20:03 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{C62A7B51-C732-4BF9-AD21-94A33C9AD5B4}
[2012.01.09 17:46:50 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{FAE6F8ED-5433-4D50-B87A-FC0E4FD4F602}
[2012.01.09 17:46:35 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{6DEAF242-1E15-4BAA-9F77-5FC43F605932}
[2012.01.08 16:57:30 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{509B5FCF-AB29-4DB3-9C00-BEB91307ED9D}
[2012.01.08 16:57:14 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{9214D7BE-0DF2-4631-A336-51C462F38EE3}
[2012.01.07 20:35:37 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{FABE9F00-30F6-4F5E-93CC-3B1EB3EBCE4A}
[2012.01.07 20:35:24 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{F024B0D7-4CF7-459F-A9E6-512992A4282F}
[2012.01.07 07:20:18 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{7CA3B575-1C17-4E76-8C96-750061F8ACF4}
[2012.01.07 07:20:05 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{63153800-2BD0-488C-A3BF-CF55C1D42697}
[2012.01.06 17:58:50 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{7C1623B4-E350-4D5F-9489-FDE966E0065D}
[2012.01.05 19:19:18 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{7E2991AB-56A6-433E-9326-EC52337448EB}
[2012.01.05 19:18:51 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{97D69C75-E528-44D8-BF43-268C84A972B7}
[2011.12.30 19:32:22 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{21FC9553-D5E5-4B07-A3AD-F7051EFB6C3C}
[2011.12.30 19:32:06 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{026308A1-AA77-477C-A44F-FCF6864307B3}
[2011.12.28 16:08:04 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Roaming\SUPERAntiSpyware.com
[2011.12.28 16:07:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.12.28 16:07:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.12.28 16:07:18 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.12.28 09:37:45 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{78C7A10A-F5BD-4943-8B3A-C13208166089}
[2011.12.28 09:37:17 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{6B1E3D81-1E7C-4C58-9672-045E9CB70BFF}
[2011.12.27 21:36:42 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{19EBCF07-D8C8-4B54-90CF-92D32BB04F75}
[2011.12.27 21:36:27 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{15C7A713-49EE-4171-A08A-3341084507A9}
[2011.12.27 08:41:12 | 000,000,000 | ---D | C] -- C:\Users\Babuci\AppData\Local\{0ED67DE3-87FF-4DF1-9225-EA1FD3B416CA}

========== Files - Modified Within 30 Days ==========

[2012.01.25 21:51:40 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2012.01.25 21:51:39 | 000,001,012 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.25 21:51:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.25 21:51:29 | 1602,838,528 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.25 21:50:52 | 000,017,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.25 21:50:52 | 000,017,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.25 21:50:12 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012.01.25 21:27:16 | 000,001,016 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.25 21:26:00 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.25 21:20:31 | 000,066,896 | ---- | M] (Malwarebytes Corporation) -- C:\Users\Babuci\Desktop\mbam-clean.exe
[2012.01.25 15:21:27 | 000,000,237 | ---- | M] () -- C:\user.js
[2012.01.24 22:54:43 | 000,001,994 | ---- | M] () -- C:\Users\Babuci\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012.01.24 13:17:00 | 000,001,363 | ---- | M] () -- C:\Users\Babuci\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012.01.24 13:14:09 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012.01.22 23:33:07 | 000,879,683 | ---- | M] () -- C:\Users\Babuci\Desktop\SecurityCheck.exe
[2012.01.22 20:59:55 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Babuci\Desktop\esetsmartinstaller_enu.exe
[2012.01.22 20:31:06 | 004,388,509 | R--- | M] (Swearware) -- C:\Users\Babuci\Desktop\ComboFix.exe
[2012.01.21 22:25:14 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.01.21 20:57:18 | 009,200,064 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Babuci\Desktop\AppRemover.exe
[2012.01.21 00:38:52 | 000,317,200 | ---- | M] (AVAST Software) -- C:\Users\Babuci\Desktop\aswclear.exe
[2012.01.20 09:12:10 | 002,054,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Babuci\Desktop\tdsskiller.exe
[2012.01.19 21:53:13 | 000,302,592 | ---- | M] () -- C:\Users\Babuci\Desktop\g4up9czj.exe
[2012.01.19 21:34:45 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Babuci\Desktop\dds.scr
[2012.01.19 21:33:30 | 000,000,000 | ---- | M] () -- C:\Users\Babuci\defogger_reenable
[2012.01.16 15:24:15 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_nnfwdk_01009.Wdf
[2011.12.28 16:07:21 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.12.28 15:53:27 | 000,302,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.28 13:41:52 | 000,680,994 | ---- | M] () -- C:\Windows\System32\perfh00E.dat
[2011.12.28 13:41:52 | 000,651,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.28 13:41:52 | 000,169,528 | ---- | M] () -- C:\Windows\System32\perfc00E.dat
[2011.12.28 13:41:52 | 000,120,580 | ---- | M] () -- C:\Windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2012.01.25 21:26:00 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.25 15:21:27 | 000,000,237 | ---- | C] () -- C:\user.js
[2012.01.24 14:02:11 | 000,001,064 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.01.24 13:14:09 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012.01.22 23:33:03 | 000,879,683 | ---- | C] () -- C:\Users\Babuci\Desktop\SecurityCheck.exe
[2012.01.21 22:58:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.01.21 22:58:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.01.21 22:58:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.01.21 22:58:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.01.21 22:58:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.01.19 21:53:49 | 000,302,592 | ---- | C] () -- C:\Users\Babuci\Desktop\g4up9czj.exe
[2012.01.19 21:33:30 | 000,000,000 | ---- | C] () -- C:\Users\Babuci\defogger_reenable
[2012.01.16 15:24:15 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_nnfwdk_01009.Wdf
[2011.12.28 16:07:21 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.12.28 13:16:57 | 000,020,312 | ---- | C] () -- C:\Windows\System32\RegistryDefragBootTime.exe
[2011.11.25 00:48:08 | 000,000,425 | ---- | C] () -- C:\Program Files\file_id.diz
[2011.11.19 02:41:26 | 000,000,000 | ---- | C] () -- C:\Users\Babuci\AppData\Local\{75C8F3E1-1F0B-4722-BA56-618641C2BFE7}
[2011.04.07 16:26:44 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.04.04 02:03:49 | 000,000,190 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.03.16 05:50:31 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.03.16 05:50:31 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.03.13 11:10:12 | 000,100,712 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.03.07 19:59:24 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.10.07 00:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009.10.07 00:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009.07.26 17:41:44 | 000,287,518 | ---- | C] () -- C:\Windows\System32\perfi00E.dat
[2009.07.26 17:41:43 | 000,680,994 | ---- | C] () -- C:\Windows\System32\perfh00E.dat
[2009.07.26 17:41:43 | 000,169,528 | ---- | C] () -- C:\Windows\System32\perfc00E.dat
[2009.07.26 17:41:43 | 000,048,094 | ---- | C] () -- C:\Windows\System32\perfd00E.dat
[2009.07.14 04:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:33:53 | 000,302,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 02:05:48 | 000,651,648 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 02:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 02:05:48 | 000,120,580 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 02:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 02:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 02:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.13 23:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.13 23:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.07.26 13:42:52 | 000,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2005.10.15 13:25:20 | 000,028,672 | ---- | C] () -- C:\Windows\System32\myodbc3i.exe
[2005.10.15 13:25:20 | 000,011,776 | ---- | C] () -- C:\Windows\System32\myodbc3m.exe
[1997.06.14 02:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== LOP Check ==========

[2011.11.07 22:48:46 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\Babylon
[2011.04.03 22:14:59 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\CheckPoint
[2011.11.19 20:06:00 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\CleanMyPC Software
[2011.03.10 09:44:24 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\com.orbis.air.SkyPoker.7C82499D7E4526CADD9D1D1B010AFE250A7BEC27.1
[2011.11.29 05:47:31 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\DAEMON Tools Pro
[2011.11.12 00:22:06 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\DayTerium
[2011.11.27 22:09:30 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\ERS Game Studios
[2011.11.26 19:01:13 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\Frogwares
[2011.11.28 20:57:41 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\Games
[2011.11.13 12:14:16 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\GHISLER
[2011.12.11 23:25:13 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\IObit
[2011.09.07 22:26:43 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\Leadertech
[2011.11.27 00:58:20 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\MAI
[2011.12.09 22:14:11 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\MediaWmplay
[2011.03.08 02:20:23 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\OpenOffice.org
[2011.12.22 12:43:20 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\Opera
[2011.11.26 01:54:46 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\Orneon
[2011.11.09 20:43:00 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\PacificPoker
[2011.12.17 17:02:27 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\T-Mobile
[2011.12.17 17:19:03 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\T-Mobile Internet Manager
[2011.11.27 02:56:01 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\TOMI3
[2011.04.04 00:47:09 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\Uniblue
[2012.01.24 12:48:51 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\uTorrent
[2011.11.21 04:13:27 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\ValuSoft
[2011.11.23 00:15:44 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\VampireSaga
[2011.04.12 01:35:42 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\Windows Live Writer
[2012.01.25 21:51:40 | 000,000,330 | ---- | M] () -- C:\Windows\Tasks\DriverScanner.job
[2012.01.22 00:13:25 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< "%WinDir%\$NtUninstallKB*$." >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012.01.24 14:02:07 | 000,716,352 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012.01.24 14:02:07 | 000,716,352 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012.01.24 14:02:07 | 000,716,352 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012.01.24 14:02:10 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012.01.24 14:02:10 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012.01.24 14:02:10 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012.01.24 13:14:09 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012.01.24 13:14:09 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012.01.24 13:14:09 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012.01.24 13:14:10 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012.01.24 13:14:10 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2011.12.10 15:20:28 | 000,949,104 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2011.12.10 15:20:28 | 000,949,104 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2011.12.10 15:20:28 | 000,949,104 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2011.12.10 15:20:28 | 000,949,104 | ---- | M] (Opera Software)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012.01.24 14:02:07 | 000,716,352 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012.01.24 14:02:07 | 000,716,352 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012.01.24 14:02:07 | 000,716,352 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012.01.24 14:02:10 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012.01.24 14:02:10 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012.01.24 14:02:10 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012.01.24 13:14:09 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012.01.24 13:14:09 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012.01.24 13:14:09 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012.01.24 13:14:10 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012.01.24 13:14:10 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2011.12.10 15:20:28 | 000,949,104 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2011.12.10 15:20:28 | 000,949,104 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2011.12.10 15:20:28 | 000,949,104 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2011.12.10 15:20:28 | 000,949,104 | ---- | M] (Opera Software)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-12 22:39:14

========== Alternate Data Streams ==========

@Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:ECF54A0E

< End of report >


hm.. there is only one thing that is strange - when i open a link in a new tab it doubles itself, everytime i clicked on the links in your previous post they were duplicated... couldnt find any settings to this and has never seen it happening

thats for now, take care and thank you!
Mo

EDIT: ps.: after i made the above post a strange thing happened: i clicked on the saved url and it went blank, mozilla said it was done, the url showed in the search bar, and wouldnt load any bleeping computer page apart from my login home... clicking on anything it just ended up the same - blank and url shown and said it was done
i tried it in safe mode, wouldnt do it either, nor with ie9
how i managed to make this post is that i googled keywords to end up with this specific thread and now it appeared and could post this edit.
is it mbam messing up? (the only reason i dont think about firewall is that i haven yet installed one)

Edited by MsYvaine, 25 January 2012 - 05:56 PM.


#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:30 AM

Posted 26 January 2012 - 02:03 AM

Hi Monica!

thanks for being patient

You know what they say, patients is good for the soul... or something along those lines.. :P

i havent used ie for years now, i always left it as it was, but will update it in the future, previously i just couldnt bother.

I know that feeling. I use it very rarely. I tend to only use it to download a different internet browser.

MBAM is fine now, could register it again without any problem and did several reboots to see if it was coming back, nope, it wasnt, yeaaah

Great! Glad to hear that!!

what i still see active is babylon search - i suppose it is a medium risk factor.., however i may be wrong. whenever i open a new mozilla tab, babylon search is the page that i get, eventhough i set google.com as deafult

I'll see what we can do about that below. I'm going to script out what Babylon search items that I can see from your logs.

also, i used to use game software and i uninstalled them, but can still see files on the desktop, but cant remove them, one particular is robing hood - legend of sherwood.

What happens when you try to remove it?

Can you provide me with the full file path of what these items are that you want to remove?

A DNS-felold si gyors?t?t r kir?t‚se sikeresen megt”rt‚nt.

Can you translate this into english for me? Does it say that the DNS was successfully flushed?

hm.. there is only one thing that is strange - when i open a link in a new tab it doubles itself, everytime i clicked on the links in your previous post they were duplicated... couldnt find any settings to this and has never seen it happening

Is this still happening?

So if you click on one of the links I link you to it opens the link twice?

Do you recognize this file below?

C:\user.js

If you don't can you upload it to VirusTotal and post the link back here for me to review?


No Anti-Virus Present

Looking over your log it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect cleans and erase harmful virus files on a computer
Web server or network.
Unchecked virus files can unintentionally be forwarded to others including trading partners and thereby spreading infection. Because new viruses regularly emerge anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present and will clean delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer then only one of them should be active in memory at a time.



NEXT:



After you install an Anti-Virus program, please run a full scan with it, and let me know if it finds anything.


NEXT:


OTL Fix

We need to run an OTL Fix

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    [2012.01.25 15:21:22 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    [2011.11.07 22:48:46 | 000,000,000 | ---D | M] -- C:\Users\Babuci\AppData\Roaming\Babylon
    :Reg
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 MsYvaine

MsYvaine
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:uk-london
  • Local time:03:30 PM

Posted 26 January 2012 - 04:18 PM

hello

unfortunately ill be quick now with no logs :(

but, in order:

1. i do not know any other saying, just patience is a virtue :) and indeed it is :)

2. i reckon babylon will stay while we sort out another problem, as i didnt run otl without consulting you

3. when i tried to see the error message about those softwares to let you know what did they say, they were successfully removed, and i dont see any traces of them, so consider it as a success and i reckon i couldnt remove them completely because of the infection (if it makes sense...?)

Can you translate this into english for me? Does it say that the DNS was successfully flushed?

yes it means dns was successfully flushed

Is this still happening?

yes, it is

So if you click on one of the links I link you to it opens the link twice?

yes and it is only happening with bleepingcomputer links, i tried amazon, ebay, news sites, everything that i could think about that refers to another link and it didnt duplicate it, only from this site :(

Do you recognize this file below?

C:\user.js

yes, this is a javascript that belong to firefox, it was created when i was doing the advanced settings about privacy and security
its clean and applies to all users who may be on this computer

right, and the biggest and most important one

i downloaded avast, the strange thing is that i did install it yesterday and was kinda schocked when you said in your reply that there was none, because i do remember doing it.
anyway, i did it again and... couldnt run it fully
i tried 4 times than gave up, while running the scan the computer shut down. the furthest point was 10% and once i could finally switch it on avast said that it couldnt update its definitions
and the last info i saw was that it detected 4 items :(

thats where we stand now and eagerly waiting for your fruitful words ;)
monica

Edited by MsYvaine, 26 January 2012 - 04:25 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users