Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Advanced Credit Card Verification Scam

Started by Pyton , Dec 18 2011 01:52 PM

  • Please log in to reply

#1
Pyton
Posted 18 December 2011 - 01:52 PM

Pyton

    New Member

  • Member
  • Pip
  • 6 posts
Hi all,

to my regret I believe my computer is infected with a Trojan. After some research on the internet I believe it might be a Trojan ZLob. There was a notification of a similar problem. I found that is not easy to remove, unfortunately I do not have the knowledge to remove it myself despite my best (simple) efforts like scanning computer with AVG & S&D. The following is the problem: When ordering some gadgets at my favorite Chinese retailer I went to checkout using my credit card. Payment process was fine, when confirming my data a pop-up appeared. It was meant to be a MasterCard SecureCode pop-up asking for some Advanced Credit Card Verification including my cc-number, cvc, expiry date and even PIN number. I immediately recognized this as being a scam. I believed it to be incorporated in the Chinese site. But after that when paying my Spotify I encountered the same problem, clearly my computer is infected (it's slower than usual as well). I don't trust my computer anymore, banking is now impossible. How can I remove this trojan/virus? Help would be much appreciated (I need to buy christmas gifts for my family ;)). Thank you in advance for you help!!

Greetz from Pyton

Log File:

OTL logfile created on: 18-12-2011 20:39:50 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Pytonius\Mijn documenten\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

990,60 Mb Total Physical Memory | 216,80 Mb Available Physical Memory | 21,89% Memory free
2,33 Gb Paging File | 1,63 Gb Available in Paging File | 70,02% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38,71 Gb Total Space | 5,27 Gb Free Space | 13,61% Space Free | Partition Type: NTFS
Drive D: | 29,08 Gb Total Space | 4,15 Gb Free Space | 14,27% Space Free | Partition Type: NTFS

Computer Name: PYTON | User Name: Pytonius | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-12-18 20:27:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pytonius\Mijn documenten\Downloads\OTL.exe
PRC - [2011-11-10 11:33:44 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011-10-18 10:48:32 | 002,042,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009-10-24 01:46:10 | 000,189,760 | ---- | M] (Solid Documents, LLC) -- C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe
PRC - [2009-09-08 10:31:01 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009-09-08 10:30:54 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009-09-08 10:30:43 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009-09-06 12:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009-01-26 15:31:12 | 005,365,592 | ---- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
PRC - [2008-06-19 18:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008-04-14 18:02:58 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006-04-26 11:37:30 | 000,331,776 | ---- | M] (Atheros Communications, Inc.) -- C:\Program Files\Atheros\ACU.exe
PRC - [2006-01-25 14:23:20 | 000,376,917 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe


========== Modules (No Company Name) ==========

MOD - [2011-11-10 11:33:43 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011-07-06 10:07:49 | 006,271,648 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2009-11-03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009-11-03 15:51:26 | 000,039,712 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
MOD - [2009-10-24 01:46:26 | 000,027,456 | ---- | M] () -- C:\WINDOWS\system32\solidlocalmon.dll
MOD - [2009-09-06 12:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2009-02-27 18:13:06 | 000,311,296 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.NLD
MOD - [2008-09-16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008-06-19 18:35:36 | 000,333,288 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\sqlite3.dll
MOD - [2008-06-19 18:08:52 | 000,197,408 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2008-04-17 20:31:02 | 000,406,528 | ---- | M] () -- C:\Program Files\Photo_Resizer_Pro4\ShellExt4.dll
MOD - [2008-03-05 09:34:32 | 000,795,520 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\Plugins\Fennel.dll
MOD - [2008-03-04 14:52:00 | 000,790,392 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\Plugins\Chai.dll
MOD - [2008-02-26 11:04:40 | 000,717,176 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\Plugins\Mate.dll
MOD - [2007-12-24 01:05:00 | 000,121,344 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll
MOD - [2006-04-27 10:48:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2009-10-24 01:46:10 | 000,189,760 | ---- | M] (Solid Documents, LLC) [Auto | Running] -- C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe -- (SPDFCreatorReadSpool)
SRV - [2009-09-24 10:59:26 | 001,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\WINDOWS\system32\nagasoft\vjocx.dll -- (vvdsvc)
SRV - [2009-09-08 10:30:51 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009-09-08 10:30:43 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009-09-06 12:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008-06-19 18:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2006-12-12 18:27:03 | 000,068,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2006-01-25 14:23:20 | 000,376,917 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (xpsec)
DRV - File not found [Kernel | On_Demand | Running] -- -- (xcpip)
DRV - [2009-11-12 13:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009-09-08 10:31:00 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009-09-08 10:31:00 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009-05-09 11:23:52 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008-06-19 18:07:50 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008-04-13 19:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008-03-29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007-01-18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006-05-09 16:20:00 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006-05-09 16:20:00 | 000,013,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006-02-03 09:43:24 | 000,561,664 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006-01-28 06:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006-01-20 07:27:44 | 000,488,448 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2005-11-15 07:51:22 | 000,010,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2005-03-09 14:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005-01-26 11:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2002-12-16 15:27:52 | 000,231,040 | ---- | M] (Antex Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\AntexWAV.SYS -- (AntexWAV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========



FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Pytonius\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Pytonius\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Pytonius\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-11-10 11:33:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011-06-17 13:44:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pytonius\Application Data\Mozilla\Extensions
[2011-06-17 13:43:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009-06-27 17:49:40 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009-10-21 13:28:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011-11-10 11:33:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011-11-02 17:45:10 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011-11-02 17:45:10 | 000,001,892 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bolcom-nl.xml
[2011-11-02 17:45:10 | 000,004,558 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\marktplaats-nl.xml
[2011-11-02 17:45:10 | 000,001,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-nl.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.co...rchTerms}&meta=
CHR - default_search_provider: suggest_url =
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Pytonius\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\Pytonius\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Pytonius\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Pytonius\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.0.0.6778_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = D:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Pytonius\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\WINDOWS\system32\TVUAx\npTVUAx.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Extension = C:\Documents and Settings\Pytonius\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.0.0.6778_0\

O1 HOSTS File: ([2011-12-18 19:57:24 | 000,439,195 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15105 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [ACU] C:\Program Files\Atheros\ACU.exe (Atheros Communications, Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\VPN Client.lnk = C:\WINDOWS\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1235849988233 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1235850235467 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.c...oad/vexcast.cab (VodClient Control Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 88.159.1.200 88.159.1.201
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3654A981-0F48-4E46-ADBD-14E7282DB01B}: DhcpNameServer = 192.168.1.1 88.159.1.200 88.159.1.201
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Pytonius\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Pytonius\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-07-27 00:05:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7c52a179-cf38-11df-86b2-001636a46811}\Shell\AutoRun\command - "" = F:\APPInst.exe
O33 - MountPoints2\{9b50a776-bd99-11de-8606-0017c4003319}\Shell\Shell00\Command - "" = F:\Start.exe
O33 - MountPoints2\{edcbc239-0c96-11de-85b5-001636804c0c}\Shell - "" = AutoRun
O33 - MountPoints2\{edcbc239-0c96-11de-85b5-001636804c0c}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-12-18 20:21:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2011-12-18 20:21:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\SpywareBlaster
[2011-12-18 20:21:33 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011-12-18 19:47:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Spybot - Search & Destroy
[2011-12-18 19:46:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2011-12-14 14:29:31 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011-12-14 14:29:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pytonius\Menu Start\Programma's\HiJackThis
[2011-12-12 21:48:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011-12-07 01:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pytonius\Application Data\Ykbayg
[2011-12-07 01:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pytonius\Application Data\Bopu
[2011-12-03 18:11:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pytonius\Application Data\Canneverbe Limited
[2011-11-20 20:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Google Earth
[2011-11-19 14:42:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pytonius\Application Data\Help
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Pytonius\Bureaublad\*.tmp files -> C:\Documents and Settings\Pytonius\Bureaublad\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-12-18 20:31:09 | 000,001,048 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011-12-18 20:12:02 | 000,001,148 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1614895754-839522115-1003UA.job
[2011-12-18 19:57:24 | 000,439,195 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011-12-18 19:47:09 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Pytonius\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011-12-18 18:02:41 | 087,749,676 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011-12-18 15:23:21 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-12-18 15:22:37 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\VPN Client.lnk
[2011-12-18 15:22:33 | 000,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011-12-18 15:22:22 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011-12-18 15:22:21 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011-12-18 15:22:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-12-17 16:11:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011-12-17 14:32:57 | 000,002,541 | ---- | M] () -- C:\Documents and Settings\Pytonius\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2011-12-16 18:56:49 | 000,737,790 | ---- | M] () -- C:\Documents and Settings\Pytonius\Bureaublad\apa.pdf
[2011-12-16 00:12:00 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1614895754-839522115-1003Core.job
[2011-12-15 12:41:49 | 000,298,048 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-12-15 12:23:10 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011-12-14 14:30:00 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\Pytonius\Bureaublad\HiJackThis.lnk
[2011-12-13 12:17:46 | 000,125,952 | ---- | M] () -- C:\Documents and Settings\Pytonius\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-12-12 21:51:50 | 000,000,223 | RHS- | M] () -- C:\boot.ini
[2011-12-03 18:10:55 | 000,001,596 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureaublad\CDBurnerXP.lnk
[2011-12-03 17:51:44 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\expressburnSevenDays.job
[2011-11-22 11:35:29 | 000,502,884 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2011-11-22 11:35:29 | 000,436,042 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-11-22 11:35:29 | 000,087,918 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2011-11-22 11:35:29 | 000,068,938 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-11-20 20:36:12 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureaublad\Google Earth.lnk
[2011-11-19 01:26:55 | 006,860,960 | ---- | M] (Spotify Ltd) -- C:\Documents and Settings\Pytonius\Bureaublad\spotify.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Pytonius\Bureaublad\*.tmp files -> C:\Documents and Settings\Pytonius\Bureaublad\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-12-18 19:47:09 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Pytonius\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011-12-16 18:56:49 | 000,737,790 | ---- | C] () -- C:\Documents and Settings\Pytonius\Bureaublad\apa.pdf
[2011-12-14 14:29:31 | 000,002,453 | ---- | C] () -- C:\Documents and Settings\Pytonius\Bureaublad\HiJackThis.lnk
[2011-12-03 18:10:55 | 000,001,596 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureaublad\CDBurnerXP.lnk
[2011-12-03 18:10:55 | 000,001,556 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\CDBurnerXP.lnk
[2011-12-03 17:51:43 | 000,000,298 | ---- | C] () -- C:\WINDOWS\tasks\expressburnSevenDays.job
[2011-12-03 17:51:37 | 000,000,861 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Express Burn Disc Burning Software.lnk
[2011-11-20 20:36:12 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureaublad\Google Earth.lnk
[2011-06-17 13:43:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011-03-10 01:42:15 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010-12-15 01:21:25 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Robota.INI
[2010-12-15 01:09:59 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2010-12-08 15:57:42 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010-06-26 11:10:16 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-06-09 13:58:45 | 000,124,368 | ---- | C] () -- C:\WINDOWS\HPHins15.dat
[2010-06-09 13:58:45 | 000,002,885 | ---- | C] () -- C:\WINDOWS\hphmdl15.dat
[2010-06-08 20:26:18 | 000,000,679 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010-06-08 16:39:32 | 000,027,456 | ---- | C] () -- C:\WINDOWS\System32\solidlocalmon.dll
[2010-06-08 16:39:32 | 000,018,752 | ---- | C] () -- C:\WINDOWS\System32\solidlocalui.dll
[2010-04-16 19:41:37 | 000,000,122 | ---- | C] () -- C:\WINDOWS\WA.INI
[2010-04-14 12:40:51 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2010-04-14 12:40:51 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2010-04-14 12:40:51 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2010-04-14 11:45:24 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2010-04-14 11:45:24 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2009-10-15 15:30:38 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009-08-03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009-08-03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009-03-01 00:26:09 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2009-03-01 00:26:09 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2009-03-01 00:26:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2009-03-01 00:26:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll
[2009-03-01 00:26:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll
[2009-03-01 00:26:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2009-02-28 23:54:30 | 000,000,395 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-02-28 20:55:05 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009-02-28 20:35:03 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2009-02-28 20:27:24 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2009-02-28 19:49:20 | 000,125,952 | ---- | C] () -- C:\Documents and Settings\Pytonius\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-02-28 19:34:08 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009-02-28 19:29:43 | 000,298,048 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-02-28 18:52:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009-02-28 18:44:17 | 000,021,748 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008-06-19 18:08:52 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008-06-19 18:08:44 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007-09-25 11:44:47 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006-04-27 10:48:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006-04-27 10:48:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006-04-27 10:48:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006-04-27 10:48:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006-04-27 10:48:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006-04-27 10:48:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006-04-27 10:48:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006-04-27 10:48:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004-02-11 12:22:58 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\CDVPreviewEx.dll
[2003-04-07 13:10:22 | 000,005,443 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001-09-07 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001-09-07 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001-09-07 13:00:00 | 000,502,884 | ---- | C] () -- C:\WINDOWS\System32\perfh013.dat
[2001-09-07 13:00:00 | 000,436,042 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001-09-07 13:00:00 | 000,318,670 | ---- | C] () -- C:\WINDOWS\System32\perfi013.dat
[2001-09-07 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001-09-07 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001-09-07 13:00:00 | 000,087,918 | ---- | C] () -- C:\WINDOWS\System32\perfc013.dat
[2001-09-07 13:00:00 | 000,068,938 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001-09-07 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001-09-07 13:00:00 | 000,039,178 | ---- | C] () -- C:\WINDOWS\System32\perfd013.dat
[2001-09-07 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001-09-07 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001-09-07 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001-09-07 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2009-10-15 15:33:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Canneverbe Limited
[2011-04-13 13:47:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallMate
[2010-12-15 01:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MAGIX
[2011-11-02 17:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MGS
[2011-04-13 13:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Premium
[2010-04-14 11:51:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SafeNet Sentinel
[2010-06-08 16:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SolidDocuments
[2010-04-14 11:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SPSS
[2011-12-18 20:21:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2010-01-23 16:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011-12-09 18:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pytonius\Application Data\Bopu
[2011-12-03 18:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pytonius\Application Data\Canneverbe Limited
[2010-10-06 17:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pytonius\Application Data\ConceptDraw Project 5
[2009-11-05 16:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pytonius\Application Data\CSOdessa
[2011-02-02 17:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pytonius\Application Data\DVDVideoSoftIEHelpers
[2011-12-13 16:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pytonius\Application Data\FileZilla
[2010-10-28 13:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pytonius\Application Data\Free Sound Recorder
[2011-04-05 17:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pytonius\Application Data\GetRightToGo
[2009-05-14 20:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pytonius\Application Data\InfraRecorder
[2010-12-15 01:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pytonius\Application Data\MAGIX
[2010-12-15 00:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pytonius\Application Data\NetMedia Providers
[2009-03-01 23:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pytonius\Application Data\OfficeUpdate12
[2010-12-15 00:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pytonius\Application Data\Publish Providers
[2010-01-21 14:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pytonius\Application Data\Serif
[2011-12-18 15:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pytonius\Application Data\SolidDocuments
[2011-12-17 00:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pytonius\Application Data\Spotify
[2011-05-17 14:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pytonius\Application Data\SPSSInc
[2011-05-16 11:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pytonius\Application Data\Unity
[2011-06-02 00:24:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pytonius\Application Data\VSO
[2011-12-10 10:46:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pytonius\Application Data\Ykbayg
[2011-12-03 17:51:44 | 000,000,298 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnSevenDays.job
[2011-12-18 15:22:21 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2010-05-03 15:19:03 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\zuluShakeIcon.job

========== Purity Check ==========



< End of report >

Edited by Pyton, 18 December 2011 - 03:46 PM.

  • 0

Advertisements

#2
RKinner
Posted 18 December 2011 - 03:58 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
I'm going to have OTL try to take out two stealth drivers. Sometimes when it does that it will lock up the system and you will need to hold the power button down for 10 seconds in order to shut it down manually but it should come back without a problem.

Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:Services
xpsec
xcpip

:OTL
DRV - File not found [Kernel | On_Demand | Running] -- -- (xpsec)
DRV - File not found [Kernel | On_Demand | Running] -- -- (xcpip)
O33 - MountPoints2\{7c52a179-cf38-11df-86b2-001636a46811}\Shell\AutoRun\command - "" = F:\APPInst.exe
O33 - MountPoints2\{9b50a776-bd99-11de-8606-0017c4003319}\Shell\Shell00\Command - "" = F:\Start.exe
O33 - MountPoints2\{edcbc239-0c96-11de-85b5-001636804c0c}\Shell - "" = AutoRun
O33 - MountPoints2\{edcbc239-0c96-11de-85b5-001636804c0c}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
2011-12-07 01:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pytonius\Application Data\Ykbayg
[2011-12-07 01:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pytonius\Application Data\Bopu

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
sc config xpsec start= disabled /c
sc config xcpip start= disabled /c
     
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[RESETHOSTS]
[purity]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.



Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan - Tell it not to download the database.
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Your AVG is hopelessly out of date. Let's replace it with the free Avast.

Download and save the AVG removal tool
http://download.avg....6_2011_1184.exe

Download and save the free Avast installer.
http://www.avast.com...ivirus-download
Uninstall AVG

Run the Avg Remover

Reboot

Install Avast. (Register when it asks you - they will try to talk you in to buying the full product but the free version is what we want.)
Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It will take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?

I think on XP systems the log file can be found in text form in C:\Documents and Settings\All Users\Application Data\AVAST (or sometimes Alwil) Software\Avast\report\boot.txt so if it found something and you can find the log please copy and paste it.

Open OTL again and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.
Are you still seeing the fake page?

Ron
  • 0

#3
Pyton
Posted 19 December 2011 - 04:32 AM

Pyton

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Dear Ron,

Thank you very much for your help, you are a legend! I've completed all the steps you described. Unfortunately I blocked my credit card, so I'll try another card to check if the screen is still present. I understand this is crucial in the process but I am afraid I'll have to get back to you on this tonight. The logs (which are multiple) are the following (the final 2 OTL Logs are attached to this message).

Logs:

========== PROCESSES ==========
All processes killed
========== SERVICES/DRIVERS ==========
Error: Unable to stop service xpsec!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xpsec deleted successfully.
Error: Unable to stop service xcpip!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xcpip deleted successfully.
========== OTL ==========
Error: Unable to stop service xpsec!
Service\Driver key xpsec not found.
Error: Unable to stop service xcpip!
Service\Driver key xcpip not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c52a179-cf38-11df-86b2-001636a46811}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c52a179-cf38-11df-86b2-001636a46811}\ not found.
File F:\APPInst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b50a776-bd99-11de-8606-0017c4003319}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9b50a776-bd99-11de-8606-0017c4003319}\ not found.
File F:\Start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{edcbc239-0c96-11de-85b5-001636804c0c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{edcbc239-0c96-11de-85b5-001636804c0c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{edcbc239-0c96-11de-85b5-001636804c0c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{edcbc239-0c96-11de-85b5-001636804c0c}\ not found.
File F:\LaunchU3.exe -a not found.
C:\Documents and Settings\Pytonius\Application Data\Bopu folder moved successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 bestand(en) gekopieerd
C:\Documents and Settings\Pytonius\Mijn documenten\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Pytonius\Mijn documenten\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 bestand(en) gekopieerd
C:\Documents and Settings\Pytonius\Mijn documenten\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Pytonius\Mijn documenten\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 bestand(en) gekopieerd
C:\Documents and Settings\Pytonius\Mijn documenten\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Pytonius\Mijn documenten\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 bestand(en) gekopieerd
C:\Documents and Settings\Pytonius\Mijn documenten\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Pytonius\Mijn documenten\Downloads\cmd.txt deleted successfully.
< sc config xpsec start= disabled /c >
[SC] ChangeServiceConfig FAILED 2:
Het systeem kan het opgegeven bestand niet vinden.
C:\Documents and Settings\Pytonius\Mijn documenten\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Pytonius\Mijn documenten\Downloads\cmd.txt deleted successfully.
< sc config xcpip start= disabled /c >
[SC] ChangeServiceConfig FAILED 2:
Het systeem kan het opgegeven bestand niet vinden.
C:\Documents and Settings\Pytonius\Mijn documenten\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Pytonius\Mijn documenten\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 348 bytes

User: All Users

User: All Users.WINDOWS

User: Default User
->Flash cache emptied: 348 bytes

User: Default User.WINDOWS

User: LocalService

User: LocalService.NT AUTHORITY

User: NetworkService

User: NetworkService.NT AUTHORITY

User: Pytonius
->Flash cache emptied: 1958282 bytes

User: s913131
->Flash cache emptied: 28850 bytes

Total Flash Files Cleaned = 2,00 mb


[EMPTYJAVA]

User: Administrator
->Java cache emptied: 2378 bytes

User: All Users

User: All Users.WINDOWS

User: Default User
->Java cache emptied: 2378 bytes

User: Default User.WINDOWS

User: LocalService

User: LocalService.NT AUTHORITY

User: NetworkService

User: NetworkService.NT AUTHORITY

User: Pytonius
->Java cache emptied: 15173900 bytes

User: s913131
->Java cache emptied: 2700804 bytes

Total Java Files Cleaned = 17,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 12182011_230530

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

MALWARE LOG:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Databaseversie: 8393

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

18-12-2011 23:51:38
mbam-log-2011-12-18 (23-51-38).txt

Scantype: Snelle scan
Objecten gescand: 267047
Verstreken tijd: 31 minuut/minuten, 7 seconde(n)

Geheugenprocessen geďnfecteerd: 0
Geheugenmodulen geďnfecteerd: 0
Registersleutels geďnfecteerd: 0
Registerwaarden geďnfecteerd: 0
Registerdata geďnfecteerd: 0
Mappen geďnfecteerd: 0
Bestanden geďnfecteerd: 3

Geheugenprocessen geďnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geďnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geďnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geďnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerdata geďnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen geďnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden geďnfecteerd:
c:\documents and settings\Pytonius\mijn documenten\downloads\casinouk(1).exe (PUP.Casino.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Pytonius\mijn documenten\downloads\CasinoUK.exe (PUP.Casino.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Pytonius\mijn documenten\downloads\setupcasino_8ffff6_nl.exe (PUP.Casino) -> Quarantined and deleted successfully.

COMBOFIX LOG:

ComboFix 11-12-18.01 - Pytonius 19-12-2011 0:09.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.991.596 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Pytonius\Bureaublad\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Pytonius\WINDOWS
c:\documents and settings\s913131\WINDOWS
c:\windows\alcrmv.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\Nagasoft
c:\windows\system32\Nagasoft\Codecs\asyncflt.ax
c:\windows\system32\Nagasoft\Codecs\atrc.dll
c:\windows\system32\Nagasoft\Codecs\cook.dll
c:\windows\system32\Nagasoft\Codecs\drvc.dll
c:\windows\system32\Nagasoft\Codecs\raac.dll
c:\windows\system32\Nagasoft\Codecs\RealMediaSplitter.ax
c:\windows\system32\Nagasoft\Codecs\WMFDemux.dll
c:\windows\system32\Nagasoft\GifShower.dll
c:\windows\system32\Nagasoft\vjocx.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_vvdsvc
-------\Legacy_vvdsvc
-------\Service_vvdsvc
-------\Service_vvdsvc
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-11-18 to 2011-12-18 ))))))))))))))))))))))))))))))
.
.
2011-12-18 22:18 . 2011-12-18 22:18 -------- d-----w- c:\documents and settings\Pytonius\Application Data\Malwarebytes
2011-12-18 22:17 . 2011-12-18 22:17 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2011-12-18 22:17 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-18 22:17 . 2011-12-18 22:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-18 22:05 . 2011-12-18 22:05 -------- d-----w- C:\_OTL
2011-12-18 19:21 . 2011-12-18 19:23 -------- d-----w- c:\program files\SpywareBlaster
2011-12-18 18:46 . 2011-12-18 19:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2011-12-14 13:29 . 2011-12-14 13:29 388096 ----a-r- c:\documents and settings\Pytonius\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-14 13:29 . 2011-12-14 13:29 -------- d-----w- c:\program files\Trend Micro
2011-12-07 00:19 . 2011-12-10 09:46 -------- d-----w- c:\documents and settings\Pytonius\Application Data\Ykbayg
2011-12-03 17:11 . 2011-12-03 17:11 -------- d-----w- c:\documents and settings\Pytonius\Application Data\Canneverbe Limited
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 14:40 . 2001-09-07 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys
2011-11-01 16:07 . 2001-09-07 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 23:37 . 2001-09-07 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-10-31 23:37 . 2001-09-07 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-10-31 23:37 . 2004-08-04 08:03 78336 ------w- c:\windows\system32\ieencode.dll
2011-10-31 23:37 . 2001-09-07 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-10-28 05:32 . 2001-09-07 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:50 . 2001-09-07 12:00 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 10:50 . 2001-09-06 19:53 2031616 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2004-08-04 08:03 186880 ------w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2009-02-28 17:45 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2002-09-23 14:11 602624 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 17:59 614912 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2001-09-07 12:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2001-09-07 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-11-10 10:33 . 2011-06-17 12:43 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-04-27 7561216]
"nwiz"="nwiz.exe" [2006-04-27 1519616]
"ACU"="c:\program files\Atheros\ACU.exe" [2006-04-26 331776]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-28 766041]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-02-03 61952]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\
VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [2010-3-3 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Wave"=AntexWAV.DLL
"Midi"=AntexWAV.DLL
"Mixer"=AntexWAV.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-17 08:51 136176 ----atw- c:\documents and settings\Pytonius\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"Macromedia Licensing Service"=3 (0x3)
"idsvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"Bonjour Service"=2 (0x2)
"avg8emc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"d:\\Transcriptiesoftware\\f4-v4-pc\\f4-v4.0.1\\F4.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\SPSSWinWrapIDE.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.com"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Pytonius\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\Pytonius\\Bureaublad\\spotify.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\spssengine.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [18-12-2011 23:17 366152]
R2 SPDFCreatorReadSpool;SolidPDFCreatorReadSpool;c:\program files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe [24-10-2009 1:46 189760]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [18-12-2011 23:17 22216]
R3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
R3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S3 AntexWAV;Antex Digital Audio Driver;c:\windows\system32\drivers\AntexWAV.sys [28-2-2009 22:31 231040]
S3 k4x42.sys;k4x42.sys;\??\c:\windows\system32\drivers\k4x42.sys --> c:\windows\system32\drivers\k4x42.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7-7-2010 17:36 136176]
S4 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7-7-2010 17:36 136176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Inhoud van de 'Gedeelde Taken' map
.
2011-12-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-12-03 c:\windows\Tasks\expressburnSevenDays.job
- c:\program files\NCH Software\ExpressBurn\expressburn.exe [2011-12-03 16:51]
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-07 16:36]
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-07 16:36]
.
2011-12-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1614895754-839522115-1003Core.job
- c:\documents and settings\Pytonius\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-17 08:51]
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1614895754-839522115-1003UA.job
- c:\documents and settings\Pytonius\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-17 08:51]
.
2011-12-18 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
2010-05-03 c:\windows\Tasks\zuluShakeIcon.job
- c:\program files\NCH Software\Zulu\zulu.exe [2010-04-16 21:46]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 88.159.1.200 88.159.1.201
FF - ProfilePath - c:\documents and settings\Pytonius\Application Data\Mozilla\Firefox\Profiles\svx4vcd5.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
------- Bestandsassociaties -------
.
.txt=
.
- - - - ORPHANS VERWIJDERD - - - -
.
Notify-avgrsstarter - avgrsstx.dll
MSConfigStartUp-{9943CCBD-70B8-C039-A1A4-00FFCDB17A07} - c:\documents and settings\Pytonius\Application Data\Ykbayg\nifup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-19 00:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|˙˙˙˙¤•€|ů•9~*]
"3140111900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(220)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\System32\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\System32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Voltooingstijd: 2011-12-19 00:54:51 - machine werd herstart
ComboFix-quarantined-files.txt 2011-12-18 23:54
.
Pre-Run: 5.936.238.592 bytes beschikbaar
Post-Run: 6.862.671.872 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /usepmtimer /NoExecute=OptIn
.
- - End Of File - - F444A7FB55551FEB6848E0BA1752E523

TDSS LOG:

01:02:35.0921 4064 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
01:02:36.0015 4064 ============================================================
01:02:36.0015 4064 Current date / time: 2011/12/19 01:02:36.0015
01:02:36.0015 4064 SystemInfo:
01:02:36.0015 4064
01:02:36.0015 4064 OS Version: 5.1.2600 ServicePack: 3.0
01:02:36.0015 4064 Product type: Workstation
01:02:36.0015 4064 ComputerName: PYTON
01:02:36.0015 4064 UserName: Pytonius
01:02:36.0015 4064 Windows directory: C:\WINDOWS
01:02:36.0015 4064 System windows directory: C:\WINDOWS
01:02:36.0015 4064 Processor architecture: Intel x86
01:02:36.0015 4064 Number of processors: 2
01:02:36.0015 4064 Page size: 0x1000
01:02:36.0015 4064 Boot type: Normal boot
01:02:36.0015 4064 ============================================================
01:02:37.0000 4064 Initialize success
01:02:38.0593 2904 ============================================================
01:02:38.0593 2904 Scan started
01:02:38.0593 2904 Mode: Manual;
01:02:38.0593 2904 ============================================================
01:02:39.0625 2904 Abiosdsk - ok
01:02:39.0656 2904 abp480n5 - ok
01:02:39.0781 2904 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
01:02:39.0796 2904 ACPI - ok
01:02:39.0812 2904 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
01:02:39.0812 2904 ACPIEC - ok
01:02:39.0859 2904 adpu160m - ok
01:02:39.0921 2904 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
01:02:39.0921 2904 aec - ok
01:02:39.0984 2904 AegisP (91f3df93f40a74d222cd166fe95db633) C:\WINDOWS\system32\DRIVERS\AegisP.sys
01:02:39.0984 2904 AegisP - ok
01:02:40.0046 2904 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
01:02:40.0062 2904 AFD - ok
01:02:40.0078 2904 Aha154x - ok
01:02:40.0093 2904 aic78u2 - ok
01:02:40.0125 2904 aic78xx - ok
01:02:40.0156 2904 AliIde - ok
01:02:40.0218 2904 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
01:02:40.0234 2904 AmdK8 - ok
01:02:40.0250 2904 amsint - ok
01:02:40.0343 2904 AntexWAV (dfdcbcea45d62f77388e251a1c53555d) C:\WINDOWS\SYSTEM32\DRIVERS\AntexWAV.SYS
01:02:40.0343 2904 AntexWAV - ok
01:02:40.0500 2904 AR5211 (baa6b3cc74a4377d063c5a92dd9c4098) C:\WINDOWS\system32\DRIVERS\ar5211.sys
01:02:40.0531 2904 AR5211 - ok
01:02:40.0593 2904 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
01:02:40.0609 2904 Arp1394 - ok
01:02:40.0625 2904 asc - ok
01:02:40.0640 2904 asc3350p - ok
01:02:40.0656 2904 asc3550 - ok
01:02:40.0796 2904 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
01:02:40.0796 2904 AsyncMac - ok
01:02:40.0828 2904 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
01:02:40.0843 2904 atapi - ok
01:02:40.0859 2904 Atdisk - ok
01:02:40.0906 2904 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
01:02:40.0906 2904 Atmarpc - ok
01:02:40.0953 2904 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
01:02:40.0968 2904 audstub - ok
01:02:41.0093 2904 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
01:02:41.0093 2904 Beep - ok
01:02:41.0140 2904 catchme - ok
01:02:41.0234 2904 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
01:02:41.0250 2904 cbidf2k - ok
01:02:41.0281 2904 cd20xrnt - ok
01:02:41.0375 2904 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
01:02:41.0375 2904 Cdaudio - ok
01:02:41.0468 2904 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
01:02:41.0484 2904 Cdfs - ok
01:02:41.0531 2904 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
01:02:41.0531 2904 Cdrom - ok
01:02:41.0656 2904 Changer - ok
01:02:41.0734 2904 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
01:02:41.0734 2904 CmBatt - ok
01:02:41.0765 2904 CmdIde - ok
01:02:41.0921 2904 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
01:02:41.0937 2904 Compbatt - ok
01:02:42.0000 2904 Cpqarray - ok
01:02:42.0062 2904 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
01:02:42.0062 2904 CVirtA - ok
01:02:42.0218 2904 CVPNDRVA (465ced77e7c4f9d71b81ba600edafac1) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
01:02:42.0234 2904 CVPNDRVA - ok
01:02:42.0265 2904 dac2w2k - ok
01:02:42.0296 2904 dac960nt - ok
01:02:42.0390 2904 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
01:02:42.0406 2904 Disk - ok
01:02:42.0484 2904 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
01:02:42.0531 2904 dmboot - ok
01:02:42.0562 2904 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
01:02:42.0578 2904 dmio - ok
01:02:42.0640 2904 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
01:02:42.0640 2904 dmload - ok
01:02:42.0781 2904 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
01:02:42.0781 2904 DMusic - ok
01:02:42.0968 2904 DNE (86d52c32a308f84bbc626bff7c1fb710) C:\WINDOWS\system32\DRIVERS\dne2000.sys
01:02:42.0968 2904 DNE - ok
01:02:43.0078 2904 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
01:02:43.0093 2904 dot4 - ok
01:02:43.0156 2904 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
01:02:43.0156 2904 Dot4Print - ok
01:02:43.0234 2904 dot4usb (f48841c737d7dc9610bf5f49a76c2ed1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
01:02:43.0234 2904 dot4usb - ok
01:02:43.0312 2904 dpti2o - ok
01:02:43.0359 2904 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
01:02:43.0359 2904 drmkaud - ok
01:02:43.0500 2904 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
01:02:43.0515 2904 Fastfat - ok
01:02:43.0562 2904 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
01:02:43.0562 2904 Fdc - ok
01:02:43.0609 2904 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
01:02:43.0609 2904 Fips - ok
01:02:43.0734 2904 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
01:02:43.0734 2904 Flpydisk - ok
01:02:43.0812 2904 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
01:02:43.0812 2904 FltMgr - ok
01:02:43.0859 2904 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
01:02:43.0859 2904 Fs_Rec - ok
01:02:43.0921 2904 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
01:02:43.0921 2904 Ftdisk - ok
01:02:44.0046 2904 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
01:02:44.0046 2904 GEARAspiWDM - ok
01:02:44.0171 2904 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
01:02:44.0171 2904 Gpc - ok
01:02:44.0312 2904 HdAudAddService (7662b9aaf36c84af4f9029b6b432c2b3) C:\WINDOWS\system32\drivers\CHDAud.sys
01:02:44.0343 2904 HdAudAddService - ok
01:02:44.0390 2904 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
01:02:44.0390 2904 HDAudBus - ok
01:02:44.0468 2904 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
01:02:44.0468 2904 HidUsb - ok
01:02:44.0531 2904 hpn - ok
01:02:44.0609 2904 hpt3xx - ok
01:02:44.0687 2904 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
01:02:44.0703 2904 HTTP - ok
01:02:44.0796 2904 i2omgmt - ok
01:02:44.0812 2904 i2omp - ok
01:02:44.0875 2904 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
01:02:44.0890 2904 i8042prt - ok
01:02:44.0921 2904 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
01:02:44.0921 2904 Imapi - ok
01:02:44.0937 2904 ini910u - ok
01:02:44.0968 2904 IntelIde - ok
01:02:45.0015 2904 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
01:02:45.0031 2904 ip6fw - ok
01:02:45.0140 2904 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
01:02:45.0140 2904 IpFilterDriver - ok
01:02:45.0187 2904 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
01:02:45.0187 2904 IpInIp - ok
01:02:45.0234 2904 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
01:02:45.0250 2904 IpNat - ok
01:02:45.0312 2904 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
01:02:45.0312 2904 IPSec - ok
01:02:45.0343 2904 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
01:02:45.0343 2904 IRENUM - ok
01:02:45.0484 2904 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
01:02:45.0484 2904 isapnp - ok
01:02:45.0515 2904 k4x42.sys - ok
01:02:45.0531 2904 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
01:02:45.0531 2904 Kbdclass - ok
01:02:45.0593 2904 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
01:02:45.0593 2904 kbdhid - ok
01:02:45.0656 2904 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
01:02:45.0656 2904 kmixer - ok
01:02:45.0687 2904 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
01:02:45.0687 2904 KSecDD - ok
01:02:45.0734 2904 lbrtfdc - ok
01:02:45.0812 2904 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
01:02:45.0812 2904 MBAMProtector - ok
01:02:45.0828 2904 MBAMSwissArmy - ok
01:02:45.0875 2904 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
01:02:45.0875 2904 mnmdd - ok
01:02:45.0921 2904 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
01:02:45.0921 2904 Modem - ok
01:02:45.0953 2904 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
01:02:45.0968 2904 Mouclass - ok
01:02:45.0984 2904 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
01:02:46.0000 2904 mouhid - ok
01:02:46.0015 2904 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
01:02:46.0015 2904 MountMgr - ok
01:02:46.0031 2904 mraid35x - ok
01:02:46.0078 2904 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
01:02:46.0078 2904 MRxDAV - ok
01:02:46.0296 2904 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
01:02:46.0328 2904 MRxSmb - ok
01:02:46.0406 2904 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
01:02:46.0406 2904 Msfs - ok
01:02:46.0531 2904 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
01:02:46.0531 2904 MSKSSRV - ok
01:02:46.0593 2904 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
01:02:46.0593 2904 MSPCLOCK - ok
01:02:46.0703 2904 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
01:02:46.0703 2904 MSPQM - ok
01:02:46.0734 2904 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
01:02:46.0734 2904 mssmbios - ok
01:02:46.0765 2904 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
01:02:46.0765 2904 Mup - ok
01:02:46.0812 2904 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
01:02:46.0828 2904 NDIS - ok
01:02:46.0843 2904 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
01:02:46.0843 2904 NdisTapi - ok
01:02:46.0906 2904 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
01:02:46.0906 2904 Ndisuio - ok
01:02:46.0953 2904 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
01:02:46.0968 2904 NdisWan - ok
01:02:47.0000 2904 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
01:02:47.0015 2904 NDProxy - ok
01:02:47.0031 2904 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
01:02:47.0046 2904 NetBIOS - ok
01:02:47.0078 2904 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
01:02:47.0078 2904 NetBT - ok
01:02:47.0359 2904 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
01:02:47.0359 2904 NIC1394 - ok
01:02:47.0437 2904 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
01:02:47.0437 2904 nm - ok
01:02:47.0515 2904 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
01:02:47.0515 2904 Npfs - ok
01:02:47.0578 2904 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
01:02:47.0609 2904 Ntfs - ok
01:02:47.0734 2904 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
01:02:47.0734 2904 Null - ok
01:02:48.0000 2904 nv (b79e623da3614cef319b03696e821ba9) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
01:02:48.0187 2904 nv - ok
01:02:48.0296 2904 nvata (3ac5eedd35b7437d53960f3998bfa462) C:\WINDOWS\system32\DRIVERS\nvata.sys
01:02:48.0296 2904 nvata - ok
01:02:48.0468 2904 NVENETFD (447cf6e09ceca96eaf5772d465cca344) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
01:02:48.0468 2904 NVENETFD - ok
01:02:48.0562 2904 nvnetbus (ef04d5a268f5d44422795f9c013fbc8a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
01:02:48.0562 2904 nvnetbus - ok
01:02:48.0625 2904 nvsmu (c0ebce745e8c96362dc5b9ba5fee6690) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
01:02:48.0625 2904 nvsmu - ok
01:02:48.0703 2904 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
01:02:48.0703 2904 NwlnkFlt - ok
01:02:48.0781 2904 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
01:02:48.0781 2904 NwlnkFwd - ok
01:02:48.0859 2904 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
01:02:48.0859 2904 ohci1394 - ok
01:02:48.0937 2904 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\drivers\Parport.sys
01:02:48.0937 2904 Parport - ok
01:02:49.0015 2904 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
01:02:49.0015 2904 PartMgr - ok
01:02:49.0109 2904 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
01:02:49.0109 2904 ParVdm - ok
01:02:49.0203 2904 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
01:02:49.0203 2904 PCI - ok
01:02:49.0265 2904 PCIDump - ok
01:02:49.0328 2904 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
01:02:49.0328 2904 PCIIde - ok
01:02:49.0437 2904 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
01:02:49.0453 2904 Pcmcia - ok
01:02:49.0500 2904 PDCOMP - ok
01:02:49.0593 2904 PDFRAME - ok
01:02:49.0625 2904 PDRELI - ok
01:02:49.0687 2904 PDRFRAME - ok
01:02:49.0750 2904 perc2 - ok
01:02:49.0812 2904 perc2hib - ok
01:02:49.0937 2904 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
01:02:49.0953 2904 PptpMiniport - ok
01:02:50.0015 2904 Processor (82a17eca34d801590a67c0a2244965ed) C:\WINDOWS\system32\DRIVERS\processr.sys
01:02:50.0031 2904 Processor - ok
01:02:50.0109 2904 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
01:02:50.0109 2904 PSched - ok
01:02:50.0156 2904 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
01:02:50.0156 2904 Ptilink - ok
01:02:50.0203 2904 ql1080 - ok
01:02:50.0234 2904 Ql10wnt - ok
01:02:50.0265 2904 ql12160 - ok
01:02:50.0312 2904 ql1240 - ok
01:02:50.0375 2904 ql1280 - ok
01:02:50.0515 2904 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
01:02:50.0515 2904 RasAcd - ok
01:02:50.0640 2904 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
01:02:50.0640 2904 Rasl2tp - ok
01:02:50.0781 2904 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
01:02:50.0781 2904 RasPppoe - ok
01:02:50.0812 2904 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
01:02:50.0812 2904 Raspti - ok
01:02:50.0843 2904 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
01:02:50.0859 2904 Rdbss - ok
01:02:50.0890 2904 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
01:02:50.0890 2904 RDPCDD - ok
01:02:50.0953 2904 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
01:02:50.0968 2904 rdpdr - ok
01:02:51.0031 2904 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
01:02:51.0046 2904 RDPWD - ok
01:02:51.0125 2904 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
01:02:51.0125 2904 redbook - ok
01:02:51.0265 2904 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
01:02:51.0281 2904 sdbus - ok
01:02:51.0312 2904 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
01:02:51.0312 2904 Secdrv - ok
01:02:51.0406 2904 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\drivers\Serial.sys
01:02:51.0421 2904 Serial - ok
01:02:51.0468 2904 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
01:02:51.0468 2904 Sfloppy - ok
01:02:51.0593 2904 Simbad - ok
01:02:51.0656 2904 Sparrow - ok
01:02:51.0796 2904 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
01:02:51.0796 2904 splitter - ok
01:02:51.0921 2904 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
01:02:51.0921 2904 sr - ok
01:02:52.0000 2904 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
01:02:52.0015 2904 Srv - ok
01:02:52.0093 2904 StarOpen (e57b778208c783d8debab320c16a1b82) C:\WINDOWS\system32\drivers\StarOpen.sys
01:02:52.0093 2904 StarOpen - ok
01:02:52.0156 2904 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
01:02:52.0156 2904 swenum - ok
01:02:52.0234 2904 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
01:02:52.0250 2904 swmidi - ok
01:02:52.0343 2904 symc810 - ok
01:02:52.0375 2904 symc8xx - ok
01:02:52.0406 2904 sym_hi - ok
01:02:52.0437 2904 sym_u3 - ok
01:02:52.0531 2904 SynTP (9d3611fa3bcca8090fdd1a45bd1ea586) C:\WINDOWS\system32\DRIVERS\SynTP.sys
01:02:52.0531 2904 SynTP - ok
01:02:52.0796 2904 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
01:02:52.0796 2904 sysaudio - ok
01:02:52.0890 2904 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
01:02:52.0906 2904 Tcpip - ok
01:02:52.0968 2904 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
01:02:52.0968 2904 TDPIPE - ok
01:02:53.0078 2904 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
01:02:53.0078 2904 TDTCP - ok
01:02:53.0156 2904 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
01:02:53.0171 2904 TermDD - ok
01:02:53.0234 2904 TosIde - ok
01:02:53.0281 2904 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
01:02:53.0296 2904 Udfs - ok
01:02:53.0312 2904 UIUSys - ok
01:02:53.0328 2904 ultra - ok
01:02:53.0406 2904 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
01:02:53.0421 2904 Update - ok
01:02:53.0484 2904 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
01:02:53.0500 2904 USBAAPL - ok
01:02:53.0546 2904 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
01:02:53.0562 2904 usbccgp - ok
01:02:53.0656 2904 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
01:02:53.0656 2904 usbehci - ok
01:02:53.0750 2904 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
01:02:53.0765 2904 usbhub - ok
01:02:53.0859 2904 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
01:02:53.0859 2904 usbohci - ok
01:02:53.0906 2904 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
01:02:53.0906 2904 usbprint - ok
01:02:53.0968 2904 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
01:02:53.0968 2904 usbscan - ok
01:02:54.0000 2904 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
01:02:54.0000 2904 USBSTOR - ok
01:02:54.0031 2904 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
01:02:54.0031 2904 VgaSave - ok
01:02:54.0046 2904 ViaIde - ok
01:02:54.0093 2904 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
01:02:54.0093 2904 VolSnap - ok
01:02:54.0203 2904 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
01:02:54.0218 2904 vsdatant - ok
01:02:54.0390 2904 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
01:02:54.0406 2904 Wanarp - ok
01:02:54.0453 2904 WDICA - ok
01:02:54.0531 2904 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
01:02:54.0531 2904 wdmaud - ok
01:02:54.0734 2904 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
01:02:54.0734 2904 WudfPf - ok
01:02:54.0812 2904 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
01:02:54.0859 2904 WudfRd - ok
01:02:54.0968 2904 xcpip - ok
01:02:55.0000 2904 xpsec - ok
01:02:55.0062 2904 MBR (0x1B8) (25fdd3b61791a226676b12dc5bddef71) \Device\Harddisk0\DR0
01:02:55.0062 2904 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - infected
01:02:55.0062 2904 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)
01:02:55.0093 2904 Boot (0x1200) (674367156638358e635a5d09e7696434) \Device\Harddisk0\DR0\Partition0
01:02:55.0093 2904 \Device\Harddisk0\DR0\Partition0 - ok
01:02:55.0125 2904 Boot (0x1200) (1142b4ee64c742fc040351104a734563) \Device\Harddisk0\DR0\Partition1
01:02:55.0125 2904 \Device\Harddisk0\DR0\Partition1 - ok
01:02:55.0125 2904 ============================================================
01:02:55.0125 2904 Scan finished
01:02:55.0125 2904 ============================================================
01:02:55.0156 3284 Detected object count: 1
01:02:55.0156 3284 Actual detected object count: 1
01:03:07.0781 3284 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - will be cured on reboot
01:03:07.0796 3284 \Device\Harddisk0\DR0 - ok
01:03:07.0796 3284 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - User select action: Cure
01:03:12.0234 0448 Deinitialize success

ASWMBR LOG:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-19 01:06:56
-----------------------------
01:06:56.140 OS Version: Windows 5.1.2600 Service Pack 3
01:06:56.140 Number of processors: 2 586 0x4802
01:06:56.156 ComputerName: PYTON UserName:
01:06:56.937 Initialize success
01:07:35.109 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000083
01:07:35.109 Disk 0 Vendor: FUJITSU_MHV2080BH_PL 00000029 Size: 76319MB BusType: 3
01:07:35.125 Disk 0 MBR read successfully
01:07:35.125 Disk 0 MBR scan
01:07:35.125 Disk 0 Windows XP default MBR code
01:07:35.140 Disk 0 scanning sectors +156296385
01:07:35.171 Disk 0 malicious Win32:MBRoot code @ sector 156296388 !
01:07:35.171 Disk 0 PE file @ sector 156296410 !
01:07:35.234 Disk 0 scanning C:\WINDOWS\system32\drivers
01:07:44.078 Service scanning
01:07:45.578 Modules scanning
01:07:52.484 Scan finished successfully
01:08:15.625 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Pytonius\Bureaublad\MBR.dat"
01:08:15.625 The log file has been saved successfully to "C:\Documents and Settings\Pytonius\Bureaublad\aswMBR log.txt"


Thank you again for all your time and efforts!

Greets

Attached Files


  • 0

#4
RKinner
Posted 19 December 2011 - 08:00 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Better to wait until we are completely done then. Don't want to risk a card until your logs are completely clear.

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\windows\system32\drivers\xcpip.sys
c:\windows\system32\drivers\xpsec.sys
c:\windows\system32\drivers\k4x42.sys

Driver::
xcpip
xpsec
k4x42.sys

RootKit::
c:\windows\system32\drivers\xcpip.sys
c:\windows\system32\drivers\xpsec.sys
c:\windows\system32\drivers\k4x42.sys

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.


Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Run aswMBR again but this time do not uncheck the trace disk IO calls. Is the FIX button enabled? (Not the FixMBR button which is always lit.) If so, click on it.

"C:\Documents and Settings\Pytonius\Bureaublad\MBR.dat

Please rename the file "C:\Documents and Settings\Pytonius\Bureaublad\MBR.dat" to Pytonmbr.txt and ATTACH it to your next post.


Do the following:
Start -> Run
type diskmgmt.msc
Click "OK"

Disk Management will open.

Click and hold the right side of the Disk Management Window and drag it to the right until you can see all the columns.

Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Start, Run, sfc /scannow, OK

SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP or Continue until it gets to the end.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.



Ron
  • 0

#5
Pyton
Posted 19 December 2011 - 11:12 AM

Pyton

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi Ron,

I've tried to complete all your steps. Didn't complete all. I didn't finish the /scannow command, it kept asking for the CD and I had to cancel it. Besides I am not sure if the MBR.dat file was updated after running the program, see the attach for that. I did manage to press the "FIX" button for it had found something malicious. The VEW program encountered some problems when running, after the Application run the log was virtually empty so I didn't post it. See the logs (and thanks again for ur efforts):

Combofix Log:

ComboFix 11-12-19.01 - Pytonius 19-12-2011 16:34:11.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.991.378 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Pytonius\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Pytonius\Bureaublad\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\windows\system32\drivers\k4x42.sys"
"c:\windows\system32\drivers\xcpip.sys"
"c:\windows\system32\drivers\xpsec.sys"
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_K4X42.SYS
-------\Service_k4x42.sys
-------\Service_xcpip
-------\Service_xpsec
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-11-19 to 2011-12-19 ))))))))))))))))))))))))))))))
.
.
2011-12-19 00:09 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-12-19 00:09 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-12-19 00:09 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-19 00:09 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-12-19 00:09 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-12-19 00:09 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-12-19 00:09 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-12-19 00:09 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-12-19 00:09 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2011-12-19 00:09 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-12-19 00:09 . 2011-12-19 00:09 -------- d-----w- c:\program files\AVAST Software
2011-12-19 00:09 . 2011-12-19 00:09 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVAST Software
2011-12-18 22:18 . 2011-12-18 22:18 -------- d-----w- c:\documents and settings\Pytonius\Application Data\Malwarebytes
2011-12-18 22:17 . 2011-12-18 22:17 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2011-12-18 22:17 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-18 22:17 . 2011-12-18 22:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-18 22:05 . 2011-12-18 22:05 -------- d-----w- C:\_OTL
2011-12-18 19:21 . 2011-12-18 19:23 -------- d-----w- c:\program files\SpywareBlaster
2011-12-18 18:46 . 2011-12-18 19:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2011-12-14 13:29 . 2011-12-14 13:29 388096 ----a-r- c:\documents and settings\Pytonius\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-14 13:29 . 2011-12-14 13:29 -------- d-----w- c:\program files\Trend Micro
2011-12-07 00:19 . 2011-12-10 09:46 -------- d-----w- c:\documents and settings\Pytonius\Application Data\Ykbayg
2011-12-03 17:11 . 2011-12-03 17:11 -------- d-----w- c:\documents and settings\Pytonius\Application Data\Canneverbe Limited
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 14:40 . 2001-09-07 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys
2011-11-01 16:07 . 2001-09-07 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 23:37 . 2001-09-07 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-10-31 23:37 . 2001-09-07 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-10-31 23:37 . 2004-08-04 08:03 78336 ------w- c:\windows\system32\ieencode.dll
2011-10-31 23:37 . 2001-09-07 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-10-28 05:32 . 2001-09-07 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:50 . 2001-09-07 12:00 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 10:50 . 2001-09-06 19:53 2031616 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2004-08-04 08:03 186880 ------w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2009-02-28 17:45 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2002-09-23 14:11 602624 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 17:59 614912 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2001-09-07 12:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2001-09-07 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-11-10 10:33 . 2011-06-17 12:43 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-18_23.48.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 23:02 . 2009-07-11 23:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2011-12-19 16:01 . 2011-12-19 16:01 16384 c:\windows\temp\Perflib_Perfdata_390.dat
+ 2009-07-11 23:02 . 2009-07-11 23:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2011-12-19 00:09 . 2011-12-19 00:09 219648 c:\windows\Installer\4b49c.msi
+ 2009-07-11 23:02 . 2009-07-11 23:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-04-27 7561216]
"nwiz"="nwiz.exe" [2006-04-27 1519616]
"ACU"="c:\program files\Atheros\ACU.exe" [2006-04-26 331776]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-28 766041]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-02-03 61952]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\
VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [2010-3-3 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Wave"=AntexWAV.DLL
"Midi"=AntexWAV.DLL
"Mixer"=AntexWAV.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-17 08:51 136176 ----atw- c:\documents and settings\Pytonius\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"Macromedia Licensing Service"=3 (0x3)
"idsvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"Bonjour Service"=2 (0x2)
"avg8emc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"d:\\Transcriptiesoftware\\f4-v4-pc\\f4-v4.0.1\\F4.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\SPSSWinWrapIDE.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.com"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Pytonius\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\Pytonius\\Bureaublad\\spotify.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\spssengine.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [19-12-2011 1:09 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19-12-2011 1:09 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19-12-2011 1:09 20568]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [18-12-2011 23:17 366152]
R2 SPDFCreatorReadSpool;SolidPDFCreatorReadSpool;c:\program files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe [24-10-2009 1:46 189760]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [18-12-2011 23:17 22216]
S3 AntexWAV;Antex Digital Audio Driver;c:\windows\system32\drivers\AntexWAV.sys [28-2-2009 22:31 231040]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7-7-2010 17:36 136176]
S4 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7-7-2010 17:36 136176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Inhoud van de 'Gedeelde Taken' map
.
2011-12-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-12-03 c:\windows\Tasks\expressburnSevenDays.job
- c:\program files\NCH Software\ExpressBurn\expressburn.exe [2011-12-03 16:51]
.
2011-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-07 16:36]
.
2011-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-07 16:36]
.
2011-12-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1614895754-839522115-1003Core.job
- c:\documents and settings\Pytonius\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-17 08:51]
.
2011-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1614895754-839522115-1003UA.job
- c:\documents and settings\Pytonius\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-17 08:51]
.
2010-05-03 c:\windows\Tasks\zuluShakeIcon.job
- c:\program files\NCH Software\Zulu\zulu.exe [2010-04-16 21:46]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 88.159.1.200 88.159.1.201
FF - ProfilePath - c:\documents and settings\Pytonius\Application Data\Mozilla\Firefox\Profiles\svx4vcd5.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-19 17:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|˙˙˙˙¤•€|ů•9~*]
"3140111900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(3424)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\System32\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\System32\nvsvc32.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Voltooingstijd: 2011-12-19 17:10:39 - machine werd herstart
ComboFix-quarantined-files.txt 2011-12-19 16:10
ComboFix2.txt 2011-12-18 23:54
.
Pre-Run: 6.440.046.592 bytes beschikbaar
Post-Run: 6.424.993.792 bytes beschikbaar
.
- - End Of File - - F52CEC4D2AC978F1F7B31F2A4CF723AF

TDSS LOG:

17:15:07.0244 2628 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
17:15:09.0244 2628 ============================================================
17:15:09.0244 2628 Current date / time: 2011/12/19 17:15:09.0244
17:15:09.0244 2628 SystemInfo:
17:15:09.0244 2628
17:15:09.0244 2628 OS Version: 5.1.2600 ServicePack: 3.0
17:15:09.0244 2628 Product type: Workstation
17:15:09.0244 2628 ComputerName: PYTON
17:15:09.0244 2628 UserName: Pytonius
17:15:09.0244 2628 Windows directory: C:\WINDOWS
17:15:09.0244 2628 System windows directory: C:\WINDOWS
17:15:09.0244 2628 Processor architecture: Intel x86
17:15:09.0244 2628 Number of processors: 2
17:15:09.0244 2628 Page size: 0x1000
17:15:09.0244 2628 Boot type: Normal boot
17:15:09.0244 2628 ============================================================
17:15:10.0244 2628 Initialize success
17:16:01.0744 2600 ============================================================
17:16:01.0744 2600 Scan started
17:16:01.0744 2600 Mode: Manual; SigCheck; TDLFS;
17:16:01.0744 2600 ============================================================
17:16:02.0259 2600 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys
17:16:02.0634 2600 Aavmker4 - ok
17:16:02.0650 2600 Abiosdsk - ok
17:16:02.0681 2600 abp480n5 - ok
17:16:02.0744 2600 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:16:05.0994 2600 ACPI - ok
17:16:06.0166 2600 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
17:16:06.0603 2600 ACPIEC - ok
17:16:06.0634 2600 adpu160m - ok
17:16:06.0759 2600 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:16:07.0181 2600 aec - ok
17:16:07.0337 2600 AegisP (91f3df93f40a74d222cd166fe95db633) C:\WINDOWS\system32\DRIVERS\AegisP.sys
17:16:07.0369 2600 AegisP ( UnsignedFile.Multi.Generic ) - warning
17:16:07.0369 2600 AegisP - detected UnsignedFile.Multi.Generic (1)
17:16:07.0416 2600 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:16:07.0494 2600 AFD - ok
17:16:07.0525 2600 Aha154x - ok
17:16:07.0556 2600 aic78u2 - ok
17:16:07.0572 2600 aic78xx - ok
17:16:07.0619 2600 AliIde - ok
17:16:07.0681 2600 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
17:16:07.0759 2600 AmdK8 - ok
17:16:07.0775 2600 amsint - ok
17:16:07.0869 2600 AntexWAV (dfdcbcea45d62f77388e251a1c53555d) C:\WINDOWS\SYSTEM32\DRIVERS\AntexWAV.SYS
17:16:07.0916 2600 AntexWAV ( UnsignedFile.Multi.Generic ) - warning
17:16:07.0916 2600 AntexWAV - detected UnsignedFile.Multi.Generic (1)
17:16:08.0119 2600 AR5211 (baa6b3cc74a4377d063c5a92dd9c4098) C:\WINDOWS\system32\DRIVERS\ar5211.sys
17:16:08.0259 2600 AR5211 - ok
17:16:08.0322 2600 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:16:08.0666 2600 Arp1394 - ok
17:16:08.0759 2600 asc - ok
17:16:08.0853 2600 asc3350p - ok
17:16:08.0900 2600 asc3550 - ok
17:16:09.0087 2600 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys
17:16:09.0134 2600 aswFsBlk - ok
17:16:09.0259 2600 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys
17:16:09.0291 2600 aswMon2 - ok
17:16:09.0322 2600 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys
17:16:09.0353 2600 aswRdr - ok
17:16:09.0400 2600 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys
17:16:09.0494 2600 aswSnx - ok
17:16:09.0587 2600 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys
17:16:09.0650 2600 aswSP - ok
17:16:09.0697 2600 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys
17:16:09.0728 2600 aswTdi - ok
17:16:09.0791 2600 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:16:10.0134 2600 AsyncMac - ok
17:16:10.0275 2600 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:16:10.0650 2600 atapi - ok
17:16:10.0650 2600 Atdisk - ok
17:16:10.0712 2600 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:16:11.0087 2600 Atmarpc - ok
17:16:11.0228 2600 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:16:11.0681 2600 audstub - ok
17:16:11.0822 2600 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:16:12.0400 2600 Beep - ok
17:16:12.0447 2600 catchme - ok
17:16:12.0541 2600 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:16:13.0056 2600 cbidf2k - ok
17:16:13.0072 2600 cd20xrnt - ok
17:16:13.0119 2600 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:16:13.0650 2600 Cdaudio - ok
17:16:13.0853 2600 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:16:14.0212 2600 Cdfs - ok
17:16:14.0244 2600 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:16:14.0619 2600 Cdrom - ok
17:16:14.0634 2600 Changer - ok
17:16:14.0697 2600 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:16:15.0041 2600 CmBatt - ok
17:16:15.0056 2600 CmdIde - ok
17:16:15.0087 2600 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:16:15.0478 2600 Compbatt - ok
17:16:15.0525 2600 Cpqarray - ok
17:16:15.0587 2600 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
17:16:15.0681 2600 CVirtA - ok
17:16:15.0931 2600 CVPNDRVA (465ced77e7c4f9d71b81ba600edafac1) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
17:16:16.0009 2600 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
17:16:16.0009 2600 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
17:16:16.0041 2600 dac2w2k - ok
17:16:16.0119 2600 dac960nt - ok
17:16:16.0244 2600 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:16:16.0712 2600 Disk - ok
17:16:16.0853 2600 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
17:16:17.0259 2600 dmboot - ok
17:16:17.0291 2600 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
17:16:17.0697 2600 dmio - ok
17:16:17.0775 2600 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:16:18.0228 2600 dmload - ok
17:16:18.0291 2600 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:16:18.0634 2600 DMusic - ok
17:16:18.0759 2600 DNE (86d52c32a308f84bbc626bff7c1fb710) C:\WINDOWS\system32\DRIVERS\dne2000.sys
17:16:18.0791 2600 DNE - ok
17:16:18.0869 2600 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
17:16:19.0291 2600 dot4 - ok
17:16:19.0322 2600 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
17:16:19.0806 2600 Dot4Print - ok
17:16:19.0884 2600 dot4usb (f48841c737d7dc9610bf5f49a76c2ed1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
17:16:20.0509 2600 dot4usb - ok
17:16:20.0525 2600 dpti2o - ok
17:16:20.0587 2600 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:16:20.0884 2600 drmkaud - ok
17:16:21.0041 2600 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:16:21.0494 2600 Fastfat - ok
17:16:21.0525 2600 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
17:16:21.0869 2600 Fdc - ok
17:16:21.0900 2600 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
17:16:22.0322 2600 Fips - ok
17:16:22.0431 2600 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:16:22.0759 2600 Flpydisk - ok
17:16:22.0806 2600 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:16:23.0197 2600 FltMgr - ok
17:16:23.0275 2600 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:16:23.0791 2600 Fs_Rec - ok
17:16:23.0853 2600 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:16:24.0478 2600 Ftdisk - ok
17:16:24.0541 2600 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:16:24.0572 2600 GEARAspiWDM - ok
17:16:24.0697 2600 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:16:24.0994 2600 Gpc - ok
17:16:25.0103 2600 HdAudAddService (7662b9aaf36c84af4f9029b6b432c2b3) C:\WINDOWS\system32\drivers\CHDAud.sys
17:16:25.0244 2600 HdAudAddService - ok
17:16:25.0353 2600 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:16:25.0634 2600 HDAudBus - ok
17:16:25.0806 2600 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:16:26.0072 2600 HidUsb - ok
17:16:26.0166 2600 hpn - ok
17:16:26.0212 2600 hpt3xx - ok
17:16:26.0291 2600 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:16:26.0384 2600 HTTP - ok
17:16:26.0541 2600 i2omgmt - ok
17:16:26.0587 2600 i2omp - ok
17:16:26.0681 2600 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:16:27.0072 2600 i8042prt - ok
17:16:27.0150 2600 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:16:27.0494 2600 Imapi - ok
17:16:27.0572 2600 ini910u - ok
17:16:27.0634 2600 IntelIde - ok
17:16:27.0759 2600 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:16:28.0119 2600 ip6fw - ok
17:16:28.0181 2600 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:16:28.0650 2600 IpFilterDriver - ok
17:16:28.0712 2600 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:16:29.0025 2600 IpInIp - ok
17:16:29.0072 2600 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:16:29.0431 2600 IpNat - ok
17:16:29.0494 2600 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:16:29.0822 2600 IPSec - ok
17:16:29.0947 2600 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:16:30.0291 2600 IRENUM - ok
17:16:30.0369 2600 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:16:30.0728 2600 isapnp - ok
17:16:30.0822 2600 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:16:31.0134 2600 Kbdclass - ok
17:16:31.0197 2600 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:16:31.0541 2600 kbdhid - ok
17:16:31.0603 2600 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:16:32.0025 2600 kmixer - ok
17:16:32.0181 2600 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:16:32.0275 2600 KSecDD - ok
17:16:32.0322 2600 lbrtfdc - ok
17:16:32.0416 2600 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
17:16:32.0462 2600 MBAMProtector - ok
17:16:32.0541 2600 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:16:33.0041 2600 mnmdd - ok
17:16:33.0103 2600 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
17:16:33.0369 2600 Modem - ok
17:16:33.0509 2600 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:16:33.0837 2600 Mouclass - ok
17:16:33.0884 2600 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:16:34.0462 2600 mouhid - ok
17:16:34.0509 2600 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:16:34.0806 2600 MountMgr - ok
17:16:34.0837 2600 mraid35x - ok
17:16:34.0869 2600 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:16:35.0228 2600 MRxDAV - ok
17:16:35.0291 2600 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:16:35.0431 2600 MRxSmb - ok
17:16:35.0572 2600 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:16:35.0853 2600 Msfs - ok
17:16:35.0947 2600 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:16:36.0275 2600 MSKSSRV - ok
17:16:36.0322 2600 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:16:36.0634 2600 MSPCLOCK - ok
17:16:36.0666 2600 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:16:36.0978 2600 MSPQM - ok
17:16:37.0009 2600 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:16:37.0337 2600 mssmbios - ok
17:16:37.0384 2600 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:16:37.0447 2600 Mup - ok
17:16:37.0572 2600 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:16:37.0853 2600 NDIS - ok
17:16:37.0947 2600 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:16:38.0009 2600 NdisTapi - ok
17:16:38.0041 2600 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:16:38.0369 2600 Ndisuio - ok
17:16:38.0416 2600 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:16:38.0712 2600 NdisWan - ok
17:16:38.0791 2600 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:16:38.0869 2600 NDProxy - ok
17:16:39.0025 2600 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:16:39.0322 2600 NetBIOS - ok
17:16:39.0369 2600 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:16:39.0697 2600 NetBT - ok
17:16:39.0775 2600 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:16:40.0056 2600 NIC1394 - ok
17:16:40.0134 2600 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
17:16:40.0416 2600 nm - ok
17:16:40.0603 2600 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:16:40.0947 2600 Npfs - ok
17:16:41.0025 2600 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:16:41.0353 2600 Ntfs - ok
17:16:41.0416 2600 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:16:41.0884 2600 Null - ok
17:16:42.0103 2600 nv (b79e623da3614cef319b03696e821ba9) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:16:42.0478 2600 nv - ok
17:16:42.0619 2600 nvata (3ac5eedd35b7437d53960f3998bfa462) C:\WINDOWS\system32\DRIVERS\nvata.sys
17:16:42.0712 2600 nvata - ok
17:16:42.0759 2600 NVENETFD (447cf6e09ceca96eaf5772d465cca344) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
17:16:42.0822 2600 NVENETFD - ok
17:16:42.0884 2600 nvnetbus (ef04d5a268f5d44422795f9c013fbc8a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
17:16:42.0962 2600 nvnetbus - ok
17:16:43.0087 2600 nvsmu (c0ebce745e8c96362dc5b9ba5fee6690) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
17:16:43.0166 2600 nvsmu - ok
17:16:43.0244 2600 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:16:43.0837 2600 NwlnkFlt - ok
17:16:43.0853 2600 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:16:44.0447 2600 NwlnkFwd - ok
17:16:44.0494 2600 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:16:44.0775 2600 ohci1394 - ok
17:16:44.0931 2600 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\drivers\Parport.sys
17:16:45.0197 2600 Parport - ok
17:16:45.0212 2600 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:16:45.0541 2600 PartMgr - ok
17:16:45.0603 2600 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
17:16:46.0103 2600 ParVdm - ok
17:16:46.0150 2600 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
17:16:46.0431 2600 PCI - ok
17:16:46.0447 2600 PCIDump - ok
17:16:46.0494 2600 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:16:46.0994 2600 PCIIde - ok
17:16:47.0025 2600 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
17:16:47.0259 2600 Pcmcia - ok
17:16:47.0384 2600 PDCOMP - ok
17:16:47.0431 2600 PDFRAME - ok
17:16:47.0447 2600 PDRELI - ok
17:16:47.0478 2600 PDRFRAME - ok
17:16:47.0494 2600 perc2 - ok
17:16:47.0509 2600 perc2hib - ok
17:16:47.0619 2600 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:16:47.0916 2600 PptpMiniport - ok
17:16:47.0962 2600 Processor (82a17eca34d801590a67c0a2244965ed) C:\WINDOWS\system32\DRIVERS\processr.sys
17:16:48.0244 2600 Processor - ok
17:16:48.0275 2600 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:16:48.0603 2600 PSched - ok
17:16:48.0634 2600 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:16:49.0197 2600 Ptilink - ok
17:16:49.0322 2600 ql1080 - ok
17:16:49.0416 2600 Ql10wnt - ok
17:16:49.0462 2600 ql12160 - ok
17:16:49.0494 2600 ql1240 - ok
17:16:49.0525 2600 ql1280 - ok
17:16:49.0572 2600 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:16:50.0150 2600 RasAcd - ok
17:16:50.0306 2600 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:16:50.0572 2600 Rasl2tp - ok
17:16:50.0681 2600 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:16:50.0962 2600 RasPppoe - ok
17:16:51.0041 2600 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:16:51.0556 2600 Raspti - ok
17:16:51.0681 2600 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:16:51.0962 2600 Rdbss - ok
17:16:52.0009 2600 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:16:52.0587 2600 RDPCDD - ok
17:16:52.0728 2600 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:16:53.0009 2600 rdpdr - ok
17:16:53.0150 2600 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:16:53.0228 2600 RDPWD - ok
17:16:53.0306 2600 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:16:53.0587 2600 redbook - ok
17:16:53.0775 2600 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
17:16:54.0056 2600 sdbus - ok
17:16:54.0166 2600 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:16:54.0447 2600 Secdrv - ok
17:16:54.0556 2600 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\drivers\Serial.sys
17:16:54.0837 2600 Serial - ok
17:16:54.0900 2600 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:16:55.0181 2600 Sfloppy - ok
17:16:55.0275 2600 Simbad - ok
17:16:55.0353 2600 Sparrow - ok
17:16:55.0478 2600 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:16:55.0744 2600 splitter - ok
17:16:55.0837 2600 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
17:16:56.0134 2600 sr - ok
17:16:56.0228 2600 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:16:56.0337 2600 Srv - ok
17:16:56.0494 2600 StarOpen (e57b778208c783d8debab320c16a1b82) C:\WINDOWS\system32\drivers\StarOpen.sys
17:16:56.0525 2600 StarOpen ( UnsignedFile.Multi.Generic ) - warning
17:16:56.0525 2600 StarOpen - detected UnsignedFile.Multi.Generic (1)
17:16:56.0572 2600 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:16:56.0806 2600 swenum - ok
17:16:56.0869 2600 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:16:57.0119 2600 swmidi - ok
17:16:57.0150 2600 symc810 - ok
17:16:57.0166 2600 symc8xx - ok
17:16:57.0197 2600 sym_hi - ok
17:16:57.0212 2600 sym_u3 - ok
17:16:57.0306 2600 SynTP (9d3611fa3bcca8090fdd1a45bd1ea586) C:\WINDOWS\system32\DRIVERS\SynTP.sys
17:16:57.0416 2600 SynTP - ok
17:16:57.0603 2600 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:16:57.0900 2600 sysaudio - ok
17:16:57.0978 2600 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:16:58.0103 2600 Tcpip - ok
17:16:58.0150 2600 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:16:58.0462 2600 TDPIPE - ok
17:16:58.0603 2600 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:16:58.0900 2600 TDTCP - ok
17:16:58.0931 2600 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:16:59.0197 2600 TermDD - ok
17:16:59.0244 2600 TosIde - ok
17:16:59.0306 2600 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:16:59.0572 2600 Udfs - ok
17:16:59.0587 2600 UIUSys - ok
17:16:59.0619 2600 ultra - ok
17:16:59.0681 2600 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:16:59.0994 2600 Update - ok
17:17:00.0072 2600 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
17:17:00.0150 2600 USBAAPL - ok
17:17:00.0337 2600 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:17:00.0603 2600 usbccgp - ok
17:17:00.0666 2600 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:17:00.0947 2600 usbehci - ok
17:17:01.0025 2600 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:17:01.0306 2600 usbhub - ok
17:17:01.0431 2600 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:17:01.0712 2600 usbohci - ok
17:17:01.0775 2600 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:17:02.0072 2600 usbprint - ok
17:17:02.0150 2600 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:17:02.0447 2600 usbscan - ok
17:17:02.0541 2600 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:17:02.0806 2600 USBSTOR - ok
17:17:02.0900 2600 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:17:03.0166 2600 VgaSave - ok
17:17:03.0181 2600 ViaIde - ok
17:17:03.0228 2600 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
17:17:03.0525 2600 VolSnap - ok
17:17:03.0619 2600 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
17:17:03.0681 2600 vsdatant - ok
17:17:03.0728 2600 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:17:03.0994 2600 Wanarp - ok
17:17:04.0009 2600 WDICA - ok
17:17:04.0056 2600 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:17:04.0337 2600 wdmaud - ok
17:17:04.0634 2600 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:17:04.0697 2600 WudfPf - ok
17:17:04.0759 2600 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:17:04.0806 2600 WudfRd - ok
17:17:04.0900 2600 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk0\DR0
17:17:05.0119 2600 \Device\Harddisk0\DR0 - ok
17:17:05.0134 2600 Boot (0x1200) (674367156638358e635a5d09e7696434) \Device\Harddisk0\DR0\Partition0
17:17:05.0134 2600 \Device\Harddisk0\DR0\Partition0 - ok
17:17:05.0150 2600 Boot (0x1200) (1142b4ee64c742fc040351104a734563) \Device\Harddisk0\DR0\Partition1
17:17:05.0150 2600 \Device\Harddisk0\DR0\Partition1 - ok
17:17:05.0150 2600 ============================================================
17:17:05.0150 2600 Scan finished
17:17:05.0150 2600 ============================================================
17:17:05.0291 1744 Detected object count: 4
17:17:05.0291 1744 Actual detected object count: 4
17:17:27.0572 1744 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:27.0572 1744 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:17:27.0572 1744 AntexWAV ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:27.0572 1744 AntexWAV ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:17:27.0587 1744 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:27.0587 1744 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:17:27.0603 1744 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:27.0603 1744 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:17:32.0275 1720 Deinitialize success

VEW SYSTEM LOG:

Vino's Event Viewer v01c run on Windows XP in Dutch
Report run at 19/12/2011 17:49:59

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Fout Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 19/12/2011 17:39:48
Type: Fout Category: 0
Event: 7034 Source: Service Control Manager
De NVIDIA Display Driver Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Waarschuwing Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Thanks!!

GReets

Attached Thumbnails

  • dskmgmt.JPG
  • sigverif results.JPG

Attached Files


  • 0

#6
RKinner
Posted 19 December 2011 - 10:27 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Empty VEW logs are good. We cleared the alarms then rebooted and then checked to see if we had any alarms worth worrying about and we don't.

Could you run aswMBR one more time and post the log?


Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.
(close the program)
  • 0

#7
Pyton
Posted 20 December 2011 - 05:10 AM

Pyton

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thank again. Here are the results:

ASWMBR LOG:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-20 11:52:26
-----------------------------
11:52:26.062 OS Version: Windows 5.1.2600 Service Pack 3
11:52:26.062 Number of processors: 2 586 0x4802
11:52:26.062 ComputerName: PYTON UserName:
11:52:32.515 Initialize success
11:52:36.578 AVAST engine defs: 11121901
11:52:53.234 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000086
11:52:53.234 Disk 0 Vendor: FUJITSU_MHV2080BH_PL 00000029 Size: 76319MB BusType: 3
11:52:53.296 Disk 0 MBR read successfully
11:52:53.296 Disk 0 MBR scan
11:52:54.015 Disk 0 Windows XP default MBR code
11:52:54.062 Disk 0 scanning sectors +156296385
11:52:54.312 Disk 0 scanning C:\WINDOWS\system32\drivers
11:54:00.593 Service scanning
11:54:02.609 Modules scanning
11:55:12.515 Disk 0 trace - called modules:
11:55:12.562 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
11:55:12.562 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f68ab8]
11:55:12.578 3 CLASSPNP.SYS[f7520fd7] -> nt!IofCallDriver -> \Device\00000087[0x85fc7490]
11:55:12.937 5 ACPI.sys[f7396620] -> nt!IofCallDriver -> \Device\00000086[0x85f86658]
11:55:18.484 AVAST engine scan C:\WINDOWS
11:55:39.875 AVAST engine scan C:\WINDOWS\system32
11:57:44.953 AVAST engine scan C:\WINDOWS\system32\drivers
11:57:58.468 AVAST engine scan C:\Documents and Settings\Pytonius
12:02:46.625 AVAST engine scan C:\Documents and Settings\All Users.WINDOWS
12:07:05.234 Scan finished successfully
12:07:33.125 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Pytonius\Bureaublad\MBR.dat"
12:07:33.203 The log file has been saved successfully to "C:\Documents and Settings\Pytonius\Bureaublad\aswMBR recent.txt"

MBR CHECK LOG:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 135):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E6000 \WINDOWS\system32\hal.dll
0xF79C0000 \WINDOWS\system32\KDCOM.DLL
0xF78D0000 \WINDOWS\system32\BOOTVID.dll
0xF7390000 ACPI.sys
0xF79C2000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF737F000 pci.sys
0xF74C0000 isapnp.sys
0xF74D0000 ohci1394.sys
0xF74E0000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
0xF78D4000 compbatt.sys
0xF78D8000 \WINDOWS\System32\DRIVERS\BATTC.SYS
0xF7A88000 pciide.sys
0xF7740000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF7361000 pcmcia.sys
0xF74F0000 MountMgr.sys
0xF7342000 ftdisk.sys
0xF79C4000 dmload.sys
0xF731C000 dmio.sys
0xF78DC000 ACPIEC.sys
0xF7A89000 \WINDOWS\System32\DRIVERS\OPRGHDLR.SYS
0xF7748000 PartMgr.sys
0xF7500000 VolSnap.sys
0xF7304000 atapi.sys
0xF72EB000 nvata.sys
0xF7510000 disk.sys
0xF7520000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF72CB000 fltmgr.sys
0xF72B9000 sr.sys
0xF72A2000 KSecDD.sys
0xF7215000 Ntfs.sys
0xF71E8000 NDIS.sys
0xF71CE000 Mup.sys
0xF7530000 \SystemRoot\System32\DRIVERS\nic1394.sys
0xF76C0000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xF67F0000 \SystemRoot\System32\DRIVERS\ar5211.sys
0xF6472000 \SystemRoot\System32\DRIVERS\nv4_mini.sys
0xF645E000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF7978000 \SystemRoot\System32\DRIVERS\nvsmu.sys
0xF7868000 \SystemRoot\System32\DRIVERS\usbohci.sys
0xF643A000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF7870000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF68F8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF68E8000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF68D8000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF6417000 \SystemRoot\System32\DRIVERS\ks.sys
0xF7878000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF6403000 \SystemRoot\System32\DRIVERS\sdbus.sys
0xF63DB000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF7980000 \SystemRoot\System32\DRIVERS\nvnetbus.sys
0xF6390000 \SystemRoot\System32\DRIVERS\NVNRM.SYS
0xF6359000 \SystemRoot\System32\DRIVERS\NVSNPU.SYS
0xF68C8000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF7880000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF6329000 \SystemRoot\System32\DRIVERS\SynTP.sys
0xF7A1C000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF7888000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF7984000 \SystemRoot\System32\DRIVERS\CmBatt.sys
0xF630B000 \SystemRoot\system32\DRIVERS\dne2000.sys
0xF7B2E000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF68B8000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF798C000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF62F4000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF6898000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF6888000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF7890000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF62E3000 \SystemRoot\System32\DRIVERS\psched.sys
0xF68A8000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF7898000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF78A0000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF62B3000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF6878000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF7A1E000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF622D000 \SystemRoot\System32\DRIVERS\update.sys
0xF79A4000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF6868000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7640000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF7650000 \SystemRoot\System32\DRIVERS\NVENETFD.sys
0xF16DB000 \SystemRoot\system32\drivers\CHDAud.sys
0xF16B7000 \SystemRoot\system32\drivers\portcls.sys
0xF7670000 \SystemRoot\system32\drivers\drmk.sys
0xF79CC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B4C000 \SystemRoot\System32\Drivers\Null.SYS
0xF79D2000 \SystemRoot\System32\Drivers\Beep.SYS
0xEBAFB000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xEBAC3000 \SystemRoot\System32\drivers\vga.sys
0xF79DC000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79E4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF69DF000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF69C7000 \SystemRoot\System32\Drivers\Npfs.SYS
0xEE32A000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xB927F000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xB91C8000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xBA6BF000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xB900E000 \SystemRoot\System32\DRIVERS\netbt.sys
0xBA429000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xB8E5F000 \SystemRoot\System32\drivers\afd.sys
0xB9886000 \SystemRoot\System32\DRIVERS\netbios.sys
0xB8DB1000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xB8CB5000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xB9816000 \SystemRoot\System32\Drivers\Fips.SYS
0xB8BA6000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xB8FCE000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xB9876000 \SystemRoot\System32\DRIVERS\arp1394.sys
0xB7F0F000 \SystemRoot\System32\Drivers\aswSP.SYS
0xB7EA2000 \SystemRoot\System32\Drivers\aswSnx.SYS
0xB92A4000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xB3C97000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB2751000 \SystemRoot\System32\Drivers\dump_nvata.sys
0xB34FF000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB2D4D000 \SystemRoot\System32\drivers\Dxapi.sys
0xB3662000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7BF1000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBF3DD000 \SystemRoot\System32\ATMFD.DLL
0xEFEE2000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0xB3B90000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xF77C0000 \SystemRoot\System32\DRIVERS\AegisP.sys
0xEE34A000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xB0B51000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xB09D4000 \SystemRoot\system32\drivers\wdmaud.sys
0xF7680000 \SystemRoot\system32\drivers\sysaudio.sys
0xB0959000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xB34F9000 \SystemRoot\System32\Drivers\StarOpen.SYS
0xB0781000 \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
0xB06D9000 \SystemRoot\System32\DRIVERS\srv.sys
0xB8F02000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xAF7FA000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xAF7B9000 \SystemRoot\System32\Drivers\HTTP.sys
0xF7192000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xAEBCC000 \??\C:\DOCUME~1\Pytonius\LOCALS~1\Temp\aswMBR.sys
0xA622A000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 35):
0 System Idle Process
4 System
1216 C:\WINDOWS\system32\smss.exe
1304 csrss.exe
1328 C:\WINDOWS\system32\winlogon.exe
1376 C:\WINDOWS\system32\services.exe
1388 C:\WINDOWS\system32\lsass.exe
1556 C:\WINDOWS\system32\svchost.exe
1600 svchost.exe
1644 C:\WINDOWS\system32\svchost.exe
1840 svchost.exe
1908 svchost.exe
380 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
564 C:\WINDOWS\explorer.exe
916 C:\WINDOWS\system32\spoolsv.exe
1040 C:\WINDOWS\system32\acs.exe
1340 svchost.exe
1920 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
2004 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
244 C:\Program Files\Java\jre6\bin\jqs.exe
264 C:\Program Files\Atheros\ACU.exe
1204 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1248 C:\Program Files\iTunes\iTunesHelper.exe
1296 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
1980 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
2024 C:\Program Files\CDBurnerXP\NMSAccessU.exe
1992 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
236 C:\Program Files\AVAST Software\Avast\AvastUI.exe
2404 C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe
2764 C:\WINDOWS\system32\svchost.exe
3736 C:\Program Files\iPod\bin\iPodService.exe
2100 alg.exe
3368 C:\Program Files\Mozilla Firefox\firefox.exe
812 C:\Program Files\Mozilla Firefox\plugin-container.exe
792 C:\Documents and Settings\Pytonius\Mijn documenten\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000009`ad4f7800 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHV2080BHPL, Rev: 00000029

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: F238F1FE114296B6DC7716517DC1DADB3FF3D5C6


Done!

Cheers!
  • 0

#8
RKinner
Posted 20 December 2011 - 11:09 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Once more with Combofix and I think it's clean.

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"vvdsvc"=-

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

How is it running now?

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

We need to clean up System Restore.

Copy the following:


:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]
Run OTL. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix. I don't think it will need to reboot.

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.



As a final check you can run ESET. Takes a long time though (hours).

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


If it doesn't find anything that is NOT in Qoobox or _OTL or TDSSKiller_Quarantine or subfolders of the three then your PC is clean.
  • 0

#9
Pyton
Posted 21 December 2011 - 04:05 AM

Pyton

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi there Ron,

Here are the final logs:

COMBOFIX:

ComboFix 11-12-20.04 - Pytonius 20-12-2011 22:58:41.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.991.379 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Pytonius\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Pytonius\Bureaublad\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-11-20 to 2011-12-20 ))))))))))))))))))))))))))))))
.
.
2011-12-19 16:34 . 2001-08-17 20:12 3968 -c--a-w- c:\windows\system32\dllcache\brfiltup.sys
2011-12-19 16:33 . 2001-08-17 19:49 23552 -c--a-w- c:\windows\system32\dllcache\atixbar.sys
2011-12-19 16:32 . 2001-08-17 19:11 16969 -c--a-w- c:\windows\system32\dllcache\amb8002.sys
2011-12-19 16:31 . 2001-09-06 20:26 689216 -c--a-w- c:\windows\system32\dllcache\3dfxvs.dll
2011-12-19 16:31 . 2001-08-17 20:28 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys
2011-12-19 16:31 . 2001-08-17 21:06 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys
2011-12-19 16:30 . 2001-09-06 20:26 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-12-19 00:09 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-12-19 00:09 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-12-19 00:09 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-19 00:09 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-12-19 00:09 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-12-19 00:09 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-12-19 00:09 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-12-19 00:09 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-12-19 00:09 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2011-12-19 00:09 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-12-19 00:09 . 2011-12-19 00:09 -------- d-----w- c:\program files\AVAST Software
2011-12-19 00:09 . 2011-12-19 00:09 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVAST Software
2011-12-18 22:18 . 2011-12-18 22:18 -------- d-----w- c:\documents and settings\Pytonius\Application Data\Malwarebytes
2011-12-18 22:17 . 2011-12-18 22:17 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2011-12-18 22:17 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-18 22:17 . 2011-12-18 22:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-18 22:05 . 2011-12-18 22:05 -------- d-----w- C:\_OTL
2011-12-18 19:21 . 2011-12-18 19:23 -------- d-----w- c:\program files\SpywareBlaster
2011-12-18 18:46 . 2011-12-18 19:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2011-12-14 13:29 . 2011-12-14 13:29 388096 ----a-r- c:\documents and settings\Pytonius\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-14 13:29 . 2011-12-14 13:29 -------- d-----w- c:\program files\Trend Micro
2011-12-07 00:19 . 2011-12-10 09:46 -------- d-----w- c:\documents and settings\Pytonius\Application Data\Ykbayg
2011-12-03 17:11 . 2011-12-03 17:11 -------- d-----w- c:\documents and settings\Pytonius\Application Data\Canneverbe Limited
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 14:40 . 2001-09-07 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys
2011-11-01 16:07 . 2001-09-07 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 23:37 . 2001-09-07 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-10-31 23:37 . 2001-09-07 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-10-31 23:37 . 2004-08-04 08:03 78336 ------w- c:\windows\system32\ieencode.dll
2011-10-31 23:37 . 2001-09-07 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-10-28 05:32 . 2001-09-07 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:50 . 2001-09-07 12:00 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 10:50 . 2001-09-06 19:53 2031616 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2004-08-04 08:03 186880 ------w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2009-02-28 17:45 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2002-09-23 14:11 602624 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 17:59 614912 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2001-09-07 12:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2001-09-07 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-11-10 10:33 . 2011-06-17 12:43 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-18_23.48.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-18 21:51 . 2011-04-18 21:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2011-04-18 21:51 . 2011-04-18 21:51 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll
+ 2011-04-18 21:51 . 2011-04-18 21:51 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll
+ 2011-04-18 21:51 . 2011-04-18 21:51 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll
+ 2011-04-18 21:51 . 2011-04-18 21:51 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll
+ 2011-04-18 21:51 . 2011-04-18 21:51 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll
+ 2011-04-18 21:51 . 2011-04-18 21:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll
+ 2011-04-18 21:51 . 2011-04-18 21:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll
+ 2011-04-18 21:51 . 2011-04-18 21:51 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll
+ 2011-04-18 21:51 . 2011-04-18 21:51 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll
+ 2011-04-18 21:51 . 2011-04-18 21:51 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll
+ 2011-04-18 21:51 . 2011-04-18 21:51 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2011-04-18 21:51 . 2011-04-18 21:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll
+ 2011-04-18 21:51 . 2011-04-18 21:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2011-12-20 22:22 . 2011-12-20 22:22 16384 c:\windows\temp\Perflib_Perfdata_50c.dat
+ 2001-09-07 12:00 . 2008-04-14 17:02 30749 c:\windows\system32\dllcache\vbajet32.dll
+ 2004-08-04 08:02 . 2008-04-01 15:14 16384 c:\windows\system32\dllcache\tcptsat.dll
+ 2004-08-04 08:03 . 2008-04-14 17:03 32827 c:\windows\system32\dllcache\tcptest.exe
+ 2001-09-07 12:00 . 2008-04-14 17:02 25600 c:\windows\system32\dllcache\slayerxp.dll
+ 2004-08-04 08:03 . 2008-04-14 17:03 16437 c:\windows\system32\dllcache\shtml.exe
+ 2004-08-04 08:03 . 2008-04-14 17:02 20536 c:\windows\system32\dllcache\shtml.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 65024 c:\windows\system32\dllcache\shimeng.dll
+ 2001-09-07 12:00 . 2008-04-14 17:03 78336 c:\windows\system32\dllcache\sdbinst.exe
+ 2001-09-07 12:00 . 2008-04-14 17:02 64000 c:\windows\system32\dllcache\samlib.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 84992 c:\windows\system32\dllcache\olepro32.dll
+ 2009-02-28 17:45 . 2008-04-14 17:02 73728 c:\windows\system32\dllcache\oledb32r.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 20511 c:\windows\system32\dllcache\odtext32.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 20510 c:\windows\system32\dllcache\odpdx32.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 20510 c:\windows\system32\dllcache\odfox32.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 20510 c:\windows\system32\dllcache\odexl32.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 20511 c:\windows\system32\dllcache\oddbse32.dll
+ 2001-09-07 12:00 . 2008-04-14 17:01 57375 c:\windows\system32\dllcache\odbcji32.dll
+ 2001-09-07 12:00 . 2007-03-28 12:54 98304 c:\windows\system32\dllcache\odbcint.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 65536 c:\windows\system32\dllcache\odbccu32.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 65536 c:\windows\system32\dllcache\odbccr32.dll
+ 2001-09-07 12:00 . 2008-04-14 17:03 69632 c:\windows\system32\dllcache\odbcconf.exe
+ 2001-09-07 12:00 . 2008-04-14 17:03 32768 c:\windows\system32\dllcache\odbcad32.exe
+ 2001-09-07 12:00 . 2008-04-14 17:02 16384 c:\windows\system32\dllcache\odbc32gt.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 68096 c:\windows\system32\dllcache\ocmanage.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 64000 c:\windows\system32\dllcache\nwapi32.dll
+ 2009-02-28 17:45 . 2008-04-14 17:02 10240 c:\windows\system32\dllcache\npwmsdrm.dll
- 2009-02-28 20:57 . 2008-04-14 17:02 10240 c:\windows\system32\dllcache\npwmsdrm.dll
+ 2001-09-07 12:00 . 2008-04-13 19:20 91520 c:\windows\system32\dllcache\ndiswan.sys
+ 2009-02-28 17:45 . 2008-04-14 17:02 24576 c:\windows\system32\dllcache\msxactps.dll
+ 2001-09-07 12:00 . 2008-04-13 18:30 61440 c:\windows\system32\dllcache\msvcrt40.dll
+ 2001-09-07 12:00 . 2007-04-02 12:49 60192 c:\windows\system32\dllcache\msjter40.dll
+ 2009-02-28 17:45 . 2008-04-14 17:02 36864 c:\windows\system32\dllcache\msdfmap.dll
+ 2009-02-28 17:45 . 2008-04-14 17:02 20480 c:\windows\system32\dllcache\msdatt.dll
+ 2009-02-28 17:45 . 2007-03-28 12:54 16384 c:\windows\system32\dllcache\msdasqlr.dll
+ 2009-02-28 17:45 . 2007-03-28 12:54 16384 c:\windows\system32\dllcache\msdaremr.dll
+ 2009-02-28 17:45 . 2007-03-28 12:54 16384 c:\windows\system32\dllcache\msdaprsr.dll
+ 2009-02-28 17:45 . 2008-04-14 17:02 77824 c:\windows\system32\dllcache\msdaosp.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 36864 c:\windows\system32\dllcache\mscpxl32.dll
+ 2009-02-28 17:45 . 2008-04-14 17:02 57344 c:\windows\system32\dllcache\msadrh15.dll
+ 2009-02-28 17:45 . 2008-04-14 17:02 57344 c:\windows\system32\dllcache\msador15.dll
+ 2009-02-28 17:45 . 2007-03-28 12:54 28672 c:\windows\system32\dllcache\msader15.dll
+ 2009-02-28 17:45 . 2007-04-18 10:30 24576 c:\windows\system32\dllcache\msaddsr.dll
+ 2009-02-28 17:45 . 2008-04-14 17:02 53248 c:\windows\system32\dllcache\msadcs.dll
+ 2009-02-28 17:45 . 2007-04-18 10:30 16384 c:\windows\system32\dllcache\msadcor.dll
+ 2009-02-28 17:45 . 2007-04-18 10:30 16384 c:\windows\system32\dllcache\msadcfr.dll
+ 2009-02-28 17:45 . 2008-04-14 17:02 61440 c:\windows\system32\dllcache\msadcf.dll
+ 2009-02-28 17:45 . 2007-04-18 10:30 20480 c:\windows\system32\dllcache\msadcer.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 22528 c:\windows\system32\dllcache\mfcsubs.dll
+ 2001-09-07 12:00 . 2006-10-18 20:47 11264 c:\windows\system32\dllcache\laprxy.dll
- 2009-02-28 20:57 . 2006-10-18 20:47 11264 c:\windows\system32\dllcache\LAPRXY.dll
- 2007-08-13 17:54 . 2011-10-31 23:37 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2001-09-07 12:00 . 2011-10-31 23:37 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 08:03 . 2008-04-14 17:02 68608 c:\windows\system32\dllcache\isatq.dll
+ 2001-09-07 12:00 . 2008-04-13 19:19 75264 c:\windows\system32\dllcache\ipsec.sys
+ 2004-08-04 08:03 . 2008-04-14 17:02 13312 c:\windows\system32\dllcache\infoadmn.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 36921 c:\windows\system32\dllcache\imeshare.dll
+ 2004-08-04 08:03 . 2008-04-14 17:03 30720 c:\windows\system32\dllcache\iisrstas.exe
+ 2004-08-04 08:03 . 2008-04-14 17:02 64512 c:\windows\system32\dllcache\iismap.dll
+ 2004-08-04 08:03 . 2008-04-14 17:02 68608 c:\windows\system32\dllcache\iisext51.dll
+ 2004-08-04 08:03 . 2008-04-14 17:02 20538 c:\windows\system32\dllcache\fpremadm.exe
+ 2004-08-04 08:03 . 2008-04-14 17:02 20541 c:\windows\system32\dllcache\fpexedll.dll
+ 2004-08-04 08:03 . 2008-04-14 17:02 15120 c:\windows\system32\dllcache\fp98sadm.exe
+ 2004-08-04 08:03 . 2008-04-14 17:02 49212 c:\windows\system32\dllcache\fp4awebs.dll
+ 2004-08-04 08:03 . 2008-04-14 17:02 32826 c:\windows\system32\dllcache\fp4avss.dll
+ 2004-08-04 08:03 . 2008-04-14 17:02 41020 c:\windows\system32\dllcache\fp4avnb.dll
+ 2004-08-04 08:03 . 2008-04-14 17:02 49210 c:\windows\system32\dllcache\fp4areg.dll
+ 2004-08-04 08:03 . 2008-04-14 17:02 82035 c:\windows\system32\dllcache\fp4anscp.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 16384 c:\windows\system32\dllcache\ds32gt.dll
- 2009-02-28 20:57 . 2008-04-14 17:02 87040 c:\windows\system32\dllcache\drmstor.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 87040 c:\windows\system32\dllcache\drmstor.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 32768 c:\windows\system32\dllcache\dispex.dll
+ 2009-02-28 20:57 . 2008-04-14 17:02 39936 c:\windows\system32\dllcache\dimsroam.dll
+ 2009-02-28 20:57 . 2008-04-14 17:02 19456 c:\windows\system32\dllcache\dimsntfy.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 62464 c:\windows\system32\dllcache\cryptsvc.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 64512 c:\windows\system32\dllcache\cryptnet.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 54784 c:\windows\system32\dllcache\cryptext.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 33280 c:\windows\system32\dllcache\cryptdll.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 75776 c:\windows\system32\dllcache\cryptdlg.dll
+ 2004-08-04 08:03 . 2008-04-14 17:02 47104 c:\windows\system32\dllcache\coadmin.dll
+ 2001-09-07 12:00 . 2008-04-14 17:00 16896 c:\windows\system32\dllcache\cfgmgr32.dll
+ 2011-12-19 16:35 . 2001-09-06 17:47 13952 c:\windows\system32\dllcache\bulltlp3.sys
+ 2004-08-04 08:03 . 2008-04-14 17:02 50688 c:\windows\system32\dllcache\btpanui.dll
+ 2004-08-04 06:10 . 2008-04-13 18:46 18944 c:\windows\system32\dllcache\bthusb.sys
+ 2004-08-04 08:03 . 2008-04-14 17:02 30208 c:\windows\system32\dllcache\bthserv.dll
+ 2004-08-04 06:10 . 2008-04-13 18:46 36480 c:\windows\system32\dllcache\bthprint.sys
+ 2004-08-04 06:10 . 2008-04-13 18:46 37888 c:\windows\system32\dllcache\bthmodem.sys
+ 2004-08-04 06:10 . 2008-04-13 18:46 17024 c:\windows\system32\dllcache\bthenum.sys
+ 2004-08-04 08:03 . 2008-04-14 17:02 20992 c:\windows\system32\dllcache\bthci.dll
+ 2011-12-19 16:35 . 2001-08-17 19:11 31529 c:\windows\system32\dllcache\brzwlan.sys
+ 2011-12-19 16:35 . 2001-08-17 20:12 10368 c:\windows\system32\dllcache\brusbscn.sys
+ 2011-12-19 16:35 . 2001-08-17 20:12 11008 c:\windows\system32\dllcache\brusbmdm.sys
+ 2011-12-19 16:35 . 2001-08-17 20:12 60416 c:\windows\system32\dllcache\brserwdm.sys
+ 2011-12-19 16:35 . 2001-09-06 17:46 39808 c:\windows\system32\dllcache\brparwdm.sys
+ 2001-09-07 12:00 . 2008-04-14 17:02 78336 c:\windows\system32\dllcache\browsewm.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 77824 c:\windows\system32\dllcache\browser.dll
+ 2001-09-07 12:00 . 2008-04-14 16:34 67584 c:\windows\system32\dllcache\browselc.dll
+ 2011-12-19 16:35 . 2001-09-06 20:26 41472 c:\windows\system32\dllcache\brmfusb.dll
+ 2011-12-19 16:35 . 2001-09-06 20:27 32256 c:\windows\system32\dllcache\brmfrsmg.exe
+ 2011-12-19 16:35 . 2001-09-06 20:26 29696 c:\windows\system32\dllcache\brmflpt.dll
+ 2011-12-19 16:35 . 2001-09-06 20:26 81920 c:\windows\system32\dllcache\brmfcwia.dll
+ 2011-12-19 16:35 . 2001-09-06 20:26 15360 c:\windows\system32\dllcache\brmfbidi.dll
+ 2001-09-07 12:00 . 2008-04-13 18:53 71552 c:\windows\system32\dllcache\bridge.sys
+ 2011-12-19 16:34 . 2001-08-17 20:12 12160 c:\windows\system32\dllcache\brfiltlo.sys
+ 2011-12-19 16:34 . 2001-09-06 20:26 12800 c:\windows\system32\dllcache\brevif.dll
+ 2011-12-19 16:34 . 2001-09-06 20:26 19456 c:\windows\system32\dllcache\brbidiif.dll
+ 2004-08-04 08:03 . 2008-04-14 17:02 71680 c:\windows\system32\dllcache\blastcln.exe
+ 2001-09-07 12:00 . 2008-04-14 17:02 17408 c:\windows\system32\dllcache\bidispl.dll
+ 2011-12-19 16:34 . 2008-04-13 18:46 11776 c:\windows\system32\dllcache\bdasup.sys
+ 2011-12-19 16:34 . 2001-08-17 19:11 26568 c:\windows\system32\dllcache\bcm4e5.sys
+ 2011-12-19 16:34 . 2001-08-17 19:11 54271 c:\windows\system32\dllcache\bcm42xx5.sys
+ 2011-12-19 16:34 . 2001-08-17 19:11 66557 c:\windows\system32\dllcache\bcm42u.sys
+ 2009-02-28 18:36 . 2008-04-13 18:36 14208 c:\windows\system32\dllcache\battc.sys
+ 2001-09-07 12:00 . 2008-04-14 17:02 29184 c:\windows\system32\dllcache\batmeter.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 52736 c:\windows\system32\dllcache\basesrv.dll
+ 2011-12-19 16:34 . 2001-08-17 19:48 36128 c:\windows\system32\dllcache\banshee.sys
+ 2011-12-19 16:34 . 2001-09-06 17:33 97376 c:\windows\system32\dllcache\b57xp32.sys
+ 2011-12-19 16:34 . 2001-08-17 19:13 89952 c:\windows\system32\dllcache\b1cbase.sys
+ 2011-12-19 16:34 . 2001-08-17 19:19 36992 c:\windows\system32\dllcache\aztw2320.sys
+ 2011-12-19 16:34 . 2001-08-17 19:13 37568 c:\windows\system32\dllcache\avmwan.sys
+ 2011-12-19 16:34 . 2001-09-06 20:26 87552 c:\windows\system32\dllcache\avmcoxp.dll
- 2009-06-10 14:16 . 2009-11-27 16:10 85504 c:\windows\system32\dllcache\avifil32.dll
+ 2001-09-07 12:00 . 2009-11-27 16:10 85504 c:\windows\system32\dllcache\avifil32.dll
+ 2001-09-07 12:00 . 2001-09-07 12:00 70144 c:\windows\system32\dllcache\avicap.dll
- 2009-02-28 18:33 . 2001-09-07 12:00 70144 c:\windows\system32\dllcache\avicap.dll
+ 2011-12-19 16:34 . 2008-04-13 18:46 13696 c:\windows\system32\dllcache\avcstrm.sys
+ 2011-12-19 16:34 . 2001-08-17 21:01 36096 c:\windows\system32\dllcache\avcaudio.sys
+ 2011-12-19 16:34 . 2008-04-13 18:46 38912 c:\windows\system32\dllcache\avc.sys
+ 2001-09-07 12:00 . 2008-04-14 17:02 11264 c:\windows\system32\dllcache\autolfn.exe
+ 2001-09-07 12:00 . 2008-04-14 17:02 62464 c:\windows\system32\dllcache\authz.dll
+ 2004-08-04 08:03 . 2008-04-14 17:02 16439 c:\windows\system32\dllcache\author.exe
+ 2004-08-04 08:03 . 2008-04-14 17:02 20540 c:\windows\system32\dllcache\author.dll
+ 2004-08-04 08:03 . 2008-04-14 17:02 14336 c:\windows\system32\dllcache\auditusr.exe
+ 2001-09-07 12:00 . 2008-04-14 17:02 42496 c:\windows\system32\dllcache\audiosrv.dll
+ 2004-08-04 08:03 . 2008-04-14 17:02 17279 c:\windows\system32\dllcache\atv10nt5.dll
+ 2004-08-04 08:03 . 2008-04-14 17:02 14143 c:\windows\system32\dllcache\atv06nt5.dll
+ 2004-08-04 08:03 . 2008-04-14 17:02 25471 c:\windows\system32\dllcache\atv04nt5.dll
+ 2004-08-04 08:03 . 2008-04-14 17:02 11359 c:\windows\system32\dllcache\atv02nt5.dll
+ 2004-08-04 08:03 . 2008-04-14 17:02 21183 c:\windows\system32\dllcache\atv01nt5.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 12288 c:\windows\system32\dllcache\attrib.exe
+ 2001-09-07 12:00 . 2008-04-14 17:02 30208 c:\windows\system32\dllcache\atmlib.dll
+ 2001-09-07 12:00 . 2008-04-13 18:51 55808 c:\windows\system32\dllcache\atmlane.sys
+ 2001-09-07 12:00 . 2008-04-13 18:51 59904 c:\windows\system32\dllcache\atmarpc.sys
+ 2001-09-07 12:00 . 2008-04-14 17:02 11264 c:\windows\system32\dllcache\atmadm.exe
+ 2001-09-07 12:00 . 2009-07-17 19:04 58880 c:\windows\system32\dllcache\atl.dll
- 2009-07-17 19:04 . 2009-07-17 19:04 58880 c:\windows\system32\dllcache\atl.dll
+ 2011-12-19 16:33 . 2001-08-17 19:49 26624 c:\windows\system32\dllcache\ativxbar.sys
+ 2011-12-19 16:33 . 2001-08-17 19:49 19456 c:\windows\system32\dllcache\ativttxx.sys
+ 2004-08-04 08:03 . 2008-04-14 17:02 32768 c:\windows\system32\dllcache\ativtmxx.dll
+ 2011-12-19 16:33 . 2001-08-17 19:49 17152 c:\windows\system32\dllcache\atitvsnd.sys
+ 2011-12-19 16:33 . 2001-08-17 19:49 17152 c:\windows\system32\dllcache\atitunep.sys
+ 2011-12-19 16:33 . 2001-08-17 19:49 26880 c:\windows\system32\dllcache\atirtsnd.sys
+ 2011-12-19 16:33 . 2001-08-17 19:49 49920 c:\windows\system32\dllcache\atirtcap.sys
+ 2011-12-19 16:33 . 2001-09-06 17:30 70784 c:\windows\system32\dllcache\atiragem.sys
+ 2011-12-19 16:33 . 2001-08-17 19:49 10240 c:\windows\system32\dllcache\atipcxxx.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 63488 c:\windows\system32\dllcache\atinxsxx.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 31744 c:\windows\system32\dllcache\atinxbxx.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 73216 c:\windows\system32\dllcache\atintuxx.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 13824 c:\windows\system32\dllcache\atinttxx.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 28672 c:\windows\system32\dllcache\atinsnxx.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 52224 c:\windows\system32\dllcache\atinraxx.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 14336 c:\windows\system32\dllcache\atinpdxx.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 13824 c:\windows\system32\dllcache\atinmdxx.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 57856 c:\windows\system32\dllcache\atinbtxx.sys
+ 2011-12-19 16:33 . 2001-09-06 17:30 75392 c:\windows\system32\dllcache\atimpae.sys
+ 2011-12-19 16:33 . 2001-09-06 20:27 37376 c:\windows\system32\dllcache\atievxx.exe
+ 2011-12-19 16:33 . 2001-08-17 19:49 46464 c:\windows\system32\dllcache\atibt829.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 34735 c:\windows\system32\dllcache\ati1xsxx.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 29455 c:\windows\system32\dllcache\ati1xbxx.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 36463 c:\windows\system32\dllcache\ati1tuxx.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 21343 c:\windows\system32\dllcache\ati1ttxx.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 26367 c:\windows\system32\dllcache\ati1snxx.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 63663 c:\windows\system32\dllcache\ati1rvxx.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 30671 c:\windows\system32\dllcache\ati1raxx.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 12047 c:\windows\system32\dllcache\ati1pdxx.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 11615 c:\windows\system32\dllcache\ati1mdxx.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 56623 c:\windows\system32\dllcache\ati1btxx.sys
+ 2011-12-19 16:33 . 2001-09-06 17:30 77824 c:\windows\system32\dllcache\ati.sys
+ 2011-12-19 16:33 . 2001-09-06 20:26 96128 c:\windows\system32\dllcache\ati.dll
+ 2001-09-07 12:00 . 2008-04-13 18:40 96512 c:\windows\system32\dllcache\atapi.sys
+ 2001-09-07 12:00 . 2008-04-14 17:02 26112 c:\windows\system32\dllcache\at.exe
+ 2001-09-07 12:00 . 2008-04-13 18:57 14336 c:\windows\system32\dllcache\asyncmac.sys
- 2010-03-05 14:42 . 2010-03-05 14:42 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2001-09-07 12:00 . 2010-03-05 14:42 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2004-08-04 08:03 . 2008-04-14 17:02 32768 c:\windows\system32\dllcache\asr_pfu.exe
+ 2001-09-07 12:00 . 2008-04-14 17:02 30720 c:\windows\system32\dllcache\asr_fmt.exe
+ 2011-12-19 16:33 . 2001-08-17 19:12 97354 c:\windows\system32\dllcache\aspndis3.sys
+ 2011-12-19 16:33 . 2001-08-17 20:51 14848 c:\windows\system32\dllcache\asc3550.sys
+ 2011-12-19 16:33 . 2001-08-17 20:52 22400 c:\windows\system32\dllcache\asc3350p.sys
+ 2011-12-19 16:33 . 2001-08-17 20:52 26496 c:\windows\system32\dllcache\asc.sys
+ 2001-08-17 21:46 . 2008-04-13 18:51 60800 c:\windows\system32\dllcache\arp1394.sys
+ 2011-12-19 16:33 . 2004-08-04 05:31 36224 c:\windows\system32\dllcache\an983.sys
+ 2001-09-07 12:00 . 2008-04-14 17:02 70656 c:\windows\system32\dllcache\amstream.dll
+ 2011-12-19 16:33 . 2001-08-17 20:52 12032 c:\windows\system32\dllcache\amsint.sys
+ 2004-08-04 07:53 . 2008-04-14 16:31 41856 c:\windows\system32\dllcache\amdk7.sys
+ 2001-09-06 18:26 . 2008-04-14 16:31 41472 c:\windows\system32\dllcache\amdk6.sys
+ 2004-08-04 06:07 . 2008-04-13 18:36 43008 c:\windows\system32\dllcache\amdagp.sys
+ 2001-09-07 12:00 . 2008-04-14 17:02 17408 c:\windows\system32\dllcache\alrsvc.dll
+ 2004-08-04 06:07 . 2008-04-13 18:36 42752 c:\windows\system32\dllcache\alim1541.sys
+ 2011-12-19 16:32 . 2001-08-17 20:49 26624 c:\windows\system32\dllcache\alifir.sys
+ 2011-12-19 16:32 . 2001-08-17 19:11 27678 c:\windows\system32\dllcache\ali5261.sys
+ 2001-09-07 12:00 . 2008-04-14 17:02 44544 c:\windows\system32\dllcache\alg.exe
+ 2011-12-19 16:32 . 2001-08-17 21:07 56960 c:\windows\system32\dllcache\aic78xx.sys
+ 2011-12-19 16:32 . 2001-08-17 21:07 55168 c:\windows\system32\dllcache\aic78u2.sys
+ 2001-09-07 12:00 . 2008-04-14 17:02 98304 c:\windows\system32\dllcache\ahui.exe
+ 2011-12-19 16:32 . 2001-08-17 20:52 12800 c:\windows\system32\dllcache\aha154x.sys
+ 2001-09-07 12:00 . 2008-04-14 17:02 24064 c:\windows\system32\dllcache\agtintl.dll
+ 2001-09-07 12:00 . 2007-04-02 18:26 20480 c:\windows\system32\dllcache\agt0c0a.dll
+ 2001-09-07 12:00 . 2007-04-02 18:26 20992 c:\windows\system32\dllcache\agt0816.dll
+ 2009-02-28 20:57 . 2007-04-02 18:26 19456 c:\windows\system32\dllcache\agt0804.dll
+ 2009-02-28 18:34 . 2007-04-02 18:26 19456 c:\windows\system32\dllcache\agt041f.dll
+ 2001-09-07 12:00 . 2007-04-02 18:26 19456 c:\windows\system32\dllcache\agt041d.dll
+ 2009-02-28 18:34 . 2007-04-02 18:26 19456 c:\windows\system32\dllcache\agt0419.dll
+ 2001-09-07 12:00 . 2007-04-02 18:26 20480 c:\windows\system32\dllcache\agt0416.dll
+ 2009-02-28 18:33 . 2007-04-02 18:26 19456 c:\windows\system32\dllcache\agt0415.dll
+ 2001-09-07 12:00 . 2007-04-02 18:26 19456 c:\windows\system32\dllcache\agt0414.dll
+ 2001-09-07 12:00 . 2007-04-02 18:26 20992 c:\windows\system32\dllcache\agt0413.dll
+ 2009-02-28 20:57 . 2007-04-02 18:26 19456 c:\windows\system32\dllcache\agt0412.dll
+ 2009-02-28 20:57 . 2007-04-02 18:26 19456 c:\windows\system32\dllcache\agt0411.dll
+ 2001-09-07 12:00 . 2007-04-02 18:26 20992 c:\windows\system32\dllcache\agt0410.dll
+ 2009-02-28 18:33 . 2007-04-02 18:26 19968 c:\windows\system32\dllcache\agt040e.dll
+ 2009-02-28 20:57 . 2007-04-02 18:26 19456 c:\windows\system32\dllcache\agt040d.dll
+ 2001-09-07 12:00 . 2007-04-02 18:26 21504 c:\windows\system32\dllcache\agt040c.dll
+ 2001-09-07 12:00 . 2007-04-02 18:26 19456 c:\windows\system32\dllcache\agt040b.dll
+ 2001-09-07 12:00 . 2008-04-13 17:32 19968 c:\windows\system32\dllcache\agt0409.dll
+ 2009-02-28 18:33 . 2007-04-02 18:26 22016 c:\windows\system32\dllcache\agt0408.dll
+ 2001-09-07 12:00 . 2007-04-02 18:26 21504 c:\windows\system32\dllcache\agt0407.dll
+ 2001-09-07 12:00 . 2007-04-02 18:25 19456 c:\windows\system32\dllcache\agt0406.dll
+ 2009-02-28 18:33 . 2007-04-02 18:25 19456 c:\windows\system32\dllcache\agt0405.dll
+ 2009-02-28 20:57 . 2007-04-02 18:25 19456 c:\windows\system32\dllcache\agt0404.dll
+ 2009-02-28 20:57 . 2007-04-02 18:25 19456 c:\windows\system32\dllcache\agt0401.dll
+ 2004-08-04 06:07 . 2008-04-13 18:36 44928 c:\windows\system32\dllcache\agpcpq.sys
+ 2004-08-04 06:07 . 2008-04-13 18:36 42368 c:\windows\system32\dllcache\agp440.sys
+ 2001-09-07 12:00 . 2008-04-14 17:02 44032 c:\windows\system32\dllcache\agentsr.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 24064 c:\windows\system32\dllcache\agentpsh.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 49152 c:\windows\system32\dllcache\agentmpx.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 57344 c:\windows\system32\dllcache\agentdpv.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 42496 c:\windows\system32\dllcache\agentdp2.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 24064 c:\windows\system32\dllcache\agentanm.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 68096 c:\windows\system32\dllcache\adsmsext.dll
+ 2011-12-19 16:32 . 2001-08-17 19:11 46112 c:\windows\system32\dllcache\adptsf50.sys
+ 2004-08-04 08:03 . 2008-04-14 17:02 43520 c:\windows\system32\dllcache\admwprox.dll
- 2007-08-13 17:39 . 2007-08-13 17:39 71680 c:\windows\system32\dllcache\admparse.dll
+ 2001-09-07 12:00 . 2007-08-13 17:39 71680 c:\windows\system32\dllcache\admparse.dll
+ 2011-12-19 16:32 . 2004-08-04 05:32 10880 c:\windows\system32\dllcache\admjoy.sys
+ 2004-08-04 08:03 . 2008-04-14 17:02 16439 c:\windows\system32\dllcache\admin.exe
+ 2004-08-04 08:03 . 2008-04-14 17:02 20540 c:\windows\system32\dllcache\admin.dll
+ 2004-08-04 08:03 . 2008-04-14 17:02 29696 c:\windows\system32\dllcache\admexs.dll
+ 2011-12-19 16:32 . 2001-08-17 19:11 20160 c:\windows\system32\dllcache\adm8511.sys
+ 2001-09-07 12:00 . 2008-04-14 17:02 98304 c:\windows\system32\dllcache\actxprxy.dll
+ 2001-09-07 12:00 . 2001-09-07 12:00 12032 c:\windows\system32\dllcache\acpiec.sys
+ 2011-12-19 16:32 . 2001-09-06 20:26 61952 c:\windows\system32\dllcache\acerscad.dll
+ 2011-12-19 16:32 . 2004-08-04 05:32 84480 c:\windows\system32\dllcache\ac97via.sys
+ 2011-12-19 16:32 . 2001-08-17 19:20 96256 c:\windows\system32\dllcache\ac97intc.sys
+ 2011-12-19 16:32 . 2001-08-17 20:52 23552 c:\windows\system32\dllcache\abp480n5.sys
+ 2011-12-19 16:32 . 2001-09-06 20:26 98304 c:\windows\system32\dllcache\a3d.dll
+ 2011-12-19 16:32 . 2001-09-06 20:26 38400 c:\windows\system32\dllcache\8514a.dll
+ 2011-12-19 16:32 . 2008-04-13 18:46 48128 c:\windows\system32\dllcache\61883.sys
+ 2011-12-19 16:32 . 2008-04-13 18:40 12288 c:\windows\system32\dllcache\4mmdat.sys
+ 2001-09-07 12:00 . 2008-04-13 18:46 53376 c:\windows\system32\dllcache\1394bus.sys
+ 2004-08-04 08:03 . 2008-04-14 17:02 8192 c:\windows\system32\dllcache\staxmem.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 5120 c:\windows\system32\dllcache\sfc.dll
+ 2009-02-28 19:55 . 2004-08-02 13:20 4569 c:\windows\system32\dllcache\secupd.dat
- 2009-02-28 20:57 . 2008-04-14 17:01 4126 c:\windows\system32\dllcache\msdxmlc.dll
+ 2001-09-07 12:00 . 2008-04-14 17:01 4126 c:\windows\system32\dllcache\msdxmlc.dll
+ 2009-02-28 17:45 . 2008-04-14 17:02 4096 c:\windows\system32\dllcache\msdaurl.dll
+ 2009-02-28 17:45 . 2008-04-14 17:02 4096 c:\windows\system32\dllcache\msdasc.dll
+ 2009-02-28 17:45 . 2008-04-14 17:02 4096 c:\windows\system32\dllcache\msdaer.dll
+ 2009-02-28 17:45 . 2008-04-14 17:02 4096 c:\windows\system32\dllcache\msdaenum.dll
+ 2009-02-28 17:45 . 2008-04-14 17:02 4096 c:\windows\system32\dllcache\msdadc.dll
- 2009-02-28 20:57 . 2008-04-14 17:03 4639 c:\windows\system32\dllcache\mplayer2.exe
+ 2009-02-28 17:45 . 2008-04-14 17:03 4639 c:\windows\system32\dllcache\mplayer2.exe
+ 2009-02-28 20:57 . 2008-04-14 17:01 6144 c:\windows\system32\dllcache\kbdpash.dll
+ 2009-02-28 20:57 . 2008-04-14 17:01 6144 c:\windows\system32\dllcache\kbdnepr.dll
+ 2009-02-28 20:57 . 2008-04-14 17:01 6144 c:\windows\system32\dllcache\kbdiultn.dll
+ 2009-02-28 20:57 . 2008-04-14 17:01 6144 c:\windows\system32\dllcache\kbdbhc.dll
+ 2011-12-19 16:35 . 2001-09-06 20:26 9728 c:\windows\system32\dllcache\brserif.dll
+ 2011-12-19 16:35 . 2001-09-06 20:26 5120 c:\windows\system32\dllcache\brscnrsm.dll
+ 2011-12-19 16:35 . 2001-08-17 20:12 3168 c:\windows\system32\dllcache\brparimg.sys
+ 2011-12-19 16:34 . 2001-08-17 20:12 2944 c:\windows\system32\dllcache\brfilt.sys
+ 2011-12-19 16:34 . 2001-09-06 20:26 9728 c:\windows\system32\dllcache\brcoinst.dll
+ 2009-02-28 20:57 . 2008-04-14 17:02 7168 c:\windows\system32\dllcache\bitsprx4.dll
+ 2009-02-28 19:40 . 2008-04-14 17:02 7168 c:\windows\system32\dllcache\bitsprx3.dll
+ 2009-02-28 19:40 . 2008-04-14 17:02 8192 c:\windows\system32\dllcache\bitsprx2.dll
+ 2009-02-28 18:33 . 2008-04-14 17:02 8704 c:\windows\system32\dllcache\batt.dll
+ 2009-02-28 18:38 . 2001-08-17 21:59 3072 c:\windows\system32\dllcache\audstub.sys
+ 2011-12-19 16:33 . 2001-08-17 19:49 9472 c:\windows\system32\dllcache\ativmdcd.sys
- 2009-02-28 20:57 . 2006-11-02 21:50 7680 c:\windows\system32\dllcache\asferror.dll
+ 2001-09-07 12:00 . 2006-11-02 21:50 7680 c:\windows\system32\dllcache\asferror.dll
+ 2011-12-19 16:33 . 2001-08-17 20:47 6272 c:\windows\system32\dllcache\apmbatt.sys
+ 2011-12-19 16:32 . 2001-08-17 20:51 5248 c:\windows\system32\dllcache\aliide.sys
+ 2004-08-04 08:03 . 2008-04-14 17:02 3775 c:\windows\system32\dllcache\adv11nt5.dll
+ 2004-08-04 08:03 . 2008-04-14 17:02 3711 c:\windows\system32\dllcache\adv09nt5.dll
+ 2004-08-04 08:03 . 2008-04-14 17:02 3135 c:\windows\system32\dllcache\adv08nt5.dll
+ 2004-08-04 08:03 . 2008-04-14 17:02 3647 c:\windows\system32\dllcache\adv07nt5.dll
+ 2004-08-04 08:03 . 2008-04-14 17:02 3615 c:\windows\system32\dllcache\adv05nt5.dll
+ 2004-08-04 08:03 . 2008-04-14 17:02 3967 c:\windows\system32\dllcache\adv02nt5.dll
+ 2004-08-04 08:03 . 2008-04-14 17:02 4255 c:\windows\system32\dllcache\adv01nt5.dll
+ 2011-12-19 16:32 . 2001-08-17 20:53 7424 c:\windows\system32\dllcache\adicvls.sys
+ 2001-09-07 12:00 . 2008-04-14 17:02 4096 c:\windows\system32\dllcache\actmovie.exe
+ 2011-04-18 21:51 . 2011-04-18 21:51 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
+ 2011-04-18 21:51 . 2011-04-18 21:51 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
+ 2011-04-18 21:51 . 2011-04-18 21:51 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcm90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2011-04-18 21:51 . 2011-04-18 21:51 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\atl90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2001-09-07 12:00 . 2009-12-24 07:05 177664 c:\windows\system32\dllcache\wintrust.dll
- 2009-12-24 07:05 . 2009-12-24 07:05 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2001-09-07 12:00 . 2008-04-14 17:03 510464 c:\windows\system32\dllcache\winlogon.exe
+ 2001-09-07 12:00 . 2011-10-31 23:37 832512 c:\windows\system32\dllcache\wininet.dll
- 2009-02-28 21:19 . 2011-10-31 23:37 832512 c:\windows\system32\dllcache\wininet.dll
+ 2001-09-07 12:00 . 2011-03-04 06:44 434176 c:\windows\system32\dllcache\vbscript.dll
- 2007-08-13 17:54 . 2011-03-04 06:44 434176 c:\windows\system32\dllcache\vbscript.dll
+ 2001-09-07 12:00 . 2011-10-31 23:37 106496 c:\windows\system32\dllcache\url.dll
- 2007-08-13 17:44 . 2011-10-31 23:37 106496 c:\windows\system32\dllcache\url.dll
+ 2001-09-07 12:00 . 2007-06-27 14:57 317952 c:\windows\system32\dllcache\unregmp2.exe
- 2009-02-28 20:58 . 2007-06-27 14:57 317952 c:\windows\system32\dllcache\unregmp2.exe
+ 2001-09-07 12:00 . 2008-04-14 17:02 124416 c:\windows\system32\dllcache\umpnpmgr.dll
+ 2001-09-07 12:00 . 2008-04-14 17:03 107520 c:\windows\system32\dllcache\sysocmgr.exe
- 2009-02-28 20:58 . 2009-08-26 08:02 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2001-09-07 12:00 . 2009-08-26 08:02 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2009-02-28 20:57 . 2008-04-14 17:02 189952 c:\windows\system32\dllcache\smtpadm.dll
- 2008-05-09 10:56 . 2008-05-09 10:56 172032 c:\windows\system32\dllcache\scrrun.dll
+ 2001-09-07 12:00 . 2008-05-09 10:56 172032 c:\windows\system32\dllcache\scrrun.dll
+ 2001-09-07 12:00 . 2008-05-09 10:56 180224 c:\windows\system32\dllcache\scrobj.dll
- 2008-05-09 10:56 . 2008-05-09 10:56 180224 c:\windows\system32\dllcache\scrobj.dll
+ 2001-09-07 12:00 . 2011-04-29 17:25 151552 c:\windows\system32\dllcache\schannel.dll
- 2008-12-05 06:58 . 2011-04-29 17:25 151552 c:\windows\system32\dllcache\schannel.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 429056 c:\windows\system32\dllcache\samsrv.dll
+ 2001-09-07 12:00 . 2008-04-13 17:37 208384 c:\windows\system32\dllcache\rsaenh.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 433664 c:\windows\system32\dllcache\riched20.dll
+ 2009-02-28 17:45 . 2008-04-14 17:02 487424 c:\windows\system32\dllcache\oledb32.dll
- 2010-12-20 17:32 . 2010-12-20 17:32 551936 c:\windows\system32\dllcache\oleaut32.dll
+ 2001-09-07 12:00 . 2010-12-20 17:32 551936 c:\windows\system32\dllcache\oleaut32.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 147456 c:\windows\system32\dllcache\odbctrac.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 278559 c:\windows\system32\dllcache\odbcjt32.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 106496 c:\windows\system32\dllcache\odbccp32.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 135168 c:\windows\system32\dllcache\odbcconf.dll
- 2010-11-09 14:52 . 2010-11-09 14:52 249856 c:\windows\system32\dllcache\odbc32.dll
+ 2001-09-07 12:00 . 2010-11-09 14:52 249856 c:\windows\system32\dllcache\odbc32.dll
+ 2001-09-07 12:00 . 2008-04-13 19:15 574976 c:\windows\system32\dllcache\ntfs.sys
+ 2001-09-07 12:00 . 2010-12-09 15:15 739328 c:\windows\system32\dllcache\ntdll.dll
- 2009-04-17 00:49 . 2010-12-09 15:15 739328 c:\windows\system32\dllcache\ntdll.dll
+ 2009-02-28 17:45 . 2008-04-14 17:02 364544 c:\windows\system32\dllcache\npdsplay.dll
- 2009-02-28 20:57 . 2008-04-14 17:02 364544 c:\windows\system32\dllcache\npdsplay.dll
+ 2001-09-07 12:00 . 2008-10-15 16:37 337408 c:\windows\system32\dllcache\netapi32.dll
- 2009-02-28 21:18 . 2008-10-15 16:37 337408 c:\windows\system32\dllcache\netapi32.dll
+ 2001-09-07 12:00 . 2007-04-02 12:52 355104 c:\windows\system32\dllcache\msxbde40.dll
+ 2001-09-07 12:00 . 2007-03-28 12:54 621344 c:\windows\system32\dllcache\mswstr10.dll
+ 2001-09-07 12:00 . 2007-04-02 12:51 838432 c:\windows\system32\dllcache\mswdat10.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 343040 c:\windows\system32\dllcache\msvcrt.dll
+ 2001-09-07 12:00 . 2007-04-02 12:51 264992 c:\windows\system32\dllcache\mstext40.dll
+ 2001-09-07 12:00 . 2007-04-02 12:51 559904 c:\windows\system32\dllcache\msrepl40.dll
+ 2001-09-07 12:00 . 2007-04-02 12:50 322336 c:\windows\system32\dllcache\msrd3x40.dll
+ 2001-09-07 12:00 . 2007-04-02 12:50 432928 c:\windows\system32\dllcache\msrd2x40.dll
+ 2001-09-07 12:00 . 2007-04-02 12:50 355104 c:\windows\system32\dllcache\mspbde40.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 143360 c:\windows\system32\dllcache\msorcl32.dll
+ 2001-09-07 12:00 . 2007-04-02 12:49 219936 c:\windows\system32\dllcache\msltus40.dll
+ 2001-09-07 12:00 . 2007-04-02 12:49 248608 c:\windows\system32\dllcache\msjtes40.dll
- 2010-11-09 14:52 . 2010-11-09 14:52 102400 c:\windows\system32\dllcache\msjro.dll
+ 2009-02-28 17:45 . 2010-11-09 14:52 102400 c:\windows\system32\dllcache\msjro.dll
+ 2001-09-07 12:00 . 2007-03-28 12:54 183072 c:\windows\system32\dllcache\msjint40.dll
+ 2001-09-07 12:00 . 2007-04-02 12:47 326432 c:\windows\system32\dllcache\msexcl40.dll
+ 2001-09-07 12:00 . 2007-04-02 12:47 518944 c:\windows\system32\dllcache\msexch40.dll
+ 2009-02-28 17:45 . 2008-04-14 17:02 315392 c:\windows\system32\dllcache\msdasql.dll
+ 2009-02-28 17:45 . 2008-04-14 17:02 118784 c:\windows\system32\dllcache\msdarem.dll
+ 2009-02-28 17:45 . 2008-04-14 17:02 204800 c:\windows\system32\dllcache\msdaps.dll
+ 2009-02-28 17:45 . 2008-04-14 17:02 200704 c:\windows\system32\dllcache\msdaprst.dll
+ 2009-02-28 17:45 . 2008-04-14 17:02 233472 c:\windows\system32\dllcache\msdaora.dll
- 2010-11-09 14:52 . 2010-11-09 14:52 200704 c:\windows\system32\dllcache\msadox.dll
+ 2009-02-28 17:45 . 2010-11-09 14:52 200704 c:\windows\system32\dllcache\msadox.dll
+ 2009-02-28 17:45 . 2010-11-09 14:52 180224 c:\windows\system32\dllcache\msadomd.dll
- 2010-11-09 14:52 . 2010-11-09 14:52 180224 c:\windows\system32\dllcache\msadomd.dll
+ 2009-02-28 17:45 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll
- 2010-11-09 14:52 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll
+ 2009-02-28 17:45 . 2008-04-14 17:02 155648 c:\windows\system32\dllcache\msadds.dll
+ 2009-02-28 17:45 . 2010-11-09 14:52 143360 c:\windows\system32\dllcache\msadco.dll
- 2010-11-09 14:52 . 2010-11-09 14:52 143360 c:\windows\system32\dllcache\msadco.dll
- 2009-02-28 21:18 . 2008-05-01 14:37 331776 c:\windows\system32\dllcache\msadce.dll
+ 2009-02-28 17:45 . 2008-05-01 14:37 331776 c:\windows\system32\dllcache\msadce.dll
- 2010-09-18 10:23 . 2011-02-08 13:33 974848 c:\windows\system32\dllcache\mfc42u.dll
+ 2001-09-07 12:00 . 2011-02-08 13:33 974848 c:\windows\system32\dllcache\mfc42u.dll
- 2010-10-13 16:11 . 2011-02-08 13:33 978944 c:\windows\system32\dllcache\mfc42.dll
+ 2001-09-07 12:00 . 2011-02-08 13:33 978944 c:\windows\system32\dllcache\mfc42.dll
+ 2001-09-07 12:00 . 2010-09-18 06:53 953856 c:\windows\system32\dllcache\mfc40u.dll
- 2010-10-13 16:11 . 2010-09-18 06:53 953856 c:\windows\system32\dllcache\mfc40u.dll
+ 2001-09-07 12:00 . 2010-12-20 17:25 735232 c:\windows\system32\dllcache\lsasrv.dll
- 2009-04-17 00:49 . 2010-12-20 17:25 735232 c:\windows\system32\dllcache\lsasrv.dll
- 2009-02-28 20:57 . 2008-06-18 00:09 100864 c:\windows\system32\dllcache\logagent.exe
+ 2001-09-07 12:00 . 2008-06-18 00:09 100864 c:\windows\system32\dllcache\logagent.exe
+ 2003-01-13 13:57 . 2011-03-04 06:44 512000 c:\windows\system32\dllcache\jscript.dll
- 2007-08-13 17:38 . 2011-03-04 06:44 512000 c:\windows\system32\dllcache\jscript.dll
+ 2003-01-13 09:28 . 2008-04-14 17:02 138240 c:\windows\system32\dllcache\itss.dll
+ 2003-01-13 09:28 . 2008-04-14 17:02 155136 c:\windows\system32\dllcache\itircl.dll
+ 2004-08-04 08:03 . 2008-04-14 17:02 836096 c:\windows\system32\dllcache\inetmgr.dll
+ 2004-08-04 08:03 . 2008-04-14 17:02 133632 c:\windows\system32\dllcache\iisrtl.dll
+ 2004-08-04 08:02 . 2008-04-01 15:14 212992 c:\windows\system32\dllcache\fpmmcsat.dll
+ 2004-08-04 08:03 . 2008-04-14 17:02 598071 c:\windows\system32\dllcache\fpmmc.dll
+ 2004-08-04 08:03 . 2008-04-14 17:02 188494 c:\windows\system32\dllcache\fpcount.exe
+ 2004-08-04 08:03 . 2008-04-14 17:02 109840 c:\windows\system32\dllcache\fp98swin.exe
+ 2004-08-04 08:03 . 2008-04-14 17:02 876653 c:\windows\system32\dllcache\fp4awel.dll
+ 2004-08-04 08:03 . 2008-04-14 17:02 102509 c:\windows\system32\dllcache\fp4atxt.dll
+ 2004-08-04 08:03 . 2008-04-14 17:02 147513 c:\windows\system32\dllcache\fp4apws.dll
+ 2004-08-04 08:03 . 2008-04-14 17:02 184435 c:\windows\system32\dllcache\fp4amsft.dll
+ 2001-09-07 12:00 . 2008-04-13 19:14 143744 c:\windows\system32\dllcache\fastfat.sys
+ 2001-09-07 12:00 . 2008-04-14 17:02 380445 c:\windows\system32\dllcache\expsrv.dll
- 2009-02-28 20:57 . 2008-04-14 17:02 499254 c:\windows\system32\dllcache\dxmasf.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 499254 c:\windows\system32\dllcache\dxmasf.dll
+ 2001-09-07 12:00 . 2008-04-13 17:37 138752 c:\windows\system32\dllcache\dssenh.dll
- 2009-02-28 20:57 . 2008-04-14 17:03 299520 c:\windows\system32\dllcache\drmclien.dll
+ 2001-09-07 12:00 . 2008-04-14 17:03 299520 c:\windows\system32\dllcache\drmclien.dll
+ 2009-02-28 17:45 . 2008-01-19 11:04 554008 c:\windows\system32\dllcache\dao360.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 527872 c:\windows\system32\dllcache\cryptui.dll
- 2011-09-09 09:12 . 2011-09-28 07:06 602624 c:\windows\system32\dllcache\crypt32.dll
+ 2002-09-23 14:11 . 2011-09-28 07:06 602624 c:\windows\system32\dllcache\crypt32.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 253440 c:\windows\system32\dllcache\compatui.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 281600 c:\windows\system32\dllcache\comdlg32.dll
- 2010-10-13 16:10 . 2010-08-23 16:13 617472 c:\windows\system32\dllcache\comctl32.dll
+ 2001-09-07 12:00 . 2010-08-23 16:13 617472 c:\windows\system32\dllcache\comctl32.dll
+ 2004-08-04 08:03 . 2008-04-14 17:02 188480 c:\windows\system32\dllcache\cfgwiz.exe
+ 2004-08-04 07:55 . 2008-06-14 17:36 272640 c:\windows\system32\dllcache\bthport.sys
- 2009-02-28 21:19 . 2008-06-14 17:36 272640 c:\windows\system32\dllcache\bthport.sys
+ 2004-08-04 05:58 . 2008-04-13 18:51 101120 c:\windows\system32\dllcache\bthpan.sys
+ 2001-09-07 12:00 . 2008-04-14 17:02 158208 c:\windows\system32\dllcache\bootcfg.exe
- 2009-02-28 20:57 . 2006-10-18 20:47 542720 c:\windows\system32\dllcache\blackbox.dll
+ 2001-09-07 12:00 . 2006-10-18 20:47 542720 c:\windows\system32\dllcache\blackbox.dll
+ 2011-12-19 16:34 . 2001-09-06 20:26 103936 c:\windows\system32\dllcache\binlsvc.dll
+ 2011-12-19 16:34 . 2001-08-17 20:28 871388 c:\windows\system32\dllcache\bcmdm.sys
+ 2011-12-19 16:34 . 2001-09-06 20:26 342336 c:\windows\system32\dllcache\banshee.dll
+ 2009-02-28 20:57 . 2008-04-14 17:02 233472 c:\windows\system32\dllcache\azroles.dll
+ 2011-12-19 16:34 . 2001-09-06 20:26 144384 c:\windows\system32\dllcache\avmenum.dll
+ 2001-09-07 12:00 . 2001-09-07 12:00 109552 c:\windows\system32\dllcache\avifile.dll
- 2009-02-28 18:33 . 2001-09-07 12:00 109552 c:\windows\system32\dllcache\avifile.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 610816 c:\windows\system32\dllcache\autofmt.exe
+ 2001-09-07 12:00 . 2008-04-14 17:02 632832 c:\windows\system32\dllcache\autoconv.exe
+ 2001-09-07 12:00 . 2008-04-14 17:02 619008 c:\windows\system32\dllcache\autochk.exe
- 2010-04-20 05:35 . 2011-02-15 12:56 290432 c:\windows\system32\dllcache\atmfd.dll
+ 2001-09-07 12:00 . 2011-02-15 12:56 290432 c:\windows\system32\dllcache\atmfd.dll
+ 2004-08-04 08:03 . 2008-04-14 17:02 516768 c:\windows\system32\dllcache\ativvaxx.dll
+ 2011-12-19 16:33 . 2001-09-06 20:26 104832 c:\windows\system32\dllcache\atiraged.dll
+ 2004-08-04 05:29 . 2004-08-04 05:29 104960 c:\windows\system32\dllcache\atinrvxx.sys
+ 2011-12-19 16:33 . 2001-09-06 17:30 281728 c:\windows\system32\dllcache\atimtai.sys
+ 2011-12-19 16:33 . 2001-09-06 17:30 289920 c:\windows\system32\dllcache\atimpab.sys
+ 2011-12-19 16:33 . 2001-09-06 20:26 268160 c:\windows\system32\dllcache\atidvai.dll
+ 2011-12-19 16:33 . 2001-09-06 20:26 137216 c:\windows\system32\dllcache\atidrae.dll
+ 2011-12-19 16:33 . 2001-09-06 20:26 382592 c:\windows\system32\dllcache\atidrab.dll
+ 2004-08-04 08:03 . 2008-04-14 17:02 870784 c:\windows\system32\dllcache\ati3d1ag.dll
+ 2004-08-04 07:54 . 2004-08-04 07:54 701440 c:\windows\system32\dllcache\ati2mtag.sys
+ 2004-08-04 07:54 . 2004-08-04 07:54 327168 c:\windows\system32\dllcache\ati2mtaa.sys
+ 2004-08-04 08:03 . 2008-04-14 17:02 201728 c:\windows\system32\dllcache\ati2dvag.dll
+ 2004-08-04 08:03 . 2008-04-14 17:02 377984 c:\windows\system32\dllcache\ati2dvaa.dll
+ 2004-08-04 08:03 . 2008-04-14 17:02 229376 c:\windows\system32\dllcache\ati2cqag.dll
+ 2004-08-04 08:03 . 2008-04-14 17:02 373248 c:\windows\system32\dllcache\asp51.dll
+ 2004-08-04 08:03 . 2008-04-14 17:02 332800 c:\windows\system32\dllcache\aqueue.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 300032 c:\windows\system32\dllcache\appmgr.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 175616 c:\windows\system32\dllcache\appmgmts.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 125952 c:\windows\system32\dllcache\apphelp.dll
+ 2004-08-04 08:03 . 2008-04-14 17:02 109056 c:\windows\system32\dllcache\appconf.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 256512 c:\windows\system32\dllcache\agentsvr.exe
+ 2001-09-07 12:00 . 2008-04-14 17:02 214016 c:\windows\system32\dllcache\agentctl.dll
+ 2001-09-07 12:00 . 2011-08-17 13:49 138496 c:\windows\system32\dllcache\afd.sys
- 2008-06-20 11:40 . 2011-08-17 13:49 138496 c:\windows\system32\dllcache\afd.sys
- 2007-08-13 17:39 . 2011-10-31 23:37 124928 c:\windows\system32\dllcache\advpack.dll
+ 2001-09-07 12:00 . 2011-10-31 23:37 124928 c:\windows\system32\dllcache\advpack.dll
- 2009-04-17 00:49 . 2009-02-09 10:56 684544 c:\windows\system32\dllcache\advapi32.dll
+ 2001-09-07 12:00 . 2009-02-09 10:56 684544 c:\windows\system32\dllcache\advapi32.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 123392 c:\windows\system32\dllcache\adsnw.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 263680 c:\windows\system32\dllcache\adsnt.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 143360 c:\windows\system32\dllcache\adsldpc.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 175616 c:\windows\system32\dllcache\adsldp.dll
+ 2004-08-04 08:03 . 2008-04-14 17:02 290816 c:\windows\system32\dllcache\adsiis51.dll
+ 2011-12-19 16:32 . 2001-08-17 21:07 101888 c:\windows\system32\dllcache\adpu160m.sys
+ 2011-12-19 16:32 . 2001-08-17 19:19 747392 c:\windows\system32\dllcache\adm8830.sys
+ 2011-12-19 16:32 . 2001-08-17 19:19 553984 c:\windows\system32\dllcache\adm8820.sys
+ 2011-12-19 16:32 . 2001-08-17 19:19 584448 c:\windows\system32\dllcache\adm8810.sys
+ 2001-09-07 12:00 . 2008-04-14 17:02 116224 c:\windows\system32\dllcache\acxtrnal.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 193536 c:\windows\system32\dllcache\activeds.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 245248 c:\windows\system32\dllcache\acspecfc.dll
+ 2001-09-07 12:00 . 2008-04-14 16:30 188544 c:\windows\system32\dllcache\acpi.sys
+ 2001-09-07 12:00 . 2008-04-14 17:02 120832 c:\windows\system32\dllcache\aclui.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 141312 c:\windows\system32\dllcache\aclua.dll
+ 2001-09-07 12:00 . 2009-11-21 16:03 471552 c:\windows\system32\dllcache\aclayers.dll
- 2010-01-13 15:46 . 2009-11-21 16:03 471552 c:\windows\system32\dllcache\aclayers.dll
+ 2009-02-28 17:43 . 2008-04-14 17:02 187904 c:\windows\system32\dllcache\accwiz.exe
+ 2011-12-19 16:32 . 2001-08-17 19:20 297728 c:\windows\system32\dllcache\ac97sis.sys
+ 2011-12-19 16:32 . 2004-08-04 05:32 231552 c:\windows\system32\dllcache\ac97ali.sys
+ 2009-02-28 20:57 . 2008-04-14 17:02 136192 c:\windows\system32\dllcache\aaclient.dll
+ 2011-12-19 16:32 . 2001-09-06 20:26 462848 c:\windows\system32\dllcache\a3dapi.dll
+ 2001-09-07 12:00 . 2010-02-12 04:35 100864 c:\windows\system32\dllcache\6to4svc.dll
- 2010-02-12 04:35 . 2010-02-12 04:35 100864 c:\windows\system32\dllcache\6to4svc.dll
+ 2011-12-19 16:32 . 2001-08-17 19:48 148352 c:\windows\system32\dllcache\3dfxvsm.sys
+ 2011-12-19 00:09 . 2011-12-19 00:09 219648 c:\windows\Installer\4b49c.msi
+ 2011-12-20 10:50 . 2011-12-20 10:50 223744 c:\windows\Installer\3e7b64b.msi
+ 2011-04-18 21:51 . 2011-04-18 21:51 3781960 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll
+ 2011-04-18 21:51 . 2011-04-18 21:51 3766600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2001-09-07 12:00 . 2011-10-31 23:37 1168896 c:\windows\system32\dllcache\urlmon.dll
- 2009-02-28 21:19 . 2011-10-31 23:37 1168896 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 08:03 . 2008-04-14 17:02 2134528 c:\windows\system32\dllcache\smtpsnap.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 1571840 c:\windows\system32\dllcache\sfcfiles.dll
+ 2001-09-07 12:00 . 2008-04-14 21:32 1001472 c:\windows\system32\dllcache\setupapi.dll
- 2010-07-16 12:01 . 2011-11-01 16:07 1288192 c:\windows\system32\dllcache\ole32.dll
+ 2001-09-07 12:00 . 2011-11-01 16:07 1288192 c:\windows\system32\dllcache\ole32.dll
- 2009-02-28 21:19 . 2011-10-26 10:50 2153472 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2001-09-07 12:00 . 2011-10-26 10:50 2153472 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2001-09-07 12:00 . 2007-10-22 09:30 1516568 c:\windows\system32\dllcache\msjet40.dll
+ 2001-09-07 12:00 . 2009-03-21 14:09 1030656 c:\windows\system32\dllcache\kernel32.dll
- 2009-03-21 14:09 . 2009-03-21 14:09 1030656 c:\windows\system32\dllcache\kernel32.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 1025024 c:\windows\system32\dllcache\browseui.dll
+ 2004-08-04 08:03 . 2008-04-14 17:02 1888992 c:\windows\system32\dllcache\ati3duag.dll
+ 2001-09-07 12:00 . 2008-04-14 17:02 1852928 c:\windows\system32\dllcache\acgenral.dll
.
-- Snapshot teruggezet naar huidige datum --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-04-27 7561216]
"nwiz"="nwiz.exe" [2006-04-27 1519616]
"ACU"="c:\program files\Atheros\ACU.exe" [2006-04-26 331776]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-28 766041]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-02-03 61952]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\
VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [2010-3-3 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Wave"=AntexWAV.DLL
"Midi"=AntexWAV.DLL
"Mixer"=AntexWAV.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-17 08:51 136176 ----atw- c:\documents and settings\Pytonius\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"Macromedia Licensing Service"=3 (0x3)
"idsvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"Bonjour Service"=2 (0x2)
"avg8emc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"d:\\Transcriptiesoftware\\f4-v4-pc\\f4-v4.0.1\\F4.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\SPSSWinWrapIDE.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.com"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Pytonius\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\Pytonius\\Bureaublad\\spotify.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\spssengine.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [19-12-2011 1:09 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19-12-2011 1:09 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19-12-2011 1:09 20568]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [18-12-2011 23:17 366152]
R2 SPDFCreatorReadSpool;SolidPDFCreatorReadSpool;c:\program files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe [24-10-2009 1:46 189760]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [18-12-2011 23:17 22216]
S3 AntexWAV;Antex Digital Audio Driver;c:\windows\system32\drivers\AntexWAV.sys [28-2-2009 22:31 231040]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7-7-2010 17:36 136176]
S4 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7-7-2010 17:36 136176]
.
Inhoud van de 'Gedeelde Taken' map
.
2011-12-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-12-03 c:\windows\Tasks\expressburnSevenDays.job
- c:\program files\NCH Software\ExpressBurn\expressburn.exe [2011-12-03 16:51]
.
2011-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-07 16:36]
.
2011-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-07 16:36]
.
2011-12-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1614895754-839522115-1003Core.job
- c:\documents and settings\Pytonius\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-17 08:51]
.
2011-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1614895754-839522115-1003UA.job
- c:\documents and settings\Pytonius\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-17 08:51]
.
2010-05-03 c:\windows\Tasks\zuluShakeIcon.job
- c:\program files\NCH Software\Zulu\zulu.exe [2010-04-16 21:46]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 88.159.1.200 88.159.1.201
FF - ProfilePath - c:\documents and settings\Pytonius\Application Data\Mozilla\Firefox\Profiles\svx4vcd5.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-20 23:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|˙˙˙˙¤•€|ů•9~*]
"3140111900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(1872)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\progra~1\MICROS~2\OFFICE11\MCPS.DLL
c:\program files\Microsoft Silverlight\xapauthenticodesip.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\System32\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\System32\nvsvc32.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Voltooingstijd: 2011-12-20 23:33:14 - machine werd herstart
ComboFix-quarantined-files.txt 2011-12-20 22:33
ComboFix2.txt 2011-12-19 16:10
ComboFix3.txt 2011-12-18 23:54
.
Pre-Run: 6.036.271.104 bytes beschikbaar
Post-Run: 6.020.448.256 bytes beschikbaar
.
- - End Of File - - 92D0EE6DD6674A5877EDE238B99839F5

System Idel Processes:

Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 84.85 0 K 28 K
Interrupts n/a 5.30 0 K 0 K Hardware Interrupts and DPCs
firefox.exe 3996 4.55 106.208 K 114.156 K Firefox Mozilla Corporation
csrss.exe 1316 3.03 1.544 K 4.008 K Client Server Runtime Process Microsoft Corporation
System 4 0.76 0 K 252 K
procexp.exe 520 0.76 10.540 K 16.148 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
explorer.exe 680 0.76 19.952 K 26.840 K Windows Verkenner Microsoft Corporation
wuauclt.exe 3324 6.936 K 9.408 K Windows Update Microsoft Corporation
wmiprvse.exe 3444 3.188 K 5.392 K WMI Microsoft Corporation
winlogon.exe 1344 7.376 K 4.324 K Toepassing Windows NT-aanmelding Microsoft Corporation
SynTPEnh.exe 720 2.068 K 5.392 K Synaptics TouchPad Enhancements Synaptics, Inc.
svchost.exe 2612 2.820 K 4.820 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1564 3.072 K 5.608 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1620 2.152 K 4.912 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1660 18.768 K 27.552 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1848 1.672 K 4.124 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1928 1.844 K 4.372 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1312 1.608 K 4.052 K Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 936 4.512 K 6.620 K Spooler SubSystem App Microsoft Corporation
SolidPdfService.exe 2440 980 K 2.684 K Solid Spool Service Solid Documents, LLC
smss.exe 1264 176 K 432 K Windows NT Session Manager Microsoft Corporation
services.exe 1388 2.044 K 3.896 K Services en controllertoepassingen Microsoft Corporation
reader_sl.exe 1600 972 K 3.164 K Adobe Acrobat SpeedLauncher Adobe Systems Incorporated
nvsvc32.exe 2240 2.364 K 4.064 K NVIDIA Driver Helper Service, Version 84.64 NVIDIA Corporation
NMSAccessU.exe 1504 840 K 2.284 K
mbamservice.exe 1764 114.912 K 115.276 K Malwarebytes' Anti-Malware Malwarebytes Corporation
mbamgui.exe 1732 3.656 K 6.212 K Malwarebytes' Anti-Malware Malwarebytes Corporation
lsass.exe 1400 4.316 K 6.944 K LSA Shell (Export Version) Microsoft Corporation
jqs.exe 192 2.768 K 1.460 K Java™ Quick Starter Service Sun Microsystems, Inc.
iTunesHelper.exe 1572 8.852 K 13.676 K iTunesHelper Apple Inc.
iPodService.exe 2104 2.904 K 4.680 K iPodService Module (32-bit) Apple Inc.
cvpnd.exe 1940 3.352 K 6.176 K Cisco Systems VPN Client Cisco Systems, Inc.
AvastUI.exe 1772 4.700 K 2.876 K avast! Antivirus AVAST Software
AvastSvc.exe 416 11.720 K 33.256 K avast! Service AVAST Software
AppleMobileDeviceService.exe 1828 2.156 K 3.192 K Apple Mobile Device Service Apple Inc.
alg.exe 3804 1.496 K 4.056 K Application Layer Gateway Service Microsoft Corporation
ACU.exe 316 6.016 K 7.612 K Atheros Client Utility Atheros Communications, Inc.
acs.exe 992 4.112 K 6.716 K ACS Atheros

ESET THREATS:

C:\Microgaming\Casino\CasinoUK\install.exe a variant of Win32/PrimeCasino application cleaned by deleting - quarantined
C:\System Volume Information\_restore{4ED22C94-33C1-4869-8C8D-F8CE1B40AF58}\RP0\A0000007.exe a variant of Win32/PrimeCasino application cleaned by deleting - quarantined

ESET LOG:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17106 (vista_gdr.111024-1604)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2d18602f678f2a48b29f59b809592c7d
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-21 03:31:05
# local_time=2011-12-21 04:31:05 (+0100, West-Europa (standaardtijd))
# country="Netherlands"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 552009 552009 0 0
# compatibility_mode=8192 67108863 100 0 161 161 0 0
# scanned=151738
# found=2
# cleaned=2
# scan_time=16884
C:\Microgaming\Casino\CasinoUK\install.exe a variant of Win32/PrimeCasino application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4ED22C94-33C1-4869-8C8D-F8CE1B40AF58}\RP0\A0000007.exe a variant of Win32/PrimeCasino application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C




So it appears there is nothing found. The Casino application is something I downloaded on purpose. Can I assume the PC is clean now?

I want to thank you very much for your swift replies and outstanding advice. I might add that people like you make the internet a truly great invention, the way people from all over the world can come together and help each other out just for the sake of it. Brilliant. Thanks dude.

Greets from the Netherlands! (and a merry Christmas)
  • 0

#10
RKinner
Posted 21 December 2011 - 09:46 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
I'd say the malware is gone and it would be safe to use a credit card again. We should clean out system restore:

Copy the following:


:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]
Run OTL. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

I'll give you the rest of the cleanup routine now but you still have a problem with the process explorer log (see below) so you might want to hold off removing all of the tools until we get that cleared up.

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

OTL has a cleanup tab so if you run it again and select cleanup it will remove itself and its backup files.

To hide hidden files again (If you do not run OTL cleanup):

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

You probably do not have the latest Java (Java™ 6 Update 30 or 7 update 2). Get the latest at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Note on Java and Firefox. For some reason Java does not remove old consoles from Firefox. Any time you update Java you should do Firefox, Add-ons, Extensions and disable any old Java Consoles

They will look like: Java Console 6.xx. The xx corresponds to the update number. When they switch to 7 update x then it will be Java Console 7.

Multiple Java Consoles will slow down the Firefox boot. After any change to Firefox or its extension you should run Speedyfox. (Mentioned later.)



Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. You can right click on the updatechecker icon (looks like a downward green arrowhead) and select Settings and tell it no betas. If you don't use MSN Messenger I would not upgdate it. MS installs a bunch of stuff when you do. You can tell the program to not show you that update.)
If you use Firefox or Chome then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Click on Speedup my Firefox. When it finishes click on Exit.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.




There is still something in your Process Explorer log that I don't like:

Interrupts n/a 5.30 0 K 0 K Hardware Interrupts and DPCs


This will make the PC a bit sluggish. Normally it's under 1.5% compared to your 5.30%. On a laptop this is often caused by a bad battery. (No idea why - perhaps it loads down the power supply too much). If removing the battery does not help or it's not a laptop then it's probably a bad driver or program. Last time I had one of these we went into msconfig and turned off everything that wasn't Microsoft and it went back down then we started turning stuff back on until we found the culprit. If you have a modem that you are not using I would turn it off or remove it. Right click on My Computer and select Manage then Device Manager then hit View and click on Show Hidden Devices. Look in the right pane and see if you see anything with a yellow mark.

It probably wouldn't hurt to run speedfan and check your temps.
http://www.almico.com/sfdownload.php

Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.

It will tell you your temps. Older PCs tend to run hot due to dust clogging the heatsink and air vents. Desktops should run under 40 C, laptops under 50 C. If yours are higher then you need to get out the vacuum cleaner and do some house keeping.

Ron
  • 0

#11
Pyton
Posted 21 December 2011 - 02:17 PM

Pyton

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks Ron. Followed all you advice. It's a lapot, an old one. Though I've been pretty kind to it, its starting to age its like 5 years old now. The battery might indeed be bad for I almost always have the netadapter plugged in while keeping the battery in my laptop. Sometimes it can overheat a little, I've cleaned my fan and radiator and stuff a couple of times (it's really easy because it can be accessed by unscrewing a seperate cover) I'll do it again one of these days.

Thanks a million.

GReets
  • 0

#12
RKinner
Posted 21 December 2011 - 03:38 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Pull the battery and run Process Explorer again and see if the % on the Interrupts line drops.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP