Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My bank says my computer is infected


  • This topic is locked This topic is locked
28 replies to this topic

#1 Rizk

Rizk

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 16 October 2012 - 09:02 AM

Hello everyone.

I think my computer has a virus. My bank called me when i tried to log in to their site. Informing me that im not allowed to log in until infection is gone.
I have googled about this problem and it seemed to me like it would be some sort of Citadel/Zeus-trojan. I have run Malwarebytes and it didn't show anything.
I post my HiJackThis-log here.
Hope that someone can help me. I hope that I don't have to reformat the computer.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:32 AM

Posted 16 October 2012 - 09:48 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Rizk

Rizk
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 17 October 2012 - 02:05 AM

checkup.txt

Results of screen317's Security Check version 0.99.51
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
Java™ 6 Update 35
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````


DDS.txt

DDS (Ver_2012-10-14.05) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Lisbeth at 8:36:55 on 2012-10-17
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.1014.505 [GMT 2:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program\Java\jre6\bin\jqs.exe
C:\Program\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\PRISMSVC.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program\Analog Devices\Core\smax4pnp.exe
C:\Program\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program\Delade filer\InstallShield\UpdateService\issch.exe
C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program\QuickTime\qttask.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\Scansoft\PaperPort\pptd40nt.exe
C:\Program\Delade filer\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Personal\bin\Personal.exe
C:\Program\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program\Dell Wireless\PRISMCFG.exe
C:\Program\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.geocon.se/
uSearch Bar = hxxp://www.google.se/hws/sb/dell-row-rel/sv/side.html?channel=se
uSearch Page = hxxp://www.google.se/hws/sb/dell-row-rel/sv/side.html?channel=se
uDefault_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row-rel&channel=se&ibd=6060927
uInternet Connection Wizard,ShellNext = hxxp://www.google.se/ig/dell?hl=sv&client=dell-row-rel&channel=se&ibd=6060927
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\google toolbar\GoogleToolbar_32.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Octelyhua] "c:\documents and settings\lisbeth\application data\uneziq\ufnue.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program\analog devices\core\smax4pnp.exe
mRun: [DVDLauncher] "c:\program\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\program\delade~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program\delade filer\installshield\updateservice\issch.exe" -start
mRun: [Adobe Photo Downloader] "c:\program\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [QuickTime Task] "c:\program\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program\itunes\iTunesHelper.exe"
mRun: [PaperPort PTD] c:\program\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program\scansoft\paperport\IndexSearch.exe
mRun: [Adobe Reader Speed Launcher] "c:\program\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program\delade filer\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program\delade filer\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\bankid~1.lnk - c:\program\personal\bin\Personal.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\tjnsth~1.lnk - c:\program\microsoft sql server\80\tools\binn\sqlmangr.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\verkty~1.lnk - c:\program\dell wireless\PRISMCFG.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\winzip~1.lnk - c:\program\winzip\WZQKPICK.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xportera till Microsoft Excel - c:\program\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe
Trusted Zone: handelsbanken.se
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {76392179-60A8-462D-8961-B95C14DAADF4} - hxxps://eredovisning.plusgirot.se/ddrint/content/ddiprintengine.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.81.1 192.168.81.254 8.8.8.8
TCP: Interfaces\{A6A1F16E-7F11-4D75-A074-EBEAE07F8B79} : DHCPNameServer = 192.168.81.1 192.168.81.254 8.8.8.8
TCP: Interfaces\{FFDC93D1-8FF4-41D7-9619-2B498632FE0F} : DHCPNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
Notify: PRISMAPI.DLL - PRISMAPI.DLL
.
============= SERVICES / DRIVERS ===============
.
R2 MBAMScheduler;MBAMScheduler;c:\program\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-19 399432]
R2 MBAMService;MBAMService;c:\program\malwarebytes' anti-malware\mbamservice.exe [2012-9-19 676936]
R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [2006-9-27 61526]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-19 22856]
S2 gupdate;Tjänsten Google Update (gupdate);c:\program\google\update\GoogleUpdate.exe [2010-11-9 136176]
S3 gupdatem;Tjänsten Google Update (gupdatem);c:\program\google\update\GoogleUpdate.exe [2010-11-9 136176]
S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2010-1-22 42368]
S3 UfServer;Unifaun Server System;c:\program\initzo\UfServer.exe [2005-5-9 45056]
.
=============== Created Last 30 ================
.
2012-10-10 09:44:05 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-10-10 09:32:47 -------- d-----w- c:\program\SHARP
2012-10-10 09:32:28 98304 ----a-w- c:\windows\system32\SS0ELMON.dll
2012-10-10 09:32:28 45056 ----a-w- c:\windows\system32\SS0EMTNT.dll
2012-10-10 09:32:17 163932 ------r- c:\windows\_isusr32.dll
2012-10-10 09:32:12 32768 ------w- c:\windows\system32\_isusr2k.dll
2012-10-10 09:31:10 -------- d-----w- c:\windows\system32\SCDRV
2012-09-19 10:14:01 388096 ----a-r- c:\documents and settings\lisbeth\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-09-19 10:14:00 -------- d-----w- c:\program\Trend Micro
2012-09-19 09:13:50 -------- d-----w- c:\documents and settings\lisbeth\application data\Malwarebytes
2012-09-19 09:13:39 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-19 09:13:39 -------- d-----w- c:\program\Malwarebytes' Anti-Malware
2012-09-19 09:13:39 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
.
==================== Find3M ====================
.
2012-10-10 09:43:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-10 09:43:33 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-28 15:17:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:17:20 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:17:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:32 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53:53 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:27:27 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-23 06:27:26 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 8:38:45,82 ===============

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-14.05)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2006-10-03 11:12:12
System Uptime: 2012-10-17 07:57:36 (1 hours ago)
.
Motherboard: Dell Inc. | | 0RJ291
Processor: Intel® Pentium® D CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 129,105 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1336: 2012-07-30 08:18:46 - Systemkontrollpunkt
RP1337: 2012-07-31 09:44:56 - Systemkontrollpunkt
RP1338: 2012-08-01 11:55:47 - Systemkontrollpunkt
RP1339: 2012-08-02 12:08:42 - Systemkontrollpunkt
RP1340: 2012-08-03 12:44:30 - Systemkontrollpunkt
RP1341: 2012-08-06 08:28:48 - Systemkontrollpunkt
RP1342: 2012-08-07 09:15:49 - Systemkontrollpunkt
RP1343: 2012-08-08 10:48:14 - Systemkontrollpunkt
RP1344: 2012-08-09 12:09:03 - Systemkontrollpunkt
RP1345: 2012-08-13 11:06:05 - Systemkontrollpunkt
RP1346: 2012-08-14 12:07:37 - Systemkontrollpunkt
RP1347: 2012-08-15 12:35:30 - Systemkontrollpunkt
RP1348: 2012-08-15 16:21:12 - Software Distribution Service 3.0
RP1349: 2012-08-20 11:51:20 - Systemkontrollpunkt
RP1350: 2012-08-21 12:06:49 - Systemkontrollpunkt
RP1351: 2012-08-22 12:20:13 - Systemkontrollpunkt
RP1352: 2012-08-24 11:10:15 - Systemkontrollpunkt
RP1353: 2012-08-27 12:09:59 - Systemkontrollpunkt
RP1354: 2012-08-29 10:44:47 - Systemkontrollpunkt
RP1355: 2012-08-30 12:07:44 - Systemkontrollpunkt
RP1356: 2012-08-31 15:56:19 - Systemkontrollpunkt
RP1357: 2012-09-03 11:48:15 - Systemkontrollpunkt
RP1358: 2012-09-04 12:10:56 - Systemkontrollpunkt
RP1359: 2012-09-05 14:10:47 - Systemkontrollpunkt
RP1360: 2012-09-06 14:55:59 - Systemkontrollpunkt
RP1361: 2012-09-07 15:52:19 - Systemkontrollpunkt
RP1362: 2012-09-10 12:30:22 - Systemkontrollpunkt
RP1363: 2012-09-12 10:07:31 - Systemkontrollpunkt
RP1364: 2012-09-12 16:25:25 - Software Distribution Service 3.0
RP1365: 2012-09-14 10:41:37 - Systemkontrollpunkt
RP1366: 2012-09-17 12:31:33 - Systemkontrollpunkt
RP1367: 2012-09-18 15:06:05 - Systemkontrollpunkt
RP1368: 2012-09-19 12:13:59 - Installed HiJackThis
RP1369: 2012-09-20 12:28:14 - Systemkontrollpunkt
RP1370: 2012-09-21 14:53:25 - Systemkontrollpunkt
RP1371: 2012-09-24 11:17:03 - Systemkontrollpunkt
RP1372: 2012-09-24 16:16:15 - Software Distribution Service 3.0
RP1373: 2012-09-26 11:51:50 - Systemkontrollpunkt
RP1374: 2012-09-28 10:37:05 - Systemkontrollpunkt
RP1375: 2012-10-01 11:09:14 - Systemkontrollpunkt
RP1376: 2012-10-02 12:09:57 - Systemkontrollpunkt
RP1377: 2012-10-08 12:09:30 - Systemkontrollpunkt
RP1378: 2012-10-09 12:46:33 - Systemkontrollpunkt
RP1379: 2012-10-10 11:31:22 - Installerad MX-seriens skrivardrivrutin till SHARP
RP1380: 2012-10-10 11:32:41 - Skrivardrivrutinen SHARP MX-2610N PCL6 installerad
RP1381: 2012-10-10 11:42:43 - Java™ 6 Update 11 togs bort
RP1382: 2012-10-11 12:18:35 - Systemkontrollpunkt
RP1383: 2012-10-12 12:22:51 - Systemkontrollpunkt
RP1384: 2012-10-15 10:39:44 - Systemkontrollpunkt
RP1385: 2012-10-16 11:06:46 - Systemkontrollpunkt
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
ABBYY FineReader 5.0 Sprint Plus
ABBYY FineReader 6.0
Adobe Flash Player 10 ActiveX
Adobe Reader 9.5.2 - Svenska
Adobe® Photoshop® Album Starter Edition 3.0
BankID säkerhetsprogram 4.18
Broadcom Advanced Control Suite
Brother HL-2700CN
Bullzip PDF Printer 4.0.0.463
Compatibility Pack för Office 2007-systemet
EPSON Scan
Google Toolbar for Internet Explorer
Google Update Helper
GPL Ghostscript Lite 8.61
Handelsbankens kortläsare
HiJackThis
Hotfix for Windows XP (KB976002-v5)
HP Color LaserJet CP3525 Användarhandbok
HP Color LaserJet CP3525 PCL 6 [HP Color LaserJet CP3525 PCL 6]
HP Color LaserJet CP3525 Skärmteckensnitt
Intel® Graphics Media Accelerator Driver
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java™ 6 Update 3
Java™ 6 Update 35
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1
KU 2006
KU 2007
KU 2008
KU 2009
KU 2010
KU 2011
KU2006Fix
KU2008
Ku2009
lnitzo
Malwarebytes Anti-Malware version 1.65.0.1400
McAfee Avinstallation
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 1.1 Swedish Language Pack
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Converter Pack
Microsoft Office Small Business Edition 2003
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
MSXML 6.0 Parser (KB933579)
OpenOffice.org Installer 1.0
PaperPort 8.0
PowerDVD 5.7
Pyramid Business Studio
QuickTime
Roxio DLA
Roxio Express Labeler
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SearchAssist
SHARP MX-2310/2010/2610/3110/3610 Series PCL/PS Printer Driver
Snabbkorrigering för Windows Internet Explorer 7 (KB947864)
Snabbkorrigering för Windows XP (KB2158563)
Snabbkorrigering för Windows XP (KB2443685)
Snabbkorrigering för Windows XP (KB2570791)
Snabbkorrigering för Windows XP (KB2633952)
Snabbkorrigering för Windows XP (KB2756822)
Snabbkorrigering för Windows XP (KB952287)
Snabbkorrigering för Windows XP (KB970653-v3)
Snabbkorrigering för Windows XP (KB976098-v2)
Snabbkorrigering för Windows XP (KB979306)
Snabbkorrigering för Windows XP (KB981793)
Säkerhetsuppdatering för Microsoft Windows (KB2564958)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB928090)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB929969)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB931768)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB933566)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB937143)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB938127)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB939653)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB942615)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB944533)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB950759)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB953838)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB956390)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB958215)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB960714)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB961260)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB963027)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB969897)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB972260)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2183461)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2360131)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2416400)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2482017)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2497640)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2510531)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2530548)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2544521)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2559049)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2586448)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2618444)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2647516)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2675157)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2699988)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2722913)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2744842)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB971961)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB972260)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB974455)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB976325)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB978207)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB981332)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB982381)
Säkerhetsuppdatering för Windows Media Player (KB2378111)
Säkerhetsuppdatering för Windows Media Player (KB911564)
Säkerhetsuppdatering för Windows Media Player (KB952069)
Säkerhetsuppdatering för Windows Media Player (KB954155)
Säkerhetsuppdatering för Windows Media Player (KB968816)
Säkerhetsuppdatering för Windows Media Player (KB973540)
Säkerhetsuppdatering för Windows Media Player (KB975558)
Säkerhetsuppdatering för Windows Media Player (KB978695)
Säkerhetsuppdatering för Windows Media Player (KB979402)
Säkerhetsuppdatering för Windows Media Player 6.4 (KB925398)
Säkerhetsuppdatering för Windows Media Player 9 (KB917734)
Säkerhetsuppdatering för Windows Media Player 9 (KB936782)
Säkerhetsuppdatering för Windows XP (KB2079403)
Säkerhetsuppdatering för Windows XP (KB2115168)
Säkerhetsuppdatering för Windows XP (KB2121546)
Säkerhetsuppdatering för Windows XP (KB2160329)
Säkerhetsuppdatering för Windows XP (KB2229593)
Säkerhetsuppdatering för Windows XP (KB2259922)
Säkerhetsuppdatering för Windows XP (KB2279986)
Säkerhetsuppdatering för Windows XP (KB2286198)
Säkerhetsuppdatering för Windows XP (KB2296011)
Säkerhetsuppdatering för Windows XP (KB2296199)
Säkerhetsuppdatering för Windows XP (KB2347290)
Säkerhetsuppdatering för Windows XP (KB2360937)
Säkerhetsuppdatering för Windows XP (KB2387149)
Säkerhetsuppdatering för Windows XP (KB2393802)
Säkerhetsuppdatering för Windows XP (KB2412687)
Säkerhetsuppdatering för Windows XP (KB2419632)
Säkerhetsuppdatering för Windows XP (KB2423089)
Säkerhetsuppdatering för Windows XP (KB2436673)
Säkerhetsuppdatering för Windows XP (KB2440591)
Säkerhetsuppdatering för Windows XP (KB2443105)
Säkerhetsuppdatering för Windows XP (KB2476490)
Säkerhetsuppdatering för Windows XP (KB2476687)
Säkerhetsuppdatering för Windows XP (KB2478960)
Säkerhetsuppdatering för Windows XP (KB2478971)
Säkerhetsuppdatering för Windows XP (KB2479628)
Säkerhetsuppdatering för Windows XP (KB2479943)
Säkerhetsuppdatering för Windows XP (KB2481109)
Säkerhetsuppdatering för Windows XP (KB2483185)
Säkerhetsuppdatering för Windows XP (KB2485376)
Säkerhetsuppdatering för Windows XP (KB2485663)
Säkerhetsuppdatering för Windows XP (KB2491683)
Säkerhetsuppdatering för Windows XP (KB2503658)
Säkerhetsuppdatering för Windows XP (KB2503665)
Säkerhetsuppdatering för Windows XP (KB2506212)
Säkerhetsuppdatering för Windows XP (KB2506223)
Säkerhetsuppdatering för Windows XP (KB2507618)
Säkerhetsuppdatering för Windows XP (KB2507938)
Säkerhetsuppdatering för Windows XP (KB2508272)
Säkerhetsuppdatering för Windows XP (KB2508429)
Säkerhetsuppdatering för Windows XP (KB2509553)
Säkerhetsuppdatering för Windows XP (KB2511455)
Säkerhetsuppdatering för Windows XP (KB2524375)
Säkerhetsuppdatering för Windows XP (KB2535512)
Säkerhetsuppdatering för Windows XP (KB2536276-v2)
Säkerhetsuppdatering för Windows XP (KB2536276)
Säkerhetsuppdatering för Windows XP (KB2544893-v2)
Säkerhetsuppdatering för Windows XP (KB2544893)
Säkerhetsuppdatering för Windows XP (KB2555917)
Säkerhetsuppdatering för Windows XP (KB2562937)
Säkerhetsuppdatering för Windows XP (KB2566454)
Säkerhetsuppdatering för Windows XP (KB2567053)
Säkerhetsuppdatering för Windows XP (KB2567680)
Säkerhetsuppdatering för Windows XP (KB2570222)
Säkerhetsuppdatering för Windows XP (KB2570947)
Säkerhetsuppdatering för Windows XP (KB2584146)
Säkerhetsuppdatering för Windows XP (KB2585542)
Säkerhetsuppdatering för Windows XP (KB2592799)
Säkerhetsuppdatering för Windows XP (KB2598479)
Säkerhetsuppdatering för Windows XP (KB2603381)
Säkerhetsuppdatering för Windows XP (KB2618451)
Säkerhetsuppdatering för Windows XP (KB2619339)
Säkerhetsuppdatering för Windows XP (KB2620712)
Säkerhetsuppdatering för Windows XP (KB2621440)
Säkerhetsuppdatering för Windows XP (KB2624667)
Säkerhetsuppdatering för Windows XP (KB2631813)
Säkerhetsuppdatering för Windows XP (KB2633171)
Säkerhetsuppdatering för Windows XP (KB2639417)
Säkerhetsuppdatering för Windows XP (KB2641653)
Säkerhetsuppdatering för Windows XP (KB2646524)
Säkerhetsuppdatering för Windows XP (KB2647518)
Säkerhetsuppdatering för Windows XP (KB2653956)
Säkerhetsuppdatering för Windows XP (KB2655992)
Säkerhetsuppdatering för Windows XP (KB2659262)
Säkerhetsuppdatering för Windows XP (KB2660465)
Säkerhetsuppdatering för Windows XP (KB2661637)
Säkerhetsuppdatering för Windows XP (KB2676562)
Säkerhetsuppdatering för Windows XP (KB2685939)
Säkerhetsuppdatering för Windows XP (KB2686509)
Säkerhetsuppdatering för Windows XP (KB2691442)
Säkerhetsuppdatering för Windows XP (KB2695962)
Säkerhetsuppdatering för Windows XP (KB2698365)
Säkerhetsuppdatering för Windows XP (KB2705219)
Säkerhetsuppdatering för Windows XP (KB2707511)
Säkerhetsuppdatering för Windows XP (KB2709162)
Säkerhetsuppdatering för Windows XP (KB2712808)
Säkerhetsuppdatering för Windows XP (KB2718523)
Säkerhetsuppdatering för Windows XP (KB2719985)
Säkerhetsuppdatering för Windows XP (KB2723135)
Säkerhetsuppdatering för Windows XP (KB2724197)
Säkerhetsuppdatering för Windows XP (KB2731847)
Säkerhetsuppdatering för Windows XP (KB923561)
Säkerhetsuppdatering för Windows XP (KB923689)
Säkerhetsuppdatering för Windows XP (KB923789)
Säkerhetsuppdatering för Windows XP (KB938464)
Säkerhetsuppdatering för Windows XP (KB941569)
Säkerhetsuppdatering för Windows XP (KB946648)
Säkerhetsuppdatering för Windows XP (KB950760)
Säkerhetsuppdatering för Windows XP (KB950762)
Säkerhetsuppdatering för Windows XP (KB950974)
Säkerhetsuppdatering för Windows XP (KB951066)
Säkerhetsuppdatering för Windows XP (KB951376-v2)
Säkerhetsuppdatering för Windows XP (KB951376)
Säkerhetsuppdatering för Windows XP (KB951698)
Säkerhetsuppdatering för Windows XP (KB951748)
Säkerhetsuppdatering för Windows XP (KB952004)
Säkerhetsuppdatering för Windows XP (KB952954)
Säkerhetsuppdatering för Windows XP (KB953839)
Säkerhetsuppdatering för Windows XP (KB954211)
Säkerhetsuppdatering för Windows XP (KB954459)
Säkerhetsuppdatering för Windows XP (KB954600)
Säkerhetsuppdatering för Windows XP (KB955069)
Säkerhetsuppdatering för Windows XP (KB956391)
Säkerhetsuppdatering för Windows XP (KB956572)
Säkerhetsuppdatering för Windows XP (KB956744)
Säkerhetsuppdatering för Windows XP (KB956802)
Säkerhetsuppdatering för Windows XP (KB956803)
Säkerhetsuppdatering för Windows XP (KB956841)
Säkerhetsuppdatering för Windows XP (KB956844)
Säkerhetsuppdatering för Windows XP (KB957095)
Säkerhetsuppdatering för Windows XP (KB957097)
Säkerhetsuppdatering för Windows XP (KB958644)
Säkerhetsuppdatering för Windows XP (KB958687)
Säkerhetsuppdatering för Windows XP (KB958690)
Säkerhetsuppdatering för Windows XP (KB958869)
Säkerhetsuppdatering för Windows XP (KB959426)
Säkerhetsuppdatering för Windows XP (KB960225)
Säkerhetsuppdatering för Windows XP (KB960715)
Säkerhetsuppdatering för Windows XP (KB960803)
Säkerhetsuppdatering för Windows XP (KB960859)
Säkerhetsuppdatering för Windows XP (KB961371)
Säkerhetsuppdatering för Windows XP (KB961373)
Säkerhetsuppdatering för Windows XP (KB961501)
Säkerhetsuppdatering för Windows XP (KB968537)
Säkerhetsuppdatering för Windows XP (KB969059)
Säkerhetsuppdatering för Windows XP (KB969898)
Säkerhetsuppdatering för Windows XP (KB969947)
Säkerhetsuppdatering för Windows XP (KB970238)
Säkerhetsuppdatering för Windows XP (KB970430)
Säkerhetsuppdatering för Windows XP (KB971468)
Säkerhetsuppdatering för Windows XP (KB971486)
Säkerhetsuppdatering för Windows XP (KB971557)
Säkerhetsuppdatering för Windows XP (KB971633)
Säkerhetsuppdatering för Windows XP (KB971657)
Säkerhetsuppdatering för Windows XP (KB971961)
Säkerhetsuppdatering för Windows XP (KB972270)
Säkerhetsuppdatering för Windows XP (KB973346)
Säkerhetsuppdatering för Windows XP (KB973354)
Säkerhetsuppdatering för Windows XP (KB973507)
Säkerhetsuppdatering för Windows XP (KB973525)
Säkerhetsuppdatering för Windows XP (KB973869)
Säkerhetsuppdatering för Windows XP (KB973904)
Säkerhetsuppdatering för Windows XP (KB974112)
Säkerhetsuppdatering för Windows XP (KB974318)
Säkerhetsuppdatering för Windows XP (KB974392)
Säkerhetsuppdatering för Windows XP (KB974571)
Säkerhetsuppdatering för Windows XP (KB975025)
Säkerhetsuppdatering för Windows XP (KB975467)
Säkerhetsuppdatering för Windows XP (KB975560)
Säkerhetsuppdatering för Windows XP (KB975561)
Säkerhetsuppdatering för Windows XP (KB975562)
Säkerhetsuppdatering för Windows XP (KB975713)
Säkerhetsuppdatering för Windows XP (KB977165)
Säkerhetsuppdatering för Windows XP (KB977816)
Säkerhetsuppdatering för Windows XP (KB977914)
Säkerhetsuppdatering för Windows XP (KB978037)
Säkerhetsuppdatering för Windows XP (KB978251)
Säkerhetsuppdatering för Windows XP (KB978262)
Säkerhetsuppdatering för Windows XP (KB978338)
Säkerhetsuppdatering för Windows XP (KB978542)
Säkerhetsuppdatering för Windows XP (KB978601)
Säkerhetsuppdatering för Windows XP (KB978706)
Säkerhetsuppdatering för Windows XP (KB979309)
Säkerhetsuppdatering för Windows XP (KB979482)
Säkerhetsuppdatering för Windows XP (KB979559)
Säkerhetsuppdatering för Windows XP (KB979683)
Säkerhetsuppdatering för Windows XP (KB979687)
Säkerhetsuppdatering för Windows XP (KB980195)
Säkerhetsuppdatering för Windows XP (KB980218)
Säkerhetsuppdatering för Windows XP (KB980232)
Säkerhetsuppdatering för Windows XP (KB980436)
Säkerhetsuppdatering för Windows XP (KB981322)
Säkerhetsuppdatering för Windows XP (KB981852)
Säkerhetsuppdatering för Windows XP (KB981957)
Säkerhetsuppdatering för Windows XP (KB981997)
Säkerhetsuppdatering för Windows XP (KB982132)
Säkerhetsuppdatering för Windows XP (KB982214)
Säkerhetsuppdatering för Windows XP (KB982665)
Säkerhetsuppdatering för Windows XP (KB982802)
Sonic Update Manager
Unifaun WebPrinter
Uppdatering för Microsoft ® Office Outlook ® 2003 med Business Contact Manager
Uppdatering för Windows Internet Explorer 8 (KB973874)
Uppdatering för Windows Internet Explorer 8 (KB976662)
Uppdatering för Windows Internet Explorer 8 (KB976749)
Uppdatering för Windows Internet Explorer 8 (KB980182)
Uppdatering för Windows XP (KB2141007)
Uppdatering för Windows XP (KB2345886)
Uppdatering för Windows XP (KB2467659)
Uppdatering för Windows XP (KB2541763)
Uppdatering för Windows XP (KB2607712)
Uppdatering för Windows XP (KB2616676)
Uppdatering för Windows XP (KB2641690)
Uppdatering för Windows XP (KB2661254-v2)
Uppdatering för Windows XP (KB2718704)
Uppdatering för Windows XP (KB2736233)
Uppdatering för Windows XP (KB2749655)
Uppdatering för Windows XP (KB951072-v2)
Uppdatering för Windows XP (KB951978)
Uppdatering för Windows XP (KB955759)
Uppdatering för Windows XP (KB955839)
Uppdatering för Windows XP (KB967715)
Uppdatering för Windows XP (KB968389)
Uppdatering för Windows XP (KB971029)
Uppdatering för Windows XP (KB971737)
Uppdatering för Windows XP (KB973687)
Uppdatering för Windows XP (KB973815)
URL Assistant
WebFldrs XP
Verktyg för trådlöst LAN via USB 2.0-adapter
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows XP Service Pack 3
WinZip
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:32 AM

Posted 17 October 2012 - 03:17 AM

These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Rizk

Rizk
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 17 October 2012 - 08:44 AM

# AdwCleaner v2.005 - Logfile created 10/17/2012 at 14:26:10
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Lisbeth - D54VBH2J
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Lisbeth\Skrivbord\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [754 octets] - [17/10/2012 14:26:10]

########## EOF - C:\AdwCleaner[S1].txt - [813 octets] ##########



RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Lisbeth [Admin rights]
Mode : Remove -- Date : 10/17/2012 14:37:19

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Octelyhua ("C:\Documents and Settings\Lisbeth\Application Data\Uneziq\ufnue.exe") -> DELETED
[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> REPLACED (1)
[HJ] HKLM\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600JS-75NCB3 +++++
--- User ---
[MBR] 2aceeb356472f441aca2b5ebed6910d8
[BSP] 05d5b0432d1b135b09a13daab8250d5a : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 152539 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt ; RKreport[1].txt

Sorry for no Security Check, not me doing the logs at the moment since I'm traveling. Hope it doesn't ruin it for you.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:32 AM

Posted 17 October 2012 - 01:13 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Rizk

Rizk
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 18 October 2012 - 01:50 AM

ComboFix 12-10-17.05 - Lisbeth 2012-10-18 8:13.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.1014.547 [GMT 2:00]
Körs från: c:\documents and settings\Lisbeth\Skrivbord\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Lisbeth\Application Data\Uneziq
c:\documents and settings\Lisbeth\Application Data\Uneziq\ufnue.exe
c:\documents and settings\Lisbeth\WINDOWS
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((( Filer skapade från 2012-09-18 till 2012-10-18 ))))))))))))))))))))))))))))))
.
.
2012-10-10 09:44 . 2012-10-10 09:43 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-10-10 09:32 . 2012-10-10 09:32 -------- d-----w- c:\program\SHARP
2012-10-10 09:32 . 2008-10-29 14:18 98304 ----a-w- c:\windows\system32\SS0ELMON.dll
2012-10-10 09:32 . 2007-04-17 16:11 45056 ----a-w- c:\windows\system32\SS0EMTNT.dll
2012-10-10 09:32 . 2010-04-21 13:58 163932 ------r- c:\windows\_isusr32.dll
2012-10-10 09:32 . 2010-05-28 15:30 32768 ------w- c:\windows\system32\_isusr2k.dll
2012-10-10 09:31 . 2012-10-10 09:32 -------- d-----w- c:\windows\system32\SCDRV
2012-09-19 10:14 . 2012-09-19 10:14 388096 ----a-r- c:\documents and settings\Lisbeth\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-09-19 10:14 . 2012-09-19 10:14 -------- d-----w- c:\program\Trend Micro
2012-09-19 09:13 . 2012-09-19 09:13 -------- d-----w- c:\documents and settings\Lisbeth\Application Data\Malwarebytes
2012-09-19 09:13 . 2012-09-19 09:15 -------- d-----w- c:\program\Malwarebytes' Anti-Malware
2012-09-19 09:13 . 2012-09-19 09:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-09-19 09:13 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 09:43 . 2007-04-17 06:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-10 09:43 . 2012-01-18 07:12 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-28 15:17 . 2004-09-15 11:18 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:17 . 2004-09-15 11:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:17 . 2004-09-15 11:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-09-15 11:18 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-09-15 11:18 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:27 . 2004-09-15 11:18 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-23 06:27 . 2004-08-04 00:24 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-09 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SoundMAXPnP"="c:\program\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"DVDLauncher"="c:\program\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program\Delade filer\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Adobe Photo Downloader"="c:\program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-07 57344]
"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2007-02-20 282624]
"iTunesHelper"="c:\program\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"PaperPort PTD"="c:\program\Scansoft\PaperPort\pptd40nt.exe" [2002-12-17 45108]
"IndexSearch"="c:\program\Scansoft\PaperPort\IndexSearch.exe" [2002-12-17 36864]
"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"SunJavaUpdateSched"="c:\program\Delade filer\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start-meny\Program\Autostart\
BankID säkerhetsprogram.lnk - c:\program\Personal\bin\Personal.exe [2011-6-13 1087384]
Tjänsthanteraren.lnk - c:\program\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]
Verktyg för trådlöst WLAN via USB 2.0-adapter.lnk - c:\program\Dell Wireless\PRISMCFG.exe [2006-9-27 921704]
WinZip Quick Pick.lnk - c:\program\WinZip\WZQKPICK.EXE [2006-10-31 122880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
2005-12-22 19:08 450646 ----a-w- c:\windows\system32\PRISMAPI.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program\\iTunes\\iTunes.exe"=
.
R2 MBAMScheduler;MBAMScheduler;c:\program\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-19 399432]
R2 MBAMService;MBAMService;c:\program\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-19 676936]
R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [2006-09-27 61526]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-19 22856]
S2 gupdate;Tjänsten Google Update (gupdate);c:\program\Google\Update\GoogleUpdate.exe [2010-11-09 136176]
S3 gupdatem;Tjänsten Google Update (gupdatem);c:\program\Google\Update\GoogleUpdate.exe [2010-11-09 136176]
S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2010-01-22 42368]
S3 UfServer;Unifaun Server System;c:\program\Initzo\UfServer.exe [2005-05-09 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Innehåll i mappen 'Schemalagda aktiviteter':
.
2012-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program\Google\Update\GoogleUpdate.exe [2010-11-09 07:10]
.
2012-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program\Google\Update\GoogleUpdate.exe [2010-11-09 07:10]
.
.
------- Extra genomsökning -------
.
uStart Page = hxxp://www.geocon.se/
uInternet Connection Wizard,ShellNext = hxxp://www.google.se/ig/dell?hl=sv&client=dell-row-rel&channel=se&ibd=6060927
IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: handelsbanken.se
TCP: DhcpNameServer = 192.168.81.1 192.168.81.254 8.8.8.8
DPF: {76392179-60A8-462D-8961-B95C14DAADF4} - hxxps://eredovisning.plusgirot.se/ddrint/content/ddiprintengine.cab
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
.
HKCU-Run-Octelyhua - c:\documents and settings\Lisbeth\Application Data\Uneziq\ufnue.exe
AddRemove-McAfee Uninstall Utility - c:\program\McAfee.com\Shared\mcappins.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-18 08:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLL'er som "laddats" under processer som körs ---------------------
.
- - - - - - - > 'winlogon.exe'(820)
c:\windows\system32\PRISMAPI.DLL
.
Sluttid: 2012-10-18 08:29:33
ComboFix-quarantined-files.txt 2012-10-18 06:29
.
Före genomsökningen: 138 532 331 520 byte ledigt
Efter genomsökningen: 139 123 433 472 byte ledigt
.
WindowsXP-KB310994-SP2-Pro-BootDisk-SVE.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - BAD8BEC2F7EF1227A40593AE4894EB6E

After running Combofix I got a warning about the File Explorer (Utforskaren in swedish) beeing blocked. I got the question if i should keep blocking it.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:32 AM

Posted 18 October 2012 - 02:00 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Rizk

Rizk
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 18 October 2012 - 05:44 AM

09:52:14.0234 2104 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
09:52:14.0437 2104 ============================================================
09:52:14.0437 2104 Current date / time: 2012/10/18 09:52:14.0437
09:52:14.0437 2104 SystemInfo:
09:52:14.0437 2104
09:52:14.0437 2104 OS Version: 5.1.2600 ServicePack: 3.0
09:52:14.0437 2104 Product type: Workstation
09:52:14.0437 2104 ComputerName: D54VBH2J
09:52:14.0437 2104 UserName: Lisbeth
09:52:14.0437 2104 Windows directory: C:\WINDOWS
09:52:14.0437 2104 System windows directory: C:\WINDOWS
09:52:14.0437 2104 Processor architecture: Intel x86
09:52:14.0437 2104 Number of processors: 2
09:52:14.0437 2104 Page size: 0x1000
09:52:14.0437 2104 Boot type: Normal boot
09:52:14.0437 2104 ============================================================
09:52:15.0906 2104 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:52:15.0906 2104 ============================================================
09:52:15.0906 2104 \Device\Harddisk0\DR0:
09:52:15.0906 2104 MBR partitions:
09:52:15.0906 2104 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x129ED876
09:52:15.0906 2104 ============================================================
09:52:15.0937 2104 C: <-> \Device\Harddisk0\DR0\Partition1
09:52:15.0937 2104 ============================================================
09:52:15.0937 2104 Initialize success
09:52:15.0937 2104 ============================================================
09:52:20.0859 2652 ============================================================
09:52:20.0859 2652 Scan started
09:52:20.0859 2652 Mode: Manual;
09:52:20.0859 2652 ============================================================
09:52:21.0765 2652 ================ Scan system memory ========================
09:52:21.0765 2652 System memory - ok
09:52:21.0765 2652 ================ Scan services =============================
09:52:21.0906 2652 Abiosdsk - ok
09:52:21.0937 2652 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
09:52:21.0937 2652 abp480n5 - ok
09:52:21.0968 2652 [ 48547E29772BEFE3C554FF5E4855BF51 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:52:21.0984 2652 ACPI - ok
09:52:22.0015 2652 [ DECEDC736CEF3C0FFF6E981B31E73A61 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
09:52:22.0015 2652 ACPIEC - ok
09:52:22.0046 2652 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
09:52:22.0046 2652 adpu160m - ok
09:52:22.0093 2652 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
09:52:22.0093 2652 aec - ok
09:52:22.0140 2652 [ 2F7F3E8DA380325866E566F5D5EC23D5 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
09:52:22.0140 2652 AegisP - ok
09:52:22.0187 2652 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
09:52:22.0187 2652 AFD - ok
09:52:22.0234 2652 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
09:52:22.0234 2652 agp440 - ok
09:52:22.0250 2652 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
09:52:22.0250 2652 agpCPQ - ok
09:52:22.0281 2652 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
09:52:22.0281 2652 Aha154x - ok
09:52:22.0296 2652 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
09:52:22.0296 2652 aic78u2 - ok
09:52:22.0296 2652 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
09:52:22.0296 2652 aic78xx - ok
09:52:22.0328 2652 [ 7E3C83703327499D0B98AE392FF07EDE ] Alerter C:\WINDOWS\system32\alrsvc.dll
09:52:22.0328 2652 Alerter - ok
09:52:22.0359 2652 [ 5DF46F9AD9C1D611A38AF2ABB9365B5B ] ALG C:\WINDOWS\System32\alg.exe
09:52:22.0359 2652 ALG - ok
09:52:22.0390 2652 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
09:52:22.0390 2652 AliIde - ok
09:52:22.0421 2652 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
09:52:22.0421 2652 alim1541 - ok
09:52:22.0421 2652 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
09:52:22.0437 2652 amdagp - ok
09:52:22.0437 2652 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
09:52:22.0437 2652 amsint - ok
09:52:22.0468 2652 [ 6912D676607594C3554C2E43F4B1FEEE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
09:52:22.0468 2652 AppMgmt - ok
09:52:22.0515 2652 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
09:52:22.0515 2652 asc - ok
09:52:22.0515 2652 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
09:52:22.0515 2652 asc3350p - ok
09:52:22.0531 2652 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
09:52:22.0531 2652 asc3550 - ok
09:52:22.0640 2652 [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
09:52:22.0640 2652 aspnet_state - ok
09:52:22.0687 2652 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:52:22.0687 2652 AsyncMac - ok
09:52:22.0703 2652 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
09:52:22.0703 2652 atapi - ok
09:52:22.0703 2652 Atdisk - ok
09:52:22.0734 2652 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:52:22.0734 2652 Atmarpc - ok
09:52:22.0781 2652 [ 73F7604CFB13A066A93442F431C62C4A ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
09:52:22.0781 2652 AudioSrv - ok
09:52:22.0781 2652 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
09:52:22.0781 2652 audstub - ok
09:52:22.0843 2652 [ 241474D01380E9ED41D4C07F4F5FD401 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
09:52:22.0843 2652 b57w2k - ok
09:52:22.0890 2652 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
09:52:22.0890 2652 Beep - ok
09:52:22.0968 2652 [ 9741942A86E579231D3C41AA51DE042F ] BITS C:\WINDOWS\system32\qmgr.dll
09:52:22.0984 2652 BITS - ok
09:52:23.0031 2652 [ CAC61BDD786A6928989451871FBCEDB8 ] Brother XP spl Service C:\WINDOWS\system32\brsvc01a.exe
09:52:23.0031 2652 Brother XP spl Service - ok
09:52:23.0093 2652 [ 9EF2F9B552CE42DAB5F70A2DBE633316 ] Browser C:\WINDOWS\System32\browser.dll
09:52:23.0093 2652 Browser - ok
09:52:23.0125 2652 [ 2FE6D5BE0629F706197B30C0AA05DE30 ] BrPar C:\WINDOWS\System32\drivers\BrPar.sys
09:52:23.0140 2652 BrPar - ok
09:52:23.0187 2652 [ 3DE014DFC14E8530F3A85572E2763446 ] C-DillaCdaC11BA C:\WINDOWS\system32\drivers\CDAC11BA.EXE
09:52:23.0187 2652 C-DillaCdaC11BA - ok
09:52:23.0359 2652 catchme - ok
09:52:23.0359 2652 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
09:52:23.0375 2652 cbidf - ok
09:52:23.0375 2652 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
09:52:23.0375 2652 cbidf2k - ok
09:52:23.0390 2652 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
09:52:23.0390 2652 cd20xrnt - ok
09:52:23.0437 2652 [ 82C4C6A2343B592C4FD590F625A724A9 ] CdaC15BA C:\WINDOWS\system32\drivers\CDAC15BA.SYS
09:52:23.0437 2652 CdaC15BA - ok
09:52:23.0453 2652 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
09:52:23.0453 2652 Cdaudio - ok
09:52:23.0484 2652 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
09:52:23.0484 2652 Cdfs - ok
09:52:23.0515 2652 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:52:23.0515 2652 Cdrom - ok
09:52:23.0531 2652 Changer - ok
09:52:23.0546 2652 [ 359C676391504438F334478585FD6465 ] CiSvc C:\WINDOWS\system32\cisvc.exe
09:52:23.0546 2652 CiSvc - ok
09:52:23.0578 2652 [ B8345830C5D789D3DA21B91C0C94D086 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
09:52:23.0578 2652 ClipSrv - ok
09:52:23.0593 2652 [ 4C36A458153F8D7329E96192E653CB01 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
09:52:23.0593 2652 CmdIde - ok
09:52:23.0609 2652 COMSysApp - ok
09:52:23.0609 2652 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
09:52:23.0625 2652 Cpqarray - ok
09:52:23.0625 2652 [ 04FD6585508A7320B2C7453CED231D6B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
09:52:23.0625 2652 CryptSvc - ok
09:52:23.0656 2652 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
09:52:23.0656 2652 dac2w2k - ok
09:52:23.0671 2652 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
09:52:23.0671 2652 dac960nt - ok
09:52:23.0718 2652 [ 87DADC3F6E6CD5AAEB913E19CBFF922C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
09:52:23.0750 2652 DcomLaunch - ok
09:52:23.0796 2652 [ 8A87352D9FB9597511C34D0C8C0E7223 ] DELL_A02 C:\WINDOWS\system32\DRIVERS\PRISMA02.sys
09:52:23.0812 2652 DELL_A02 - ok
09:52:23.0859 2652 [ 0CE3FA1C1A6803B34022D6C47273930D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
09:52:23.0859 2652 Dhcp - ok
09:52:23.0906 2652 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
09:52:23.0921 2652 Disk - ok
09:52:23.0968 2652 [ E2D0DE31442390C35E3163C87CB6A9EB ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
09:52:23.0968 2652 DLABOIOM - ok
09:52:23.0984 2652 [ D979BEBCF7EDCC9C9EE1857D1A68C67B ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
09:52:23.0984 2652 DLACDBHM - ok
09:52:23.0984 2652 [ 83545593E297F50A8E2524B4C071A153 ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS
09:52:23.0984 2652 DLADResN - ok
09:52:24.0000 2652 [ 96E01D901CDC98C7817155CC057001BF ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
09:52:24.0000 2652 DLAIFS_M - ok
09:52:24.0000 2652 [ 0A60A39CC5E767980A31CA5D7238DFA9 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
09:52:24.0000 2652 DLAOPIOM - ok
09:52:24.0000 2652 [ 9FE2B72558FC808357F427FD83314375 ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
09:52:24.0000 2652 DLAPoolM - ok
09:52:24.0015 2652 [ 7EE0852AE8907689DF25049DCD2342E8 ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
09:52:24.0015 2652 DLARTL_N - ok
09:52:24.0031 2652 [ F08E1DAFAC457893399E03430A6A1397 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
09:52:24.0046 2652 DLAUDFAM - ok
09:52:24.0046 2652 [ E7D105ED1E694449D444A9933DF8E060 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
09:52:24.0046 2652 DLAUDF_M - ok
09:52:24.0046 2652 dmadmin - ok
09:52:24.0093 2652 [ 80008BD0C19D97B0B3F4D1D9CBF190A8 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
09:52:24.0109 2652 dmboot - ok
09:52:24.0156 2652 [ 41862731F82BE80F0CFBA5D0DA36B683 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
09:52:24.0156 2652 dmio - ok
09:52:24.0171 2652 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
09:52:24.0171 2652 dmload - ok
09:52:24.0171 2652 [ 77DB107FD2D8DE42B3ADC7FCE084F653 ] dmserver C:\WINDOWS\System32\dmserver.dll
09:52:24.0171 2652 dmserver - ok
09:52:24.0187 2652 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
09:52:24.0187 2652 DMusic - ok
09:52:24.0234 2652 [ EFAC4D4C80CCD725CC5BD7D3DBF18C74 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
09:52:24.0234 2652 Dnscache - ok
09:52:24.0281 2652 [ C3C6CF67796ACDD8329CB0E44367A1EB ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
09:52:24.0281 2652 Dot3svc - ok
09:52:24.0312 2652 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
09:52:24.0312 2652 dpti2o - ok
09:52:24.0328 2652 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
09:52:24.0328 2652 drmkaud - ok
09:52:24.0343 2652 [ FD0F95981FEF9073659D8EC58E40AA3C ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
09:52:24.0343 2652 DRVMCDB - ok
09:52:24.0343 2652 [ B4869D320428CDC5EC4D7F5E808E99B5 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
09:52:24.0359 2652 DRVNDDM - ok
09:52:24.0375 2652 [ C6A2DC3AE99C7A462FBFD9D302D4D190 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
09:52:24.0375 2652 E100B - ok
09:52:24.0421 2652 [ D9CABE63AF4BC951302D9E508CB5599A ] EapHost C:\WINDOWS\System32\eapsvc.dll
09:52:24.0421 2652 EapHost - ok
09:52:24.0468 2652 [ BC5287DC6DC7EBB13AA825CAA6482F94 ] ERSvc C:\WINDOWS\System32\ersvc.dll
09:52:24.0468 2652 ERSvc - ok
09:52:24.0515 2652 [ 8870B0C4A094C1CE80CEA6F85FA38FF2 ] Eventlog C:\WINDOWS\system32\services.exe
09:52:24.0531 2652 Eventlog - ok
09:52:24.0578 2652 [ 01CEC6DE315F1A06CE5AA70009C6979E ] EventSystem C:\WINDOWS\system32\Es.dll
09:52:24.0593 2652 EventSystem - ok
09:52:24.0656 2652 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
09:52:24.0656 2652 Fastfat - ok
09:52:24.0718 2652 [ C5684B98920F9BA98D6A33701CA816E6 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
09:52:24.0734 2652 FastUserSwitchingCompatibility - ok
09:52:24.0796 2652 [ FABD828C834C76E71C02A315DDA5AB87 ] Fax C:\WINDOWS\system32\fxssvc.exe
09:52:24.0796 2652 Fax - ok
09:52:24.0796 2652 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
09:52:24.0812 2652 Fdc - ok
09:52:24.0812 2652 [ B66DDB75642F6722468707840C67A394 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
09:52:24.0812 2652 Fips - ok
09:52:24.0859 2652 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:52:24.0859 2652 Flpydisk - ok
09:52:24.0890 2652 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
09:52:24.0890 2652 FltMgr - ok
09:52:24.0890 2652 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:52:24.0890 2652 Fs_Rec - ok
09:52:24.0906 2652 [ 45FC410CFE68FF036AD232A141E69C19 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:52:24.0921 2652 Ftdisk - ok
09:52:24.0968 2652 [ 4AC51459805264AFFD5F6FDFB9D9235F ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
09:52:24.0968 2652 GEARAspiWDM - ok
09:52:25.0015 2652 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:52:25.0015 2652 Gpc - ok
09:52:25.0140 2652 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program\Google\Update\GoogleUpdate.exe
09:52:25.0140 2652 gupdate - ok
09:52:25.0140 2652 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program\Google\Update\GoogleUpdate.exe
09:52:25.0140 2652 gupdatem - ok
09:52:25.0203 2652 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
09:52:25.0203 2652 gusvc - ok
09:52:25.0296 2652 [ 202C95F334C53A5A8BD0D8465512B3F4 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:52:25.0296 2652 helpsvc - ok
09:52:25.0328 2652 [ 71AACE06B5F93CF02D05E4E2EC479AAC ] HidServ C:\WINDOWS\System32\hidserv.dll
09:52:25.0328 2652 HidServ - ok
09:52:25.0328 2652 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:52:25.0328 2652 HidUsb - ok
09:52:25.0359 2652 [ 98580E101404565700FD12E03F7EE056 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
09:52:25.0359 2652 hkmsvc - ok
09:52:25.0390 2652 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
09:52:25.0390 2652 hpn - ok
09:52:25.0437 2652 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
09:52:25.0437 2652 HTTP - ok
09:52:25.0468 2652 [ F504D07CB25D62AB8D079C1F868651AE ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
09:52:25.0468 2652 HTTPFilter - ok
09:52:25.0468 2652 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
09:52:25.0468 2652 i2omgmt - ok
09:52:25.0484 2652 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
09:52:25.0484 2652 i2omp - ok
09:52:25.0500 2652 [ 82E56CD09B2CE1EDEC3FBA9111C7EE3A ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:52:25.0500 2652 i8042prt - ok
09:52:25.0562 2652 [ 9A883C3C4D91292C0D09DE7C728E781C ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
09:52:25.0609 2652 ialm - ok
09:52:25.0656 2652 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
09:52:25.0656 2652 Imapi - ok
09:52:25.0703 2652 [ 891B69C3DE6C55A7868B3BB52BC131AA ] ImapiService C:\WINDOWS\system32\imapi.exe
09:52:25.0718 2652 ImapiService - ok
09:52:25.0750 2652 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
09:52:25.0750 2652 ini910u - ok
09:52:25.0781 2652 [ 3012EE13F357A99361AD8B0D93E13C45 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
09:52:25.0781 2652 IntelIde - ok
09:52:25.0812 2652 [ 02431778E84A525D29929D14BAB71D53 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:52:25.0812 2652 intelppm - ok
09:52:25.0843 2652 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
09:52:25.0843 2652 Ip6Fw - ok
09:52:25.0875 2652 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:52:25.0875 2652 IpFilterDriver - ok
09:52:25.0921 2652 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:52:25.0921 2652 IpInIp - ok
09:52:25.0953 2652 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:52:25.0953 2652 IpNat - ok
09:52:26.0015 2652 [ 688B773BA6074D5E9695EF1886FDCD3E ] iPod Service C:\Program\iPod\bin\iPodService.exe
09:52:26.0015 2652 iPod Service - ok
09:52:26.0062 2652 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:52:26.0062 2652 IPSec - ok
09:52:26.0093 2652 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
09:52:26.0093 2652 IRENUM - ok
09:52:26.0125 2652 [ 48F97C77DAF8811598CFAE21368EACB6 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:52:26.0125 2652 isapnp - ok
09:52:26.0250 2652 [ 0E410EDC8D0527801B899CF29E60597C ] JavaQuickStarterService C:\Program\Java\jre6\bin\jqs.exe
09:52:26.0250 2652 JavaQuickStarterService - ok
09:52:26.0296 2652 [ D655CA94C8E2E0223C1BC28BCD95723A ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:52:26.0296 2652 Kbdclass - ok
09:52:26.0312 2652 [ E1E28876FE7602B0A1D040354DE35C06 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:52:26.0312 2652 kbdhid - ok
09:52:26.0359 2652 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
09:52:26.0359 2652 kmixer - ok
09:52:26.0390 2652 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
09:52:26.0406 2652 KSecDD - ok
09:52:26.0437 2652 [ 2C633A578D5ADAAA821C675D65F959C5 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
09:52:26.0437 2652 lanmanserver - ok
09:52:26.0500 2652 [ EAA41D225B9DA1314E0977C774864430 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
09:52:26.0500 2652 lanmanworkstation - ok
09:52:26.0500 2652 lbrtfdc - ok
09:52:26.0546 2652 [ EE155CF65CDC8BE1B4EFFA24A69FC924 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
09:52:26.0562 2652 LmHosts - ok
09:52:26.0578 2652 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
09:52:26.0578 2652 MBAMProtector - ok
09:52:26.0687 2652 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program\Malwarebytes' Anti-Malware\mbamscheduler.exe
09:52:26.0687 2652 MBAMScheduler - ok
09:52:26.0765 2652 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program\Malwarebytes' Anti-Malware\mbamservice.exe
09:52:26.0796 2652 MBAMService - ok
09:52:26.0890 2652 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
09:52:26.0906 2652 MDM - ok
09:52:26.0968 2652 [ 363E8EBAE26BB8B4987C91B4D3CE0F54 ] Messenger C:\WINDOWS\System32\msgsvc.dll
09:52:26.0968 2652 Messenger - ok
09:52:26.0968 2652 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
09:52:26.0968 2652 mnmdd - ok
09:52:27.0015 2652 [ 2BC41300B822562AC0A524DCDD2DA027 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
09:52:27.0015 2652 mnmsrvc - ok
09:52:27.0062 2652 [ 42CE19726D9C410DFF75D3FF1CC79DB2 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
09:52:27.0062 2652 Modem - ok
09:52:27.0062 2652 [ E0C4C36573BCF0C0D2A1578CAA791F7D ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:52:27.0078 2652 Mouclass - ok
09:52:27.0109 2652 [ 98E474ECF11F1DB62FB072157A95EA83 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:52:27.0109 2652 mouhid - ok
09:52:27.0109 2652 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
09:52:27.0109 2652 MountMgr - ok
09:52:27.0140 2652 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
09:52:27.0140 2652 mraid35x - ok
09:52:27.0171 2652 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:52:27.0171 2652 MRxDAV - ok
09:52:27.0234 2652 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:52:27.0265 2652 MRxSmb - ok
09:52:27.0281 2652 [ 7A73FDEEF6CF45D27EDD73220EAF1C8F ] MSDTC C:\WINDOWS\system32\msdtc.exe
09:52:27.0281 2652 MSDTC - ok
09:52:27.0296 2652 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
09:52:27.0296 2652 Msfs - ok
09:52:27.0296 2652 MSIServer - ok
09:52:27.0312 2652 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:52:27.0312 2652 MSKSSRV - ok
09:52:27.0359 2652 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:52:27.0359 2652 MSPCLOCK - ok
09:52:27.0359 2652 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
09:52:27.0359 2652 MSPQM - ok
09:52:27.0406 2652 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:52:27.0406 2652 mssmbios - ok
09:52:27.0765 2652 [ 21434F791B04CB10FF0F9EAF0DC62F82 ] MSSQL$MICROSOFTSMLBIZ C:\Program\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
09:52:28.0031 2652 MSSQL$MICROSOFTSMLBIZ - ok
09:52:28.0093 2652 [ 1D1B22613EAB9287AF902398867BC93C ] MSSQLServerADHelper C:\Program\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
09:52:28.0109 2652 MSSQLServerADHelper - ok
09:52:28.0125 2652 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
09:52:28.0125 2652 Mup - ok
09:52:28.0156 2652 [ 28D11A2ECDFCB280624BD7006D85C38E ] napagent C:\WINDOWS\System32\qagentrt.dll
09:52:28.0171 2652 napagent - ok
09:52:28.0203 2652 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
09:52:28.0203 2652 NDIS - ok
09:52:28.0250 2652 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:52:28.0250 2652 NdisTapi - ok
09:52:28.0312 2652 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:52:28.0312 2652 Ndisuio - ok
09:52:28.0312 2652 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:52:28.0312 2652 NdisWan - ok
09:52:28.0343 2652 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
09:52:28.0343 2652 NDProxy - ok
09:52:28.0375 2652 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
09:52:28.0390 2652 Net Driver HPZ12 - ok
09:52:28.0406 2652 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
09:52:28.0406 2652 NetBIOS - ok
09:52:28.0437 2652 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
09:52:28.0437 2652 NetBT - ok
09:52:28.0468 2652 [ 5A922C8E35BF372F3DD3EC61345634B7 ] NetDDE C:\WINDOWS\system32\netdde.exe
09:52:28.0468 2652 NetDDE - ok
09:52:28.0468 2652 [ 5A922C8E35BF372F3DD3EC61345634B7 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
09:52:28.0484 2652 NetDDEdsdm - ok
09:52:28.0515 2652 [ FF1805D5DAF41625AF5282750D4A3700 ] Netlogon C:\WINDOWS\system32\lsass.exe
09:52:28.0515 2652 Netlogon - ok
09:52:28.0578 2652 [ 7F791C1C9D3FEC5D3F519C9DB19465D3 ] Netman C:\WINDOWS\System32\netman.dll
09:52:28.0578 2652 Netman - ok
09:52:28.0593 2652 [ D080A76F42DFE1E7AF0C069AE5BAD8FC ] Nla C:\WINDOWS\System32\mswsock.dll
09:52:28.0593 2652 Nla - ok
09:52:28.0625 2652 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
09:52:28.0640 2652 Npfs - ok
09:52:28.0687 2652 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
09:52:28.0687 2652 Ntfs - ok
09:52:28.0703 2652 [ FF1805D5DAF41625AF5282750D4A3700 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
09:52:28.0703 2652 NtLmSsp - ok
09:52:28.0750 2652 [ 5FD9F539BAF23288D131F1B709A62807 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
09:52:28.0765 2652 NtmsSvc - ok
09:52:28.0796 2652 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
09:52:28.0796 2652 Null - ok
09:52:28.0890 2652 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:52:28.0937 2652 nv - ok
09:52:28.0968 2652 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:52:28.0968 2652 NwlnkFlt - ok
09:52:29.0000 2652 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:52:29.0000 2652 NwlnkFwd - ok
09:52:29.0031 2652 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE
09:52:29.0031 2652 ose - ok
09:52:29.0062 2652 [ 19E28ED86E7244D76FDA792C2810188E ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
09:52:29.0062 2652 Parport - ok
09:52:29.0062 2652 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
09:52:29.0062 2652 PartMgr - ok
09:52:29.0093 2652 [ 5CF71E14A108C492C1FB07543D579AF5 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
09:52:29.0109 2652 ParVdm - ok
09:52:29.0109 2652 [ 8A185F0112CF5B42FF1AAFF31B8B3091 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
09:52:29.0109 2652 PCI - ok
09:52:29.0109 2652 PCIDump - ok
09:52:29.0125 2652 [ 239DE4275EE40FDF9912761467025244 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
09:52:29.0125 2652 PCIIde - ok
09:52:29.0140 2652 [ 904053AA6E251C77CF85371CE644CFD7 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
09:52:29.0156 2652 Pcmcia - ok
09:52:29.0156 2652 PDCOMP - ok
09:52:29.0156 2652 PDFRAME - ok
09:52:29.0156 2652 PDRELI - ok
09:52:29.0171 2652 PDRFRAME - ok
09:52:29.0187 2652 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
09:52:29.0187 2652 perc2 - ok
09:52:29.0218 2652 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
09:52:29.0218 2652 perc2hib - ok
09:52:29.0250 2652 [ 8870B0C4A094C1CE80CEA6F85FA38FF2 ] PlugPlay C:\WINDOWS\system32\services.exe
09:52:29.0250 2652 PlugPlay - ok
09:52:29.0265 2652 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
09:52:29.0265 2652 Pml Driver HPZ12 - ok
09:52:29.0265 2652 [ FF1805D5DAF41625AF5282750D4A3700 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
09:52:29.0265 2652 PolicyAgent - ok
09:52:29.0281 2652 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:52:29.0281 2652 PptpMiniport - ok
09:52:29.0343 2652 [ 544BAE47298A4E68C93ED2686A66E0F3 ] PRISMSVC C:\WINDOWS\system32\PRISMSVC.EXE
09:52:29.0343 2652 PRISMSVC - ok
09:52:29.0359 2652 [ FF1805D5DAF41625AF5282750D4A3700 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
09:52:29.0359 2652 ProtectedStorage - ok
09:52:29.0359 2652 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
09:52:29.0359 2652 PSched - ok
09:52:29.0359 2652 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:52:29.0359 2652 Ptilink - ok
09:52:29.0421 2652 [ 7C81AE3C9B82BA2DA437ED4D31BC56CF ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:52:29.0421 2652 PxHelp20 - ok
09:52:29.0437 2652 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
09:52:29.0437 2652 ql1080 - ok
09:52:29.0453 2652 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
09:52:29.0453 2652 Ql10wnt - ok
09:52:29.0453 2652 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
09:52:29.0453 2652 ql12160 - ok
09:52:29.0468 2652 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
09:52:29.0468 2652 ql1240 - ok
09:52:29.0484 2652 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
09:52:29.0484 2652 ql1280 - ok
09:52:29.0484 2652 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:52:29.0484 2652 RasAcd - ok
09:52:29.0515 2652 [ 15D787DFFCE46CFC4C7F567095CE8323 ] RasAuto C:\WINDOWS\System32\rasauto.dll
09:52:29.0515 2652 RasAuto - ok
09:52:29.0562 2652 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:52:29.0562 2652 Rasl2tp - ok
09:52:29.0625 2652 [ 1E86DE6B0DF33953CF9CE449DD6E8442 ] RasMan C:\WINDOWS\System32\rasmans.dll
09:52:29.0625 2652 RasMan - ok
09:52:29.0687 2652 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:52:29.0687 2652 RasPppoe - ok
09:52:29.0687 2652 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
09:52:29.0687 2652 Raspti - ok
09:52:29.0734 2652 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:52:29.0734 2652 Rdbss - ok
09:52:29.0781 2652 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:52:29.0781 2652 RDPCDD - ok
09:52:29.0828 2652 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:52:29.0828 2652 rdpdr - ok
09:52:29.0875 2652 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
09:52:29.0875 2652 RDPWD - ok
09:52:29.0921 2652 [ FE7C16FA5CBC560579C9728534FBAF6F ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
09:52:29.0921 2652 RDSessMgr - ok
09:52:29.0984 2652 [ 97130D37842819FA39FD5F1E90A5D676 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
09:52:29.0984 2652 redbook - ok
09:52:30.0015 2652 [ FCD42D82C6F5E0E1506ECA01D692DDE7 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
09:52:30.0031 2652 RemoteAccess - ok
09:52:30.0062 2652 [ 66BC81FEA0C86632255B696A69BA9827 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
09:52:30.0062 2652 RemoteRegistry - ok
09:52:30.0078 2652 [ 2CFB81B412A5D3CBD55CEFACCB5E2CEE ] RpcLocator C:\WINDOWS\system32\locator.exe
09:52:30.0078 2652 RpcLocator - ok
09:52:30.0125 2652 [ 87DADC3F6E6CD5AAEB913E19CBFF922C ] RpcSs C:\WINDOWS\System32\rpcss.dll
09:52:30.0125 2652 RpcSs - ok
09:52:30.0187 2652 [ 72407E48F912ED57213AE474B8A6798B ] RSVP C:\WINDOWS\system32\rsvp.exe
09:52:30.0187 2652 RSVP - ok
09:52:30.0187 2652 [ FF1805D5DAF41625AF5282750D4A3700 ] SamSs C:\WINDOWS\system32\lsass.exe
09:52:30.0187 2652 SamSs - ok
09:52:30.0234 2652 [ D339F34D824A7D42FF4D61F1D9D06029 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
09:52:30.0250 2652 SCardSvr - ok
09:52:30.0296 2652 [ C7DC69A9D8C9AB2FBCA3238C989D598F ] Schedule C:\WINDOWS\system32\schedsvc.dll
09:52:30.0296 2652 Schedule - ok
09:52:30.0343 2652 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:52:30.0343 2652 Secdrv - ok
09:52:30.0359 2652 [ ED70EB06F13062366B126B1C7475C127 ] seclogon C:\WINDOWS\System32\seclogon.dll
09:52:30.0359 2652 seclogon - ok
09:52:30.0421 2652 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
09:52:30.0453 2652 senfilt - ok
09:52:30.0484 2652 [ EA7B436A948C875DC94C6062FCBBC2D9 ] SENS C:\WINDOWS\system32\sens.dll
09:52:30.0484 2652 SENS - ok
09:52:30.0500 2652 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
09:52:30.0500 2652 serenum - ok
09:52:30.0500 2652 [ F7D35464062EDC08909E568BCD8AE77D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
09:52:30.0500 2652 Serial - ok
09:52:30.0531 2652 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
09:52:30.0531 2652 Sfloppy - ok
09:52:30.0593 2652 [ 30E1A46734BDF836C8770949C86B42A4 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
09:52:30.0609 2652 SharedAccess - ok
09:52:30.0640 2652 [ C5684B98920F9BA98D6A33701CA816E6 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
09:52:30.0656 2652 ShellHWDetection - ok
09:52:30.0656 2652 Simbad - ok
09:52:30.0687 2652 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
09:52:30.0687 2652 sisagp - ok
09:52:30.0734 2652 [ C6D9959E493682F872A639B6EC1B4A08 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
09:52:30.0734 2652 smwdm - ok
09:52:30.0781 2652 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
09:52:30.0781 2652 Sparrow - ok
09:52:30.0812 2652 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
09:52:30.0812 2652 splitter - ok
09:52:30.0859 2652 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
09:52:30.0859 2652 Spooler - ok
09:52:30.0906 2652 [ 352E375AB298C23B0F9BC307652C7F50 ] SQLAgent$MICROSOFTSMLBIZ C:\Program\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE
09:52:30.0921 2652 SQLAgent$MICROSOFTSMLBIZ - ok
09:52:30.0968 2652 [ 1193EF00869F6367367E6E7CB96BE325 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
09:52:30.0968 2652 sr - ok
09:52:31.0015 2652 [ 25EDB60132F9D82CB1B7961C1D0D13F2 ] srservice C:\WINDOWS\system32\srsvc.dll
09:52:31.0015 2652 srservice - ok
09:52:31.0078 2652 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
09:52:31.0093 2652 Srv - ok
09:52:31.0140 2652 [ 53FFC29DC150E0107F28F0A622FF8D1A ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
09:52:31.0140 2652 SSDPSRV - ok
09:52:31.0203 2652 [ 5835D4AD35905215E1059A973B022EA1 ] stisvc C:\WINDOWS\system32\wiaservc.dll
09:52:31.0218 2652 stisvc - ok
09:52:31.0265 2652 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
09:52:31.0265 2652 swenum - ok
09:52:31.0281 2652 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
09:52:31.0281 2652 swmidi - ok
09:52:31.0281 2652 SwPrv - ok
09:52:31.0296 2652 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
09:52:31.0296 2652 symc810 - ok
09:52:31.0328 2652 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
09:52:31.0328 2652 symc8xx - ok
09:52:31.0343 2652 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
09:52:31.0343 2652 sym_hi - ok
09:52:31.0359 2652 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
09:52:31.0359 2652 sym_u3 - ok
09:52:31.0406 2652 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
09:52:31.0406 2652 sysaudio - ok
09:52:31.0421 2652 [ 71A08EEC00A703445A2CBC0E91EF0952 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
09:52:31.0437 2652 SysmonLog - ok
09:52:31.0484 2652 [ 18261106524F7A93CECEACDC03A5B989 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
09:52:31.0500 2652 TapiSrv - ok
09:52:31.0562 2652 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:52:31.0578 2652 Tcpip - ok
09:52:31.0625 2652 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
09:52:31.0625 2652 TDPIPE - ok
09:52:31.0640 2652 [ 4A766448821359DF6A0427A91782385A ] Tdsshbecr C:\WINDOWS\system32\DRIVERS\shbecr.sys
09:52:31.0640 2652 Tdsshbecr - ok
09:52:31.0671 2652 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
09:52:31.0671 2652 TDTCP - ok
09:52:31.0703 2652 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
09:52:31.0703 2652 TermDD - ok
09:52:31.0765 2652 [ F89C53D455420DF4D66E45842FB3A46E ] TermService C:\WINDOWS\System32\termsrv.dll
09:52:31.0781 2652 TermService - ok
09:52:31.0828 2652 [ C5684B98920F9BA98D6A33701CA816E6 ] Themes C:\WINDOWS\System32\shsvcs.dll
09:52:31.0828 2652 Themes - ok
09:52:31.0875 2652 [ CC4C1AAE22088304C715AC9D26F2D4C1 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
09:52:31.0875 2652 TlntSvr - ok
09:52:31.0890 2652 [ 67B0BB00B577D37E54497E5FDFCAADC0 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
09:52:31.0890 2652 TosIde - ok
09:52:31.0906 2652 [ 548867E040CB81A82B5DF09D074F95F8 ] TrkWks C:\WINDOWS\system32\trkwks.dll
09:52:31.0906 2652 TrkWks - ok
09:52:31.0937 2652 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
09:52:31.0937 2652 Udfs - ok
09:52:31.0968 2652 UfServer - ok
09:52:32.0000 2652 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
09:52:32.0000 2652 ultra - ok
09:52:32.0046 2652 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
09:52:32.0046 2652 Update - ok
09:52:32.0109 2652 [ B1222A2302480D56A32C5343150BB16D ] upnphost C:\WINDOWS\System32\upnphost.dll
09:52:32.0125 2652 upnphost - ok
09:52:32.0125 2652 [ 7B07AF3D4545AD6FEE34B5F2EB247C8F ] UPS C:\WINDOWS\System32\ups.exe
09:52:32.0125 2652 UPS - ok
09:52:32.0140 2652 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:52:32.0156 2652 usbccgp - ok
09:52:32.0156 2652 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:52:32.0171 2652 usbehci - ok
09:52:32.0171 2652 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:52:32.0171 2652 usbhub - ok
09:52:32.0218 2652 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:52:32.0218 2652 usbscan - ok
09:52:32.0250 2652 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:52:32.0250 2652 USBSTOR - ok
09:52:32.0281 2652 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:52:32.0281 2652 usbuhci - ok
09:52:32.0281 2652 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
09:52:32.0281 2652 VgaSave - ok
09:52:32.0328 2652 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
09:52:32.0328 2652 viaagp - ok
09:52:32.0343 2652 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
09:52:32.0343 2652 ViaIde - ok
09:52:32.0375 2652 [ 57187EC04878147E1F4F2D9224B12205 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
09:52:32.0375 2652 VolSnap - ok
09:52:32.0421 2652 [ 940950DC9E34B05986BBBB1D1A33B74F ] VSS C:\WINDOWS\System32\vssvc.exe
09:52:32.0437 2652 VSS - ok
09:52:32.0484 2652 [ 4BF06A1DCD6A91C482E79340FEE527CA ] w32time C:\WINDOWS\system32\w32time.dll
09:52:32.0484 2652 w32time - ok
09:52:32.0531 2652 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:52:32.0546 2652 Wanarp - ok
09:52:32.0546 2652 WDICA - ok
09:52:32.0593 2652 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
09:52:32.0593 2652 wdmaud - ok
09:52:32.0656 2652 [ E6DFCADF5089A68ECD288E9A803A892C ] WebClient C:\WINDOWS\System32\webclnt.dll
09:52:32.0656 2652 WebClient - ok
09:52:32.0750 2652 [ CF4E2A27495F7EA6B3128D9A731B3716 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
09:52:32.0750 2652 winmgmt - ok
09:52:32.0812 2652 [ CF8E2625AF439A3F336C499ADE0C4BEC ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
09:52:32.0812 2652 WmdmPmSN - ok
09:52:32.0843 2652 [ B5FF0001533BE01DFBD995D7A60A7DAA ] Wmi C:\WINDOWS\System32\advapi32.dll
09:52:32.0875 2652 Wmi - ok
09:52:32.0875 2652 [ 9BFADC02A9E27BFDFF59E61302F92517 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:52:32.0890 2652 WmiApSrv - ok
09:52:32.0921 2652 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:52:32.0921 2652 WS2IFSL - ok
09:52:32.0953 2652 [ 4AC32513FA47C8219448269BF895FC34 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
09:52:32.0968 2652 wscsvc - ok
09:52:33.0015 2652 [ 4CEAF29D35C2608C6463E80574DDCA10 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
09:52:33.0015 2652 wuauserv - ok
09:52:33.0046 2652 [ 5EC7D7F83640A921B5C616D9650520FD ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
09:52:33.0062 2652 WZCSVC - ok
09:52:33.0078 2652 [ 5B3D475AA8629320686FBFFBE67AB492 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
09:52:33.0093 2652 xmlprov - ok
09:52:33.0093 2652 ================ Scan global ===============================
09:52:33.0140 2652 [ FCCF29A7B803601E170EE8E6C57BFB84 ] C:\WINDOWS\system32\basesrv.dll
09:52:33.0187 2652 [ 86412FDB78ECC79E964645E0196B5CC2 ] C:\WINDOWS\system32\winsrv.dll
09:52:33.0203 2652 [ 86412FDB78ECC79E964645E0196B5CC2 ] C:\WINDOWS\system32\winsrv.dll
09:52:33.0203 2652 [ 8870B0C4A094C1CE80CEA6F85FA38FF2 ] C:\WINDOWS\system32\services.exe
09:52:33.0203 2652 [Global] - ok
09:52:33.0203 2652 ================ Scan MBR ==================================
09:52:33.0234 2652 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
09:52:33.0390 2652 \Device\Harddisk0\DR0 - ok
09:52:33.0390 2652 ================ Scan VBR ==================================
09:52:33.0390 2652 [ B3645DBD8A687764344EBCE905DAAF68 ] \Device\Harddisk0\DR0\Partition1
09:52:33.0390 2652 \Device\Harddisk0\DR0\Partition1 - ok
09:52:33.0390 2652 ============================================================
09:52:33.0390 2652 Scan finished
09:52:33.0390 2652 ============================================================
09:52:33.0406 2708 Detected object count: 0
09:52:33.0406 2708 Actual detected object count: 0
09:58:47.0390 2464 Deinitialize success


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-18 10:05:04
-----------------------------
10:05:04.156 OS Version: Windows 5.1.2600 Service Pack 3
10:05:04.156 Number of processors: 2 586 0x604
10:05:04.156 ComputerName: D54VBH2J UserName: Lisbeth
10:05:04.593 Initialize success
10:08:33.234 AVAST engine defs: 12101701
10:09:14.484 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
10:09:14.484 Disk 0 Vendor: WDC_WD1600JS-75NCB3 10.02E04 Size: 152587MB BusType: 3
10:09:14.500 Disk 0 MBR read successfully
10:09:14.500 Disk 0 MBR scan
10:09:14.546 Disk 0 Windows XP default MBR code
10:09:14.546 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
10:09:14.562 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152539 MB offset 80325
10:09:14.578 Disk 0 scanning sectors +312480315
10:09:14.671 Disk 0 scanning C:\WINDOWS\system32\drivers
10:09:26.984 Service scanning
10:09:43.312 Modules scanning
10:09:47.890 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
10:09:48.750 Disk 0 trace - called modules:
10:09:48.781 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
10:09:48.781 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86535ab8]
10:09:48.781 3 CLASSPNP.SYS[f75fefd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x865e1030]
10:09:49.312 AVAST engine scan C:\WINDOWS
10:10:09.343 AVAST engine scan C:\WINDOWS\system32
10:12:22.578 AVAST engine scan C:\WINDOWS\system32\drivers
10:12:42.718 AVAST engine scan C:\Documents and Settings\Lisbeth
10:20:04.484 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Lisbeth\Skrivbord\MBR.dat"
10:20:04.484 The log file has been saved successfully to "C:\Documents and Settings\Lisbeth\Skrivbord\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:32 AM

Posted 18 October 2012 - 07:36 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Rizk

Rizk
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 18 October 2012 - 09:10 AM

ComboFix 12-10-18.03 - Lisbeth 2012-10-18 15:28:29.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.1014.385 [GMT 2:00]
Körs från: c:\documents and settings\Lisbeth\Skrivbord\ComboFix.exe
Kommandoväxlar som använts :: c:\documents and settings\Lisbeth\Skrivbord\CFScript.txt
.
.
(((((((((((((((((((((((( Filer skapade från 2012-09-18 till 2012-10-18 ))))))))))))))))))))))))))))))
.
.
2012-10-10 09:44 . 2012-10-10 09:43 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-10-10 09:32 . 2012-10-10 09:32 -------- d-----w- c:\program\SHARP
2012-10-10 09:32 . 2008-10-29 14:18 98304 ----a-w- c:\windows\system32\SS0ELMON.dll
2012-10-10 09:32 . 2007-04-17 16:11 45056 ----a-w- c:\windows\system32\SS0EMTNT.dll
2012-10-10 09:32 . 2010-04-21 13:58 163932 ------r- c:\windows\_isusr32.dll
2012-10-10 09:32 . 2010-05-28 15:30 32768 ------w- c:\windows\system32\_isusr2k.dll
2012-10-10 09:31 . 2012-10-10 09:32 -------- d-----w- c:\windows\system32\SCDRV
2012-09-19 10:14 . 2012-09-19 10:14 388096 ----a-r- c:\documents and settings\Lisbeth\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-09-19 10:14 . 2012-09-19 10:14 -------- d-----w- c:\program\Trend Micro
2012-09-19 09:13 . 2012-09-19 09:13 -------- d-----w- c:\documents and settings\Lisbeth\Application Data\Malwarebytes
2012-09-19 09:13 . 2012-09-19 09:15 -------- d-----w- c:\program\Malwarebytes' Anti-Malware
2012-09-19 09:13 . 2012-09-19 09:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-09-19 09:13 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 09:43 . 2007-04-17 06:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-10 09:43 . 2012-01-18 07:12 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-28 15:17 . 2004-09-15 11:18 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:17 . 2004-09-15 11:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:17 . 2004-09-15 11:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-09-15 11:18 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-09-15 11:18 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:27 . 2004-09-15 11:18 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-23 06:27 . 2004-08-04 00:24 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-09 39408]
"Octelyhua"="c:\documents and settings\Lisbeth\Application Data\Uneziq\ufnue.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SoundMAXPnP"="c:\program\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"DVDLauncher"="c:\program\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program\Delade filer\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Adobe Photo Downloader"="c:\program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-07 57344]
"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2007-02-20 282624]
"iTunesHelper"="c:\program\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"PaperPort PTD"="c:\program\Scansoft\PaperPort\pptd40nt.exe" [2002-12-17 45108]
"IndexSearch"="c:\program\Scansoft\PaperPort\IndexSearch.exe" [2002-12-17 36864]
"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"SunJavaUpdateSched"="c:\program\Delade filer\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start-meny\Program\Autostart\
BankID säkerhetsprogram.lnk - c:\program\Personal\bin\Personal.exe [2011-6-13 1087384]
Tjänsthanteraren.lnk - c:\program\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]
Verktyg för trådlöst WLAN via USB 2.0-adapter.lnk - c:\program\Dell Wireless\PRISMCFG.exe [2006-9-27 921704]
WinZip Quick Pick.lnk - c:\program\WinZip\WZQKPICK.EXE [2006-10-31 122880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
2005-12-22 19:08 450646 ----a-w- c:\windows\system32\PRISMAPI.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program\\iTunes\\iTunes.exe"=
.
R2 MBAMScheduler;MBAMScheduler;c:\program\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-19 399432]
R2 MBAMService;MBAMService;c:\program\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-19 676936]
R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [2006-09-27 61526]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-19 22856]
S2 gupdate;Tjänsten Google Update (gupdate);c:\program\Google\Update\GoogleUpdate.exe [2010-11-09 136176]
S3 gupdatem;Tjänsten Google Update (gupdatem);c:\program\Google\Update\GoogleUpdate.exe [2010-11-09 136176]
S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2010-01-22 42368]
S3 UfServer;Unifaun Server System;c:\program\Initzo\UfServer.exe [2005-05-09 45056]
.
--- Övriga tjänster/drivrutiner i minnet ---
.
*NewlyCreated* - 24307095
*NewlyCreated* - 81931343
*NewlyCreated* - ASWMBR
*Deregistered* - 24307095
*Deregistered* - 81931343
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Innehåll i mappen 'Schemalagda aktiviteter':
.
2012-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program\Google\Update\GoogleUpdate.exe [2010-11-09 07:10]
.
2012-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program\Google\Update\GoogleUpdate.exe [2010-11-09 07:10]
.
.
------- Extra genomsökning -------
.
uStart Page = hxxp://www.geocon.se/
uInternet Connection Wizard,ShellNext = hxxp://www.google.se/ig/dell?hl=sv&client=dell-row-rel&channel=se&ibd=6060927
IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: handelsbanken.se
TCP: DhcpNameServer = 192.168.81.1 192.168.81.254 8.8.8.8
DPF: {76392179-60A8-462D-8961-B95C14DAADF4} - hxxps://eredovisning.plusgirot.se/ddrint/content/ddiprintengine.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-18 15:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLL'er som "laddats" under processer som körs ---------------------
.
- - - - - - - > 'winlogon.exe'(820)
c:\windows\system32\PRISMAPI.DLL
.
- - - - - - - > 'explorer.exe'(2956)
c:\windows\system32\webcheck.dll
.
Sluttid: 2012-10-18 15:43:40
ComboFix-quarantined-files.txt 2012-10-18 13:43
ComboFix2.txt 2012-10-18 06:29
.
Före genomsökningen: 139 042 467 840 byte ledigt
Efter genomsökningen: 139 142 889 472 byte ledigt
.
- - End Of File - - 4A2F002518D186726C5D5ED5B8C4E2AE

I can't really say that I have had any problems except that my bank wont let me login.
I can't tell any difference in the computers behavior from before. Do I dare to try to login to my bank again? Last time they froze all cards that had been in use on the computer and sent me new ones. That is what they do if they discover someone with an infection trying to login.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:32 AM

Posted 18 October 2012 - 10:38 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Rizk

Rizk
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 19 October 2012 - 02:44 AM

OTL logfile created on: 2012-10-19 08:01:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Lisbeth\Skrivbord
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

1014,07 Mb Total Physical Memory | 454,50 Mb Available Physical Memory | 44,82% Memory free
2,38 Gb Paging File | 1,99 Gb Available in Paging File | 83,56% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program
Drive C: | 148,96 Gb Total Space | 129,61 Gb Free Space | 87,01% Space Free | Partition Type: NTFS

Computer Name: D54VBH2J | User Name: Lisbeth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Lisbeth\Skrivbord\OTL.exe (OldTimer Tools)
PRC - C:\Program\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program\Delade filer\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program\Delade filer\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program\Personal\bin\Personal.exe (Technology Nexus AB)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program\Dell Wireless\PRISMCFG.exe (Dell Inc.)
PRC - C:\WINDOWS\system32\PRISMSVC.exe (Conexant Systems, Inc.)
PRC - C:\WINDOWS\system32\PRISMSVR.exe (Conexant Systems, Inc.)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program\Delade filer\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_2f836eff\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_b562d4c1\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_31f5873b\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_ea8fdc17\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\custommarshalers\1.0.5000.0__b03f5f7f11d50a3a_33c2a6de\custommarshalers.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_b148cd31\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\pdfshell.SVE ()
MOD - c:\windows\assembly\gac\microsoft.businesssolutions.ecrm.outlookaddin.csutils\2.0.2107.0__31bf3856ad364e35\microsoft.businesssolutions.ecrm.outlookaddin.csutils.dll ()
MOD - c:\windows\assembly\gac\businesslayer\2.0.2107.0__31bf3856ad364e35\businesslayer.dll ()
MOD - c:\windows\assembly\gac\bcmcommon\2.0.2107.0__31bf3856ad364e35\bcmcommon.dll ()
MOD - c:\windows\assembly\gac\dbconfig\2.0.2107.0__31bf3856ad364e35\dbconfig.dll ()
MOD - c:\windows\assembly\gac\microsoft.businesssolutions.ecrm.outlookaddin\2.0.2107.0__31bf3856ad364e35\microsoft.businesssolutions.ecrm.outlookaddin.dll ()
MOD - c:\windows\assembly\gac\bcmres\2.0.2107.0__31bf3856ad364e35\bcmres.dll ()
MOD - c:\windows\assembly\gac\iris.mapi.messagestore\2.0.2107.0__31bf3856ad364e35\iris.mapi.messagestore.dll ()
MOD - c:\windows\assembly\gac\extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll ()
MOD - c:\windows\assembly\gac\microsoft.interop.mapi.impl\2.0.2107.0__31bf3856ad364e35\microsoft.interop.mapi.impl.dll ()
MOD - c:\windows\assembly\gac\microsoft.interop.ecrm.outlook\9.1.0.0__31bf3856ad364e35\microsoft.interop.ecrm.outlook.dll ()
MOD - c:\windows\assembly\gac\microsoft.ecrm.office\2.2.0.0__31bf3856ad364e35\microsoft.ecrm.office.dll ()
MOD - c:\windows\assembly\gac\microsoft.interop.mapi.interfaces\2.0.2107.0__31bf3856ad364e35\microsoft.interop.mapi.interfaces.dll ()
MOD - c:\windows\assembly\gac\microsoft.interop.ecrm.ole\1.0.0.0__31bf3856ad364e35\microsoft.interop.ecrm.ole.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\system.data\1.0.5000.0__b77a5c561934e089\system.data.dll ()
MOD - c:\windows\assembly\gac\microsoft.visualbasic\7.0.5000.0__b03f5f7f11d50a3a\microsoft.visualbasic.dll ()
MOD - c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_sv_b77a5c561934e089\mscorlib.resources.dll ()
MOD - c:\windows\assembly\gac\custommarshalers\1.0.5000.0__b03f5f7f11d50a3a\custommarshalers.dll ()
MOD - c:\windows\assembly\gac\microsoft.visualc\7.0.5000.0__b03f5f7f11d50a3a\microsoft.visualc.dll ()
MOD - C:\Program\Scansoft\PaperPort\BliceCtr.dll ()


========== Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (C-DillaCdaC11BA) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE (C-Dilla Ltd)
SRV - (PRISMSVC) -- C:\WINDOWS\system32\PRISMSVC.exe (Conexant Systems, Inc.)
SRV - (UfServer) -- C:\Program\Initzo\UfServer.exe (Unifaun AB)
SRV - (ose) -- C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (mbr) -- C:\ComboFix\mbr.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Lisbeth\LOKALA~1\Temp\catchme.sys File not found
DRV - (aswMBR) -- C:\DOCUME~1\Lisbeth\LOKALA~1\Temp\aswMBR.sys File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (CdaC15BA) -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS ()
DRV - (Tdsshbecr) -- C:\WINDOWS\system32\drivers\shbecr.sys (Todos Data System AB)
DRV - (DELL_A02) -- C:\WINDOWS\system32\drivers\PRISMA02.sys (Conexant Systems, Inc.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (BrPar) -- C:\WINDOWS\system32\drivers\BRPAR.SYS (Brother Industries Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row-rel&channel=se&ibd=6060927
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.se/ig/dell?hl=sv&client=dell-row-rel&channel=se&ibd=6060927
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row-rel&channel=se&ibd=6060927
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row-rel&channel=se&ibd=6060927
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3998382139-1976069369-1855051364-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.geocon.se/
IE - HKU\S-1-5-21-3998382139-1976069369-1855051364-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3998382139-1976069369-1855051364-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_sv
IE - HKU\S-1-5-21-3998382139-1976069369-1855051364-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program\Personal\bin\np_prsnl.dll (Technology Nexus AB)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2012-10-18 08:24:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program\Delade filer\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program\Delade filer\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program\Delade filer\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-3998382139-1976069369-1855051364-1006..\Run: [Octelyhua] "C:\Documents and Settings\Lisbeth\Application Data\Uneziq\ufnue.exe" File not found
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe (Technology Nexus AB)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Verktyg för trådlöst WLAN via USB 2.0-adapter.lnk = C:\Program\Dell Wireless\PRISMCFG.exe (Dell Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\WinZip Quick Pick.lnk = C:\Program\WinZip\WZQKPICK.EXE (WinZip Computing LP)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3998382139-1976069369-1855051364-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3998382139-1976069369-1855051364-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3998382139-1976069369-1855051364-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3998382139-1976069369-1855051364-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\S-1-5-21-3998382139-1976069369-1855051364-1006\..Trusted Domains: handelsbanken.se ([]* in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {76392179-60A8-462D-8961-B95C14DAADF4} https://eredovisning.plusgirot.se/ddrint/content/ddiprintengine.cab (PrintEngine ActiveX Control v4.2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.81.1 192.168.81.254 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6A1F16E-7F11-4D75-A074-EBEAE07F8B79}: DhcpNameServer = 192.168.81.1 192.168.81.254 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFDC93D1-8FF4-41D7-9619-2B498632FE0F}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program\Delade filer\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program\Delade filer\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program\Delade filer\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PRISMAPI.DLL: DllName - (PRISMAPI.DLL) - C:\WINDOWS\System32\PRISMAPI.dll (Conexant Systems, Inc.)
O24 - Desktop Components:0 (Min aktuella startsida) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Lisbeth\Lokala inställningar\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lisbeth\Lokala inställningar\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004-09-15 13:32:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 60 Days ==========

[2012-10-18 17:55:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lisbeth\Skrivbord\OTL.exe
[2012-10-18 15:25:28 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012-10-18 09:12:46 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Lisbeth\Skrivbord\aswMBR.exe
[2012-10-18 09:12:40 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Lisbeth\Skrivbord\tdsskiller.exe
[2012-10-18 08:09:22 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012-10-18 08:06:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012-10-18 08:06:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012-10-18 08:06:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012-10-18 08:06:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012-10-18 08:05:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-10-18 08:05:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012-10-18 07:44:00 | 004,984,103 | R--- | C] (Swearware) -- C:\Documents and Settings\Lisbeth\Skrivbord\ComboFix.exe
[2012-10-17 14:31:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisbeth\Skrivbord\RK_Quarantine
[2012-10-17 08:36:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Lisbeth\Start-meny\Program\Administrationsverktyg
[2012-10-17 08:13:32 | 000,706,431 | R--- | C] (Swearware) -- C:\Documents and Settings\Lisbeth\Skrivbord\dds.com
[2012-10-10 11:44:05 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012-10-10 11:44:04 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012-10-10 11:44:04 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012-10-10 11:44:04 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012-10-10 11:32:47 | 000,000,000 | ---D | C] -- C:\Program\SHARP
[2012-10-10 11:32:28 | 000,098,304 | ---- | C] (SHARP CORPORATION) -- C:\WINDOWS\System32\SS0ELMON.dll
[2012-10-10 11:32:28 | 000,045,056 | ---- | C] (SHARP CORPORATION) -- C:\WINDOWS\System32\SS0EMTNT.dll
[2012-10-10 11:31:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SCDRV
[2012-09-19 12:14:00 | 000,000,000 | ---D | C] -- C:\Program\Trend Micro
[2012-09-19 12:14:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisbeth\Start-meny\Program\HiJackThis
[2012-09-19 11:13:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisbeth\Application Data\Malwarebytes
[2012-09-19 11:13:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Program\Malwarebytes' Anti-Malware
[2012-09-19 11:13:39 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012-09-19 11:13:39 | 000,000,000 | ---D | C] -- C:\Program\Malwarebytes' Anti-Malware
[2012-09-19 11:13:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012-09-14 13:21:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisbeth\Application Data\Impip
[2012-09-14 13:21:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisbeth\Application Data\Ernuz
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2012-10-18 17:55:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lisbeth\Skrivbord\OTL.exe
[2012-10-18 17:11:00 | 000,000,972 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012-10-18 15:57:18 | 000,002,489 | ---- | M] () -- C:\Documents and Settings\Lisbeth\Skrivbord\Microsoft Office Excel 2003.lnk
[2012-10-18 15:24:33 | 004,984,103 | R--- | M] (Swearware) -- C:\Documents and Settings\Lisbeth\Skrivbord\ComboFix.exe
[2012-10-18 15:22:07 | 000,002,560 | ---- | M] () -- C:\WINDOWS\MKDEWE.TRN
[2012-10-18 13:37:00 | 000,561,199 | ---- | M] () -- C:\Documents and Settings\Lisbeth\Skrivbord\Hi3G_fakt_okt_0761652215.pdf
[2012-10-18 13:33:00 | 000,552,095 | ---- | M] () -- C:\Documents and Settings\Lisbeth\Skrivbord\Hi3G_fakt_okt_0763494432_1_.pdf
[2012-10-18 11:31:23 | 000,000,028 | ---- | M] () -- C:\WINDOWS\KRPREV32.INI
[2012-10-18 11:19:39 | 000,000,266 | ---- | M] () -- C:\Documents and Settings\Lisbeth\Lokala inställningar\Application Data\pbs.ini
[2012-10-18 10:20:04 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Lisbeth\Skrivbord\MBR.dat
[2012-10-18 09:12:46 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Lisbeth\Skrivbord\aswMBR.exe
[2012-10-18 09:12:40 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Lisbeth\Skrivbord\tdsskiller.exe
[2012-10-18 08:24:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012-10-18 08:09:29 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012-10-18 07:59:43 | 000,405,408 | ---- | M] () -- C:\WINDOWS\System32\perfh01D.dat
[2012-10-18 07:59:43 | 000,402,426 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-10-18 07:59:43 | 000,072,366 | ---- | M] () -- C:\WINDOWS\System32\perfc01D.dat
[2012-10-18 07:59:43 | 000,062,032 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-10-18 07:55:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-10-18 07:55:40 | 000,000,968 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012-10-18 07:55:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-10-18 07:55:35 | 1063,399,424 | -HS- | M] () -- C:\hiberfil.sys
[2012-10-17 10:21:16 | 001,425,920 | ---- | M] () -- C:\Documents and Settings\Lisbeth\Skrivbord\RogueKiller.exe
[2012-10-17 10:21:10 | 000,538,941 | ---- | M] () -- C:\Documents and Settings\Lisbeth\Skrivbord\adwcleaner.exe
[2012-10-17 08:32:34 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Lisbeth\defogger_reenable
[2012-10-17 08:13:32 | 000,706,431 | R--- | M] (Swearware) -- C:\Documents and Settings\Lisbeth\Skrivbord\dds.com
[2012-10-17 08:12:56 | 000,881,724 | ---- | M] () -- C:\Documents and Settings\Lisbeth\Skrivbord\SecurityCheck.exe
[2012-10-17 08:12:30 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Lisbeth\Skrivbord\Defogger.exe
[2012-10-16 09:43:58 | 000,061,128 | ---- | M] () -- C:\Documents and Settings\Lisbeth\Skrivbord\Info Tärnby Tullstation.pdf
[2012-10-10 11:46:52 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012-10-10 11:43:34 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012-10-10 11:43:34 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012-10-10 11:43:34 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012-10-10 11:43:34 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012-10-10 11:43:33 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012-10-10 11:43:33 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012-10-10 11:36:02 | 000,426,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-09-19 12:14:37 | 000,002,413 | ---- | M] () -- C:\Documents and Settings\Lisbeth\Skrivbord\HiJackThis.lnk
[2012-09-19 11:15:22 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes Anti-Malware.lnk
[2012-09-19 11:08:10 | 000,212,456 | ---- | M] () -- C:\Documents and Settings\Lisbeth\Lokala inställningar\Application Data\census.cache
[2012-09-19 11:07:59 | 000,173,265 | ---- | M] () -- C:\Documents and Settings\Lisbeth\Lokala inställningar\Application Data\ars.cache
[2012-09-07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012-08-28 20:47:18 | 011,111,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2012-08-28 17:17:32 | 000,916,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2012-08-28 17:17:31 | 001,212,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2012-08-28 17:17:31 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2012-08-28 17:17:31 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2012-08-28 17:17:30 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2012-08-28 17:17:30 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2012-08-28 17:17:30 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2012-08-28 17:17:30 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2012-08-28 17:17:29 | 006,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2012-08-28 17:17:21 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2012-08-28 17:17:21 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2012-08-28 17:17:21 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2012-08-28 17:17:21 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2012-08-28 17:17:20 | 000,521,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012-08-28 17:17:20 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2012-08-28 17:17:20 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2012-08-28 17:17:20 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2012-08-28 17:17:20 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2012-08-28 17:17:19 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2012-08-28 17:17:19 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2012-08-28 17:17:18 | 002,000,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2012-08-28 17:17:17 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2012-08-28 17:17:17 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2012-08-28 17:17:10 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2012-08-28 17:17:09 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2012-08-28 17:17:09 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2012-08-28 14:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2012-08-28 14:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2012-08-28 14:07:32 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2012-08-24 15:53:53 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wintrust.dll
[2012-08-23 08:27:32 | 002,070,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2012-08-23 08:27:30 | 002,193,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2012-08-23 08:27:27 | 002,149,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2012-08-23 08:27:27 | 002,149,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2012-08-23 08:27:26 | 002,028,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2012-08-23 08:27:26 | 002,028,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-10-18 13:37:00 | 000,561,199 | ---- | C] () -- C:\Documents and Settings\Lisbeth\Skrivbord\Hi3G_fakt_okt_0761652215.pdf
[2012-10-18 13:33:00 | 000,552,095 | ---- | C] () -- C:\Documents and Settings\Lisbeth\Skrivbord\Hi3G_fakt_okt_0763494432_1_.pdf
[2012-10-18 10:20:04 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Lisbeth\Skrivbord\MBR.dat
[2012-10-18 08:09:28 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012-10-18 08:09:24 | 000,260,784 | RHS- | C] () -- C:\cmldr
[2012-10-18 08:06:15 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012-10-18 08:06:15 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012-10-18 08:06:15 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012-10-18 08:06:15 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012-10-18 08:06:15 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012-10-17 10:21:16 | 001,425,920 | ---- | C] () -- C:\Documents and Settings\Lisbeth\Skrivbord\RogueKiller.exe
[2012-10-17 10:21:10 | 000,538,941 | ---- | C] () -- C:\Documents and Settings\Lisbeth\Skrivbord\adwcleaner.exe
[2012-10-17 08:32:34 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Lisbeth\defogger_reenable
[2012-10-17 08:12:56 | 000,881,724 | ---- | C] () -- C:\Documents and Settings\Lisbeth\Skrivbord\SecurityCheck.exe
[2012-10-17 08:12:30 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Lisbeth\Skrivbord\Defogger.exe
[2012-10-16 09:43:58 | 000,061,128 | ---- | C] () -- C:\Documents and Settings\Lisbeth\Skrivbord\Info Tärnby Tullstation.pdf
[2012-10-10 11:32:32 | 000,008,698 | R--- | C] () -- C:\WINDOWS\font2.sii
[2012-10-10 11:32:30 | 000,004,907 | R--- | C] () -- C:\WINDOWS\font1.sii
[2012-10-10 11:32:28 | 000,014,148 | ---- | C] () -- C:\WINDOWS\System32\SS0EUD62.MCF
[2012-10-10 11:32:28 | 000,013,425 | ---- | C] () -- C:\WINDOWS\System32\SS0EUD63.MCF
[2012-10-10 11:32:28 | 000,013,425 | ---- | C] () -- C:\WINDOWS\System32\SS0EUD61.MCF
[2012-10-10 11:32:28 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\SS0ELMON.dat
[2012-10-10 11:32:28 | 000,000,074 | ---- | C] () -- C:\WINDOWS\System32\SS0ELMON.mtx
[2012-10-10 11:32:17 | 000,163,932 | R--- | C] () -- C:\WINDOWS\_isusr32.dll
[2012-10-10 11:32:12 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\_isusr2k.dll
[2012-09-19 12:14:00 | 000,002,413 | ---- | C] () -- C:\Documents and Settings\Lisbeth\Skrivbord\HiJackThis.lnk
[2012-09-19 11:13:40 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes Anti-Malware.lnk
[2012-09-19 11:08:10 | 000,212,456 | ---- | C] () -- C:\Documents and Settings\Lisbeth\Lokala inställningar\Application Data\census.cache
[2012-09-19 11:07:59 | 000,173,265 | ---- | C] () -- C:\Documents and Settings\Lisbeth\Lokala inställningar\Application Data\ars.cache
[2012-02-15 08:34:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010-11-02 11:21:24 | 000,008,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\CDAC15BA.SYS
[2010-05-14 07:19:46 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Lisbeth\Lokala inställningar\Application Data\housecall.guid.cache
[2008-11-10 13:23:25 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Lisbeth\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006-10-12 10:46:30 | 000,000,266 | ---- | C] () -- C:\Documents and Settings\Lisbeth\Lokala inställningar\Application Data\pbs.ini
[2006-10-04 15:38:14 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\Lisbeth\intlname.ols
[2006-10-03 11:12:25 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Lisbeth\Lokala inställningar\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2004-09-15 13:39:30 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008-04-14 18:04:47 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-02-09 12:56:00 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008-04-14 18:04:54 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:32 AM

Posted 19 October 2012 - 07:52 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    O4 - HKU\S-1-5-21-3998382139-1976069369-1855051364-1006..\Run: [Octelyhua] "C:\Documents and Settings\Lisbeth\Application Data\Uneziq\ufnue.exe" File not found
    O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Rizk

Rizk
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 19 October 2012 - 08:32 AM

========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3998382139-1976069369-1855051364-1006\Software\Microsoft\Windows\CurrentVersion\Run\\Octelyhua deleted successfully.
Starting removal of ActiveX control {32505657-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wmvadvd.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{32505657-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32505657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{32505657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32505657-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
IP-konfiguration för Windows
DNS-matcharens cacheminne har rensats.
C:\Documents and Settings\Lisbeth\Skrivbord\cmd.bat deleted successfully.
C:\Documents and Settings\Lisbeth\Skrivbord\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administratör

User: All Users

User: Default User

User: Lisbeth
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0,00 mb


[EMPTYFLASH]

User: Administratör

User: All Users

User: Default User

User: Lisbeth
->Flash cache emptied: 4205 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10192012_152733

It does feel like the computer is a little "quicker" now.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users