Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have a backdoor trojan and popup banners in FF & IE


  • This topic is locked This topic is locked
15 replies to this topic

#1 mrln12

mrln12

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 27 May 2012 - 06:47 PM

Hello,
I came from this topic to here.
I have pop-up banners in Firefox and Internet Explorer appearing in the right corner of my browser. After several tryouts with scanners they don't want to go away. In these scans it was visible I have a backdoor Trojan on my pc. To clean it, I was sent here.
I hope somebody can help curing my pc!

This is the DDS log, and please see attachment for the attach.txt log.
I couldn't create a GMER Log because my windows is a 64 bit version.



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23
Run by MI at 1:33:06 on 2012-05-28
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = Windows Internet Explorer wordt aangeboden door MSN and Bing
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {A057A204-BACC-4D26-8287-79A187E26987} - No File
uRun: [SoftAuto.exe] "C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe"
uRun: [Akamai NetSession Interface] "C:\Users\MI\AppData\Local\Akamai\netsession_win.exe"
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\MI\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\VIIKII~1.LNK - C:\Program Files (x86)\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {C342F4EE-6D48-4239-A55D-CF2D0D1F3BC6} - hxxp://music.global.cyworld.com/Content/package/skcaset.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{63950901-CDDF-4C45-BD3E-1C2F1F38FFC4} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Aanmelden - Help: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {A057A204-BACC-4D26-8287-79A187E26987} - No File
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
Hosts: 176.9.75.3 www.google-analytics.com.
Hosts: 176.9.75.3 ad-emea.doubleclick.net.
Hosts: 176.9.75.3 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\MI\AppData\Roaming\Mozilla\Firefox\Profiles\3pwznh6q.default\
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCMListControl.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npcyworld.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nppeeraod.dll
FF - plugin: C:\Windows\npcyworld.dll
FF - plugin: C:\Windows\nppeeraod.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-05-27 10:34:41 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0BCC68E9-7BDF-49AA-B4AF-F816EF87C391}\mpengine.dll
2012-05-25 21:49:23 8955792 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-25 20:15:48 -------- d-----w- C:\Program Files (x86)\ESET
2012-05-24 20:38:10 -------- d-----w- C:\Users\MI\AppData\Roaming\AVI ReComp
2012-05-24 20:34:06 696832 ----a-w- C:\Windows\System32\xvidcore.dll
2012-05-24 20:34:06 645632 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2012-05-24 20:34:06 255488 ----a-w- C:\Windows\System32\xvidvfw.dll
2012-05-24 20:34:06 240640 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2012-05-24 20:34:06 173568 ----a-w- C:\Windows\System32\xvid.ax
2012-05-24 20:34:06 153088 ----a-w- C:\Windows\SysWow64\xvid.ax
2012-05-24 20:34:02 -------- d-----w- C:\Program Files (x86)\Xvid
2012-05-24 20:33:25 -------- d-----w- C:\Program Files (x86)\AviSynth 2.5
2012-05-24 20:32:14 -------- d-----w- C:\Program Files (x86)\AVI ReComp
2012-05-21 19:04:19 -------- d-----w- C:\Windows\SysWow64\Adobe
2012-05-20 15:33:55 -------- d-----w- C:\Users\MI\AppData\Roaming\SUPERAntiSpyware.com
2012-05-20 15:33:07 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-05-20 15:33:07 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-05-05 20:47:27 -------- d-----w- C:\Windows\SysWow64\Wat
2012-05-05 20:47:27 -------- d-----w- C:\Windows\System32\Wat
2012-05-05 11:45:54 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{439537DA-4D30-41A8-8CE5-EACCB7CCD9E3}\gapaengine.dll
2012-05-05 11:44:55 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-05-05 11:44:55 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-05-05 11:44:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-05-05 11:43:14 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-05-05 11:43:13 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-05-05 10:46:13 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-05-03 20:52:35 -------- d-----w- C:\Windows\System32\SPReview
2012-05-03 20:52:01 -------- d-----w- C:\Windows\System32\EventProviders
2012-05-03 20:49:01 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-05-03 20:49:00 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-05-03 20:49:00 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-05-03 20:49:00 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-05-03 20:49:00 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-05-03 20:49:00 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-05-03 20:49:00 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-05-03 20:45:59 584192 ----a-w- C:\Windows\SysWow64\gpprefcl.dll
2012-05-03 20:44:59 93696 ----a-w- C:\Windows\SysWow64\fms.dll
2012-05-03 20:43:54 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2012-05-03 20:43:54 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2012-05-03 20:42:44 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2012-05-03 20:26:16 723456 ----a-w- C:\Windows\System32\EncDec.dll
2012-05-03 20:26:16 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2012-05-03 20:24:26 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-05-03 20:24:26 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-05-03 20:24:14 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-05-03 20:24:14 -------- d-sh--w- C:\Users\MI\AppData\Local\{5c9ce6d3-52ff-ca64-83a3-dc3769b8c19e}
2012-05-03 20:24:13 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-05-03 20:24:08 77312 ----a-w- C:\Windows\System32\packager.dll
2012-05-03 20:24:08 67072 ----a-w- C:\Windows\SysWow64\packager.dll
.
==================== Find3M ====================
.
2012-05-21 18:10:54 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-21 18:10:54 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-03 21:11:07 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-05-03 21:11:06 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-04-04 13:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-20 18:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-20 18:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-03-03 06:35:38 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-03 05:31:19 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-05-26 08:17:42 460088 ----a-w- C:\Program Files (x86)\setup.exe
.
============= FINISH: 1:33:26,71 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:47 PM

Posted 27 May 2012 - 11:22 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 mrln12

mrln12
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 28 May 2012 - 05:11 AM

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)


Hello, I have Windows 7, can I still run this?

Edited by mrln12, 28 May 2012 - 05:12 AM.


#4 mrln12

mrln12
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 28 May 2012 - 05:46 AM

Hi, I followed the steps. I didn't got the message about Recovery Console, so I could run Combofix properly.
After the scanning with combofix, I am happy to see no popup banners! I checked it in Firefox and Internet Explorer, and I don't see them! Thank you!!

Here are the logs.

Security Check:
Results of screen317's Security Check version 0.99.39
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 23
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox 8.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
[/u]````````````````````End of Log``````````````````````[/u]


And this is from Combofix:
ComboFix 12-05-28.01 - MI 28-05-2012 12:29:06.1.8 - x64
Gestart vanuit: c:\users\MI\Desktop\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Setup.exe
c:\users\MI\AppData\Local\Microsoft\Windows\Temporary Internet Files\SKBGM.cfg
c:\users\MI\AppData\Local\Microsoft\Windows\Temporary Internet Files\SKBGM0.che
c:\users\MI\AppData\Local\Microsoft\Windows\Temporary Internet Files\SKBGM1.che
c:\users\MI\AppData\Local\Microsoft\Windows\Temporary Internet Files\SKBGM2.che
c:\users\MI\AppData\Local\Microsoft\Windows\Temporary Internet Files\SKBGM3.che
c:\users\MI\AppData\Local\Microsoft\Windows\Temporary Internet Files\SKBGM4.che
c:\users\MI\AppData\Local\Microsoft\Windows\Temporary Internet Files\SKBGM5.che
c:\users\MI\AppData\Local\Microsoft\Windows\Temporary Internet Files\SKBGM6.che
c:\users\MI\AppData\Local\Microsoft\Windows\Temporary Internet Files\SKBGM7.che
c:\users\MI\AppData\Local\Microsoft\Windows\Temporary Internet Files\SKBGM8.che
c:\users\MI\AppData\Local\Microsoft\Windows\Temporary Internet Files\SKBGM9.che
c:\users\MI\Frohmage-152-win-stal-free.exe
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\SysWow64\avisynth.dll
c:\windows\SysWow64\devil.dll
D:\install.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-04-28 to 2012-05-28 ))))))))))))))))))))))))))))))
.
.
2012-05-28 10:33 . 2012-05-28 10:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-27 10:34 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0BCC68E9-7BDF-49AA-B4AF-F816EF87C391}\mpengine.dll
2012-05-25 21:49 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-25 20:15 . 2012-05-25 20:15 -------- d-----w- c:\program files (x86)\ESET
2012-05-24 20:38 . 2012-05-26 16:14 -------- d-----w- c:\users\MI\AppData\Roaming\AVI ReComp
2012-05-24 20:37 . 2012-05-24 20:37 -------- d-----w- c:\program files (x86)\Gabest
2012-05-24 20:34 . 2011-05-30 13:42 240640 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2012-05-24 20:34 . 2011-05-30 13:42 255488 ----a-w- c:\windows\system32\xvidvfw.dll
2012-05-24 20:34 . 2011-05-23 09:52 153088 ----a-w- c:\windows\SysWow64\xvid.ax
2012-05-24 20:34 . 2011-05-23 07:49 173568 ----a-w- c:\windows\system32\xvid.ax
2012-05-24 20:34 . 2011-05-23 07:46 645632 ----a-w- c:\windows\SysWow64\xvidcore.dll
2012-05-24 20:34 . 2011-05-23 07:45 696832 ----a-w- c:\windows\system32\xvidcore.dll
2012-05-24 20:34 . 2012-05-24 20:34 -------- d-----w- c:\program files (x86)\Xvid
2012-05-24 20:33 . 2012-05-24 20:33 -------- d-----w- c:\program files (x86)\AviSynth 2.5
2012-05-24 20:32 . 2012-05-24 20:37 -------- d-----w- c:\program files (x86)\AVI ReComp
2012-05-21 19:04 . 2012-05-21 19:06 -------- d-----w- c:\windows\SysWow64\Adobe
2012-05-20 15:33 . 2012-05-20 15:33 -------- d-----w- c:\users\MI\AppData\Roaming\SUPERAntiSpyware.com
2012-05-20 15:33 . 2012-05-20 15:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-20 15:33 . 2012-05-20 15:33 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-05-05 20:47 . 2012-05-05 20:47 -------- d-----w- c:\windows\SysWow64\Wat
2012-05-05 20:47 . 2012-05-05 20:47 -------- d-----w- c:\windows\system32\Wat
2012-05-05 11:45 . 2012-05-05 11:45 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{439537DA-4D30-41A8-8CE5-EACCB7CCD9E3}\gapaengine.dll
2012-05-05 11:44 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-05-05 11:44 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-05-05 11:44 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-05-05 11:43 . 2012-05-05 11:43 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-05-05 11:43 . 2012-05-05 11:43 -------- d-----w- c:\program files\Microsoft Security Client
2012-05-05 10:46 . 2012-05-05 10:46 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-05-03 20:52 . 2012-05-03 20:52 -------- d-----w- c:\windows\system32\SPReview
2012-05-03 20:52 . 2012-05-03 20:52 -------- d-----w- c:\windows\system32\EventProviders
2012-05-03 20:49 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-03 20:49 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-05-03 20:49 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-03 20:49 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-03 20:49 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-05-03 20:49 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-05-03 20:49 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-05-03 20:45 . 2010-11-20 13:34 215936 ----a-w- c:\windows\system32\drivers\vhdmp.sys
2012-05-03 20:44 . 2010-11-20 13:27 86016 ----a-w- c:\windows\system32\TSpkg.dll
2012-05-03 20:43 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2012-05-03 20:43 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2012-05-03 20:42 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-05-03 20:26 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-05-03 20:26 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-05-03 20:24 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-05-03 20:24 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-05-03 20:24 . 2012-05-05 10:41 -------- d-sh--w- c:\users\MI\AppData\Local\{5c9ce6d3-52ff-ca64-83a3-dc3769b8c19e}
2012-05-03 20:24 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-05-03 20:24 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-05-03 20:24 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-05-03 20:24 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-21 18:10 . 2012-04-08 20:30 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-21 18:10 . 2011-06-02 11:07 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-03 21:11 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-05-03 21:11 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-04-04 13:56 . 2012-04-26 22:16 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-20 18:44 . 2012-03-20 18:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 18:44 . 2012-03-20 18:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoftAuto.exe"="c:\program files (x86)\Creative\Software Update 3\SoftAuto.exe" [2008-05-28 401408]
"Akamai NetSession Interface"="c:\users\MI\AppData\Local\Akamai\netsession_win.exe" [2012-05-07 3331872]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-10 417792]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-26 648032]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\MI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ViiKiiDesktopPlugin.lnk - c:\program files (x86)\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 cxrczgyo;cxrczgyo;c:\windows\system32\drivers\cxrczgyo.sys [x]
R3 CTUPnPSv;Creative Centrale Media Server;c:\program files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-26 398176]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
S3 gwfilt64;gwfilt64;c:\windows\system32\drivers\gwfilt64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-25 9650720]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
TCP: DhcpNameServer = 192.168.1.1
DPF: {C342F4EE-6D48-4239-A55D-CF2D0D1F3BC6} - hxxp://music.global.cyworld.com/Content/package/skcaset.cab
FF - ProfilePath - c:\users\MI\AppData\Roaming\Mozilla\Firefox\Profiles\3pwznh6q.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS VERWIJDERD - - - -
.
WebBrowser-{A057A204-BACC-4D26-8287-79A187E26987} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-1729316787-2429321519-4277329716-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1d,13,cb,6a,ba,51,9c,31,a6,04,e8,c5,30,d2,12,d6,b1,c5,a3,fb,3a,06,76,
8c,06,4f,fa,04,27,89,37,c3,79,39,2c,1f,4a,1b,fd,c1,18,41,da,3a,38,c3,91,19,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTDevSrv.exe
.
**************************************************************************
.
Voltooingstijd: 2012-05-28 12:39:12 - machine werd herstart
ComboFix-quarantined-files.txt 2012-05-28 10:39
.
Pre-Run: 389.938.233.344 bytes free
Post-Run: 389.809.217.536 bytes free
.
- - End Of File - - CDF1CC3D8B762AD47184412B380DAD0E

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:47 PM

Posted 28 May 2012 - 10:24 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 mrln12

mrln12
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 29 May 2012 - 02:05 PM

Hello,
this is the TDSS Killer report:

20:47:09.0222 3880 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
20:47:09.0311 3880 ============================================================
20:47:09.0311 3880 Current date / time: 2012/05/29 20:47:09.0311
20:47:09.0311 3880 SystemInfo:
20:47:09.0311 3880
20:47:09.0311 3880 OS Version: 6.1.7601 ServicePack: 1.0
20:47:09.0311 3880 Product type: Workstation
20:47:09.0311 3880 ComputerName: MI_
20:47:09.0311 3880 UserName: MI
20:47:09.0311 3880 Windows directory: C:\Windows
20:47:09.0311 3880 System windows directory: C:\Windows
20:47:09.0311 3880 Running under WOW64
20:47:09.0311 3880 Processor architecture: Intel x64
20:47:09.0311 3880 Number of processors: 8
20:47:09.0311 3880 Page size: 0x1000
20:47:09.0311 3880 Boot type: Normal boot
20:47:09.0311 3880 ============================================================
20:47:09.0996 3880 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:47:10.0030 3880 Drive \Device\Harddisk5\DR5 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:47:10.0032 3880 ============================================================
20:47:10.0032 3880 \Device\Harddisk0\DR0:
20:47:10.0032 3880 MBR partitions:
20:47:10.0032 3880 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1D4C800, BlocksNum 0x394E9000
20:47:10.0032 3880 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3B235800, BlocksNum 0x394D0800
20:47:10.0032 3880 \Device\Harddisk5\DR5:
20:47:10.0032 3880 MBR partitions:
20:47:10.0043 3880 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x1368192C
20:47:10.0054 3880 \Device\Harddisk5\DR5\Partition1: MBR, Type 0x7, StartLBA 0x1368586B, BlocksNum 0x1368192C
20:47:10.0072 3880 \Device\Harddisk5\DR5\Partition2: MBR, Type 0x7, StartLBA 0x26D071D6, BlocksNum 0x1367DA6B
20:47:10.0072 3880 ============================================================
20:47:10.0137 3880 C: <-> \Device\Harddisk0\DR0\Partition0
20:47:10.0166 3880 D: <-> \Device\Harddisk0\DR0\Partition1
20:47:10.0189 3880 J: <-> \Device\Harddisk5\DR5\Partition2
20:47:10.0221 3880 K: <-> \Device\Harddisk5\DR5\Partition1
20:47:10.0245 3880 L: <-> \Device\Harddisk5\DR5\Partition0
20:47:10.0245 3880 ============================================================
20:47:10.0245 3880 Initialize success
20:47:10.0245 3880 ============================================================
20:47:15.0839 3768 ============================================================
20:47:15.0839 3768 Scan started
20:47:15.0839 3768 Mode: Manual;
20:47:15.0839 3768 ============================================================
20:47:16.0541 3768 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
20:47:16.0541 3768 !SASCORE - ok
20:47:16.0619 3768 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:47:16.0619 3768 1394ohci - ok
20:47:16.0650 3768 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:47:16.0650 3768 ACPI - ok
20:47:16.0666 3768 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:47:16.0666 3768 AcpiPmi - ok
20:47:16.0713 3768 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:47:16.0713 3768 adp94xx - ok
20:47:16.0744 3768 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:47:16.0744 3768 adpahci - ok
20:47:16.0775 3768 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:47:16.0775 3768 adpu320 - ok
20:47:16.0806 3768 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:47:16.0806 3768 AeLookupSvc - ok
20:47:16.0853 3768 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:47:16.0869 3768 AFD - ok
20:47:16.0884 3768 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:47:16.0884 3768 agp440 - ok
20:47:17.0087 3768 Akamai (1125c7d9fb8898015829c387c1bc87c7) c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll
20:47:17.0087 3768 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7
20:47:17.0087 3768 Akamai ( HiddenFile.Multi.Generic ) - warning
20:47:17.0087 3768 Akamai - detected HiddenFile.Multi.Generic (1)
20:47:17.0134 3768 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:47:17.0150 3768 ALG - ok
20:47:17.0196 3768 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:47:17.0196 3768 aliide - ok
20:47:17.0228 3768 AMD External Events Utility (d696f317bd465a602566f8e1dcce15f7) C:\Windows\system32\atiesrxx.exe
20:47:17.0243 3768 AMD External Events Utility - ok
20:47:17.0243 3768 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:47:17.0243 3768 amdide - ok
20:47:17.0274 3768 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:47:17.0306 3768 AmdK8 - ok
20:47:17.0321 3768 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:47:17.0321 3768 AmdPPM - ok
20:47:17.0337 3768 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
20:47:17.0337 3768 amdsata - ok
20:47:17.0352 3768 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:47:17.0352 3768 amdsbs - ok
20:47:17.0368 3768 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
20:47:17.0368 3768 amdxata - ok
20:47:17.0384 3768 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:47:17.0384 3768 AppID - ok
20:47:17.0399 3768 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:47:17.0399 3768 AppIDSvc - ok
20:47:17.0430 3768 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:47:17.0430 3768 Appinfo - ok
20:47:17.0462 3768 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
20:47:17.0462 3768 AppMgmt - ok
20:47:17.0477 3768 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:47:17.0477 3768 arc - ok
20:47:17.0493 3768 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:47:17.0493 3768 arcsas - ok
20:47:17.0508 3768 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:47:17.0508 3768 AsyncMac - ok
20:47:17.0524 3768 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:47:17.0524 3768 atapi - ok
20:47:17.0789 3768 atikmdag (52bd95caa9cae8977fe043e9ad6d2d0e) C:\Windows\system32\DRIVERS\atikmdag.sys
20:47:17.0836 3768 atikmdag - ok
20:47:17.0930 3768 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:47:17.0945 3768 AudioEndpointBuilder - ok
20:47:17.0945 3768 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:47:17.0945 3768 AudioSrv - ok
20:47:17.0976 3768 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:47:17.0976 3768 AxInstSV - ok
20:47:18.0008 3768 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:47:18.0023 3768 b06bdrv - ok
20:47:18.0054 3768 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:47:18.0054 3768 b57nd60a - ok
20:47:18.0086 3768 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:47:18.0086 3768 BDESVC - ok
20:47:18.0086 3768 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:47:18.0086 3768 Beep - ok
20:47:18.0148 3768 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:47:18.0164 3768 BFE - ok
20:47:18.0210 3768 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
20:47:18.0210 3768 BITS - ok
20:47:18.0226 3768 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:47:18.0242 3768 blbdrive - ok
20:47:18.0257 3768 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:47:18.0257 3768 bowser - ok
20:47:18.0273 3768 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:47:18.0273 3768 BrFiltLo - ok
20:47:18.0273 3768 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:47:18.0273 3768 BrFiltUp - ok
20:47:18.0304 3768 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
20:47:18.0320 3768 BridgeMP - ok
20:47:18.0335 3768 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:47:18.0351 3768 Browser - ok
20:47:18.0366 3768 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:47:18.0366 3768 Brserid - ok
20:47:18.0382 3768 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:47:18.0382 3768 BrSerWdm - ok
20:47:18.0398 3768 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:47:18.0398 3768 BrUsbMdm - ok
20:47:18.0398 3768 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:47:18.0398 3768 BrUsbSer - ok
20:47:18.0413 3768 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:47:18.0413 3768 BTHMODEM - ok
20:47:18.0429 3768 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:47:18.0429 3768 bthserv - ok
20:47:18.0444 3768 catchme - ok
20:47:18.0460 3768 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:47:18.0460 3768 cdfs - ok
20:47:18.0491 3768 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
20:47:18.0507 3768 cdrom - ok
20:47:18.0522 3768 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:47:18.0522 3768 CertPropSvc - ok
20:47:18.0538 3768 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:47:18.0538 3768 circlass - ok
20:47:18.0569 3768 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:47:18.0569 3768 CLFS - ok
20:47:18.0632 3768 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:47:18.0632 3768 clr_optimization_v2.0.50727_32 - ok
20:47:18.0678 3768 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:47:18.0678 3768 clr_optimization_v2.0.50727_64 - ok
20:47:18.0694 3768 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:47:18.0694 3768 CmBatt - ok
20:47:18.0710 3768 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:47:18.0710 3768 cmdide - ok
20:47:18.0756 3768 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:47:18.0756 3768 CNG - ok
20:47:18.0772 3768 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:47:18.0772 3768 Compbatt - ok
20:47:18.0803 3768 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:47:18.0803 3768 CompositeBus - ok
20:47:18.0803 3768 COMSysApp - ok
20:47:18.0819 3768 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:47:18.0819 3768 crcdisk - ok
20:47:18.0850 3768 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
20:47:18.0850 3768 CryptSvc - ok
20:47:18.0897 3768 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
20:47:18.0897 3768 CSC - ok
20:47:18.0959 3768 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
20:47:18.0959 3768 CscService - ok
20:47:19.0037 3768 CTDevice_Srv (a5bea0e5c297f5f3835638a87e512fba) C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
20:47:19.0037 3768 CTDevice_Srv - ok
20:47:19.0053 3768 CTUPnPSv (8e26d772f53b7883a651e0e4a9598f21) C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe
20:47:19.0084 3768 CTUPnPSv - ok
20:47:19.0115 3768 cxrczgyo - ok
20:47:19.0162 3768 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:47:19.0162 3768 DcomLaunch - ok
20:47:19.0193 3768 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:47:19.0193 3768 defragsvc - ok
20:47:19.0224 3768 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:47:19.0224 3768 DfsC - ok
20:47:19.0271 3768 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:47:19.0271 3768 Dhcp - ok
20:47:19.0287 3768 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:47:19.0287 3768 discache - ok
20:47:19.0302 3768 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:47:19.0302 3768 Disk - ok
20:47:19.0334 3768 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:47:19.0334 3768 Dnscache - ok
20:47:19.0365 3768 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:47:19.0365 3768 dot3svc - ok
20:47:19.0380 3768 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:47:19.0380 3768 DPS - ok
20:47:19.0412 3768 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:47:19.0412 3768 drmkaud - ok
20:47:19.0458 3768 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:47:19.0474 3768 DXGKrnl - ok
20:47:19.0505 3768 e1yexpress (50ad8fc1dc800ff36087994c8f7fdff2) C:\Windows\system32\DRIVERS\e1y60x64.sys
20:47:19.0505 3768 e1yexpress - ok
20:47:19.0536 3768 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:47:19.0536 3768 EapHost - ok
20:47:19.0692 3768 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:47:19.0724 3768 ebdrv - ok
20:47:19.0817 3768 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:47:19.0817 3768 EFS - ok
20:47:19.0880 3768 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:47:19.0895 3768 ehRecvr - ok
20:47:19.0926 3768 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:47:19.0926 3768 ehSched - ok
20:47:19.0973 3768 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:47:19.0989 3768 elxstor - ok
20:47:20.0004 3768 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:47:20.0004 3768 ErrDev - ok
20:47:20.0036 3768 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:47:20.0051 3768 EventSystem - ok
20:47:20.0067 3768 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:47:20.0067 3768 exfat - ok
20:47:20.0082 3768 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:47:20.0082 3768 fastfat - ok
20:47:20.0145 3768 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:47:20.0176 3768 Fax - ok
20:47:20.0192 3768 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:47:20.0192 3768 fdc - ok
20:47:20.0207 3768 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:47:20.0207 3768 fdPHost - ok
20:47:20.0207 3768 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:47:20.0207 3768 FDResPub - ok
20:47:20.0223 3768 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:47:20.0223 3768 FileInfo - ok
20:47:20.0238 3768 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:47:20.0238 3768 Filetrace - ok
20:47:20.0254 3768 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:47:20.0254 3768 flpydisk - ok
20:47:20.0270 3768 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:47:20.0270 3768 FltMgr - ok
20:47:20.0332 3768 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
20:47:20.0363 3768 FontCache - ok
20:47:20.0441 3768 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:47:20.0441 3768 FontCache3.0.0.0 - ok
20:47:20.0457 3768 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:47:20.0457 3768 FsDepends - ok
20:47:20.0472 3768 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:47:20.0472 3768 Fs_Rec - ok
20:47:20.0488 3768 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:47:20.0488 3768 fvevol - ok
20:47:20.0504 3768 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:47:20.0519 3768 gagp30kx - ok
20:47:20.0550 3768 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:47:20.0566 3768 gpsvc - ok
20:47:20.0597 3768 gwfilt64 (215dcb833b0747fbad8ae28c85b5381c) C:\Windows\system32\drivers\gwfilt64.sys
20:47:20.0597 3768 gwfilt64 - ok
20:47:20.0613 3768 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:47:20.0613 3768 hcw85cir - ok
20:47:20.0660 3768 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:47:20.0660 3768 HdAudAddService - ok
20:47:20.0691 3768 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:47:20.0691 3768 HDAudBus - ok
20:47:20.0706 3768 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:47:20.0706 3768 HidBatt - ok
20:47:20.0722 3768 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:47:20.0722 3768 HidBth - ok
20:47:20.0738 3768 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:47:20.0738 3768 HidIr - ok
20:47:20.0753 3768 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
20:47:20.0753 3768 hidserv - ok
20:47:20.0800 3768 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
20:47:20.0800 3768 HidUsb - ok
20:47:20.0831 3768 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:47:20.0831 3768 hkmsvc - ok
20:47:20.0847 3768 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:47:20.0847 3768 HomeGroupListener - ok
20:47:20.0878 3768 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:47:20.0878 3768 HomeGroupProvider - ok
20:47:20.0894 3768 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:47:20.0894 3768 HpSAMD - ok
20:47:20.0956 3768 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:47:20.0972 3768 HTTP - ok
20:47:21.0003 3768 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:47:21.0003 3768 hwpolicy - ok
20:47:21.0018 3768 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:47:21.0018 3768 i8042prt - ok
20:47:21.0065 3768 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
20:47:21.0065 3768 iaStorV - ok
20:47:21.0159 3768 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:47:21.0159 3768 idsvc - ok
20:47:21.0174 3768 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:47:21.0174 3768 iirsp - ok
20:47:21.0221 3768 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:47:21.0237 3768 IKEEXT - ok
20:47:21.0346 3768 IntcAzAudAddService (c1e2d46eb6e533dd087c684d33411f4a) C:\Windows\system32\drivers\RTKVHD64.sys
20:47:21.0362 3768 IntcAzAudAddService - ok
20:47:21.0424 3768 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:47:21.0440 3768 intelide - ok
20:47:21.0455 3768 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:47:21.0455 3768 intelppm - ok
20:47:21.0471 3768 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:47:21.0486 3768 IPBusEnum - ok
20:47:21.0502 3768 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:47:21.0502 3768 IpFilterDriver - ok
20:47:21.0564 3768 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:47:21.0580 3768 iphlpsvc - ok
20:47:21.0596 3768 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:47:21.0596 3768 IPMIDRV - ok
20:47:21.0642 3768 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:47:21.0642 3768 IPNAT - ok
20:47:21.0658 3768 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:47:21.0658 3768 IRENUM - ok
20:47:21.0674 3768 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:47:21.0674 3768 isapnp - ok
20:47:21.0689 3768 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:47:21.0689 3768 iScsiPrt - ok
20:47:21.0705 3768 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
20:47:21.0705 3768 kbdclass - ok
20:47:21.0720 3768 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:47:21.0720 3768 kbdhid - ok
20:47:21.0752 3768 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:47:21.0752 3768 KeyIso - ok
20:47:21.0767 3768 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:47:21.0767 3768 KSecDD - ok
20:47:21.0783 3768 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:47:21.0783 3768 KSecPkg - ok
20:47:21.0798 3768 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:47:21.0798 3768 ksthunk - ok
20:47:21.0830 3768 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:47:21.0830 3768 KtmRm - ok
20:47:21.0876 3768 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
20:47:21.0876 3768 LanmanServer - ok
20:47:21.0908 3768 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:47:21.0908 3768 LanmanWorkstation - ok
20:47:22.0079 3768 Lavasoft Ad-Aware Service (ed60ffd305ac0424920d146db9f9ed78) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
20:47:22.0095 3768 Lavasoft Ad-Aware Service - ok
20:47:22.0204 3768 Lbd (3c46290f7a5d45ba6ef32c248e22aa69) C:\Windows\system32\DRIVERS\Lbd.sys
20:47:22.0204 3768 Lbd - ok
20:47:22.0220 3768 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:47:22.0235 3768 lltdio - ok
20:47:22.0266 3768 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:47:22.0266 3768 lltdsvc - ok
20:47:22.0282 3768 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:47:22.0282 3768 lmhosts - ok
20:47:22.0298 3768 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:47:22.0298 3768 LSI_FC - ok
20:47:22.0313 3768 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:47:22.0313 3768 LSI_SAS - ok
20:47:22.0329 3768 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:47:22.0329 3768 LSI_SAS2 - ok
20:47:22.0344 3768 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:47:22.0344 3768 LSI_SCSI - ok
20:47:22.0360 3768 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:47:22.0360 3768 luafv - ok
20:47:22.0391 3768 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
20:47:22.0391 3768 MBAMProtector - ok
20:47:22.0454 3768 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:47:22.0469 3768 MBAMService - ok
20:47:22.0485 3768 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:47:22.0485 3768 Mcx2Svc - ok
20:47:22.0500 3768 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:47:22.0500 3768 megasas - ok
20:47:22.0516 3768 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:47:22.0516 3768 MegaSR - ok
20:47:22.0547 3768 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:47:22.0547 3768 MMCSS - ok
20:47:22.0563 3768 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:47:22.0563 3768 Modem - ok
20:47:22.0594 3768 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:47:22.0594 3768 monitor - ok
20:47:22.0610 3768 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
20:47:22.0610 3768 mouclass - ok
20:47:22.0625 3768 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:47:22.0625 3768 mouhid - ok
20:47:22.0641 3768 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:47:22.0641 3768 mountmgr - ok
20:47:22.0688 3768 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
20:47:22.0688 3768 MpFilter - ok
20:47:22.0703 3768 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:47:22.0703 3768 mpio - ok
20:47:22.0719 3768 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:47:22.0719 3768 mpsdrv - ok
20:47:22.0797 3768 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:47:22.0812 3768 MpsSvc - ok
20:47:22.0844 3768 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:47:22.0844 3768 MRxDAV - ok
20:47:22.0859 3768 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:47:22.0859 3768 mrxsmb - ok
20:47:22.0890 3768 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:47:22.0890 3768 mrxsmb10 - ok
20:47:22.0906 3768 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:47:22.0906 3768 mrxsmb20 - ok
20:47:22.0906 3768 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:47:22.0906 3768 msahci - ok
20:47:22.0937 3768 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:47:22.0937 3768 msdsm - ok
20:47:22.0953 3768 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:47:22.0953 3768 MSDTC - ok
20:47:22.0968 3768 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:47:22.0968 3768 Msfs - ok
20:47:22.0984 3768 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:47:22.0984 3768 mshidkmdf - ok
20:47:23.0000 3768 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:47:23.0000 3768 msisadrv - ok
20:47:23.0031 3768 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:47:23.0031 3768 MSiSCSI - ok
20:47:23.0031 3768 msiserver - ok
20:47:23.0046 3768 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:47:23.0046 3768 MSKSSRV - ok
20:47:23.0093 3768 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
20:47:23.0093 3768 MsMpSvc - ok
20:47:23.0109 3768 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:47:23.0109 3768 MSPCLOCK - ok
20:47:23.0109 3768 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:47:23.0109 3768 MSPQM - ok
20:47:23.0140 3768 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:47:23.0140 3768 MsRPC - ok
20:47:23.0156 3768 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:47:23.0156 3768 mssmbios - ok
20:47:23.0156 3768 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:47:23.0156 3768 MSTEE - ok
20:47:23.0171 3768 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:47:23.0171 3768 MTConfig - ok
20:47:23.0202 3768 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:47:23.0202 3768 Mup - ok
20:47:23.0249 3768 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:47:23.0249 3768 napagent - ok
20:47:23.0265 3768 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:47:23.0280 3768 NativeWifiP - ok
20:47:23.0327 3768 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:47:23.0343 3768 NDIS - ok
20:47:23.0343 3768 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:47:23.0358 3768 NdisCap - ok
20:47:23.0358 3768 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:47:23.0358 3768 NdisTapi - ok
20:47:23.0390 3768 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:47:23.0390 3768 Ndisuio - ok
20:47:23.0421 3768 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:47:23.0421 3768 NdisWan - ok
20:47:23.0436 3768 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:47:23.0436 3768 NDProxy - ok
20:47:23.0452 3768 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:47:23.0452 3768 NetBIOS - ok
20:47:23.0483 3768 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:47:23.0499 3768 NetBT - ok
20:47:23.0514 3768 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:47:23.0514 3768 Netlogon - ok
20:47:23.0546 3768 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:47:23.0561 3768 Netman - ok
20:47:23.0577 3768 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:47:23.0592 3768 netprofm - ok
20:47:23.0670 3768 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:47:23.0670 3768 NetTcpPortSharing - ok
20:47:23.0686 3768 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:47:23.0686 3768 nfrd960 - ok
20:47:23.0702 3768 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:47:23.0702 3768 NisDrv - ok
20:47:23.0780 3768 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
20:47:23.0780 3768 NisSrv - ok
20:47:23.0811 3768 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:47:23.0811 3768 NlaSvc - ok
20:47:23.0826 3768 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:47:23.0826 3768 Npfs - ok
20:47:23.0842 3768 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:47:23.0842 3768 nsi - ok
20:47:23.0842 3768 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:47:23.0842 3768 nsiproxy - ok
20:47:23.0936 3768 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
20:47:23.0951 3768 Ntfs - ok
20:47:24.0014 3768 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:47:24.0014 3768 Null - ok
20:47:24.0060 3768 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
20:47:24.0060 3768 nvraid - ok
20:47:24.0076 3768 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
20:47:24.0076 3768 nvstor - ok
20:47:24.0107 3768 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:47:24.0107 3768 nv_agp - ok
20:47:24.0123 3768 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:47:24.0123 3768 ohci1394 - ok
20:47:24.0154 3768 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:47:24.0170 3768 ose - ok
20:47:24.0201 3768 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:47:24.0201 3768 p2pimsvc - ok
20:47:24.0232 3768 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:47:24.0232 3768 p2psvc - ok
20:47:24.0248 3768 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:47:24.0248 3768 Parport - ok
20:47:24.0263 3768 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
20:47:24.0263 3768 partmgr - ok
20:47:24.0279 3768 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:47:24.0294 3768 PcaSvc - ok
20:47:24.0326 3768 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:47:24.0326 3768 pci - ok
20:47:24.0341 3768 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:47:24.0341 3768 pciide - ok
20:47:24.0357 3768 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:47:24.0357 3768 pcmcia - ok
20:47:24.0372 3768 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:47:24.0372 3768 pcw - ok
20:47:24.0419 3768 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:47:24.0435 3768 PEAUTH - ok
20:47:24.0513 3768 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
20:47:24.0528 3768 PeerDistSvc - ok
20:47:24.0606 3768 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:47:24.0606 3768 PerfHost - ok
20:47:24.0731 3768 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:47:24.0747 3768 pla - ok
20:47:24.0794 3768 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:47:24.0794 3768 PlugPlay - ok
20:47:24.0903 3768 PMBDeviceInfoProvider (63694c307273062a2167ae4ce80730ef) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
20:47:24.0918 3768 PMBDeviceInfoProvider - ok
20:47:24.0934 3768 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:47:24.0934 3768 PNRPAutoReg - ok
20:47:24.0950 3768 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:47:24.0950 3768 PNRPsvc - ok
20:47:24.0996 3768 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:47:25.0012 3768 PolicyAgent - ok
20:47:25.0028 3768 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:47:25.0043 3768 Power - ok
20:47:25.0074 3768 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:47:25.0074 3768 PptpMiniport - ok
20:47:25.0106 3768 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:47:25.0106 3768 Processor - ok
20:47:25.0121 3768 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
20:47:25.0121 3768 ProfSvc - ok
20:47:25.0137 3768 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:47:25.0137 3768 ProtectedStorage - ok
20:47:25.0168 3768 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:47:25.0168 3768 Psched - ok
20:47:25.0246 3768 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:47:25.0262 3768 ql2300 - ok
20:47:25.0340 3768 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:47:25.0340 3768 ql40xx - ok
20:47:25.0355 3768 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:47:25.0355 3768 QWAVE - ok
20:47:25.0371 3768 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:47:25.0371 3768 QWAVEdrv - ok
20:47:25.0386 3768 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:47:25.0386 3768 RasAcd - ok
20:47:25.0402 3768 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:47:25.0402 3768 RasAgileVpn - ok
20:47:25.0418 3768 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:47:25.0433 3768 RasAuto - ok
20:47:25.0449 3768 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:47:25.0449 3768 Rasl2tp - ok
20:47:25.0496 3768 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:47:25.0496 3768 RasMan - ok
20:47:25.0511 3768 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:47:25.0511 3768 RasPppoe - ok
20:47:25.0527 3768 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:47:25.0527 3768 RasSstp - ok
20:47:25.0558 3768 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:47:25.0558 3768 rdbss - ok
20:47:25.0574 3768 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:47:25.0574 3768 rdpbus - ok
20:47:25.0574 3768 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:47:25.0574 3768 RDPCDD - ok
20:47:25.0605 3768 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
20:47:25.0605 3768 RDPDR - ok
20:47:25.0620 3768 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:47:25.0620 3768 RDPENCDD - ok
20:47:25.0636 3768 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:47:25.0636 3768 RDPREFMP - ok
20:47:25.0667 3768 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
20:47:25.0667 3768 RdpVideoMiniport - ok
20:47:25.0698 3768 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
20:47:25.0698 3768 RDPWD - ok
20:47:25.0730 3768 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:47:25.0730 3768 rdyboost - ok
20:47:25.0761 3768 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:47:25.0761 3768 RemoteAccess - ok
20:47:25.0776 3768 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:47:25.0792 3768 RemoteRegistry - ok
20:47:25.0792 3768 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:47:25.0792 3768 RpcEptMapper - ok
20:47:25.0808 3768 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:47:25.0823 3768 RpcLocator - ok
20:47:25.0854 3768 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:47:25.0854 3768 RpcSs - ok
20:47:25.0870 3768 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:47:25.0870 3768 rspndr - ok
20:47:25.0886 3768 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
20:47:25.0886 3768 s3cap - ok
20:47:25.0917 3768 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:47:25.0917 3768 SamSs - ok
20:47:25.0979 3768 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
20:47:25.0979 3768 SASDIFSV - ok
20:47:26.0010 3768 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
20:47:26.0010 3768 SASKUTIL - ok
20:47:26.0026 3768 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:47:26.0026 3768 sbp2port - ok
20:47:26.0042 3768 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:47:26.0042 3768 SCardSvr - ok
20:47:26.0073 3768 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:47:26.0073 3768 scfilter - ok
20:47:26.0151 3768 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:47:26.0166 3768 Schedule - ok
20:47:26.0182 3768 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:47:26.0182 3768 SCPolicySvc - ok
20:47:26.0213 3768 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:47:26.0213 3768 SDRSVC - ok
20:47:26.0260 3768 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:47:26.0260 3768 secdrv - ok
20:47:26.0276 3768 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:47:26.0276 3768 seclogon - ok
20:47:26.0307 3768 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
20:47:26.0307 3768 SENS - ok
20:47:26.0322 3768 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:47:26.0322 3768 SensrSvc - ok
20:47:26.0354 3768 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:47:26.0354 3768 Serenum - ok
20:47:26.0369 3768 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:47:26.0369 3768 Serial - ok
20:47:26.0400 3768 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:47:26.0400 3768 sermouse - ok
20:47:26.0416 3768 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:47:26.0416 3768 SessionEnv - ok
20:47:26.0432 3768 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:47:26.0447 3768 sffdisk - ok
20:47:26.0447 3768 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:47:26.0447 3768 sffp_mmc - ok
20:47:26.0463 3768 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:47:26.0463 3768 sffp_sd - ok
20:47:26.0463 3768 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:47:26.0463 3768 sfloppy - ok
20:47:26.0525 3768 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:47:26.0541 3768 SharedAccess - ok
20:47:26.0572 3768 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:47:26.0588 3768 ShellHWDetection - ok
20:47:26.0588 3768 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:47:26.0588 3768 SiSRaid2 - ok
20:47:26.0603 3768 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:47:26.0603 3768 SiSRaid4 - ok
20:47:26.0619 3768 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:47:26.0619 3768 Smb - ok
20:47:26.0650 3768 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:47:26.0650 3768 SNMPTRAP - ok
20:47:26.0666 3768 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:47:26.0666 3768 spldr - ok
20:47:26.0712 3768 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:47:26.0712 3768 Spooler - ok
20:47:26.0884 3768 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:47:26.0915 3768 sppsvc - ok
20:47:27.0009 3768 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:47:27.0009 3768 sppuinotify - ok
20:47:27.0056 3768 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:47:27.0056 3768 srv - ok
20:47:27.0102 3768 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:47:27.0102 3768 srv2 - ok
20:47:27.0118 3768 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:47:27.0118 3768 srvnet - ok
20:47:27.0149 3768 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:47:27.0149 3768 SSDPSRV - ok
20:47:27.0165 3768 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:47:27.0165 3768 SstpSvc - ok
20:47:27.0165 3768 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:47:27.0165 3768 stexstor - ok
20:47:27.0212 3768 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:47:27.0227 3768 stisvc - ok
20:47:27.0258 3768 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
20:47:27.0258 3768 storflt - ok
20:47:27.0274 3768 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
20:47:27.0274 3768 storvsc - ok
20:47:27.0290 3768 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:47:27.0290 3768 swenum - ok
20:47:27.0321 3768 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:47:27.0336 3768 swprv - ok
20:47:27.0336 3768 Synth3dVsc - ok
20:47:27.0430 3768 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:47:27.0446 3768 SysMain - ok
20:47:27.0508 3768 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:47:27.0508 3768 TabletInputService - ok
20:47:27.0539 3768 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:47:27.0555 3768 TapiSrv - ok
20:47:27.0570 3768 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:47:27.0570 3768 TBS - ok
20:47:27.0664 3768 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
20:47:27.0680 3768 Tcpip - ok
20:47:27.0789 3768 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
20:47:27.0804 3768 TCPIP6 - ok
20:47:27.0851 3768 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:47:27.0851 3768 tcpipreg - ok
20:47:27.0882 3768 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:47:27.0882 3768 TDPIPE - ok
20:47:27.0898 3768 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:47:27.0898 3768 TDTCP - ok
20:47:27.0914 3768 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:47:27.0914 3768 tdx - ok
20:47:27.0929 3768 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:47:27.0929 3768 TermDD - ok
20:47:27.0960 3768 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:47:27.0976 3768 TermService - ok
20:47:27.0992 3768 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:47:27.0992 3768 Themes - ok
20:47:28.0023 3768 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:47:28.0023 3768 THREADORDER - ok
20:47:28.0038 3768 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:47:28.0038 3768 TrkWks - ok
20:47:28.0054 3768 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:47:28.0054 3768 TrustedInstaller - ok
20:47:28.0085 3768 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:47:28.0085 3768 tssecsrv - ok
20:47:28.0101 3768 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:47:28.0101 3768 TsUsbFlt - ok
20:47:28.0116 3768 tsusbhub - ok
20:47:28.0163 3768 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:47:28.0163 3768 tunnel - ok
20:47:28.0179 3768 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:47:28.0179 3768 uagp35 - ok
20:47:28.0210 3768 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:47:28.0210 3768 udfs - ok
20:47:28.0241 3768 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:47:28.0241 3768 UI0Detect - ok
20:47:28.0257 3768 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:47:28.0257 3768 uliagpkx - ok
20:47:28.0272 3768 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:47:28.0272 3768 umbus - ok
20:47:28.0288 3768 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:47:28.0288 3768 UmPass - ok
20:47:28.0304 3768 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
20:47:28.0304 3768 UmRdpService - ok
20:47:28.0335 3768 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:47:28.0335 3768 upnphost - ok
20:47:28.0366 3768 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
20:47:28.0366 3768 usbccgp - ok
20:47:28.0397 3768 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:47:28.0397 3768 usbcir - ok
20:47:28.0413 3768 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
20:47:28.0413 3768 usbehci - ok
20:47:28.0444 3768 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
20:47:28.0444 3768 usbhub - ok
20:47:28.0460 3768 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
20:47:28.0460 3768 usbohci - ok
20:47:28.0475 3768 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:47:28.0475 3768 usbprint - ok
20:47:28.0491 3768 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:47:28.0491 3768 USBSTOR - ok
20:47:28.0491 3768 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
20:47:28.0491 3768 usbuhci - ok
20:47:28.0506 3768 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:47:28.0506 3768 UxSms - ok
20:47:28.0538 3768 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:47:28.0538 3768 VaultSvc - ok
20:47:28.0538 3768 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:47:28.0538 3768 vdrvroot - ok
20:47:28.0569 3768 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:47:28.0584 3768 vds - ok
20:47:28.0600 3768 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:47:28.0600 3768 vga - ok
20:47:28.0616 3768 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:47:28.0616 3768 VgaSave - ok
20:47:28.0631 3768 VGPU - ok
20:47:28.0647 3768 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:47:28.0647 3768 vhdmp - ok
20:47:28.0662 3768 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:47:28.0662 3768 viaide - ok
20:47:28.0678 3768 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
20:47:28.0678 3768 vmbus - ok
20:47:28.0694 3768 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
20:47:28.0694 3768 VMBusHID - ok
20:47:28.0709 3768 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:47:28.0709 3768 volmgr - ok
20:47:28.0756 3768 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:47:28.0756 3768 volmgrx - ok
20:47:28.0787 3768 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:47:28.0787 3768 volsnap - ok
20:47:28.0803 3768 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:47:28.0818 3768 vsmraid - ok
20:47:28.0912 3768 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:47:28.0928 3768 VSS - ok
20:47:29.0006 3768 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:47:29.0006 3768 vwifibus - ok
20:47:29.0037 3768 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:47:29.0037 3768 W32Time - ok
20:47:29.0052 3768 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:47:29.0052 3768 WacomPen - ok
20:47:29.0068 3768 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:47:29.0084 3768 WANARP - ok
20:47:29.0084 3768 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:47:29.0084 3768 Wanarpv6 - ok
20:47:29.0162 3768 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:47:29.0177 3768 WatAdminSvc - ok
20:47:29.0255 3768 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:47:29.0271 3768 wbengine - ok
20:47:29.0318 3768 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:47:29.0318 3768 WbioSrvc - ok
20:47:29.0364 3768 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:47:29.0364 3768 wcncsvc - ok
20:47:29.0380 3768 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:47:29.0380 3768 WcsPlugInService - ok
20:47:29.0380 3768 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:47:29.0380 3768 Wd - ok
20:47:29.0427 3768 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:47:29.0427 3768 Wdf01000 - ok
20:47:29.0442 3768 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:47:29.0442 3768 WdiServiceHost - ok
20:47:29.0442 3768 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:47:29.0442 3768 WdiSystemHost - ok
20:47:29.0489 3768 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:47:29.0489 3768 WebClient - ok
20:47:29.0505 3768 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:47:29.0505 3768 Wecsvc - ok
20:47:29.0520 3768 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:47:29.0520 3768 wercplsupport - ok
20:47:29.0552 3768 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:47:29.0552 3768 WerSvc - ok
20:47:29.0583 3768 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:47:29.0583 3768 WfpLwf - ok
20:47:29.0598 3768 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:47:29.0598 3768 WIMMount - ok
20:47:29.0645 3768 WinDefend - ok
20:47:29.0645 3768 WinHttpAutoProxySvc - ok
20:47:29.0692 3768 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:47:29.0692 3768 Winmgmt - ok
20:47:29.0801 3768 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:47:29.0817 3768 WinRM - ok
20:47:29.0910 3768 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:47:29.0910 3768 WinUsb - ok
20:47:29.0957 3768 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:47:29.0973 3768 Wlansvc - ok
20:47:30.0004 3768 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:47:30.0004 3768 WmiAcpi - ok
20:47:30.0035 3768 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:47:30.0035 3768 wmiApSrv - ok
20:47:30.0051 3768 WMPNetworkSvc - ok
20:47:30.0051 3768 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:47:30.0051 3768 WPCSvc - ok
20:47:30.0082 3768 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:47:30.0082 3768 WPDBusEnum - ok
20:47:30.0098 3768 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:47:30.0098 3768 ws2ifsl - ok
20:47:30.0129 3768 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
20:47:30.0129 3768 wscsvc - ok
20:47:30.0129 3768 WSearch - ok
20:47:30.0254 3768 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
20:47:30.0269 3768 wuauserv - ok
20:47:30.0332 3768 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:47:30.0332 3768 WudfPf - ok
20:47:30.0347 3768 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:47:30.0347 3768 WUDFRd - ok
20:47:30.0378 3768 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:47:30.0378 3768 wudfsvc - ok
20:47:30.0410 3768 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:47:30.0410 3768 WwanSvc - ok
20:47:30.0425 3768 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:47:30.0597 3768 \Device\Harddisk0\DR0 - ok
20:47:30.0644 3768 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR5
20:47:30.0675 3768 \Device\Harddisk5\DR5 - ok
20:47:30.0675 3768 Boot (0x1200) (da047b6249ca6f1dd777d73829854cb3) \Device\Harddisk0\DR0\Partition0
20:47:30.0675 3768 \Device\Harddisk0\DR0\Partition0 - ok
20:47:30.0690 3768 Boot (0x1200) (16cbd977c86d8ab5ef2c7760cbbe53d8) \Device\Harddisk0\DR0\Partition1
20:47:30.0690 3768 \Device\Harddisk0\DR0\Partition1 - ok
20:47:30.0690 3768 Boot (0x1200) (427be5f22a3dc38dc215e992844db6de) \Device\Harddisk5\DR5\Partition0
20:47:30.0690 3768 \Device\Harddisk5\DR5\Partition0 - ok
20:47:30.0690 3768 Boot (0x1200) (8cfed740cb051674c0e4c019a457e6dc) \Device\Harddisk5\DR5\Partition1
20:47:30.0690 3768 \Device\Harddisk5\DR5\Partition1 - ok
20:47:30.0706 3768 Boot (0x1200) (4194ce14dca71fa351c2dcf6aa8a1db1) \Device\Harddisk5\DR5\Partition2
20:47:30.0722 3768 \Device\Harddisk5\DR5\Partition2 - ok
20:47:30.0722 3768 ============================================================
20:47:30.0722 3768 Scan finished
20:47:30.0722 3768 ============================================================
20:47:30.0722 3204 Detected object count: 1
20:47:30.0722 3204 Actual detected object count: 1
20:47:36.0806 3204 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
20:47:36.0806 3204 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip


And this is the scan log of aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-29 20:48:55
-----------------------------
20:48:55.352 OS Version: Windows x64 6.1.7601 Service Pack 1
20:48:55.352 Number of processors: 8 586 0x1A04
20:48:55.352 ComputerName: MI_ UserName: MI
20:48:56.366 Initialize success
20:50:13.401 AVAST engine defs: 12052800
20:52:48.619 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
20:52:48.619 Disk 0 Vendor: WDC_WD1001FALS-00J7B0 05.00K05 Size: 953869MB BusType: 11
20:52:48.635 Disk 0 MBR read successfully
20:52:48.635 Disk 0 MBR scan
20:52:48.681 Disk 0 Windows 7 default MBR code
20:52:48.681 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15000 MB offset 2048
20:52:48.697 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 469458 MB offset 30722048
20:52:48.744 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 469409 MB offset 992172032
20:52:48.775 Disk 0 scanning C:\Windows\system32\drivers
20:52:56.622 Service scanning
20:53:13.361 Modules scanning
20:53:13.361 Disk 0 trace - called modules:
20:53:13.376 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
20:53:13.376 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065ae790]
20:53:13.376 3 CLASSPNP.SYS[fffff8800198c43f] -> nt!IofCallDriver -> [0xfffffa800633e320]
20:53:13.376 5 ACPI.sys[fffff88000fb27a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8006348060]
20:53:14.609 AVAST engine scan C:\Windows
20:53:18.790 AVAST engine scan C:\Windows\system32
20:55:42.279 AVAST engine scan C:\Windows\system32\drivers
20:55:54.041 AVAST engine scan C:\Users\MI
21:00:01.286 AVAST engine scan C:\ProgramData
21:01:40.830 Scan finished successfully
21:03:39.936 Disk 0 MBR has been saved successfully to "C:\Users\MI\Desktop\30-5\MBR.dat"
21:03:39.983 The log file has been saved successfully to "C:\Users\MI\Desktop\30-5\aswMBR.txt"

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:47 PM

Posted 29 May 2012 - 02:19 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Driver::
cxrczgyo

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 mrln12

mrln12
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 31 May 2012 - 02:17 PM

Hello, this is the report of Combofix.
I didn't have problems while running Combofix. It asked to be updated, so I clicked yes to update. Then it updated it self and then it restarted.
My computer looks fine now while surfing. I don't get the popup ads anymore. But my windows firewall (of Security Essentials) did block some things and put in quarantine in past few days on May 20, May 25 and May 30. I don't know if you can see it in the reports. Let me know if you want to know the names of the quaratined things.

ComboFix 12-05-31.02 - MI 31-05-2012 20:54:22.2.8 - x64
Gestart vanuit: c:\users\MI\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\MI\Desktop\CFScript.txt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\MI\AppData\Local\Microsoft\Windows\Temporary Internet Files\SKBGM.cfg
c:\users\MI\AppData\Local\Microsoft\Windows\Temporary Internet Files\SKBGM0.che
c:\users\MI\AppData\Local\Microsoft\Windows\Temporary Internet Files\SKBGM1.che
c:\users\MI\AppData\Local\Microsoft\Windows\Temporary Internet Files\SKBGM2.che
c:\users\MI\AppData\Local\Microsoft\Windows\Temporary Internet Files\SKBGM3.che
c:\users\MI\AppData\Local\Microsoft\Windows\Temporary Internet Files\SKBGM4.che
c:\users\MI\AppData\Local\Microsoft\Windows\Temporary Internet Files\SKBGM5.che
c:\users\MI\AppData\Local\Microsoft\Windows\Temporary Internet Files\SKBGM6.che
c:\users\MI\AppData\Local\Microsoft\Windows\Temporary Internet Files\SKBGM7.che
c:\users\MI\AppData\Local\Microsoft\Windows\Temporary Internet Files\SKBGM8.che
c:\users\MI\AppData\Local\Microsoft\Windows\Temporary Internet Files\SKBGM9.che
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_cxrczgyo
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-04-28 to 2012-05-31 ))))))))))))))))))))))))))))))
.
.
2012-05-31 18:58 . 2012-05-31 18:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-30 20:12 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A6E88A16-5F30-466B-8D7A-ADF0C1903536}\mpengine.dll
2012-05-29 17:59 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-25 20:15 . 2012-05-25 20:15 -------- d-----w- c:\program files (x86)\ESET
2012-05-24 20:38 . 2012-05-26 16:14 -------- d-----w- c:\users\MI\AppData\Roaming\AVI ReComp
2012-05-24 20:37 . 2012-05-24 20:37 -------- d-----w- c:\program files (x86)\Gabest
2012-05-24 20:34 . 2011-05-30 13:42 240640 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2012-05-24 20:34 . 2011-05-30 13:42 255488 ----a-w- c:\windows\system32\xvidvfw.dll
2012-05-24 20:34 . 2011-05-23 09:52 153088 ----a-w- c:\windows\SysWow64\xvid.ax
2012-05-24 20:34 . 2011-05-23 07:49 173568 ----a-w- c:\windows\system32\xvid.ax
2012-05-24 20:34 . 2011-05-23 07:46 645632 ----a-w- c:\windows\SysWow64\xvidcore.dll
2012-05-24 20:34 . 2011-05-23 07:45 696832 ----a-w- c:\windows\system32\xvidcore.dll
2012-05-24 20:34 . 2012-05-24 20:34 -------- d-----w- c:\program files (x86)\Xvid
2012-05-24 20:33 . 2012-05-24 20:33 -------- d-----w- c:\program files (x86)\AviSynth 2.5
2012-05-24 20:32 . 2012-05-24 20:37 -------- d-----w- c:\program files (x86)\AVI ReComp
2012-05-21 19:04 . 2012-05-21 19:06 -------- d-----w- c:\windows\SysWow64\Adobe
2012-05-20 15:33 . 2012-05-20 15:33 -------- d-----w- c:\users\MI\AppData\Roaming\SUPERAntiSpyware.com
2012-05-20 15:33 . 2012-05-20 15:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-20 15:33 . 2012-05-20 15:33 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-05-05 20:47 . 2012-05-05 20:47 -------- d-----w- c:\windows\SysWow64\Wat
2012-05-05 20:47 . 2012-05-05 20:47 -------- d-----w- c:\windows\system32\Wat
2012-05-05 11:45 . 2012-05-05 11:45 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{439537DA-4D30-41A8-8CE5-EACCB7CCD9E3}\gapaengine.dll
2012-05-05 11:44 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-05-05 11:44 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-05-05 11:44 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-05-05 11:43 . 2012-05-05 11:43 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-05-05 11:43 . 2012-05-05 11:43 -------- d-----w- c:\program files\Microsoft Security Client
2012-05-05 10:46 . 2012-05-05 10:46 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-05-03 20:52 . 2012-05-03 20:52 -------- d-----w- c:\windows\system32\SPReview
2012-05-03 20:52 . 2012-05-03 20:52 -------- d-----w- c:\windows\system32\EventProviders
2012-05-03 20:49 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-03 20:49 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-05-03 20:49 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-03 20:49 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-03 20:49 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-05-03 20:49 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-05-03 20:49 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-05-03 20:45 . 2010-11-20 13:34 215936 ----a-w- c:\windows\system32\drivers\vhdmp.sys
2012-05-03 20:44 . 2010-11-20 13:27 86016 ----a-w- c:\windows\system32\TSpkg.dll
2012-05-03 20:43 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2012-05-03 20:43 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2012-05-03 20:42 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-05-03 20:26 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-05-03 20:26 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-05-03 20:24 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-05-03 20:24 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-05-03 20:24 . 2012-05-05 10:41 -------- d-sh--w- c:\users\MI\AppData\Local\{5c9ce6d3-52ff-ca64-83a3-dc3769b8c19e}
2012-05-03 20:24 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-05-03 20:24 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-05-03 20:24 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-05-03 20:24 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-21 18:10 . 2012-04-08 20:30 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-21 18:10 . 2011-06-02 11:07 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-03 21:11 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-05-03 21:11 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-04-04 13:56 . 2012-04-26 22:16 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-20 18:44 . 2012-03-20 18:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 18:44 . 2012-03-20 18:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-28_10.35.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-05 17:00 . 2012-05-31 15:56 44484 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-31 15:56 41666 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-05 17:00 . 2012-05-30 20:05 17304 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1729316787-2429321519-4277329716-1001_UserData.bin
- 2012-05-28 10:33 . 2012-05-28 10:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-31 19:05 . 2012-05-31 19:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-31 19:05 . 2012-05-31 19:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-28 10:33 . 2012-05-28 10:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-01-05 00:30 . 2012-05-05 12:12 691388 c:\windows\system32\perfh013.dat
+ 2010-01-05 00:30 . 2012-05-31 17:15 691388 c:\windows\system32\perfh013.dat
+ 2010-01-05 00:30 . 2012-05-31 17:15 385448 c:\windows\system32\perfh011.dat
- 2010-01-05 00:30 . 2012-05-05 12:12 385448 c:\windows\system32\perfh011.dat
- 2009-07-14 02:36 . 2012-05-05 12:12 609092 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-31 17:15 609092 c:\windows\system32\perfh009.dat
- 2010-01-05 00:30 . 2012-05-05 12:12 130536 c:\windows\system32\perfc013.dat
+ 2010-01-05 00:30 . 2012-05-31 17:15 130536 c:\windows\system32\perfc013.dat
+ 2010-01-05 00:30 . 2012-05-31 17:15 104370 c:\windows\system32\perfc011.dat
- 2010-01-05 00:30 . 2012-05-05 12:12 104370 c:\windows\system32\perfc011.dat
- 2009-07-14 02:36 . 2012-05-05 12:12 104370 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-05-31 17:15 104370 c:\windows\system32\perfc009.dat
+ 2010-01-04 23:53 . 2012-05-30 20:43 114688 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-04 23:53 . 2012-05-26 09:54 114688 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 05:01 . 2012-05-31 19:04 612744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-05-28 10:33 612744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-01-04 23:53 . 2012-05-26 09:54 1753088 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-04 23:53 . 2012-05-30 20:43 1753088 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-30 20:43 1343488 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-26 09:54 1343488 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-06 23:15 . 2012-05-31 19:04 5234772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1729316787-2429321519-4277329716-1001-8192.dat
- 2010-01-06 23:15 . 2012-05-28 10:33 5234772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1729316787-2429321519-4277329716-1001-8192.dat
- 2010-02-02 23:19 . 2012-05-28 01:08 13168076 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1729316787-2429321519-4277329716-1001-4096.dat
+ 2010-02-02 23:19 . 2012-05-29 22:25 13168076 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1729316787-2429321519-4277329716-1001-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoftAuto.exe"="c:\program files (x86)\Creative\Software Update 3\SoftAuto.exe" [2008-05-28 401408]
"Akamai NetSession Interface"="c:\users\MI\AppData\Local\Akamai\netsession_win.exe" [2012-05-07 3331872]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-10 417792]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-26 648032]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\MI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ViiKiiDesktopPlugin.lnk - c:\program files (x86)\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 CTUPnPSv;Creative Centrale Media Server;c:\program files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-26 398176]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
S3 gwfilt64;gwfilt64;c:\windows\system32\drivers\gwfilt64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-25 9650720]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
TCP: DhcpNameServer = 192.168.1.1
DPF: {C342F4EE-6D48-4239-A55D-CF2D0D1F3BC6} - hxxp://music.global.cyworld.com/Content/package/skcaset.cab
FF - ProfilePath - c:\users\MI\AppData\Roaming\Mozilla\Firefox\Profiles\3pwznh6q.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS VERWIJDERD - - - -
.
WebBrowser-{A057A204-BACC-4D26-8287-79A187E26987} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-1729316787-2429321519-4277329716-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1d,13,cb,6a,ba,51,9c,31,a6,04,e8,c5,30,d2,12,d6,b1,c5,a3,fb,3a,06,76,
8c,06,4f,fa,04,27,89,37,c3,79,39,2c,1f,4a,1b,fd,c1,18,41,da,3a,38,c3,91,19,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTDevSrv.exe
.
**************************************************************************
.
Voltooingstijd: 2012-05-31 21:10:05 - machine werd herstart
ComboFix-quarantined-files.txt 2012-05-31 19:10
ComboFix2.txt 2012-05-28 10:39
.
Pre-Run: 386.967.130.112 bytes free
Post-Run: 386.924.535.808 bytes free
.
- - End Of File - - 7497A71659CCFC51A92C1D8A8D4FCDD1

Edited by mrln12, 31 May 2012 - 02:18 PM.


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:47 PM

Posted 31 May 2012 - 09:41 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.2 - Nederlands
Java™ 6 Update 23
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 mrln12

mrln12
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 03 June 2012 - 05:57 AM

Hello, these are the logs. I haven't had any problems running the scans and updating. I think the computer is doing fine, I don't find any strange things.
However Security Essentials did quarantined something called Trojan:Win64/Sirefef 10 minutes ago.

Here are the logs:

MBAM:
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.03.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
MI :: MI_ [administrator]

Protection: Disabled

3-6-2012 12:43:14
mbam-log-2012-06-03 (12-43-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204139
Time elapsed: 2 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


And this is the report of Hijackthis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:53:26, on 3-6-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe
C:\Users\MI\AppData\Local\Akamai\netsession_win.exe
C:\Users\MI\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\MI\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
O4 - Startup: ViiKiiDesktopPlugin.lnk = C:\Program Files (x86)\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C342F4EE-6D48-4239-A55D-CF2D0D1F3BC6} (skcaset1 Class) - http://music.global.cyworld.com/Content/package/skcaset.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7910 bytes

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:47 PM

Posted 04 June 2012 - 09:25 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
      O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe"
      O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\MI\AppData\Local\Akamai\netsession_win.exe"
      O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
      O4 - Startup: ViiKiiDesktopPlugin.lnk = C:\Program Files (x86)\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:47 PM

Posted 07 June 2012 - 12:51 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 mrln12

mrln12
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 07 June 2012 - 02:07 PM

Hello, i'm sorry for my late reply. I am still here, because of work I couldn't check it earlier.
I'm goign to do the scans now.

#14 mrln12

mrln12
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 07 June 2012 - 03:38 PM

Hello, i did the ESET scan.
Is this the result of the scan you wish to see? I didn't see elsewhere an logfile of it. These are the threats Eset Scan has found:

C:\Users\MI\AppData\Local\Mozilla\Firefox\Profiles\3pwznh6q.default\Cache\7\D2\0A78Cd01 HTML/ScrInject.B.Gen virus
C:\Users\MI\AppData\Local\Mozilla\Firefox\Profiles\3pwznh6q.default\Cache\A\4A\EBBB4d01 HTML/ScrInject.B.Gen virus
C:\Users\MI\AppData\Local\Mozilla\Firefox\Profiles\3pwznh6q.default\Cache\A\F0\0BF62d01 HTML/ScrInject.B.Gen virus

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:47 PM

Posted 07 June 2012 - 03:52 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    rd /s /q "C:\Users\MI\AppData\Local\Mozilla\Firefox\Profiles\3pwznh6q.default\Cache\7\D2\"
    rd /s /q "C:\Users\MI\AppData\Local\Mozilla\Firefox\Profiles\3pwznh6q.default\Cache\A\4A\"
    rd /s /q "C:\Users\MI\AppData\Local\Mozilla\Firefox\Profiles\3pwznh6q.default\Cache\A\F0\"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users