Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nasty Win32/sirefef.R and Win32/sirefef.AH


  • This topic is locked This topic is locked
13 replies to this topic

#1 traveller72

traveller72

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 24 June 2012 - 07:19 PM

My PC is infected by the sirefef.R and AH trojan. Thanks to you guys I have already found some information and already run the Farbar Recovery Scan.
Below and also attached you will find the results from the scan and search.txt.

Could you please tell me on how to proceed from here?
Thanks,
Bjorn

1.) FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 20-06-2012 01
Ran by SYSTEM at 25-06-2012 01:44:23
Running from J:\
Windows 7 Home Premium (X86) OS Language: Dutch Standard
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [835584 2007-03-10] (Synaptics, Inc.)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [620152 2006-10-22] (Adobe Systems Inc.)
HKLM\...\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2012-01-21] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon [767312 2009-09-04] (CANON INC.)
HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-15] (Intel Corporation)
HKLM\...\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [317288 2009-05-26] (Sony Corporation)
HKLM\...\Run: [PSQLLauncher] "C:\Program Files\Protector Suite\launcher.exe" /startup [55048 2009-07-17] (UPEK Inc.)
HKLM\...\Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart [980368 2011-11-05] (The Eraser Project)
HKLM\...\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [358200 2010-12-11] (Acronis)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13797920 2009-07-18] (NVIDIA Corporation)
HKLM\...\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5111464 2010-12-11] (Acronis)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2567272 2011-07-19] (CANON INC.)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-29] ()
HKLM\...\Run: [LUTManager] "C:\Program Files\LUT Manager\LUTManager.exe" /pt "@default" 0 [319488 2008-12-28] (Nixz Software)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [x]
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM\...\Run: [] [x]
HKLM\...\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" [293360 2011-07-13] (Rovi Corporation)
HKLM\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler [324976 2010-05-21] (Flexera Software, Inc.)
HKLM\...\Run: [CPMonitor] "C:\Program Files\Roxio 2012\5.0\CPMonitor.exe" [84464 2011-07-08] ()
HKLM\...\Run: [Desktop Disc Tool] "C:\Program Files\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe" [506352 2011-06-12] ()
HKLM\...\Run: [ASUS Ai Charger] C:\Program Files\ASUS\ASUS Ai Charger\AiChargerAP.exe [465536 2010-05-10] (ASUSTek Computer Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [Regedit32] C:\Windows\system32\regedit.exe [x]
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\Bjorn\...\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe" [262144 2008-06-27] (Sony Corporation)
HKU\Bjorn\...\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" [495616 2007-09-02] ()
HKU\Bjorn\...\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount [33120 2010-08-20] (Alcohol Soft Development Team)
HKU\Bjorn\...\Run: [LUTManager] "C:\Program Files\LUT Manager\LUTManager.exe" /pt "@default" 0 [319488 2008-12-28] (Nixz Software)
HKU\Bjorn\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Bjorn\...\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59240 2012-02-24] (Apple Inc.)
HKU\Bjorn\...\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.)
HKU\Bjorn\...\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59240 2012-02-23] (Apple Inc.)
HKU\Bjorn\...\Run: [0i763f66bz] C:\Users\Bjorn\0i763f66bz.exe [42496 2012-06-23] (FaceVsion)
Winlogon\Notify\psfus: C:\Program Files\Protector Suite\psqlpwd.dll [X]
Winlogon\Notify\VESWinlogon: VESWinlogon.dll (Sony Corporation)
Lsa: [Notification Packages] scecli
psqlpwd
C:\Program Files\Protector Suite\psqlpwd.dll
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-BA7E-000000000003}\_SC_Acrobat.exe ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
ShortcutTarget: Adobe Acrobat Synchronizer.lnk -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\CineForm Status.lnk
ShortcutTarget: CineForm Status.lnk -> C:\Program Files\CineForm\Tools\CineFormActiveMetadataStatusViewer.exe (CineForm)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\WD Quick View.lnk
ShortcutTarget: WD Quick View.lnk -> C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe (Western Digital Technologies, Inc.)

================================ Services (Whitelisted) ==================

2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe [457200 2011-02-09] ()
2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 AcrSch2Svc; "C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe" [763816 2010-12-11] (Acronis)
2 AdobeActiveFileMonitor8.0; C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-10-09] (Adobe Systems Incorporated)
2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2012-01-03] (Acronis)
2 astcc; C:\Windows\system32\astsrv.exe [57344 2010-05-14] (Nalpeiron Ltd.)
2 BOT4Service; "C:\Program Files\Roxio\BackOnTrack\App\BService.exe" [21488 2011-07-15] ()
4 BOTService; "C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe" [211440 2011-07-14] (Rovi Corporation)
2 btwdins; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [582944 2009-07-01] (Broadcom Corporation.)
3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [556544 2010-11-20] (Microsoft Corporation)
3 ehSched; C:\Windows\ehome\ehsched.exe [94720 2009-07-14] (Microsoft Corporation)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-14] (Microsoft Corporation)
2 MDM; "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe" [335872 2006-10-26] (Microsoft Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [11552 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [214952 2012-03-26] (Microsoft Corporation)
2 nlsX86cc; C:\Windows\system32\nlssrv32.exe [64512 2011-01-21] (Nalpeiron Ltd.)
2 nTuneService; C:\Program Files\NVIDIA\nTune\nTuneService.exe /StartService [191080 2009-11-06] (NVIDIA)
2 OS Selector; "C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe" [2159224 2010-07-13] ()
2 PSI_SVC_2; "C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [193824 2010-03-11] (Protexis Inc.)
3 RoxMediaDB13; "C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe" [1095664 2011-07-13] (Rovi Corporation)
2 RoxWatch12; "C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe" [340976 2011-07-13] (Rovi Corporation)
3 SOHCImp; "C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe" [103712 2008-05-20] (Sony Corporation)
3 SOHDms; "C:\Program Files\Sony\VAIO Media plus\SOHDms.exe" [353568 2008-05-20] (Sony Corporation)
3 SOHDs; "C:\Program Files\Sony\VAIO Media plus\SOHDs.exe" [62752 2008-05-20] (Sony Corporation)
2 SplashtopRemoteService; "C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe" [531328 2012-02-09] (Splashtop Inc.)
3 SPTISRV; "C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe" [77824 2008-05-20] (Sony Corporation)
2 SSUService; C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe [370504 2012-03-15] (Splashtop Inc.)
2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software)
2 UpdateCenterService; C:\Program Files\NVIDIA\System Update\UpdateCenterService.exe /StartService [195176 2009-11-06] (NVIDIA)
3 VAIO Entertainment TV Device Arbitration Service; "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe" [73728 2008-05-22] (Sony Corporation)
2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182112 2008-07-15] (Sony Corporation)
2 VCFw; "C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe" [415744 2008-06-20] (Sony Corporation)
3 VcmIAlzMgr; "C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [337184 2008-06-11] (Sony Corporation)
3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -RunBySCM [279848 2008-06-19] (Sony Corporation)
2 VzCdbSvc; "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe" [192512 2008-05-22] (Sony Corporation)
3 wbengine; "C:\Windows\system32\wbengine.exe" [1203200 2010-11-20] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

2 6077757b; \??\C:\Windows\system32\drivers\regi.sys [11032 2007-04-17] (InterVideo)
3 afcdp; C:\Windows\System32\DRIVERS\afcdp.sys [167968 2012-01-03] (Acronis)
0 AiCharger; C:\Windows\System32\DRIVERS\AiCharger.sys [13224 2010-05-05] (ASUSTek Computer Inc.)
3 dcscusb; C:\Windows\System32\DRIVERS\dcscusb.sys [16384 2009-05-21] (Datacolor)
0 ece2981047436e29; C:\Windows\System32\Drivers\ece2981047436e29.sys [66488 2012-06-24] ()
1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-06-03] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-06-03] (Symantec Corporation)
3 JMCR_CFS; C:\Windows\System32\DRIVERS\jmcr_cfs.sys [52752 2008-07-02] (JMicron Technology Corporation)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 NETw5s32; C:\Windows\System32\DRIVERS\NETw5s32.sys [6755840 2010-01-13] (Intel Corporation)
3 nvoclock; C:\Windows\System32\DRIVERS\nvoclock.sys [38248 2009-09-15] (NVIDIA Corp.)
3 ptiusbf; C:\Windows\System32\DRIVERS\PTIUSBF.SYS [22474 2001-04-14] (Parallel Technologies, Inc.)
0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [45744 2011-05-24] (Rovi Corporation)
3 RemoteControl-USBLAN; C:\Windows\System32\DRIVERS\rcblan.sys [39704 2007-01-24] (Belcarra Technologies)
0 SahdIa32; C:\Windows\System32\Drivers\SahdIa32.sys [21488 2011-02-09] (Sonic Solutions)
0 SaibIa32; C:\Windows\System32\Drivers\SaibIa32.sys [15856 2011-02-09] (Sonic Solutions)
1 SaibVd32; C:\Windows\System32\Drivers\SaibVd32.sys [25584 2011-02-09] (Sonic Solutions)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [428088 2012-01-03] (Duplex Secure Ltd.)
3 Spyder3; C:\Windows\System32\DRIVERS\Spyder3.sys [12288 2010-03-30] ()
0 SysCow; C:\Windows\System32\drivers\syscow32v.sys [81904 2010-05-23] (Sonic Solutions)
0 tdrpman273; C:\Windows\System32\DRIVERS\tdrpm273.sys [752128 2012-01-03] (Acronis)
0 timounter; C:\Windows\System32\DRIVERS\timntr.sys [581984 2012-01-03] (Acronis)
3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [585920 2010-01-18] (eMPIA Technology, Inc.)
3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [549952 2010-01-18] (eMPIA Technology, Inc.)
3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [311296 2009-07-13] (Marvell)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-25 01:43 - 2012-06-25 01:44 - 00000000 ____D C:\FRST
2012-06-25 00:27 - 2012-06-25 00:28 - 00000000 ____D C:\Qoobox
2012-06-25 00:22 - 2012-06-25 00:28 - 00000000 ___SD C:\32788R22FWJFW
2012-06-25 00:22 - 2012-06-25 00:27 - 00000000 ____D C:\Windows\erdnt
2012-06-25 00:22 - 2012-06-25 00:18 - 04567243 ____R (Swearware) C:\Users\Bjorn\Desktop\ComboFix.exe
2012-06-24 23:46 - 2012-06-24 23:46 - 00000000 ____D C:\ArcSoft
2012-06-24 23:09 - 2012-06-24 23:44 - 00002127 ____A C:\Windows\epplauncher.mif
2012-06-24 23:08 - 2012-06-24 23:09 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-24 21:24 - 2012-06-24 22:11 - 00000000 ____D C:\Users\All Users\MFAData
2012-06-24 19:12 - 2012-06-24 19:15 - 00000000 ____D C:\Users\Bjorn\AppData\Roaming\Mask Pro 4.0
2012-06-24 11:48 - 2012-06-24 11:48 - 00066488 ____A C:\Windows\System32\Drivers\ece2981047436e29.sys
2012-06-23 17:08 - 2012-06-23 17:08 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-23 17:04 - 2012-06-23 17:04 - 00042496 ____A (FaceVsion) C:\Users\Bjorn\0i763f66bz.exe
2012-06-21 07:38 - 2012-06-02 23:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 07:38 - 2012-06-02 23:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 07:38 - 2012-06-02 23:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 07:38 - 2012-06-02 23:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 07:37 - 2012-06-02 23:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 07:37 - 2012-06-02 23:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 07:37 - 2012-06-02 23:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 07:36 - 2012-06-02 14:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 07:36 - 2012-06-02 14:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-15 12:01 - 2012-05-18 00:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-15 12:01 - 2012-05-17 23:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-15 12:01 - 2012-05-17 23:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-15 12:01 - 2012-05-17 23:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-15 12:01 - 2012-05-17 23:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-15 12:01 - 2012-05-17 23:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-15 12:01 - 2012-05-17 23:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-15 12:01 - 2012-05-17 23:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-15 12:01 - 2012-05-17 23:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-15 12:01 - 2012-05-17 23:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-15 12:01 - 2012-05-17 23:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-15 12:01 - 2012-05-17 23:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-15 12:01 - 2012-05-17 23:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-15 12:01 - 2012-05-17 23:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-15 11:27 - 2012-05-15 02:05 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-15 11:27 - 2012-04-28 04:17 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-15 11:27 - 2012-04-26 05:45 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-15 11:27 - 2012-04-26 05:45 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-15 11:27 - 2012-04-26 05:41 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-15 11:27 - 2012-04-24 05:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-15 11:27 - 2012-04-24 05:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-15 11:27 - 2012-04-24 05:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-15 11:27 - 2012-04-07 12:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-15 11:26 - 2012-05-01 05:44 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-11 10:07 - 2012-06-11 10:07 - 00000000 ____D C:\Users\Bjorn\AppData\Local\Macromedia
2012-06-08 12:27 - 2012-06-08 12:36 - 00000000 ____D C:\Users\Bjorn\AppData\Roaming\dBpoweramp
2012-06-07 23:37 - 2012-06-08 12:35 - 00000000 ____D C:\Users\Bjorn\AppData\Roaming\AccurateRip
2012-06-07 23:37 - 2012-06-07 23:37 - 00017680 ____A C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
2012-06-07 23:37 - 2012-06-07 23:36 - 00033846 ____A C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.bmp
2012-06-07 23:24 - 2012-06-08 00:23 - 00000000 ____D C:\Users\Bjorn\AppData\Roaming\foobar2000
2012-06-07 23:24 - 2012-06-07 23:24 - 00000000 ____D C:\Program Files\foobar2000
2012-06-07 22:16 - 2012-06-24 22:32 - 00000000 ____D C:\Users\Bjorn\AppData\Local\831B70AA-4223-46DB-A9E4-D27C6CB4247D.aplzod
2012-06-03 22:07 - 2012-06-11 11:49 - 00000000 ___HD C:\jexepackres
2012-06-03 15:33 - 2012-06-03 15:33 - 00000000 ____D C:\Users\Bjorn\AppData\Local\MPlayer
2012-05-29 09:45 - 2012-05-29 09:45 - 00000000 ____D C:\Program Files\CardRecovery

============ 3 Months Modified Files and Folders ===============

2012-06-25 01:44 - 2012-06-25 01:43 - 00000000 ____D C:\FRST
2012-06-25 00:41 - 2012-03-11 23:13 - 00000000 ____D C:\Users\Bjorn\AppData\Roaming\Dropbox
2012-06-25 00:39 - 2009-07-14 05:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-25 00:38 - 2009-07-14 05:39 - 01503881 ____A C:\Windows\setupact.log
2012-06-25 00:35 - 2012-04-19 21:38 - 00000940 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-25 00:35 - 2012-01-03 06:04 - 00000312 ____A C:\Windows\Tasks\GlaryInitialize.job
2012-06-25 00:35 - 2012-01-03 06:00 - 00001038 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-25 00:28 - 2012-06-25 00:27 - 00000000 ____D C:\Qoobox
2012-06-25 00:28 - 2012-06-25 00:22 - 00000000 ___SD C:\32788R22FWJFW
2012-06-25 00:27 - 2012-06-25 00:22 - 00000000 ____D C:\Windows\erdnt
2012-06-25 00:18 - 2012-06-25 00:22 - 04567243 ____R (Swearware) C:\Users\Bjorn\Desktop\ComboFix.exe
2012-06-24 23:46 - 2012-06-24 23:46 - 00000000 ____D C:\ArcSoft
2012-06-24 23:44 - 2012-06-24 23:09 - 00002127 ____A C:\Windows\epplauncher.mif
2012-06-24 23:25 - 2012-01-03 06:00 - 00001042 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-24 23:10 - 2012-01-03 00:37 - 01331795 ____A C:\Windows\WindowsUpdate.log
2012-06-24 23:09 - 2012-06-24 23:08 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-24 23:09 - 2012-01-03 00:49 - 01585986 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-24 23:09 - 2009-07-14 09:27 - 00706620 ____A C:\Windows\System32\perfh013.dat
2012-06-24 23:09 - 2009-07-14 09:27 - 00135610 ____A C:\Windows\System32\perfc013.dat
2012-06-24 22:55 - 2008-07-29 14:27 - 00000000 ____D C:\Program Files\Common Files\Java
2012-06-24 22:44 - 2012-01-03 06:38 - 00000000 ____D C:\Program Files\Mozilla Firefox
2012-06-24 22:39 - 2009-07-14 05:53 - 00032600 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-24 22:32 - 2012-06-07 22:16 - 00000000 ____D C:\Users\Bjorn\AppData\Local\831B70AA-4223-46DB-A9E4-D27C6CB4247D.aplzod
2012-06-24 22:22 - 2012-01-03 00:28 - 00083960 ____A C:\Windows\PFRO.log
2012-06-24 22:11 - 2012-06-24 21:24 - 00000000 ____D C:\Users\All Users\MFAData
2012-06-24 21:50 - 2012-01-02 23:04 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2012-06-24 21:35 - 2008-07-29 14:26 - 00000000 ____D C:\Users\All Users\FLEXnet
2012-06-24 19:22 - 2012-01-03 23:06 - 00000000 ____D C:\Users\All Users\Nik Software
2012-06-24 19:15 - 2012-06-24 19:12 - 00000000 ____D C:\Users\Bjorn\AppData\Roaming\Mask Pro 4.0
2012-06-24 12:02 - 2012-01-03 00:07 - 00009504 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-24 12:02 - 2012-01-03 00:07 - 00009504 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-24 11:51 - 2012-03-11 12:26 - 00159787 ____A C:\Users\Bjorn\Documents\icpcore_error.log
2012-06-24 11:51 - 2012-03-11 12:26 - 00104831 ____A C:\Users\Bjorn\Documents\dml_debug.log
2012-06-24 11:51 - 2012-03-11 12:26 - 00005597 ____A C:\Users\Bjorn\Documents\icp_debug.log
2012-06-24 11:48 - 2012-06-24 11:48 - 00066488 ____A C:\Windows\System32\Drivers\ece2981047436e29.sys
2012-06-23 17:08 - 2012-06-23 17:08 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-23 17:04 - 2012-06-23 17:04 - 00042496 ____A (FaceVsion) C:\Users\Bjorn\0i763f66bz.exe
2012-06-23 17:04 - 2012-01-03 00:08 - 00000000 ____D C:\users\Bjorn
2012-06-23 16:33 - 2012-04-19 21:38 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-06-23 16:33 - 2012-01-03 11:18 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-06-22 18:33 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\LogFiles
2012-06-21 16:40 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2012-06-21 15:42 - 2012-01-03 10:00 - 00000000 ____D C:\Program Files\PS3 Media Server
2012-06-21 15:36 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\nl-NL
2012-06-20 07:59 - 2012-01-04 17:02 - 00000000 ____D C:\Users\Bjorn\AppData\Roaming\vlc
2012-06-18 22:21 - 2012-01-03 16:46 - 00000000 ___HD C:\BJPrinter
2012-06-16 22:33 - 2012-01-03 12:47 - 00000000 ____D C:\Users\Bjorn\AppData\Roaming\HandBrake
2012-06-16 21:45 - 2012-01-03 12:53 - 00000000 ____D C:\Users\All Users\DVD Shrink
2012-06-15 20:40 - 2012-01-03 20:01 - 00000000 ____D C:\Users\Bjorn\AppData\Local\QuickPar
2012-06-15 15:54 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2012-06-15 15:05 - 2009-07-14 05:33 - 02427096 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-15 14:56 - 2012-01-02 11:19 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-06-15 12:06 - 2012-01-03 07:13 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-11 14:33 - 2012-01-03 12:03 - 00000000 ____D C:\Program Files\QuickTime
2012-06-11 14:31 - 2012-03-11 00:47 - 00000000 ____D C:\Program Files\Safari
2012-06-11 14:12 - 2012-01-02 21:04 - 00000000 ____D C:\Program Files\Bonjour Print Services
2012-06-11 11:49 - 2012-06-03 22:07 - 00000000 ___HD C:\jexepackres
2012-06-11 10:56 - 2012-04-30 21:51 - 00000000 ____D C:\Users\All Users\Roxio
2012-06-11 10:49 - 2012-05-04 08:43 - 00000124 ____A C:\Users\Bjorn\Documents\ax_files.xml
2012-06-11 10:07 - 2012-06-11 10:07 - 00000000 ____D C:\Users\Bjorn\AppData\Local\Macromedia
2012-06-08 12:52 - 2012-01-03 09:30 - 00000000 ____D C:\Users\Bjorn\AppData\Roaming\NAVIGON Fresh
2012-06-08 12:51 - 2012-01-03 09:30 - 00000000 ____D C:\Users\All Users\boost_interprocess
2012-06-08 12:36 - 2012-06-08 12:27 - 00000000 ____D C:\Users\Bjorn\AppData\Roaming\dBpoweramp
2012-06-08 12:35 - 2012-06-07 23:37 - 00000000 ____D C:\Users\Bjorn\AppData\Roaming\AccurateRip
2012-06-08 00:23 - 2012-06-07 23:24 - 00000000 ____D C:\Users\Bjorn\AppData\Roaming\foobar2000
2012-06-07 23:37 - 2012-06-07 23:37 - 00017680 ____A C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
2012-06-07 23:36 - 2012-06-07 23:37 - 00033846 ____A C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.bmp
2012-06-07 23:36 - 2012-03-16 21:33 - 06908648 ____A C:\Windows\System32\SpoonUninstall.exe
2012-06-07 23:24 - 2012-06-07 23:24 - 00000000 ____D C:\Program Files\foobar2000
2012-06-07 22:14 - 2012-03-04 00:32 - 00000000 ____D C:\Users\Bjorn\AppData\Roaming\Apple Computer
2012-06-04 19:32 - 2012-03-16 21:45 - 00000000 ____D C:\Users\Bjorn\AppData\Roaming\Mp3tag
2012-06-04 15:25 - 2012-01-03 07:21 - 00000000 ____D C:\Users\Bjorn\AppData\Roaming\Acronis
2012-06-03 15:56 - 2012-03-04 00:32 - 00000000 ____D C:\Users\Bjorn\AppData\Local\Apple Computer
2012-06-03 15:33 - 2012-06-03 15:33 - 00000000 ____D C:\Users\Bjorn\AppData\Local\MPlayer
2012-06-02 23:19 - 2012-06-21 07:38 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 23:19 - 2012-06-21 07:38 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 23:19 - 2012-06-21 07:38 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 23:19 - 2012-06-21 07:37 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 23:19 - 2012-06-21 07:37 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 23:12 - 2012-06-21 07:38 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 23:12 - 2012-06-21 07:37 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:19 - 2012-06-21 07:36 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:12 - 2012-06-21 07:36 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-29 09:45 - 2012-05-29 09:45 - 00000000 ____D C:\Program Files\CardRecovery
2012-05-29 09:42 - 2012-01-03 11:52 - 00000000 ____D C:\Program Files\testdisk-6.13
2012-05-25 10:33 - 2012-01-03 06:57 - 00000000 ____D C:\Program Files\VueScan
2012-05-20 12:07 - 2012-02-19 14:37 - 00001638 ____A C:\Users\Bjorn\Documents\GenuineFractalsConduit.log
2012-05-20 12:01 - 2012-01-09 11:28 - 00010752 ____A C:\Users\Public\MyConvGraph.grf
2012-05-20 11:51 - 2012-05-20 11:51 - 00000065 ____A C:\Windows\HDLink.INI
2012-05-20 11:37 - 2012-01-04 20:58 - 00000000 ____D C:\Users\Bjorn\AppData\Roaming\ZoomBrowser EX
2012-05-20 10:27 - 2012-05-20 10:27 - 00000000 ____D C:\Users\Bjorn\AppData\Roaming\CANON INC
2012-05-18 22:18 - 2012-05-18 22:14 - 00000000 ____D C:\Users\Bjorn\AppData\Roaming\GlarySoft
2012-05-18 22:17 - 2012-05-18 22:17 - 00000000 ____D C:\Users\Bjorn\AppData\Roaming\Darq Software
2012-05-18 21:56 - 2012-01-03 07:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-18 00:11 - 2012-06-15 12:01 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 23:48 - 2012-06-15 12:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 23:45 - 2012-06-15 12:01 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 23:36 - 2012-06-15 12:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 23:35 - 2012-06-15 12:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 23:35 - 2012-06-15 12:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 23:33 - 2012-06-15 12:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 23:31 - 2012-06-15 12:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 23:29 - 2012-06-15 12:01 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 23:29 - 2012-06-15 12:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 23:27 - 2012-06-15 12:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 23:25 - 2012-06-15 12:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 23:24 - 2012-06-15 12:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 23:20 - 2012-06-15 12:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-15 21:06 - 2009-07-14 09:41 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-15 20:14 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\LiveKernelReports
2012-05-15 16:33 - 2012-04-23 10:08 - 00000000 ____D C:\Users\Bjorn\AppData\Roaming\Belastingdienst
2012-05-15 02:05 - 2012-06-15 11:27 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-10 21:54 - 2012-05-10 21:54 - 00000000 ____D C:\Program Files\ASUS
2012-05-10 21:54 - 2008-07-29 10:57 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2012-05-10 19:47 - 2012-03-04 00:37 - 00178948 ___AH C:\Windows\System32\mlfcache.dat
2012-05-10 19:10 - 2012-05-10 19:10 - 00000000 ____D C:\Users\Bjorn\AppData\Roaming\DiskAid
2012-05-10 19:09 - 2012-05-10 19:09 - 00000000 ____D C:\Program Files\DigiDNA
2012-05-05 11:35 - 2012-01-04 20:50 - 00000000 ____D C:\Users\All Users\hps
2012-05-04 00:54 - 2012-05-04 00:54 - 00000000 ____D C:\Western Digital
2012-05-03 11:43 - 2012-01-06 10:27 - 00000023 ____A C:\Windows\Model.txt
2012-05-03 11:43 - 2012-01-06 10:27 - 00000000 ____A C:\Windows\Model.log
2012-05-03 11:17 - 2012-05-03 10:19 - 00000952 __ASH C:\Users\All Users\KGyGaAvL.sys
2012-05-03 10:49 - 2012-05-03 10:49 - 00000000 ____D C:\Users\All Users\BDJ
2012-05-03 10:46 - 2012-01-04 21:49 - 00000000 ____D C:\Users\All Users\Corel
2012-05-03 10:20 - 2012-05-03 10:19 - 00000000 ____D C:\Users\Bjorn\AppData\Roaming\Corel
2012-05-03 10:19 - 2012-05-03 10:19 - 00000000 ____D C:\Users\Bjorn\Corel
2012-05-03 09:53 - 2012-05-03 09:53 - 00000000 ____D C:\Users\Bjorn\AppData\Roaming\Roxio Burn
2012-05-01 08:24 - 2012-04-30 22:38 - 00000000 ____D C:\Users\Bjorn\AppData\Roaming\Roxio
2012-05-01 08:16 - 2012-05-01 08:16 - 00000000 ____D C:\System Rollback Data
2012-05-01 05:44 - 2012-06-15 11:26 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-30 22:07 - 2012-04-30 22:07 - 00000000 ____D C:\Users\Bjorn\AppData\Local\Rovi_Corporation
2012-04-30 22:07 - 2012-01-03 04:45 - 00136944 ____A C:\Users\Bjorn\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-30 22:03 - 2012-04-30 22:03 - 00000000 ____D C:\Users\All Users\eSellerate
2012-04-30 22:03 - 2012-04-30 21:49 - 00000000 ____D C:\Users\All Users\SmartSound Software Inc
2012-04-30 22:03 - 2012-04-30 21:49 - 00000000 ____D C:\Program Files\SmartSound Software
2012-04-30 22:03 - 2012-01-02 11:47 - 00000000 ____D C:\Users\All Users\Uninstall
2012-04-30 22:02 - 2012-04-30 21:48 - 00000000 ____D C:\Program Files\Roxio 2012
2012-04-30 22:02 - 2012-01-02 11:34 - 00000000 ____D C:\Program Files\Common Files\PX Storage Engine
2012-04-30 22:01 - 2012-04-30 22:01 - 00000000 ____D C:\Program Files\Roxio
2012-04-30 22:00 - 2008-07-29 10:56 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2012-04-30 21:59 - 2012-04-30 21:51 - 00000000 ____D C:\Program Files\Common Files\Sonic Shared
2012-04-30 21:59 - 2012-01-05 11:29 - 00000000 ____D C:\Users\All Users\DivX
2012-04-30 21:59 - 2012-01-02 11:47 - 00000000 ____D C:\Users\All Users\Sonic
2012-04-30 21:54 - 2012-04-30 21:49 - 00000000 ____D C:\Program Files\Common Files\Roxio Shared
2012-04-30 21:51 - 2012-04-30 21:51 - 00000000 ____D C:\Users\All Users\Macrovision
2012-04-30 21:48 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\DriverStore
2012-04-30 21:45 - 2012-04-30 21:45 - 00000000 ____D C:\Users\Bjorn\AppData\Roaming\Roxio Log Files
2012-04-30 12:11 - 2012-01-03 07:01 - 00000000 ____D C:\Users\All Users\ZoomBrowser
2012-04-30 11:58 - 2012-01-04 20:50 - 00000000 ____D C:\Users\All Users\tmp
2012-04-29 12:09 - 2012-04-29 12:09 - 00000000 ____D C:\Users\All Users\Mozilla
2012-04-29 12:09 - 2012-04-29 12:09 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2012-04-28 04:17 - 2012-06-15 11:27 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-26 05:45 - 2012-06-15 11:27 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:45 - 2012-06-15 11:27 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41 - 2012-06-15 11:27 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:36 - 2012-06-15 11:27 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-24 05:36 - 2012-06-15 11:27 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-24 05:36 - 2012-06-15 11:27 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-21 10:35 - 2012-04-21 10:28 - 00000000 ____D C:\Users\Bjorn\AppData\Local\HEMA Fotoservice
2012-04-21 10:07 - 2012-04-21 10:07 - 00000000 ____D C:\Users\All Users\HEMA Fotoservice
2012-04-21 10:07 - 2012-04-21 10:07 - 00000000 ____D C:\Program Files\HEMA Fotoservice
2012-04-18 19:56 - 2012-04-18 19:56 - 00094208 ____A (Apple Inc.) C:\Windows\System32\QuickTimeVR.qtx
2012-04-18 19:56 - 2012-04-18 19:56 - 00069632 ____A (Apple Inc.) C:\Windows\System32\QuickTime.qts
2012-04-07 12:26 - 2012-06-15 11:27 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-04 18:49 - 2012-04-04 18:49 - 00000000 ____D C:\Users\Bjorn\Documents\default
2012-04-03 22:12 - 2012-03-11 00:52 - 00000000 ____D C:\Program Files\iTunes
2012-04-03 22:11 - 2012-04-03 22:11 - 00000000 ____D C:\Program Files\iPod
2012-04-03 22:11 - 2012-03-04 00:29 - 00000000 ____D C:\Program Files\Common Files\Apple
2012-03-31 05:39 - 2012-05-14 09:26 - 03968368 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-03-31 05:39 - 2012-05-14 09:26 - 03913072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 11:23 - 2012-05-14 09:26 - 01291632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

ZeroAccess:
C:\Windows\Installer\{a4b8fb52-11e7-86e9-8511-b8c2b6b19ecb}
C:\Windows\Installer\{a4b8fb52-11e7-86e9-8511-b8c2b6b19ecb}\@
C:\Windows\Installer\{a4b8fb52-11e7-86e9-8511-b8c2b6b19ecb}\L
C:\Windows\Installer\{a4b8fb52-11e7-86e9-8511-b8c2b6b19ecb}\n
C:\Windows\Installer\{a4b8fb52-11e7-86e9-8511-b8c2b6b19ecb}\U
C:\Windows\Installer\{a4b8fb52-11e7-86e9-8511-b8c2b6b19ecb}\U\00000001.@
C:\Windows\Installer\{a4b8fb52-11e7-86e9-8511-b8c2b6b19ecb}\U\80000000.@
C:\Windows\Installer\{a4b8fb52-11e7-86e9-8511-b8c2b6b19ecb}\U\800000cb.@

ZeroAccess:
C:\Users\Bjorn\AppData\Local\{a4b8fb52-11e7-86e9-8511-b8c2b6b19ecb}
C:\Users\Bjorn\AppData\Local\{a4b8fb52-11e7-86e9-8511-b8c2b6b19ecb}\@
C:\Users\Bjorn\AppData\Local\{a4b8fb52-11e7-86e9-8511-b8c2b6b19ecb}\L
C:\Users\Bjorn\AppData\Local\{a4b8fb52-11e7-86e9-8511-b8c2b6b19ecb}\n
C:\Users\Bjorn\AppData\Local\{a4b8fb52-11e7-86e9-8511-b8c2b6b19ecb}\U
C:\Users\Bjorn\AppData\Local\{a4b8fb52-11e7-86e9-8511-b8c2b6b19ecb}\U\00000001.@
C:\Users\Bjorn\AppData\Local\{a4b8fb52-11e7-86e9-8511-b8c2b6b19ecb}\U\80000000.@
C:\Users\Bjorn\AppData\Local\{a4b8fb52-11e7-86e9-8511-b8c2b6b19ecb}\U\800000cb.@

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 12%
Total physical RAM: 4063.06 MB
Available physical RAM: 3569.14 MB
Total Pagefile: 4061.34 MB
Available Pagefile: 3573.4 MB
Total Virtual: 2047.88 MB
Available Virtual: 1952.69 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:130 GB) (Free:65.75 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (Muziek) (Fixed) (Total:55.46 GB) (Free:16.8 GB) NTFS
3 Drive e: (Fotos) (Fixed) (Total:101.34 GB) (Free:43.09 GB) NTFS
4 Drive f: (Dokumenten) (Fixed) (Total:40 GB) (Free:32.21 GB) NTFS
5 Drive g: (Multimedia) (Fixed) (Total:182.48 GB) (Free:155.31 GB) NTFS
6 Drive h: (Recovery) (Fixed) (Total:11.28 GB) (Free:1.06 GB) NTFS
8 Drive j: () (Removable) (Total:7.45 GB) (Free:7.25 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Schfnr. Status Grootte Vrij Dyn GPT
-------- ------------- ------- ------- --- ---
Schf 0 Online 298 GB 2048 KB
Schf 1 Online 298 GB 5120 KB
Schf 2 Online 7648 MB 0 B

DiskPart afsluiten...


==========================================================

Last Boot: 2012-06-20 08:20

======================= End Of Log ==========================

2.) Search.txt
Farbar Recovery Scan Tool Version: 20-06-2012 01
Ran by SYSTEM at 2012-06-25 01:54:27
Running from J:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-14 00:11] - [2009-07-14 02:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-14 00:11] - [2009-07-14 02:14] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9

=== End Of Search ===

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:04 AM

Posted 24 June 2012 - 09:02 PM

Hi,

Please run the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
SubSystems: [Windows] ==> ZeroAccess
HKLM\...\Run: [] [x]
HKLM\...\Run: [Regedit32] C:\Windows\system32\regedit.exe [x]
HKU\Bjorn\...\Run: [0i763f66bz] C:\Users\Bjorn\0i763f66bz.exe [42496 2012-06-23] (FaceVsion)
0 ece2981047436e29; C:\Windows\System32\Drivers\ece2981047436e29.sys [66488 2012-06-24] ()
2012-06-24 11:48 - 2012-06-24 11:48 - 00066488 ____A C:\Windows\System32\Drivers\ece2981047436e29.sys
2012-06-23 17:04 - 2012-06-23 17:04 - 00042496 ____A (FaceVsion) C:\Users\Bjorn\0i763f66bz.exe
2012-06-07 22:16 - 2012-06-24 22:32 - 00000000 ____D C:\Users\Bjorn\AppData\Local\831B70AA-4223-46DB-A9E4-D27C6CB4247D.aplzod
2012-05-15 16:33 - 2012-04-23 10:08 - 00000000 ____D C:\Users\Bjorn\AppData\Roaming\Belastingdienst
C:\Windows\Installer\{a4b8fb52-11e7-86e9-8511-b8c2b6b19ecb}
C:\Users\Bjorn\AppData\Local\{a4b8fb52-11e7-86e9-8511-b8c2b6b19ecb}
replace: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe C:\Windows\System32\services.exe
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.


NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 traveller72

traveller72
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 25 June 2012 - 03:09 AM

Hello catbyte,
Appreciate your prompt help. I am back on now. Shouldn't I run frst32 as I have windows 7 32 bit?
Cheers, Bjorn

#4 traveller72

traveller72
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 25 June 2012 - 03:47 AM

Just got disconnected from the forum....back now.
Okay, I have done a frst fix with results of fixlog.txt below.
I restarted the infected PC and it seems stable, that is Windows Security Essentials has a green flag and I have no malware reports.

Should I already hit the combofix.exe?

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-06-2012 01
Ran by SYSTEM at 2012-06-25 10:32:43 Run:1
Running from J:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Regedit32 Value deleted successfully.
HKEY_USERS\Bjorn\Software\Microsoft\Windows\CurrentVersion\Run\\0i763f66bz Value deleted successfully.
ece2981047436e29 service deleted successfully.
C:\Windows\System32\Drivers\ece2981047436e29.sys moved successfully.
C:\Users\Bjorn\0i763f66bz.exe moved successfully.
C:\Users\Bjorn\AppData\Local\831B70AA-4223-46DB-A9E4-D27C6CB4247D.aplzod moved successfully.
C:\Users\Bjorn\AppData\Roaming\Belastingdienst moved successfully.
C:\Windows\Installer\{a4b8fb52-11e7-86e9-8511-b8c2b6b19ecb} moved successfully.
C:\Users\Bjorn\AppData\Local\{a4b8fb52-11e7-86e9-8511-b8c2b6b19ecb} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

#5 traveller72

traveller72
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 25 June 2012 - 04:19 AM

Just ran combofix and after restart I get error message of DDE Server Window: SPMgr.exe error (in the header of the window) and then below in Dutch "Er is een uitzondering opgetreden (onbekende software-uitzondering) (0xe06d7363) in de toepassing op de locatie 0x753dd36f".

Does that sound familiar?

#6 traveller72

traveller72
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 25 June 2012 - 04:27 AM

Hello Catbyte,

Until now everything went well, except the error I just reported.
Below I have enclosed the log Combofix.exe provided.
Awaiting further intstructions.
Kind regards,
Bjorn

-------------------

ComboFix 12-06-25.02 - Bjorn 25-06-2012 11:03:14.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3039.1732 [GMT 2:00]
Gestart vanuit: c:\users\Bjorn\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Bjorn\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
c:\program files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe
c:\program files\Common Files\Apple\Internet Services\ubd.exe
c:\programdata\Roaming
c:\windows\system32\Original_HDREfexProFC32.dll
c:\windows\system32\Original_Viveza2FC32.dll
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-05-25 to 2012-06-25 ))))))))))))))))))))))))))))))
.
.
2012-06-25 09:12 . 2012-06-25 09:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-24 22:46 . 2012-06-24 22:46 -------- d-----w- C:\ArcSoft
2012-06-24 22:10 . 2012-02-09 12:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{52D2964E-BF6A-4919-8F45-69E77442B85F}\gapaengine.dll
2012-06-24 22:10 . 2012-06-18 01:14 6762896 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A8793635-C461-41F5-BFE0-D1A98CF19C40}\mpengine.dll
2012-06-24 22:08 . 2012-06-24 22:09 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-24 20:37 . 2012-06-24 20:37 -------- d-----w- c:\users\Bjorn\AppData\Local\ElevatedDiagnostics
2012-06-24 20:29 . 2012-06-24 20:29 -------- d--h--w- c:\programdata\Common Files
2012-06-24 20:24 . 2012-06-24 21:11 -------- d-----w- c:\programdata\MFAData
2012-06-24 18:12 . 2012-06-24 18:15 -------- d-----w- c:\users\Bjorn\AppData\Roaming\Mask Pro 4.0
2012-06-23 16:08 . 2012-06-23 16:08 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-23 09:01 . 2012-05-31 03:41 6762896 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F21C7893-641B-40B1-AE7B-E65CDA9E1402}\mpengine.dll
2012-06-21 06:38 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 06:38 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 06:38 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 06:38 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 06:37 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-21 06:37 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 06:37 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 06:36 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 06:36 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-15 10:27 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-15 10:27 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-15 10:27 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-15 10:27 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-15 10:27 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-15 10:27 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-15 10:27 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-15 10:27 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-15 10:27 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-15 10:26 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-11 09:07 . 2012-06-11 09:07 -------- d-----w- c:\users\Bjorn\AppData\Local\Macromedia
2012-06-08 11:27 . 2012-06-08 11:36 -------- d-----w- c:\users\Bjorn\AppData\Roaming\dBpoweramp
2012-06-07 22:37 . 2012-06-08 11:35 -------- d-----w- c:\users\Bjorn\AppData\Roaming\AccurateRip
2012-06-07 22:24 . 2012-06-07 23:23 -------- d-----w- c:\users\Bjorn\AppData\Roaming\foobar2000
2012-06-07 22:24 . 2012-06-07 22:24 -------- d-----w- c:\program files\foobar2000
2012-06-03 21:07 . 2012-06-11 10:49 -------- d-----w- C:\jexepackres
2012-06-03 14:33 . 2012-06-03 14:33 -------- d-----w- c:\users\Bjorn\AppData\Local\MPlayer
2012-05-29 08:45 . 2012-05-29 08:45 -------- d-----w- c:\program files\CardRecovery
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 15:33 . 2012-04-19 20:38 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 15:33 . 2012-01-03 10:18 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-07 22:36 . 2012-03-16 20:33 6908648 ----a-w- c:\windows\system32\SpoonUninstall.exe
2012-05-03 10:17 . 2012-05-03 09:19 952 --sha-w- c:\programdata\KGyGaAvL.sys
2012-04-30 20:48 . 2012-04-30 20:48 53248 ----a-r- c:\users\Bjorn\AppData\Roaming\Microsoft\Installer\{3A9527CF-4E91-4683-A03F-F1AD022126E5}\ARPPRODUCTICON.exe
2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-03-31 04:39 . 2012-05-14 08:26 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-14 08:26 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23 . 2012-05-14 08:26 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-04-29 11:09 . 2012-01-03 05:38 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Bjorn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Bjorn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Bjorn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Bjorn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2009-07-17 13:12 5062408 ----a-w- c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2009-07-17 13:12 5062408 ----a-w- c:\program files\Protector Suite\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-06-27 262144]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
"LUTManager"="c:\program files\LUT Manager\LUTManager.exe" [2008-12-28 319488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-11 6244896]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2012-01-21 611712]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2009-05-26 317288]
"PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2009-07-17 55048]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2011-11-05 980368]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-12-11 358200]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-18 13797920]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-12-11 5111464]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2567272]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"LUTManager"="c:\program files\LUT Manager\LUTManager.exe" [2008-12-28 319488]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" [2011-07-13 293360]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\\isuspm.exe" [2010-05-21 324976]
"CPMonitor"="c:\program files\Roxio 2012\5.0\CPMonitor.exe" [2011-07-08 84464]
"Desktop Disc Tool"="c:\program files\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe" [2011-06-12 506352]
"ASUS Ai Charger"="c:\program files\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-05-10 465536]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\programdata\Microsoft\Windows\Start Menu\Links from roaming\Startup\
Dropbox.lnk - c:\users\Bjorn\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-BA7E-000000000003}\_SC_Acrobat.exe [2008-7-29 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 795936]
CineForm Status.lnk - c:\program files\CineForm\Tools\CineFormActiveMetadataStatusViewer.exe [2011-8-11 181760]
WD Quick View.lnk - c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe [2011-8-1 3983760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-07-17 12:54 100616 ----a-w- c:\program files\Protector Suite\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-15 16:04 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-03 136176]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2011-07-13 340976]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 dcscusb;Spyder3Print SR Spectrocolorimeter;c:\windows\system32\DRIVERS\dcscusb.sys [2009-05-21 16384]
R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-03 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-29 129976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 74112]
R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 214952]
R3 ptiusbf;PTI USB Filter;c:\windows\system32\DRIVERS\PTIUSBF.SYS [2001-04-13 22474]
R3 RemoteControl-USBLAN;RemoteControl-USBLAN;c:\windows\system32\DRIVERS\rcblan.sys [2007-01-24 39704]
R3 RoxMediaDB13;RoxMediaDB13;c:\program files\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2011-07-13 1095664]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2008-05-20 103712]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2008-05-20 353568]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2008-05-20 62752]
R3 Spyder3;Datacolor Spyder3;c:\windows\system32\DRIVERS\Spyder3.sys [2010-03-30 12288]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-06-11 337184]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-06-11 83232]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
R4 BOTService;BOTService;c:\program files\Roxio\BackOnTrack\Instant Restore\BOTService.exe [2011-07-14 211440]
S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2010-05-05 13224]
S0 SahdIa32;HDD Filter Driver;c:\windows\System32\Drivers\SahdIa32.sys [2011-02-08 21488]
S0 SaibIa32;Volume Filter Driver;c:\windows\System32\Drivers\SaibIa32.sys [2011-02-08 15856]
S0 SysCow;SysCow;c:\windows\system32\drivers\syscow32v.sys [2010-05-23 81904]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2012-01-03 752128]
S1 SaibVd32;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVd32.sys [2011-02-08 25584]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 6077757b;6077757b;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\App\SaibSVC.exe [2011-02-09 457200]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
S2 afcdpsrv;Acronis Nonstop Backup-service ;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2012-01-03 3246040]
S2 BOT4Service;BOT4Service;c:\program files\Roxio\BackOnTrack\App\BService.exe [2011-07-14 21488]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2011-01-21 64512]
S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-06-27 299008]
S2 OS Selector;Acronis OS Selector activeren;c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-07-13 2159224]
S2 RtkAudioService;Realtek Audio Service;c:\windows\RtkAudioService.exe [2008-07-11 98304]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\Splashtop\Splashtop Remote\Server\SRService.exe [2012-02-09 531328]
S2 SSUService;Splashtop Software Updater Service;c:\program files\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-06-19 411488]
S2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-06-20 415744]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [2011-08-01 263056]
S2 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe [2011-08-01 1592208]
S2 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-08-01 1091984]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-01-03 167968]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-10-22 29472]
S3 JMCR_CFS;JMCR_CFS;c:\windows\system32\DRIVERS\jmcr_cfs.sys [2008-07-02 52752]
S3 NETw5s32;Intel® Wireless WiFi Link adapter stuurprogramma onder Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-05-11 64544]
S3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclock.sys [2009-09-15 38248]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-03-10 9344]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2 Minipoortstuurprogramma voor Marvell Yukon Ethernet-controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - ADFS
*NewlyCreated* - NAVENG
*NewlyCreated* - NAVEX15
*Deregistered* - NAVENG
*Deregistered* - NAVEX15
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Inhoud van de 'Gedeelde Taken' map
.
2012-06-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 15:34]
.
2012-06-25 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2012-01-03 12:08]
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-03 04:59]
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-03 04:59]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.nu.nl/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Bjorn\AppData\Roaming\Mozilla\Firefox\Profiles\ppg1vrpp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.nu.nl
.
- - - - ORPHANS VERWIJDERD - - - -
.
HKCU-Run-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe
HKCU-Run-ApplePhotoStreams - c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
HKCU-Run-iCloudServices - c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe
HKCU-Run-com.apple.dav.bookmarks.daemon - c:\program files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
HKLM-Run-APSDaemon - c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
AddRemove-VueScan - c:\vuescan\vuescan.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'lsass.exe'(1256)
c:\program files\Protector Suite\psqlpwd.dll
c:\program files\Protector Suite\homefus2.dll
c:\program files\Protector Suite\infql2.dll
.
- - - - - - - > 'Explorer.exe'(7876)
c:\program files\RocketDock\RocketDock.dll
c:\users\Bjorn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Protector Suite\farchns.dll
c:\program files\Protector Suite\infql2.dll
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Protector Suite\upeksvr.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\astsrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\NVIDIA\nTune\nTuneService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\NVIDIA\System Update\UpdateCenterService.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\windows\system32\DllHost.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Eraser\Eraser.exe
c:\program files\Protector Suite\psqltray.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Voltooingstijd: 2012-06-25 11:22:59 - machine werd herstart
ComboFix-quarantined-files.txt 2012-06-25 09:22
.
Pre-Run: 70.569.244.672 bytes beschikbaar
Post-Run: 70.311.459.840 bytes beschikbaar
.
- - End Of File - - 1CB928511A8C1A23AA4D6C1979F132C8

#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:04 AM

Posted 25 June 2012 - 07:48 AM

that appears to be an "access denied" indication, Spmgr.exe is a Sony VAIO Power Management Module, it may not have allowed access or it is corrupt, do you have any issues with the power management on your machine?

please run the following:

Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 traveller72

traveller72
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 25 June 2012 - 11:00 AM

the logs are below...still some threats left it seems.

1.) MBAM log
Malwarebytes Anti-Malware (-evaluatieversie-) 1.61.0.1400
www.malwarebytes.org

Databaseversie: v2012.06.25.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Bjorn :: SONYVAIO [administrator]

Realtime bescherming: Ingeschakeld

25-6-2012 15:38:07
mbam-log-2012-06-25 (15-38-07).txt

Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 235681
Verstreken tijd: 5 minuut/minuten, 52 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

(einde)

2.) ESET Scan
C:\FRST\Quarantine\0i763f66bz.exe a variant of Win32/Kryptik.AFRM trojan
C:\FRST\Quarantine\{a4b8fb52-11e7-86e9-8511-b8c2b6b19ecb}\n Win32/Sirefef.EV trojan
C:\FRST\Quarantine\{a4b8fb52-11e7-86e9-8511-b8c2b6b19ecb}\U\80000000.@ a variant of Win32/Sirefef.FA trojan
C:\FRST\Quarantine\{a4b8fb52-11e7-86e9-8511-b8c2b6b19ecb}\U\800000cb.@ probably a variant of Win32/Agent.TEO trojan
C:\FRST\Quarantine\{a4b8fb52-11e7-86e9-8511-b8c2b6b19ecb}\{a4b8fb52-11e7-86e9-8511-b8c2b6b19ecb}\n Win32/Sirefef.EV trojan
C:\FRST\Quarantine\{a4b8fb52-11e7-86e9-8511-b8c2b6b19ecb}\{a4b8fb52-11e7-86e9-8511-b8c2b6b19ecb}\U\80000000.@ a variant of Win32/Sirefef.FA trojan
C:\FRST\Quarantine\{a4b8fb52-11e7-86e9-8511-b8c2b6b19ecb}\{a4b8fb52-11e7-86e9-8511-b8c2b6b19ecb}\U\800000cb.@ probably a variant of Win32/Agent.TEO trojan
C:\Program Files\AVCHDCoder\Tools\Process.exe Win32/PrcView application
C:\Users\Bjorn\AppData\Roaming\Twan Wintjes\AVCHDCoder\updates\11.12.17\AVCHDCoder 11.12.17 Setup.exe Win32/PrcView application
C:\Users\Bjorn\AppData\Roaming\Twan Wintjes\AVCHDCoder\updates\11.12.27\AVCHDCoder 11.12.27 Setup.exe Win32/PrcView application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AKSWFU5D\new-online-dating_net[1].htm HTML/ScrInject.B.Gen virus

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:04 AM

Posted 25 June 2012 - 12:20 PM

most of the detections are already in quarantine which we don't need to be concerned about, the others are installers for aWin32/PrcView application, just confirm you installed that yourself,

the last detection is in your temporary internet files, which you can clear by running this temp file cleaner:

Download TFC to your desktop
Mirror
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean


NEXT

Please run DDS so I can make sure your logs are clean, also describe any outstanding issues you may be experiencing


Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 traveller72

traveller72
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 25 June 2012 - 12:54 PM

Great! It all seems to work out.
The AVCHDCoder files I installed myself. With regards to the previous Sony Vaio Power Management message I do not have any problems. So I assume I can leave that be.
Anyway, these are the contents of the two logs:

1.) DDS.txt
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Bjorn at 19:47:45 on 2012-06-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3039.1640 [GMT 2:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\RtkAudioService.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Protector Suite\upeksvr.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\astsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Roxio\BackOnTrack\App\BService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\nlssrv32.exe
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Program Files\NVIDIA\nTune\nTuneService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\NVIDIA\System Update\UpdateCenterService.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Protector Suite\psqltray.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Roxio 2012\5.0\CPMonitor.exe
C:\Program Files\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\ASUS\ASUS Ai Charger\AiChargerAP.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
C:\Program Files\NVIDIA\nTune\nTuneCmd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\CineForm\Tools\CineFormActiveMetadataStatusViewer.exe
C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
C:\Users\Bjorn\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.nu.nl/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe"
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe" -automount
uRun: [LUTManager] "c:\program files\lut manager\LUTManager.exe" /pt "@default" 0
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [PSQLLauncher] "c:\program files\protector suite\launcher.exe" /startup
mRun: [Eraser] "c:\progra~1\eraser\Eraser.exe" --atRestart
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [LUTManager] "c:\program files\lut manager\LUTManager.exe" /pt "@default" 0
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\13.0\sharedcom\RoxWatchTray13.exe"
mRun: [ISUSPM] c:\programdata\flexnet\connect\11\\isuspm.exe -scheduler
mRun: [CPMonitor] "c:\program files\roxio 2012\5.0\CPMonitor.exe"
mRun: [Desktop Disc Tool] "c:\program files\roxio 2012\roxio burn\RoxioBurnLauncher.exe"
mRun: [ASUS Ai Charger] c:\program files\asus\asus ai charger\AiChargerAP.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\linksf~1\startup\dropbox.lnk - c:\users\bjorn\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-f400-ba7e-000000000003}\_SC_Acrobat.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~2.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\cinefo~1.lnk - c:\program files\cineform\tools\CineFormActiveMetadataStatusViewer.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wdquic~1.lnk - c:\program files\western digital\wd smartware\WDDMStatus.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1B527880-669D-422E-97E5-C7CC472033EE} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1B527880-669D-422E-97E5-C7CC472033EE}\75C414E4D2243403534333247324445313 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{A157E7CB-3AF0-4170-9053-592B47BF0909} : DhcpNameServer = 192.168.1.1
Notify: psfus - c:\program files\protector suite\psqlpwd.dll
Notify: VESWinlogon - VESWinlogon.dll
LSA: Notification Packages = scecli c:\program files\protector suite\psqlpwd.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\bjorn\appdata\roaming\mozilla\firefox\profiles\ppg1vrpp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.nu.nl
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AiCharger;ASUS Charger Driver;c:\windows\system32\drivers\AiCharger.sys [2012-5-10 13224]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2012-4-30 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2012-4-30 15856]
R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32v.sys [2010-5-23 81904]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2012-1-3 752128]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2012-4-30 25584]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 6077757b;6077757b;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\roxio\backontrack\app\SaibSVC.exe [2011-2-9 457200]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]
R2 afcdpsrv;Acronis Nonstop Backup-service ;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2012-1-3 3246040]
R2 BOT4Service;BOT4Service;c:\program files\roxio\backontrack\app\BService.exe [2011-7-15 21488]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-25 654408]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2011-1-21 64512]
R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2012-1-2 299008]
R2 OS Selector;Acronis OS Selector activeren;c:\program files\acronis\diskdirector\oss\reinstall_svc.exe [2010-7-13 2159224]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2008-7-29 98304]
R2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\splashtop\splashtop remote\server\SRService.exe [2012-2-9 531328]
R2 SSUService;Splashtop Software Updater Service;c:\program files\splashtop\splashtop software updater\SSUService.exe [2012-3-15 370504]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]
R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2008-7-29 411488]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2008-6-20 415744]
R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\WDDMService.exe [2011-8-1 263056]
R2 WDFMEService;WDFMEService;c:\program files\western digital\wd smartware\WDFME.exe [2011-8-1 1592208]
R2 WDRulesService;WDRulesService;c:\program files\western digital\wd smartware\WDRulesEngine.exe [2011-8-1 1091984]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2012-1-3 167968]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-3-12 29472]
R3 JMCR_CFS;JMCR_CFS;c:\windows\system32\drivers\jmcr_cfs.sys [2008-7-2 52752]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-25 22344]
R3 NETw5s32;Intel® Wireless WiFi Link adapter stuurprogramma onder Windows 7 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-25 6755840]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-5-11 64544]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [2009-9-15 38248]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-7-29 9344]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
R3 yukonw7;NDIS6.2 Minipoortstuurprogramma voor Marvell Yukon Ethernet-controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-14 311296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-3 136176]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\13.0\sharedcom\RoxWatch13.exe [2011-7-13 340976]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-19 250056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 dcscusb;Spyder3Print SR Spectrocolorimeter;c:\windows\system32\drivers\dcscusb.sys [2009-5-29 16384]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-3 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-29 113120]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
S3 NisSrv;Microsoft Netwerkinspectie;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 ptiusbf;PTI USB Filter;c:\windows\system32\drivers\ptiusbf.sys [2001-4-14 22474]
S3 RemoteControl-USBLAN;RemoteControl-USBLAN;c:\windows\system32\drivers\rcblan.sys [2012-1-3 39704]
S3 RoxMediaDB13;RoxMediaDB13;c:\program files\common files\roxio shared\13.0\sharedcom\RoxMediaDB13.exe [2011-7-13 1095664]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2012-1-2 103712]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2012-1-2 353568]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2012-1-2 62752]
S3 Spyder3;Datacolor Spyder3;c:\windows\system32\drivers\Spyder3.sys [2010-4-12 12288]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-1-4 52224]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2012-1-2 337184]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2012-1-2 83232]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]
S4 BOTService;BOTService;c:\program files\roxio\backontrack\instant restore\BOTService.exe [2011-7-14 211440]
.
=============== Created Last 30 ================
.
2012-06-25 17:34:45 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{79da92e2-6be6-4819-850e-7d7d7681bb71}\offreg.dll
2012-06-25 13:47:01 -------- d-----w- c:\program files\ESET
2012-06-25 13:37:23 -------- d-----w- c:\users\bjorn\appdata\roaming\Malwarebytes
2012-06-25 13:37:14 -------- d-----w- c:\programdata\Malwarebytes
2012-06-25 13:37:13 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-25 13:37:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-25 11:50:39 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-06-25 11:50:39 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-06-25 09:23:52 6762896 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{79da92e2-6be6-4819-850e-7d7d7681bb71}\mpengine.dll
2012-06-25 09:15:29 -------- d-sh--w- C:\$RECYCLE.BIN
2012-06-25 09:01:25 98816 ----a-w- c:\windows\sed.exe
2012-06-25 09:01:25 518144 ----a-w- c:\windows\SWREG.exe
2012-06-25 09:01:25 256000 ----a-w- c:\windows\PEV.exe
2012-06-25 09:01:25 208896 ----a-w- c:\windows\MBR.exe
2012-06-25 09:01:21 -------- d-----w- C:\ComboFix
2012-06-25 00:43:59 -------- d-----w- C:\FRST
2012-06-24 23:29:43 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f21c7893-641b-40b1-ae7b-e65cda9e1402}\offreg.dll
2012-06-24 22:46:59 -------- d-----w- C:\ArcSoft
2012-06-24 22:10:43 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{52d2964e-bf6a-4919-8f45-69e77442b85f}\gapaengine.dll
2012-06-24 22:08:42 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-24 20:37:50 -------- d-----w- c:\users\bjorn\appdata\local\ElevatedDiagnostics
2012-06-24 20:29:20 -------- d--h--w- c:\programdata\Common Files
2012-06-24 20:24:55 -------- d-----w- c:\programdata\MFAData
2012-06-24 18:12:59 -------- d-----w- c:\users\bjorn\appdata\roaming\Mask Pro 4.0
2012-06-23 16:08:40 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-23 09:01:29 6762896 ------w- c:\programdata\microsoft\windows defender\definition updates\{f21c7893-641b-40b1-ae7b-e65cda9e1402}\mpengine.dll
2012-06-21 06:38:14 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 06:37:29 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 06:36:55 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 06:36:55 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-15 10:27:46 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-15 10:27:25 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-15 10:27:23 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-15 10:27:18 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-15 10:27:18 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-15 10:27:18 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-15 10:27:06 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-15 10:27:06 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-15 10:27:06 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-15 10:26:45 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-11 09:07:32 -------- d-----w- c:\users\bjorn\appdata\local\Macromedia
2012-06-08 11:27:28 -------- d-----w- c:\users\bjorn\appdata\roaming\dBpoweramp
2012-06-07 22:37:05 -------- d-----w- c:\users\bjorn\appdata\roaming\AccurateRip
2012-06-07 22:24:48 -------- d-----w- c:\users\bjorn\appdata\roaming\foobar2000
2012-06-07 22:24:16 -------- d-----w- c:\program files\foobar2000
2012-06-03 21:07:31 -------- d-----w- C:\jexepackres
2012-06-03 14:33:01 -------- d-----w- c:\users\bjorn\appdata\local\MPlayer
2012-05-29 08:45:01 -------- d-----w- c:\program files\CardRecovery
.
==================== Find3M ====================
.
2012-06-23 15:33:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-23 15:33:24 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-07 22:36:31 6908648 ----a-w- c:\windows\system32\SpoonUninstall.exe
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-03 10:17:28 952 --sha-w- c:\programdata\KGyGaAvL.sys
2012-04-18 18:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 18:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-03-31 04:39:37 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23:11 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
============= FINISH: 19:48:50,25 ===============

2.) Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3-1-2012 4:45:13
System Uptime: 25-6-2012 19:34:04 (0 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel® Core™2 Duo CPU T9400 @ 2.53GHz | N/A | 2534/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 130 GiB total, 64,636 GiB free.
D: is FIXED (NTFS) - 182 GiB total, 155,62 GiB free.
E: is FIXED (NTFS) - 40 GiB total, 32,208 GiB free.
F: is FIXED (NTFS) - 101 GiB total, 43,093 GiB free.
G: is CDROM ()
I: is FIXED (NTFS) - 55 GiB total, 16,801 GiB free.
J: is Removable
K: is Removable
L: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: regi
Device ID: ROOT\LEGACY_REGI\0000
Manufacturer:
Name: regi
PNP Device ID: ROOT\LEGACY_REGI\0000
Service: regi
.
Class GUID:
Description: Bluetooth-randapparaat
Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&12A6\7&196CD639&0&74E1B6D1562B_C00000000
Manufacturer:
Name: Bluetooth-randapparaat
PNP Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&12A6\7&196CD639&0&74E1B6D1562B_C00000000
Service:
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: sptd
Device ID: ROOT\LEGACY_SPTD\0000
Manufacturer:
Name: sptd
PNP Device ID: ROOT\LEGACY_SPTD\0000
Service: sptd
.
==== System Restore Points ===================
.
RP150: 20-6-2012 8:25:58 - Windows Update
RP151: 21-6-2012 8:36:13 - Windows Update
RP152: 23-6-2012 11:00:25 - Windows Update
RP153: 24-6-2012 22:26:10 - Installed AVG 2012
RP154: 24-6-2012 22:26:54 - Installed AVG 2012
RP155: 24-6-2012 23:54:12 - Removed Java™ 6 Update 6
RP156: 24-6-2012 23:56:29 - Removed Java™ 6 Update 31
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
Aangifte inkomstenbelasting 2011
Aangifte voor buitenlandse belastingplichtigen 2011
AC3Filter 1.63b
Acronis Disk Director Home
Acronis True Image Home
Adobe Acrobat 8 Standard - English, Français, Deutsch
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Recommended Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Extra Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Common File Installer
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 11 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Photoshop Elements 8.0
Adobe Photoshop Lightroom 3.6
Adobe Premiere Elements 4.0
Adobe Premiere Elements 4.0 Templates
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Air Video Server 2.4.3
AM-DeadLink 4.4
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft WebCam Companion 2
ArcSoft WebCam Companion 4
ASUS Ai Charger
AVCHDCoder
AviSynth 2.5
BenVista PhotoZoom Pro 4.1.2
Bonjour
Bonjour-afdrukservices
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Inkjet Printer Driver Add-On Module
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator EX 3.1
Canon My Printer
Canon PIXMA iP8500
Canon RAW Codec
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC 8
Canon Utilities Digital Photo Professional 3.8
Canon Utilities EOS Utility
Canon Utilities Movie Uploader for YouTube
Canon Utilities MyCamera
Canon Utilities Original Data Security Tools
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities Solution Menu
Canon Utilities WFT Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CanoScan 9000F Scanner Driver
CardRecovery 6.00
CineForm NeoScene 5.5
Cinergy HTC USB XS V5.09.1202.00
Click to Disc
Click to Disc Editor
Color Efex Pro 3.0 Complete
CombineZP
Compatibiliteitspakket voor het 2007 Microsoft Office system
Connect
CoreAVC Professional Edition (remove only)
Corel WinDVD
dBpoweramp Music Converter
Dfine 2.0
DirectX 9 Runtime
DiskAid 5.14
DivX Converter
DivX Setup
Dolby Control Center
Dropbox
DSD Direct
DSD Direct Player
DSD Playback Plug-in
DSLR Remote Pro
DVBViewer Pro
DVBViewer Recording Properties
DVD Audio Extractor 4.2.2
DVD Shrink 3.2
DVD2one V2.4.1
Eraser 6.0.9.2343
ESET Online Scanner v3
Exact Audio Copy 1.0beta3
Extensis Suitcase Fusion 2
Face Filter
ffdshow v1.1.4096 [2011-11-29]
FileZilla Client 3.5.3
foobar2000 v1.1.13
Foxit PDF Preview Handler
Genuine Fractals 6.0.5 Professional Edition
Gertrudis Pro 3.5.0.0171
Glary Utilities 2.39.0.1310
Google Chrome
Google Earth
Google Update Helper
Haali Media Splitter
Handbrake 4394 Nightly
HDAUDIO SoftV92 Data Fax Modem with SmartCP
HDR Efex Pro
HEMA Fotoservice 4.4
HP USB Disk Storage Format Tool
iCloud
ImageConverter Plus 8.0
ImgBurn
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java™ 6 Update 31
JMicron JMB368 ExpressCard CF Adapter
kuler
Logitech Harmony Remote Software 7
LUT Manager
Malwarebytes Anti-Malware versie 1.61.0.1400
Mask Pro 4.1
Medieval CUE Splitter
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile NLD Language Pack
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Dutch) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (Dutch) 2007
Microsoft Office InfoPath MUI (Dutch) 2007
Microsoft Office OneNote MUI (Dutch) 2007
Microsoft Office Outlook MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Dutch) 2007
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (Dutch) 2007
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
mkv2vob
Mozilla Firefox 13.0.1 (x86 nl)
Mozilla Maintenance Service
Mp3tag v2.50
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Transfer
NAVIGON Fresh 3.4.1
NewsLeecher v5.0 Beta 12
NVIDIA Drivers
NVIDIA Performance
NVIDIA System Monitor
NVIDIA System Update
OpenMG Secure Module 5.1.00
PDF Settings CS4
PHOTO PORST
PhotoFrame Pro 3.1
Photomatix Pro version 4.1.3
Photoshop Camera Raw
PhotoTools 1.0 Professional Edition
PhotoTune 2
Picasa 3
PlayStation®Network Downloader
Plus Pack for Acronis True Image Home 2010
Primo
Protector Suite 2009.2
PS3 Media Server
PVSonyDll
QuickPar 0.9
QuickTime
Realtek High Definition Audio Driver
Remote-play bij PlayStation®3
Remote-toetsenbord bij PlayStation 3
Remote Control USB Driver
Remote Play with PlayStation 3
Remove Excel Password 10.2.23
RocketDock 1.3.5
Roxio BackOnTrack
Roxio BackOnTrackPE
Roxio Burn - Secure
Roxio CinePlayer
Roxio CinePlayer Decoder Pack
Roxio Creator 2012 Pro
Roxio System Rollback
Roxio System Rollback Recovery Disk
Roxio Video Capture USB
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)
SES Driver
Setting Utility Series
Sharpener Pro 3.0
Silver Efex Pro
SilverFast 8.0.1r2 (32bit)
SmartSound Common Data
SmartSound Quicktracks 5
SonicStage Mastering Studio
SonicStage Mastering Studio Audio Filter
SonicStage Mastering Studio Audio Filter Custom Preset
SonicStage Mastering Studio Plugins
Sony Picture Utility
Sony Video Shared Library
Splashtop Streamer
Spyder3Elite
Spyder3Print
Suite Shared Configuration CS4
SurCode DVD Pro DTS Encoder
Synaptics Pointing Device Driver
System Requirements Lab for Intel
Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
Topaz Adjust 4
Topaz Clean 3
Topaz DeJpeg 4
Topaz DeNoise 4
Topaz Detail 2
Topaz ReMask 2
Topaz Simplify 3
Transmute v2.50
UltimateDefrag 2008
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update voor het stuurprogramma voor Windows Mobile Apparaatcentrum
Update voor Microsoft Office Excel 2007 Help (KB963678)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
Update voor Microsoft Office Word 2007 Help (KB963665)
VAIO BD Menu Data
VAIO Content Folder Setting
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Metadata Manager Setting
VAIO Content Metadata XML Interface Library
VAIO Control Center
VAIO Data Restore Tool
VAIO DVD Menu Data Basic
VAIO Edit Components
VAIO Edit Components 6.6
VAIO Energiebeheer
VAIO Entertainment Platform
VAIO Event Service
VAIO Guide 
VAIO Media plus
VAIO Movie Story
VAIO Movie Story 1.5 Upgrade
VAIO Movie Story Template Data
VAIO MusicBox
VAIO Ondersteuning voor Weergave
VAIO Original Function Setting
VAIO Power Management
VAIO Smart Network
VC80CRTRedist - 8.0.50727.6195
Version 1.0 - Revision: 536
Vertus Fluid Mask 3 3.2.3
Viveza 2
VLC media player 2.0.1
WD SmartWare
WIDCOMM Bluetooth Software
Windows Media Player Firefox Plugin
Windows Mobile Apparaatcentrum
WinRAR 4.01 (32-bit)
Woordenboek Latijn-Nederlands
XML Notepad 2007
.
==== End Of File ===========================

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:04 AM

Posted 25 June 2012 - 02:55 PM

looks good, we just have some housekeeping to do now, please do the following:

Your Java is out of date, so go to Start > Control Panel > Programs and Features > scroll down to the Java installation and Remove it, now download the latest Java version 7 update 5 and install it: http://java.com/en/download/index.jsp


NEXT



You can delete the DDS and FRST logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 traveller72

traveller72
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 25 June 2012 - 03:22 PM

WOW! There is nothing more to say on the service you provided. Glad I came across. Cheers and thank you very much

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:04 AM

Posted 25 June 2012 - 03:28 PM

you are welcome

stay safe :hello:

~CB

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:04 AM

Posted 25 June 2012 - 03:29 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users