extro Posted October 16, 2011 ID:486220 Share Posted October 16, 2011 Hi,Im from sweden so my english might not be the best and my windows is in swedish. I got Windows Vista home premium 64 bits and im a totall newbie with high tech stuff, so when you ask me to bring fort a ,log or anything like that, please take your time and explain where to find it I appreciate all help. Now to whats happening with my computer.I get constantly pop-up screens saying my internet explorer is not working and and DEP message comes fort saying it shut down the internet explorer to protect my computer. The problem here is that IM not even trying to run internet explorer, i can watch a movie,be in paint or not even doing anything, and these pop-ups still comes. DEP turns off: Internet Explorer(no-addons) Interner Explorer,Firefox.The only internet that works is Internet explorer (64 bits).I also get these type of warnings from Malwarebytes'Anti-Malware 1.51.2.1300(Beta version)00:31:37 Robin IP-BLOCK 184.73.179.238 (Type: outgoing, Port: 50444, Process: setup_spybhoremover.exe)00:43:17 Robin MESSAGE IP Protection stopped01:23:30 Robin MESSAGE Protection started successfully01:23:34 Robin MESSAGE IP Protection started successfully03:23:13 Robin MESSAGE Protection started successfully03:23:17 Robin MESSAGE IP Protection started successfully03:25:09 Robin IP-BLOCK 194.85.61.78 (Type: outgoing, Port: 49172, Process: iexplore.exe)10:24:58 Robin MESSAGE Protection started successfully10:25:02 Robin MESSAGE IP Protection started successfullySo i would guess that iexplore.exe is Infected with something and is trying something that my computer dont like.Ive run the lastet norton,kaspers,malwarebytes,antispyware and it cant find anything,(only some tracing cookies and they get removed)So please you experts, take your time and help me=) I would really appriciate it!Love ExtroRead that i should update MBAM and do a quick scan and post log, also post DDS.txt. So here it isMalwarebytes' Anti-Malware 1.51.2.1300www.malwarebytes.orgDatabase version: 7958Windows 6.0.6002 Service Pack 2Internet Explorer 8.0.6001.190882011-10-16 15:08:43mbam-log-2011-10-16 (15-08-43).txtScan type: Quick scanObjects scanned: 174365Time elapsed: 42 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)HERES THE DDS.TXT.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.6001.19088Run by Robin at 15:11:55 on 2011-10-16Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.4094.1634 [GMT 2:00].AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\atieclxx.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\SUPERAntiSpyware\SASCORE64.EXEC:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exeC:\Windows\system32\HidService.exeC:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exeC:\Windows\SysWOW64\IoctlSvc.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\WUDFHost.exeC:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exeC:\Windows\system32\taskeng.exeC:\Windows\SysWOW64\DllHost.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\ACER\Preload\Autorun\DRV\Fiji Keyboard\ABoard.exeC:\Program Files (x86)\Packard Bell\SetupMyPC\SmpSys.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\ACER\Preload\Autorun\DRV\Fiji Keyboard\AOSD.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\conime.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cscript.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=041d&m=imedia_s3710&r=1v3610112706p0385vq25y4752932nmDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=041d&m=imedia_s3710&r=1v3610112706p0385vq25y4752932nmWinlogon: Userinit=userinit.exeBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\coIEPlg.dllBHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\IPS\IPSBHO.DLLBHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllTB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\coIEPlg.dlluRun: [smpcSys] C:\Program Files (x86)\Packard Bell\SetupMyPC\SmpSys.exeuRun: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exemRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttraymRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLLTCP: DhcpNameServer = 83.255.245.11 193.150.193.150TCP: Interfaces\{62B58842-3A33-46AC-BFA0-951E41C072D3} : DhcpNameServer = 83.255.245.11 193.150.193.150{18DF081C-E8AD-4283-A596-FA578C2EBDC3}{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}{6D53EC84-6AAE-4787-AEEE-F4628F01010C}{9030D464-4C02-4ABF-8ECC-5164760863C6}{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttraymRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun.============= SERVICES / DRIVERS ===============.R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1301010.003\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1301010.003\SYMDS64.SYS [?]R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1301010.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1301010.003\SYMEFA64.SYS [?]R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20110929.001\BHDrvx64.sys [2011-9-29 1152632]R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1301010.003\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1301010.003\ccSetx64.sys [?]R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20111014.031\IDSviA64.sys [2011-10-14 488568]R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1301010.003\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1301010.003\Ironx64.SYS [?]R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\drivers\NISx64\1301010.003\SYMTDIV.SYS --> C:\Windows\system32\drivers\NISx64\1301010.003\SYMTDIV.SYS [?]R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-15 366152]R2 NIS;Norton Internet Security.;C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe [2011-10-15 138760]R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-10-13 136824]R3 Lycosa;Lycosa Keyboard;C:\Windows\system32\drivers\Lycosa.sys --> C:\Windows\system32\drivers\Lycosa.sys [?]R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 PerfHost;Värd för prestandaräknar-DLL;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-10-16 89920].=============== File Associations ===============.JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*.=============== Created Last 30 ================.2011-10-16 10:54:17 -------- d-----w- C:\Program Files (x86)\ESET2011-10-16 09:40:40 -------- d-----w- C:\Users\Robin\AppData\Roaming\SUPERAntiSpyware.com2011-10-16 09:40:21 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com2011-10-16 09:40:21 -------- d-----w- C:\Program Files\SUPERAntiSpyware2011-10-16 01:14:13 -------- d-----w- C:\Windows\SysWow64\vi-VN2011-10-16 01:14:13 -------- d-----w- C:\Windows\SysWow64\eu-ES2011-10-16 01:14:13 -------- d-----w- C:\Windows\SysWow64\ca-ES2011-10-16 01:14:12 -------- d-----w- C:\Windows\System32\vi-VN2011-10-16 01:14:12 -------- d-----w- C:\Windows\System32\eu-ES2011-10-16 01:14:12 -------- d-----w- C:\Windows\System32\ca-ES2011-10-16 00:54:11 -------- d-----w- C:\Windows\System32\EventProviders2011-10-16 00:50:59 56320 ----a-w- C:\Windows\System32\compcln.exe2011-10-16 00:49:59 94720 ----a-w- C:\Windows\System32\drivers\tdx.sys2011-10-16 00:48:55 247808 ----a-w- C:\Windows\SysWow64\drvstore.dll2011-10-16 00:48:49 83968 ----a-w- C:\Windows\SysWow64\wbem\wmiutils.dll2011-10-16 00:48:49 614912 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll2011-10-16 00:48:49 30208 ----a-w- C:\Windows\SysWow64\wbem\wbemprox.dll2011-10-16 00:48:49 265728 ----a-w- C:\Windows\SysWow64\wbem\esscli.dll2011-10-16 00:48:49 189440 ----a-w- C:\Windows\SysWow64\wbem\mofd.dll2011-10-16 00:46:03 43520 ----a-w- C:\Windows\System32\wbem\wbemprox.dll2011-10-16 00:46:02 891392 ----a-w- C:\Windows\System32\wbem\fastprox.dll2011-10-16 00:46:02 1172992 ----a-w- C:\Windows\System32\wbem\wbemcore.dll2011-10-16 00:45:57 936448 ----a-w- C:\Windows\System32\SmiEngine.dll2011-10-16 00:45:47 293888 ----a-w- C:\Windows\System32\wdscore.dll2011-10-16 00:45:47 138752 ----a-w- C:\Windows\System32\PkgMgr.exe2011-10-16 00:45:17 315904 ----a-w- C:\Windows\System32\drvstore.dll2011-10-15 23:26:00 -------- d-----w- C:\Users\Robin\AppData\Local\Adobe2011-10-15 23:23:54 -------- d-----w- C:\Users\Robin\AppData\Local\ATI2011-10-15 23:21:12 0 ----a-w- C:\Windows\ativpsrm.bin2011-10-15 22:57:58 -------- d-----w- C:\Program Files (x86)\AMD APP2011-10-15 22:55:55 -------- d-----w- C:\Program Files (x86)\ATI Technologies2011-10-15 22:45:31 -------- d-----w- C:\Program Files\ATI Technologies2011-10-15 22:45:28 -------- d-----w- C:\Program Files\ATI2011-10-15 22:44:15 -------- d-----w- C:\ATI2011-10-15 22:07:34 525544 ----a-w- C:\Windows\System32\deployJava1.dll2011-10-15 21:34:10 -------- d-----w- C:\Users\Robin\AppData\Roaming\Malwarebytes2011-10-15 21:33:27 -------- d-----w- C:\ProgramData\Malwarebytes2011-10-15 21:33:23 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys2011-10-15 21:33:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2011-10-15 20:53:19 -------- d-----w- C:\Program Files (x86)\VideoLAN2011-10-15 15:48:55 -------- d-----w- C:\Users\Robin\AppData\Local\CrashDumps2011-10-15 15:11:22 729720 ----a-r- C:\Windows\System32\drivers\NISx64\1301010.003\srtsp64.sys2011-10-15 15:11:22 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1301010.003\SymDS64.sys2011-10-15 15:11:22 445560 ----a-r- C:\Windows\System32\drivers\NISx64\1301010.003\symtdiv.sys2011-10-15 15:11:22 401016 ----a-r- C:\Windows\System32\drivers\NISx64\1301010.003\symnets.sys2011-10-15 15:11:22 37496 ----a-r- C:\Windows\System32\drivers\NISx64\1301010.003\srtspx64.sys2011-10-15 15:11:22 189560 ----a-r- C:\Windows\System32\drivers\NISx64\1301010.003\Ironx64.sys2011-10-15 15:11:22 167048 ----a-r- C:\Windows\System32\drivers\NISx64\1301010.003\ccSetx64.sys2011-10-15 15:11:22 1084536 ----a-r- C:\Windows\System32\drivers\NISx64\1301010.003\SymEFA64.sys2011-10-15 15:11:17 -------- d-----w- C:\Windows\System32\drivers\NISx64\1301010.0032011-10-15 14:59:24 -------- d-----w- C:\ProgramData\Symantec2011-10-15 12:01:03 442368 ----a-w- C:\Windows\System32\winhttp.dll2011-10-15 12:01:03 377344 ----a-w- C:\Windows\SysWow64\winhttp.dll2011-10-15 11:53:07 -------- d-----w- C:\ProgramData\PrevxCSI2011-10-15 10:57:10 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll2011-10-15 10:57:10 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll2011-10-15 10:57:10 48960 ----a-w- C:\Windows\System32\netfxperf.dll2011-10-15 10:57:10 444752 ----a-w- C:\Windows\System32\mscoree.dll2011-10-15 10:57:10 320352 ----a-w- C:\Windows\System32\PresentationHost.exe2011-10-15 10:57:10 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll2011-10-15 10:57:10 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe2011-10-15 10:57:10 1942856 ----a-w- C:\Windows\System32\dfshim.dll2011-10-15 10:57:10 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll2011-10-15 10:57:10 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll2011-10-15 10:55:30 -------- d-----w- C:\Users\Robin\AppData\Local\ElevatedDiagnostics2011-10-15 10:20:16 -------- d-----w- C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}2011-10-15 10:14:20 4240384 ----a-w- C:\Windows\SysWow64\GameUXLegacyGDFs.dll2011-10-15 10:14:20 4240384 ----a-w- C:\Windows\System32\GameUXLegacyGDFs.dll2011-10-15 10:14:20 32256 ----a-w- C:\Windows\System32\Apphlpdm.dll2011-10-15 10:14:20 28672 ----a-w- C:\Windows\SysWow64\Apphlpdm.dll2011-10-15 09:27:53 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll2011-10-15 09:27:53 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll2011-10-15 08:51:52 294912 ----a-w- C:\Windows\System32\browserchoice.exe2011-10-15 08:50:13 32768 ----a-w- C:\Windows\System32\nshhttp.dll2011-10-15 08:50:13 24064 ----a-w- C:\Windows\SysWow64\nshhttp.dll2011-10-15 08:50:11 620032 ----a-w- C:\Windows\System32\drivers\http.sys2011-10-15 08:50:11 33792 ----a-w- C:\Windows\System32\httpapi.dll2011-10-15 08:50:11 30720 ----a-w- C:\Windows\SysWow64\httpapi.dll2011-10-15 08:45:56 201184 ----a-w- C:\Windows\SysWow64\winrm.vbs2011-10-15 08:40:52 1915904 ----a-w- C:\Windows\System32\ole32.dll2011-10-15 08:39:28 1486848 ----a-w- C:\Program Files\Windows Media Player\setup_wm.exe2011-10-15 08:39:27 372736 ----a-w- C:\Windows\System32\unregmp2.exe2011-10-15 08:39:27 310784 ----a-w- C:\Windows\SysWow64\unregmp2.exe2011-10-15 08:39:27 1418752 ----a-w- C:\Program Files (x86)\Windows Media Player\setup_wm.exe2011-10-15 08:36:45 368128 ----a-w- C:\Windows\System32\wmpdxm.dll2011-10-15 08:36:45 313344 ----a-w- C:\Windows\SysWow64\wmpdxm.dll2011-10-15 08:36:43 43520 ----a-w- C:\Windows\SysWow64\msdxm.tlb2011-10-15 08:36:43 43520 ----a-w- C:\Windows\System32\msdxm.tlb2011-10-15 08:36:43 18432 ----a-w- C:\Windows\SysWow64\amcompat.tlb2011-10-15 08:36:43 18432 ----a-w- C:\Windows\System32\amcompat.tlb2011-10-15 08:29:48 4699024 ----a-w- C:\Windows\System32\ntoskrnl.exe2011-10-15 08:28:52 68096 ----a-w- C:\Program Files\Windows Mail\wabmig.exe2011-10-15 08:28:52 66048 ----a-w- C:\Program Files (x86)\Windows Mail\wabmig.exe2011-10-15 08:28:52 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe2011-10-15 08:28:52 515584 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe2011-10-15 08:28:52 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll2011-10-15 08:28:52 33280 ----a-w- C:\Program Files (x86)\Windows Mail\wabfind.dll2011-10-15 08:28:51 85504 ----a-w- C:\Windows\System32\csrsrv.dll2011-10-15 08:28:51 451072 ----a-w- C:\Windows\System32\winsrv.dll2011-10-15 08:28:49 203264 ----a-w- C:\Windows\System32\wkssvc.dll2011-10-15 08:28:48 1251840 ----a-w- C:\Windows\System32\sdclt.exe2011-10-15 08:28:47 97792 ----a-w- C:\Windows\System32\drivers\dfsc.sys2011-10-14 17:44:44 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2011-10-14 16:13:55 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared2011-10-14 15:57:38 -------- d-----w- C:\Users\Robin\AppData\Local\Mozilla2011-10-14 15:28:15 -------- d-----w- C:\Users\Robin\AppData\Local\PackageAware2011-10-14 15:14:01 -------- d-----w- C:\Users\Robin\AppData\Local\Ahead2011-10-14 15:11:50 -------- d-----w- C:\ProgramData\Nero2011-10-14 15:11:50 -------- d-----w- C:\Program Files (x86)\Nero2011-10-14 15:03:54 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS2011-10-14 15:03:54 -------- d-----w- C:\Program Files\Symantec2011-10-14 15:03:54 -------- d-----w- C:\Program Files\Common Files\Symantec Shared2011-10-14 15:01:31 83264 ----a-w- C:\Windows\SysWow64\HidService.exe2011-10-14 15:01:31 83264 ----a-w- C:\Windows\System32\HidService.exe2011-10-14 14:59:51 98360 ----a-w- C:\Windows\SysWow64\hcwi2c32.dll2011-10-14 14:59:51 36921 ----a-w- C:\Windows\SysWow64\hcwutl32_priv.dll2011-10-14 14:59:51 36921 ----a-w- C:\Windows\SysWow64\hcwutl32.dll2011-10-14 14:59:51 303160 ----a-w- C:\Windows\SysWow64\hcwpnp32_priv.dll2011-10-14 14:59:51 262200 ----a-w- C:\Windows\SysWow64\hcwpnp32.dll2011-10-14 14:56:31 -------- d-----w- C:\Users\Robin\AppData\Local\Google2011-10-14 14:46:53 218624 ----a-w- C:\Windows\System32\wintrust.dll2011-10-14 14:46:53 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll2011-10-14 14:46:52 98304 ----a-w- C:\Windows\SysWow64\cabview.dll2011-10-14 14:46:52 104960 ----a-w- C:\Windows\System32\cabview.dll2011-10-14 14:45:49 -------- d-----w- C:\Users\Robin\AppData\Local\Packard Bell2011-10-14 14:42:42 -------- d-----w- C:\Windows\oem2011-10-14 14:37:54 -------- d-sh--we C:\ProgramData\Start-meny2011-10-14 14:37:54 -------- d-sh--we C:\ProgramData\Skrivbord2011-10-14 14:37:54 -------- d-sh--we C:\ProgramData\Mallar2011-10-14 14:37:54 -------- d-sh--we C:\ProgramData\Favoriter2011-10-14 14:37:54 -------- d-sh--we C:\ProgramData\Dokument2011-10-14 14:37:54 -------- d-sh--we C:\Program Files\Delade filer2011-10-14 14:37:54 -------- d-sh--we C:\Program2011-10-14 14:37:54 -------- d-sh--we C:\Documents and Settings.==================== Find3M ====================.2011-09-14 09:47:42 60416 ----a-w- C:\Windows\System32\OVDecode64.dll2011-09-14 09:47:40 53760 ----a-w- C:\Windows\SysWow64\OVDecode.dll2011-09-14 09:47:22 51200 ----a-w- C:\Windows\System32\OpenCL.dll2011-09-14 09:47:18 43520 ----a-w- C:\Windows\SysWow64\OpenCL.dll2011-09-14 09:47:10 16652288 ----a-w- C:\Windows\System32\amdocl64.dll2011-09-14 09:46:58 13625856 ----a-w- C:\Windows\SysWow64\amdocl.dll2011-09-14 09:38:30 44032 ----a-w- C:\Windows\System32\amdoclcl64.dll2011-09-14 09:38:28 37376 ----a-w- C:\Windows\SysWow64\amdoclcl.dll2011-09-08 18:27:22 10203648 ----a-w- C:\Windows\System32\drivers\atikmdag.sys2011-09-08 17:59:44 24229376 ----a-w- C:\Windows\System32\atio6axx.dll2011-09-08 17:39:44 18534912 ----a-w- C:\Windows\SysWow64\atioglxx.dll2011-09-08 17:34:20 151552 ----a-w- C:\Windows\System32\atiapfxx.exe2011-09-08 17:34:10 732672 ----a-w- C:\Windows\SysWow64\aticfx32.dll2011-09-08 17:32:58 862720 ----a-w- C:\Windows\System32\aticfx64.dll2011-09-08 17:30:38 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll2011-09-08 17:30:26 486912 ----a-w- C:\Windows\System32\atieclxx.exe2011-09-08 17:29:56 204288 ----a-w- C:\Windows\System32\atiesrxx.exe2011-09-08 17:28:54 120320 ----a-w- C:\Windows\System32\atitmm64.dll2011-09-08 17:28:38 423424 ----a-w- C:\Windows\System32\atipdl64.dll2011-09-08 17:28:32 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll2011-09-08 17:28:22 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll2011-09-08 17:28:18 21504 ----a-w- C:\Windows\System32\atimuixx.dll2011-09-08 17:28:14 59392 ----a-w- C:\Windows\System32\atiedu64.dll2011-09-08 17:28:10 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll2011-09-08 17:24:38 4204032 ----a-w- C:\Windows\SysWow64\atidxx32.dll2011-09-08 17:18:56 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll2011-09-08 17:18:22 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll2011-09-08 17:18:08 3888640 ----a-w- C:\Windows\System32\atiumd6a.dll2011-09-08 17:16:00 4944896 ----a-w- C:\Windows\System32\atidxx64.dll2011-09-08 17:09:42 51200 ----a-w- C:\Windows\System32\aticalrt64.dll2011-09-08 17:09:40 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll2011-09-08 17:09:30 44544 ----a-w- C:\Windows\System32\aticalcl64.dll2011-09-08 17:09:28 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll2011-09-08 17:09:18 8723456 ----a-w- C:\Windows\System32\aticaldd64.dll2011-09-08 17:08:24 4064768 ----a-w- C:\Windows\SysWow64\atiumdva.dll2011-09-08 17:05:52 7331840 ----a-w- C:\Windows\SysWow64\aticaldd.dll2011-09-08 17:05:44 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll2011-09-08 17:00:02 5428736 ----a-w- C:\Windows\System32\atiumd64.dll2011-09-08 16:59:48 58880 ----a-w- C:\Windows\System32\coinst.dll2011-09-08 16:53:20 381952 ----a-w- C:\Windows\System32\atiadlxx.dll2011-09-08 16:53:12 270336 ----a-w- C:\Windows\SysWow64\atiadlxy.dll2011-09-08 16:52:58 15360 ----a-w- C:\Windows\System32\atig6pxx.dll2011-09-08 16:52:56 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll2011-09-08 16:52:56 13312 ----a-w- C:\Windows\System32\atiglpxx.dll2011-09-08 16:52:54 39936 ----a-w- C:\Windows\System32\atig6txx.dll2011-09-08 16:52:46 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll2011-09-08 16:52:40 310784 ----a-w- C:\Windows\System32\drivers\atikmpag.sys2011-09-08 16:52:00 40960 ----a-w- C:\Windows\System32\atiuxp64.dll2011-09-08 16:51:54 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll2011-09-08 16:51:50 38912 ----a-w- C:\Windows\System32\atiu9p64.dll2011-09-08 16:51:44 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll2011-09-08 16:51:28 45056 ----a-w- C:\Windows\System32\atitmp64.dll2011-09-08 16:51:12 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\atimpc64.dll2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\amdpcom64.dll2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll.============= FINISH: 15:20:13,11 =============== Link to post Share on other sites More sharing options...
Staff screen317 Posted October 18, 2011 Staff ID:486881 Share Posted October 18, 2011 Hi and welcome to Malwarebytes. Please update MBAM, run a Quick Scan, and post its log. Next, please visit this webpage for instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix When the tool is finished, it will produce a report for you.Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system. Link to post Share on other sites More sharing options...
extro Posted October 19, 2011 Author ID:487050 Share Posted October 19, 2011 Thank you for your reply! will start on the combofix and dds nowwww.malwarebytes.orgDatabase version: 7982Windows 6.0.6002 Service Pack 2Internet Explorer 9.0.8112.164212011-10-19 16:37:38mbam-log-2011-10-19 (16-37-38).txtScan type: Quick scanObjects scanned: 173044Time elapsed: 2 minute(s), 23 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
extro Posted October 19, 2011 Author ID:487069 Share Posted October 19, 2011 Can't install Combofix,..Ill try and explain what the windows says: -> Error opening file for writing: C: \ 32788R22FWJFW \ License \ iexplore.exe Click abortion to cancel the installation Try again to write the file or ignore to skip the fileIMAGE OF ERRORhttp://tinypic.com/r/2eoi0xz/7How my C:drive looks after the failed installationhttp://tinypic.com/r/29yfprt/7Adding DDS and attach atleastDDS.txtAttach.txt Link to post Share on other sites More sharing options...
extro Posted October 19, 2011 Author ID:487073 Share Posted October 19, 2011 Sorry for all these replys, but i can find any button for edit your post. This was also how it looked while trying to install combofixThe popups are saying iexplore.exe have stopped working and internet explorer have stopped working and NirCmd have stopped working.http://i53.tinypic.com/2qjlt79.jpg Link to post Share on other sites More sharing options...
extro Posted October 22, 2011 Author ID:487715 Share Posted October 22, 2011 Okay, I somehow managed to get combofix to run, so got no idea if it worked properly, but here it is! combofix with a new DDS log!ComboFix 11-10-21.06 - Robin 2011-10-21 23:59:56.1.2 - x64Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.4094.2846 [GMT 2:00]Körs från: c:\users\Robin\Desktop\ComboFix.exeAV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))..c:\windows\security\Database\tmp.edbD:\install.exe..(((((((((((((((((((((((( Filer skapade från 2011-09-21 till 2011-10-21 ))))))))))))))))))))))))))))))..2011-10-21 23:23 . 2011-10-21 23:23 -------- d-----w- c:\users\Default\AppData\Local\temp2011-10-17 17:40 . 2011-10-17 17:40 -------- d-----w- c:\program files (x86)\Nero2011-10-17 17:39 . 2008-05-02 05:26 1414440 ----a-w- c:\windows\SysWow64\ShellManager310E2D762.dll2011-10-17 17:12 . 2011-10-17 17:12 -------- d-----w- c:\windows\Sun2011-10-17 17:01 . 2011-03-12 22:52 1653760 ----a-w- c:\windows\system32\XpsPrint.dll2011-10-17 17:01 . 2011-03-12 21:55 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll2011-10-17 14:20 . 2011-10-17 14:20 -------- d-----w- c:\windows\SysWow64\spool2011-10-17 14:20 . 2011-10-17 14:20 -------- d-----w- c:\program files (x86)\Windows Portable Devices2011-10-17 14:20 . 2011-10-17 14:20 -------- d-----w- c:\program files\Windows Portable Devices2011-10-16 22:35 . 2009-10-01 01:02 30208 ----a-w- c:\windows\SysWow64\WPDShextAutoplay.exe2011-10-16 22:21 . 2009-09-10 02:00 92672 ----a-w- c:\windows\SysWow64\UIAnimation.dll2011-10-16 22:21 . 2009-09-10 02:07 3815424 ----a-w- c:\windows\system32\UIRibbon.dll2011-10-16 22:21 . 2009-09-10 02:06 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll2011-10-16 22:21 . 2009-09-10 02:05 103424 ----a-w- c:\windows\system32\UIAnimation.dll2011-10-16 22:21 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\SysWow64\UIRibbon.dll2011-10-16 22:21 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll2011-10-16 20:24 . 2011-02-22 14:13 288768 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll2011-10-16 20:24 . 2011-02-22 14:47 479744 ----a-w- c:\windows\system32\XpsGdiConverter.dll2011-10-16 20:24 . 2011-02-22 13:53 1555968 ----a-w- c:\windows\system32\DWrite.dll2011-10-16 20:24 . 2011-02-22 13:53 1149440 ----a-w- c:\windows\system32\FntCache.dll2011-10-16 20:24 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll2011-10-16 20:24 . 2010-05-04 19:40 316928 ----a-w- c:\windows\system32\msshsq.dll2011-10-16 20:24 . 2010-05-04 19:13 231424 ----a-w- c:\windows\SysWow64\msshsq.dll2011-10-16 20:24 . 2011-07-11 13:45 2048 ----a-w- c:\windows\system32\tzres.dll2011-10-16 20:24 . 2011-07-11 13:25 2048 ----a-w- c:\windows\SysWow64\tzres.dll2011-10-16 20:22 . 2011-01-20 16:07 258048 ----a-w- c:\windows\SysWow64\winspool.drv2011-10-16 20:22 . 2011-01-20 14:40 34304 ----a-w- c:\windows\system32\mfpmp.exe2011-10-16 20:22 . 2011-01-20 16:04 98816 ----a-w- c:\windows\SysWow64\mfps.dll2011-10-16 20:22 . 2011-08-25 16:20 735744 ----a-w- c:\windows\system32\UIAutomationCore.dll2011-10-16 20:22 . 2011-08-25 16:19 332288 ----a-w- c:\windows\system32\oleacc.dll2011-10-16 20:22 . 2011-08-25 16:15 555520 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll2011-10-16 20:22 . 2011-08-25 16:14 238080 ----a-w- c:\windows\SysWow64\oleacc.dll2011-10-16 20:22 . 2011-08-25 13:54 4096 ----a-w- c:\windows\system32\oleaccrc.dll2011-10-16 20:22 . 2011-08-25 13:31 4096 ----a-w- c:\windows\SysWow64\oleaccrc.dll2011-10-16 20:22 . 2011-08-25 16:19 847360 ----a-w- c:\windows\system32\oleaut32.dll2011-10-16 20:22 . 2011-08-25 16:14 563712 ----a-w- c:\windows\SysWow64\oleaut32.dll2011-10-16 20:21 . 2011-06-17 20:14 1427344 ----a-w- c:\windows\system32\drivers\tcpip.sys2011-10-16 20:21 . 2011-09-14 10:52 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat2011-10-16 20:21 . 2011-09-14 10:51 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat2011-10-16 20:21 . 2011-08-03 03:00 579072 ----a-w- c:\windows\system32\psisdecd.dll2011-10-16 20:21 . 2011-07-29 16:01 293376 ----a-w- c:\windows\SysWow64\psisdecd.dll2011-10-16 20:21 . 2011-07-29 16:01 217088 ----a-w- c:\windows\SysWow64\psisrndr.ax2011-10-16 20:21 . 2011-07-29 16:00 57856 ----a-w- c:\windows\SysWow64\MSDvbNP.ax2011-10-16 20:21 . 2011-07-29 16:00 69632 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax2011-10-16 20:21 . 2011-08-03 03:00 125952 ----a-w- c:\windows\system32\psisrndr.ax2011-10-16 20:21 . 2011-08-03 02:58 188416 ----a-w- c:\windows\system32\MSNP.ax2011-10-16 20:21 . 2011-08-03 02:58 73216 ----a-w- c:\windows\system32\MSDvbNP.ax2011-10-16 20:21 . 2011-08-03 02:58 100352 ----a-w- c:\windows\system32\Mpeg2Data.ax2011-10-16 01:14 . 2011-10-16 01:14 -------- d-----w- c:\windows\SysWow64\ca-ES2011-10-16 01:14 . 2011-10-16 01:14 -------- d-----w- c:\windows\SysWow64\eu-ES2011-10-16 01:14 . 2011-10-16 01:14 -------- d-----w- c:\windows\SysWow64\vi-VN2011-10-16 01:14 . 2011-10-16 01:14 -------- d-----w- c:\windows\system32\ca-ES2011-10-16 01:14 . 2011-10-16 01:14 -------- d-----w- c:\windows\system32\eu-ES2011-10-16 01:14 . 2011-10-16 01:14 -------- d-----w- c:\windows\system32\vi-VN2011-10-16 00:54 . 2011-10-16 00:54 -------- d-----w- c:\windows\system32\EventProviders2011-10-16 00:50 . 2009-04-11 07:11 1081856 ----a-w- c:\windows\system32\qmgr.dll2011-10-16 00:49 . 2009-04-11 07:11 690688 ----a-w- c:\windows\system32\wpcao.dll2011-10-16 00:48 . 2009-04-11 06:28 247808 ----a-w- c:\windows\SysWow64\drvstore.dll2011-10-16 00:48 . 2009-04-11 06:28 83968 ----a-w- c:\windows\SysWow64\wbem\wmiutils.dll2011-10-16 00:48 . 2009-04-11 06:28 30208 ----a-w- c:\windows\SysWow64\wbem\wbemprox.dll2011-10-16 00:48 . 2009-04-11 06:28 189440 ----a-w- c:\windows\SysWow64\wbem\mofd.dll2011-10-16 00:48 . 2009-04-11 06:28 614912 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll2011-10-16 00:48 . 2009-04-11 06:28 265728 ----a-w- c:\windows\SysWow64\wbem\esscli.dll2011-10-16 00:46 . 2009-04-11 07:11 43520 ----a-w- c:\windows\system32\wbem\wbemprox.dll2011-10-16 00:46 . 2009-04-11 07:11 1172992 ----a-w- c:\windows\system32\wbem\wbemcore.dll2011-10-16 00:46 . 2009-04-11 07:11 891392 ----a-w- c:\windows\system32\wbem\fastprox.dll2011-10-16 00:45 . 2009-04-11 07:11 936448 ----a-w- c:\windows\system32\SmiEngine.dll2011-10-16 00:45 . 2009-04-11 07:11 293888 ----a-w- c:\windows\system32\wdscore.dll2011-10-16 00:45 . 2009-04-11 07:10 138752 ----a-w- c:\windows\system32\PkgMgr.exe2011-10-16 00:45 . 2009-04-11 07:11 315904 ----a-w- c:\windows\system32\drvstore.dll2011-10-15 23:21 . 2011-10-15 23:21 0 ----a-w- c:\windows\ativpsrm.bin2011-10-15 22:57 . 2011-10-15 22:57 -------- d-----w- c:\program files (x86)\AMD APP2011-10-15 22:55 . 2011-10-15 22:55 -------- d-----w- c:\program files (x86)\ATI Technologies2011-10-15 22:45 . 2011-10-15 22:57 -------- d-----w- c:\program files\ATI Technologies2011-10-15 22:45 . 2011-10-15 22:45 -------- d-----w- c:\program files\ATI2011-10-15 22:44 . 2011-10-15 22:44 -------- d-----w- C:\ATI2011-10-15 22:07 . 2011-10-15 22:07 525544 ----a-w- c:\windows\system32\deployJava1.dll2011-10-15 22:06 . 2011-10-15 22:06 -------- d-----w- c:\program files\Java2011-10-15 21:33 . 2011-10-15 21:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2011-10-15 21:33 . 2011-08-31 15:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys2011-10-15 20:53 . 2011-10-15 20:53 -------- d-----w- c:\program files (x86)\VideoLAN2011-10-15 15:11 . 2011-10-15 16:20 -------- d-----w- c:\windows\system32\drivers\NISx64\1301010.0032011-10-15 12:01 . 2009-08-24 11:47 442368 ----a-w- c:\windows\system32\winhttp.dll2011-10-15 12:01 . 2009-08-24 11:36 377344 ----a-w- c:\windows\SysWow64\winhttp.dll2011-10-15 12:00 . 2009-11-04 04:49 31232 ----a-w- c:\windows\system32\drivers\sv-SE\http.sys.mui2011-10-15 12:00 . 2010-09-06 18:28 179712 ----a-w- c:\windows\system32\srvsvc.dll2011-10-15 12:00 . 2010-09-06 18:28 12288 ----a-w- c:\windows\system32\sscore.dll2011-10-15 12:00 . 2010-09-06 18:27 17920 ----a-w- c:\windows\system32\netevent.dll2011-10-15 12:00 . 2010-09-06 16:20 9728 ----a-w- c:\windows\SysWow64\sscore.dll2011-10-15 12:00 . 2010-09-06 16:19 17920 ----a-w- c:\windows\SysWow64\netevent.dll2011-10-15 10:57 . 2009-11-08 08:55 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll2011-10-15 10:57 . 2009-11-08 08:55 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll2011-10-15 10:57 . 2009-11-08 08:55 48960 ----a-w- c:\windows\system32\netfxperf.dll2011-10-15 10:57 . 2009-11-08 08:55 444752 ----a-w- c:\windows\system32\mscoree.dll2011-10-15 10:57 . 2009-11-08 08:55 320352 ----a-w- c:\windows\system32\PresentationHost.exe2011-10-15 10:57 . 2009-11-08 08:55 297808 ----a-w- c:\windows\SysWow64\mscoree.dll2011-10-15 10:57 . 2009-11-08 08:55 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe2011-10-15 10:57 . 2009-11-08 08:55 1942856 ----a-w- c:\windows\system32\dfshim.dll2011-10-15 10:57 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll2011-10-15 10:57 . 2009-11-08 08:55 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll2011-10-15 10:14 . 2011-03-03 15:59 32256 ----a-w- c:\windows\system32\Apphlpdm.dll2011-10-15 10:14 . 2011-03-03 15:40 28672 ----a-w- c:\windows\SysWow64\Apphlpdm.dll2011-10-15 10:14 . 2011-03-03 14:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll2011-10-15 10:14 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\SysWow64\GameUXLegacyGDFs.dll2011-10-15 09:27 . 2010-10-19 04:56 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll2011-10-15 09:27 . 2010-10-19 04:27 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll2011-10-15 09:24 . 2009-01-08 01:20 537088 ----a-w- c:\program files\Internet Explorer\pdm.dll2011-10-15 09:24 . 2009-01-08 01:20 358904 ----a-w- c:\program files\Internet Explorer\msdbg2.dll2011-10-15 09:24 . 2009-01-08 01:20 355832 ----a-w- c:\program files (x86)\Internet Explorer\pdm.dll2011-10-15 09:24 . 2009-01-08 01:20 265720 ----a-w- c:\program files (x86)\Internet Explorer\msdbg2.dll2011-10-15 08:51 . 2010-02-24 09:28 294912 ----a-w- c:\windows\system32\browserchoice.exe2011-10-15 08:50 . 2010-02-20 23:15 32768 ----a-w- c:\windows\system32\nshhttp.dll2011-10-15 08:50 . 2010-02-20 23:06 24064 ----a-w- c:\windows\SysWow64\nshhttp.dll2011-10-15 08:50 . 2010-02-20 23:14 33792 ----a-w- c:\windows\system32\httpapi.dll2011-10-15 08:50 . 2010-02-20 23:05 30720 ----a-w- c:\windows\SysWow64\httpapi.dll2011-10-15 08:50 . 2010-02-20 21:30 620032 ----a-w- c:\windows\system32\drivers\http.sys2011-10-15 08:45 . 2009-08-01 06:27 201184 ----a-w- c:\windows\SysWow64\winrm.vbs2011-10-15 08:40 . 2010-06-28 17:21 1915904 ----a-w- c:\windows\system32\ole32.dll2011-10-15 08:39 . 2009-09-10 15:27 1486848 ----a-w- c:\program files\Windows Media Player\setup_wm.exe2011-10-15 08:39 . 2009-09-10 15:27 372736 ----a-w- c:\windows\system32\unregmp2.exe2011-10-15 08:39 . 2009-09-10 14:58 1418752 ----a-w- c:\program files (x86)\Windows Media Player\setup_wm.exe2011-10-15 08:39 . 2009-09-10 14:58 310784 ----a-w- c:\windows\SysWow64\unregmp2.exe2011-10-15 08:36 . 2009-07-15 14:47 368128 ----a-w- c:\windows\system32\wmpdxm.dll2011-10-15 08:36 . 2009-07-15 12:39 313344 ----a-w- c:\windows\SysWow64\wmpdxm.dll2011-10-15 08:36 . 2009-07-15 10:23 43520 ----a-w- c:\windows\system32\msdxm.tlb..(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))).2011-09-14 09:47 . 2011-09-14 09:47 60416 ----a-w- c:\windows\system32\OVDecode64.dll2011-09-14 09:47 . 2011-09-14 09:47 53760 ----a-w- c:\windows\SysWow64\OVDecode.dll2011-09-14 09:47 . 2011-09-14 09:47 51200 ----a-w- c:\windows\system32\OpenCL.dll2011-09-14 09:47 . 2011-09-14 09:47 43520 ----a-w- c:\windows\SysWow64\OpenCL.dll2011-09-14 09:47 . 2011-09-14 09:47 16652288 ----a-w- c:\windows\system32\amdocl64.dll2011-09-14 09:46 . 2011-09-14 09:46 13625856 ----a-w- c:\windows\SysWow64\amdocl.dll2011-09-14 09:38 . 2011-09-14 09:38 44032 ----a-w- c:\windows\system32\amdoclcl64.dll2011-09-14 09:38 . 2011-09-14 09:38 37376 ----a-w- c:\windows\SysWow64\amdoclcl.dll2011-09-08 18:27 . 2011-09-08 18:27 10203648 ----a-w- c:\windows\system32\drivers\atikmdag.sys2011-09-08 17:59 . 2011-09-08 17:59 24229376 ----a-w- c:\windows\system32\atio6axx.dll2011-09-08 17:39 . 2011-09-08 17:39 18534912 ----a-w- c:\windows\SysWow64\atioglxx.dll2011-09-08 17:34 . 2011-09-08 17:34 151552 ----a-w- c:\windows\system32\atiapfxx.exe2011-09-08 17:34 . 2011-09-08 17:34 732672 ----a-w- c:\windows\SysWow64\aticfx32.dll2011-09-08 17:32 . 2011-09-08 17:32 862720 ----a-w- c:\windows\system32\aticfx64.dll2011-09-08 17:30 . 2011-09-08 17:30 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll2011-09-08 17:30 . 2011-09-08 17:30 486912 ----a-w- c:\windows\system32\atieclxx.exe2011-09-08 17:29 . 2011-09-08 17:29 204288 ----a-w- c:\windows\system32\atiesrxx.exe2011-09-08 17:28 . 2011-09-08 17:28 120320 ----a-w- c:\windows\system32\atitmm64.dll2011-09-08 17:28 . 2011-09-08 17:28 423424 ----a-w- c:\windows\system32\atipdl64.dll2011-09-08 17:28 . 2011-09-08 17:28 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll2011-09-08 17:28 . 2011-09-08 17:28 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll2011-09-08 17:28 . 2011-09-08 17:28 21504 ----a-w- c:\windows\system32\atimuixx.dll2011-09-08 17:28 . 2011-09-08 17:28 59392 ----a-w- c:\windows\system32\atiedu64.dll2011-09-08 17:28 . 2011-09-08 17:28 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll2011-09-08 17:24 . 2011-09-08 17:24 4204032 ----a-w- c:\windows\SysWow64\atidxx32.dll2011-09-08 17:18 . 2011-09-08 17:18 1113088 ----a-w- c:\windows\system32\atiumd6v.dll2011-09-08 17:18 . 2011-09-08 17:18 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll2011-09-08 17:18 . 2011-09-08 17:18 3888640 ----a-w- c:\windows\system32\atiumd6a.dll2011-09-08 17:16 . 2011-09-08 17:16 4944896 ----a-w- c:\windows\system32\atidxx64.dll2011-09-08 17:09 . 2011-09-08 17:09 51200 ----a-w- c:\windows\system32\aticalrt64.dll2011-09-08 17:09 . 2011-09-08 17:09 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll2011-09-08 17:09 . 2011-09-08 17:09 44544 ----a-w- c:\windows\system32\aticalcl64.dll2011-09-08 17:09 . 2011-09-08 17:09 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll2011-09-08 17:09 . 2011-09-08 17:09 8723456 ----a-w- c:\windows\system32\aticaldd64.dll2011-09-08 17:08 . 2011-09-08 17:08 4064768 ----a-w- c:\windows\SysWow64\atiumdva.dll2011-09-08 17:05 . 2011-09-08 17:05 7331840 ----a-w- c:\windows\SysWow64\aticaldd.dll2011-09-08 17:05 . 2011-09-08 17:05 4289024 ----a-w- c:\windows\SysWow64\atiumdag.dll2011-09-08 17:00 . 2011-09-08 17:00 5428736 ----a-w- c:\windows\system32\atiumd64.dll2011-09-08 16:59 . 2011-09-08 16:59 58880 ----a-w- c:\windows\system32\coinst.dll2011-09-08 16:53 . 2011-09-08 16:53 381952 ----a-w- c:\windows\system32\atiadlxx.dll2011-09-08 16:53 . 2011-09-08 16:53 270336 ----a-w- c:\windows\SysWow64\atiadlxy.dll2011-09-08 16:52 . 2011-09-08 16:52 15360 ----a-w- c:\windows\system32\atig6pxx.dll2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\SysWow64\atiglpxx.dll2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\system32\atiglpxx.dll2011-09-08 16:52 . 2011-09-08 16:52 39936 ----a-w- c:\windows\system32\atig6txx.dll2011-09-08 16:52 . 2011-09-08 16:52 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll2011-09-08 16:52 . 2011-09-08 16:52 310784 ----a-w- c:\windows\system32\drivers\atikmpag.sys2011-09-08 16:52 . 2011-09-08 16:52 40960 ----a-w- c:\windows\system32\atiuxp64.dll2011-09-08 16:51 . 2011-09-08 16:51 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll2011-09-08 16:51 . 2011-09-08 16:51 38912 ----a-w- c:\windows\system32\atiu9p64.dll2011-09-08 16:51 . 2011-09-08 16:51 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll2011-09-08 16:51 . 2011-09-08 16:51 45056 ----a-w- c:\windows\system32\atitmp64.dll2011-09-08 16:51 . 2011-09-08 16:51 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll2011-09-08 16:51 . 2011-09-08 16:51 54784 ----a-w- c:\windows\system32\atimpc64.dll2011-09-08 16:51 . 2011-09-08 16:51 54784 ----a-w- c:\windows\system32\amdpcom64.dll2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll..(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))..*Not* tomma poster & legitima standardposter visas inte. REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SmpcSys"="c:\program files (x86)\Packard Bell\SetupMyPC\SmpSys.exe" [2009-03-18 1160736]"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2009-03-25 1840424].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]"NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableUIADesktopToggle"= 0 (0x0).R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS [x]R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1301010.003\SYMDS64.SYS [x]S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1301010.003\SYMEFA64.SYS [x]S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20111014.001\BHDrvx64.sys [2011-10-14 1155704]S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1301010.003\ccSetx64.sys [x]S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20111020.030\IDSvia64.sys [2011-10-14 488568]S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1301010.003\Ironx64.SYS [x]S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\NISx64\1301010.003\SYMTDIV.SYS [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]S2 NIS;Norton Internet Security.;c:\program files (x86)\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe [2011-08-10 138760]S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-10-13 136824]S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]..Innehåll i mappen 'Schemalagda aktiviteter':.2011-10-21 c:\windows\Tasks\Packard Bell Customer Registration - Robin.job- c:\program files (x86)\Packard Bell\Packard Bell Customer Registration\PBCReg.exe [2009-03-30 12:23]..--------- x86-64 -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-09-12 182808]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-10 7212576]"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-10 1833504]"FijiKeyboard"="c:\acer\Preload\Autorun\DRV\FIJI Keyboard\ABoard.exe" [2008-09-18 79416].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"LoadAppInit_DLLs"=0x0.------- Extra genomsökning -------.uLocal Page = c:\windows\system32\blank.htmmStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=041d&m=imedia_s3710&r=1v3610112706p0385vq25y4752932nmLocal Page = c:\windows\SysWOW64\blank.htmTCP: DhcpNameServer = 83.255.245.11 193.150.193.150CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll.- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -.HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exeAddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.1.1.3\diMaster.dll\" /prefetch:1".--------------------- LÅSTA REGISTERNYCKLAR ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]@Denied: (A 2) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]@="Shockwave Flash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]@Denied: (A 2) (Everyone)@="".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]@="FlashBroker".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\.------------------------ Andra processer som körs ------------------------.c:\program files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exec:\windows\system32\HidService.exec:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exec:\windows\SysWOW64\IoctlSvc.exec:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exec:\acer\Preload\Autorun\DRV\Fiji Keyboard\AOSD.exec:\program files (x86)\Common Files\Nero\Lib\NMIndexingService.exe.**************************************************************************.Sluttid: 2011-10-22 01:46:39 - datorn startades om.ComboFix-quarantined-files.txt 2011-10-21 23:46.Före genomsökningen: 395 945 365 504 byte ledigtEfter genomsökningen: 397 942 063 104 byte ledigt.- - End Of File - - 73863223F743CF1B144685730FA922F6DDS!.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421Run by Robin at 1:51:09 on 2011-10-22Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.4094.2616 [GMT 2:00].AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\atieclxx.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exeC:\Windows\system32\HidService.exeC:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exeC:\Windows\SysWOW64\IoctlSvc.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exeC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exeC:\Windows\system32\WUDFHost.exeC:\Windows\system32\conime.exeC:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\ACER\Preload\Autorun\DRV\Fiji Keyboard\ABoard.exeC:\Program Files (x86)\Packard Bell\SetupMyPC\SmpSys.exeC:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exeC:\ACER\Preload\Autorun\DRV\Fiji Keyboard\AOSD.exeC:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Windows\system32\wuauclt.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\WerFault.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\REGSVR32.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cscript.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=041d&m=imedia_s3710&r=1v3610112706p0385vq25y4752932nBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\coIEPlg.dllBHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\IPS\IPSBHO.DLLBHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllTB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\coIEPlg.dlluRun: [smpcSys] C:\Program Files (x86)\Packard Bell\SetupMyPC\SmpSys.exeuRun: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttraymRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLLTCP: DhcpNameServer = 83.255.245.11 193.150.193.150TCP: Interfaces\{62B58842-3A33-46AC-BFA0-951E41C072D3} : DhcpNameServer = 83.255.245.11 193.150.193.150{18DF081C-E8AD-4283-A596-FA578C2EBDC3}{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}{6D53EC84-6AAE-4787-AEEE-F4628F01010C}{9030D464-4C02-4ABF-8ECC-5164760863C6}{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttraymRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun-x64: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe".============= SERVICES / DRIVERS ===============.R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1301010.003\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1301010.003\SYMDS64.SYS [?]R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1301010.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1301010.003\SYMEFA64.SYS [?]R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20111014.001\BHDrvx64.sys [2011-10-15 1155704]R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1301010.003\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1301010.003\ccSetx64.sys [?]R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20111020.030\IDSviA64.sys [2011-10-21 488568]R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1301010.003\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1301010.003\Ironx64.SYS [?]R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\drivers\NISx64\1301010.003\SYMTDIV.SYS --> C:\Windows\system32\drivers\NISx64\1301010.003\SYMTDIV.SYS [?]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-15 366152]R2 NIS;Norton Internet Security.;C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe [2011-10-15 138760]R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-10-13 136824]R3 Lycosa;Lycosa Keyboard;C:\Windows\system32\drivers\Lycosa.sys --> C:\Windows\system32\drivers\Lycosa.sys [?]R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 PerfHost;Värd för prestandaräknar-DLL;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-10-16 89920].=============== File Associations ===============.JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*.=============== Created Last 30 ================.2011-10-21 21:51:21 208896 ----a-w- C:\Windows\MBR.exe2011-10-21 21:51:20 98816 ----a-w- C:\Windows\sed.exe2011-10-21 21:51:20 518144 ----a-w- C:\Windows\SWREG.exe2011-10-21 21:51:20 256000 ----a-w- C:\Windows\PEV.exe2011-10-21 21:49:53 -------- d-----w- C:\ComboFix2011-10-17 17:40:24 -------- d-----w- C:\Program Files (x86)\Nero2011-10-17 17:39:58 1414440 ----a-w- C:\Windows\SysWow64\ShellManager310E2D762.dll2011-10-17 17:01:05 1653760 ----a-w- C:\Windows\System32\XpsPrint.dll2011-10-17 17:01:04 876032 ----a-w- C:\Windows\SysWow64\XpsPrint.dll2011-10-17 14:20:41 -------- d-----w- C:\Windows\SysWow64\spool2011-10-17 14:20:39 -------- d-----w- C:\Program Files (x86)\Windows Portable Devices2011-10-17 14:20:37 -------- d-----w- C:\Program Files\Windows Portable Devices2011-10-16 22:35:40 167424 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll2011-10-16 22:21:02 92672 ----a-w- C:\Windows\SysWow64\UIAnimation.dll2011-10-16 22:21:01 3815424 ----a-w- C:\Windows\System32\UIRibbon.dll2011-10-16 22:21:01 3023360 ----a-w- C:\Windows\SysWow64\UIRibbon.dll2011-10-16 22:21:01 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll2011-10-16 22:21:01 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll2011-10-16 22:21:01 103424 ----a-w- C:\Windows\System32\UIAnimation.dll2011-10-16 20:24:29 288768 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll2011-10-16 20:24:28 479744 ----a-w- C:\Windows\System32\XpsGdiConverter.dll2011-10-16 20:24:26 1555968 ----a-w- C:\Windows\System32\DWrite.dll2011-10-16 20:24:26 1149440 ----a-w- C:\Windows\System32\FntCache.dll2011-10-16 20:24:26 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll2011-10-16 20:24:14 316928 ----a-w- C:\Windows\System32\msshsq.dll2011-10-16 20:24:14 231424 ----a-w- C:\Windows\SysWow64\msshsq.dll2011-10-16 20:24:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2011-10-16 20:24:09 2048 ----a-w- C:\Windows\System32\tzres.dll2011-10-16 20:22:58 34304 ----a-w- C:\Windows\System32\mfpmp.exe2011-10-16 20:22:58 258048 ----a-w- C:\Windows\SysWow64\winspool.drv2011-10-16 20:22:57 98816 ----a-w- C:\Windows\SysWow64\mfps.dll2011-10-16 20:22:44 735744 ----a-w- C:\Windows\System32\UIAutomationCore.dll2011-10-16 20:22:44 555520 ----a-w- C:\Windows\SysWow64\UIAutomationCore.dll2011-10-16 20:22:44 4096 ----a-w- C:\Windows\SysWow64\oleaccrc.dll2011-10-16 20:22:44 4096 ----a-w- C:\Windows\System32\oleaccrc.dll2011-10-16 20:22:44 332288 ----a-w- C:\Windows\System32\oleacc.dll2011-10-16 20:22:44 238080 ----a-w- C:\Windows\SysWow64\oleacc.dll2011-10-16 20:22:43 847360 ----a-w- C:\Windows\System32\oleaut32.dll2011-10-16 20:22:43 563712 ----a-w- C:\Windows\SysWow64\oleaut32.dll2011-10-16 20:21:36 1427344 ----a-w- C:\Windows\System32\drivers\tcpip.sys2011-10-16 20:21:10 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat2011-10-16 20:21:10 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat2011-10-16 20:21:06 69632 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax2011-10-16 20:21:06 579072 ----a-w- C:\Windows\System32\psisdecd.dll2011-10-16 20:21:06 57856 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax2011-10-16 20:21:06 293376 ----a-w- C:\Windows\SysWow64\psisdecd.dll2011-10-16 20:21:06 217088 ----a-w- C:\Windows\SysWow64\psisrndr.ax2011-10-16 20:21:05 73216 ----a-w- C:\Windows\System32\MSDvbNP.ax2011-10-16 20:21:05 188416 ----a-w- C:\Windows\System32\MSNP.ax2011-10-16 20:21:05 125952 ----a-w- C:\Windows\System32\psisrndr.ax2011-10-16 20:21:05 100352 ----a-w- C:\Windows\System32\Mpeg2Data.ax2011-10-16 09:40:40 -------- d-----w- C:\Users\Robin\AppData\Roaming\SUPERAntiSpyware.com2011-10-16 01:14:13 -------- d-----w- C:\Windows\SysWow64\vi-VN2011-10-16 01:14:13 -------- d-----w- C:\Windows\SysWow64\eu-ES2011-10-16 01:14:13 -------- d-----w- C:\Windows\SysWow64\ca-ES2011-10-16 01:14:12 -------- d-----w- C:\Windows\System32\vi-VN2011-10-16 01:14:12 -------- d-----w- C:\Windows\System32\eu-ES2011-10-16 01:14:12 -------- d-----w- C:\Windows\System32\ca-ES2011-10-16 00:54:11 -------- d-----w- C:\Windows\System32\EventProviders2011-10-16 00:50:59 56320 ----a-w- C:\Windows\System32\compcln.exe2011-10-16 00:49:59 94720 ----a-w- C:\Windows\System32\drivers\tdx.sys2011-10-16 00:48:55 247808 ----a-w- C:\Windows\SysWow64\drvstore.dll2011-10-16 00:48:49 83968 ----a-w- C:\Windows\SysWow64\wbem\wmiutils.dll2011-10-16 00:48:49 614912 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll2011-10-16 00:48:49 30208 ----a-w- C:\Windows\SysWow64\wbem\wbemprox.dll2011-10-16 00:48:49 265728 ----a-w- C:\Windows\SysWow64\wbem\esscli.dll2011-10-16 00:48:49 189440 ----a-w- C:\Windows\SysWow64\wbem\mofd.dll2011-10-16 00:46:03 43520 ----a-w- C:\Windows\System32\wbem\wbemprox.dll2011-10-16 00:46:02 891392 ----a-w- C:\Windows\System32\wbem\fastprox.dll2011-10-16 00:46:02 1172992 ----a-w- C:\Windows\System32\wbem\wbemcore.dll2011-10-16 00:45:57 936448 ----a-w- C:\Windows\System32\SmiEngine.dll2011-10-16 00:45:47 293888 ----a-w- C:\Windows\System32\wdscore.dll2011-10-16 00:45:47 138752 ----a-w- C:\Windows\System32\PkgMgr.exe2011-10-16 00:45:17 315904 ----a-w- C:\Windows\System32\drvstore.dll2011-10-15 23:26:00 -------- d-----w- C:\Users\Robin\AppData\Local\Adobe2011-10-15 23:23:54 -------- d-----w- C:\Users\Robin\AppData\Local\ATI2011-10-15 23:21:12 0 ----a-w- C:\Windows\ativpsrm.bin2011-10-15 22:57:58 -------- d-----w- C:\Program Files (x86)\AMD APP2011-10-15 22:55:55 -------- d-----w- C:\Program Files (x86)\ATI Technologies2011-10-15 22:45:31 -------- d-----w- C:\Program Files\ATI Technologies2011-10-15 22:45:28 -------- d-----w- C:\Program Files\ATI2011-10-15 22:44:15 -------- d-----w- C:\ATI2011-10-15 22:07:34 525544 ----a-w- C:\Windows\System32\deployJava1.dll2011-10-15 21:34:10 -------- d-----w- C:\Users\Robin\AppData\Roaming\Malwarebytes2011-10-15 21:33:27 -------- d-----w- C:\ProgramData\Malwarebytes2011-10-15 21:33:23 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys2011-10-15 21:33:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2011-10-15 20:53:19 -------- d-----w- C:\Program Files (x86)\VideoLAN2011-10-15 15:48:55 -------- d-----w- C:\Users\Robin\AppData\Local\CrashDumps2011-10-15 15:11:22 729720 ----a-r- C:\Windows\System32\drivers\NISx64\1301010.003\srtsp64.sys2011-10-15 15:11:22 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1301010.003\SymDS64.sys2011-10-15 15:11:22 445560 ----a-r- C:\Windows\System32\drivers\NISx64\1301010.003\symtdiv.sys2011-10-15 15:11:22 401016 ----a-r- C:\Windows\System32\drivers\NISx64\1301010.003\symnets.sys2011-10-15 15:11:22 37496 ----a-r- C:\Windows\System32\drivers\NISx64\1301010.003\srtspx64.sys2011-10-15 15:11:22 189560 ----a-r- C:\Windows\System32\drivers\NISx64\1301010.003\Ironx64.sys2011-10-15 15:11:22 167048 ----a-r- C:\Windows\System32\drivers\NISx64\1301010.003\ccSetx64.sys2011-10-15 15:11:22 1084536 ----a-r- C:\Windows\System32\drivers\NISx64\1301010.003\SymEFA64.sys2011-10-15 15:11:17 -------- d-----w- C:\Windows\System32\drivers\NISx64\1301010.0032011-10-15 14:59:24 -------- d-----w- C:\ProgramData\Symantec2011-10-15 12:01:03 442368 ----a-w- C:\Windows\System32\winhttp.dll2011-10-15 12:01:03 377344 ----a-w- C:\Windows\SysWow64\winhttp.dll2011-10-15 12:00:59 31232 ----a-w- C:\Windows\System32\drivers\sv-SE\http.sys.mui2011-10-15 12:00:50 179712 ----a-w- C:\Windows\System32\srvsvc.dll2011-10-15 12:00:49 9728 ----a-w- C:\Windows\SysWow64\sscore.dll2011-10-15 12:00:49 17920 ----a-w- C:\Windows\SysWow64\netevent.dll2011-10-15 12:00:49 17920 ----a-w- C:\Windows\System32\netevent.dll2011-10-15 12:00:49 12288 ----a-w- C:\Windows\System32\sscore.dll2011-10-15 11:53:07 -------- d-----w- C:\ProgramData\PrevxCSI2011-10-15 10:57:10 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll2011-10-15 10:57:10 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll2011-10-15 10:57:10 48960 ----a-w- C:\Windows\System32\netfxperf.dll2011-10-15 10:57:10 444752 ----a-w- C:\Windows\System32\mscoree.dll2011-10-15 10:57:10 320352 ----a-w- C:\Windows\System32\PresentationHost.exe2011-10-15 10:57:10 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll2011-10-15 10:57:10 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe2011-10-15 10:57:10 1942856 ----a-w- C:\Windows\System32\dfshim.dll2011-10-15 10:57:10 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll2011-10-15 10:57:10 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll2011-10-15 10:55:30 -------- d-----w- C:\Users\Robin\AppData\Local\ElevatedDiagnostics2011-10-15 10:20:16 -------- d-----w- C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}2011-10-15 10:14:20 4240384 ----a-w- C:\Windows\SysWow64\GameUXLegacyGDFs.dll2011-10-15 10:14:20 4240384 ----a-w- C:\Windows\System32\GameUXLegacyGDFs.dll2011-10-15 10:14:20 32256 ----a-w- C:\Windows\System32\Apphlpdm.dll2011-10-15 10:14:20 28672 ----a-w- C:\Windows\SysWow64\Apphlpdm.dll2011-10-15 09:27:53 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll2011-10-15 09:27:53 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll2011-10-15 09:24:02 537088 ----a-w- C:\Program Files\Internet Explorer\pdm.dll2011-10-15 09:24:02 358904 ----a-w- C:\Program Files\Internet Explorer\msdbg2.dll2011-10-15 09:24:02 355832 ----a-w- C:\Program Files (x86)\Internet Explorer\pdm.dll2011-10-15 09:24:02 265720 ----a-w- C:\Program Files (x86)\Internet Explorer\msdbg2.dll2011-10-15 08:51:52 294912 ----a-w- C:\Windows\System32\browserchoice.exe2011-10-15 08:50:13 32768 ----a-w- C:\Windows\System32\nshhttp.dll2011-10-15 08:50:13 24064 ----a-w- C:\Windows\SysWow64\nshhttp.dll2011-10-15 08:50:11 620032 ----a-w- C:\Windows\System32\drivers\http.sys2011-10-15 08:50:11 33792 ----a-w- C:\Windows\System32\httpapi.dll2011-10-15 08:50:11 30720 ----a-w- C:\Windows\SysWow64\httpapi.dll2011-10-15 08:45:56 201184 ----a-w- C:\Windows\SysWow64\winrm.vbs2011-10-15 08:40:52 1915904 ----a-w- C:\Windows\System32\ole32.dll2011-10-15 08:39:28 1486848 ----a-w- C:\Program Files\Windows Media Player\setup_wm.exe2011-10-15 08:39:27 372736 ----a-w- C:\Windows\System32\unregmp2.exe2011-10-15 08:39:27 310784 ----a-w- C:\Windows\SysWow64\unregmp2.exe2011-10-15 08:39:27 1418752 ----a-w- C:\Program Files (x86)\Windows Media Player\setup_wm.exe2011-10-15 08:36:45 368128 ----a-w- C:\Windows\System32\wmpdxm.dll2011-10-15 08:36:45 313344 ----a-w- C:\Windows\SysWow64\wmpdxm.dll2011-10-15 08:36:43 43520 ----a-w- C:\Windows\SysWow64\msdxm.tlb2011-10-15 08:36:43 43520 ----a-w- C:\Windows\System32\msdxm.tlb2011-10-15 08:36:43 18432 ----a-w- C:\Windows\SysWow64\amcompat.tlb2011-10-15 08:36:43 18432 ----a-w- C:\Windows\System32\amcompat.tlb2011-10-15 08:29:48 4699024 ----a-w- C:\Windows\System32\ntoskrnl.exe2011-10-15 08:28:52 68096 ----a-w- C:\Program Files\Windows Mail\wabmig.exe2011-10-15 08:28:52 66048 ----a-w- C:\Program Files (x86)\Windows Mail\wabmig.exe2011-10-15 08:28:52 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe2011-10-15 08:28:52 515584 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe2011-10-15 08:28:52 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll2011-10-15 08:28:52 33280 ----a-w- C:\Program Files (x86)\Windows Mail\wabfind.dll2011-10-15 08:28:51 85504 ----a-w- C:\Windows\System32\csrsrv.dll2011-10-15 08:28:49 203264 ----a-w- C:\Windows\System32\wkssvc.dll2011-10-15 08:28:48 1251840 ----a-w- C:\Windows\System32\sdclt.exe2011-10-15 08:28:47 97792 ----a-w- C:\Windows\System32\drivers\dfsc.sys2011-10-14 17:44:44 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2011-10-14 16:13:55 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared2011-10-14 15:57:38 -------- d-----w- C:\Users\Robin\AppData\Local\Mozilla2011-10-14 15:28:15 -------- d-----w- C:\Users\Robin\AppData\Local\PackageAware2011-10-14 15:14:01 -------- d-----w- C:\Users\Robin\AppData\Local\Ahead2011-10-14 15:11:50 -------- d-----w- C:\ProgramData\Nero2011-10-14 15:03:54 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS2011-10-14 15:03:54 -------- d-----w- C:\Program Files\Symantec2011-10-14 15:03:54 -------- d-----w- C:\Program Files\Common Files\Symantec Shared2011-10-14 15:01:31 83264 ----a-w- C:\Windows\SysWow64\HidService.exe2011-10-14 15:01:31 83264 ----a-w- C:\Windows\System32\HidService.exe2011-10-14 14:59:51 98360 ----a-w- C:\Windows\SysWow64\hcwi2c32.dll2011-10-14 14:59:51 36921 ----a-w- C:\Windows\SysWow64\hcwutl32_priv.dll2011-10-14 14:59:51 36921 ----a-w- C:\Windows\SysWow64\hcwutl32.dll2011-10-14 14:59:51 303160 ----a-w- C:\Windows\SysWow64\hcwpnp32_priv.dll2011-10-14 14:59:51 262200 ----a-w- C:\Windows\SysWow64\hcwpnp32.dll2011-10-14 14:56:31 -------- d-----w- C:\Users\Robin\AppData\Local\Google2011-10-14 14:46:53 218624 ----a-w- C:\Windows\System32\wintrust.dll2011-10-14 14:46:53 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll2011-10-14 14:46:52 98304 ----a-w- C:\Windows\SysWow64\cabview.dll2011-10-14 14:46:52 104960 ----a-w- C:\Windows\System32\cabview.dll2011-10-14 14:45:49 -------- d-----w- C:\Users\Robin\AppData\Local\Packard Bell2011-10-14 14:42:42 -------- d-----w- C:\Windows\oem2011-10-14 14:37:54 -------- d-sh--we C:\ProgramData\Start-meny2011-10-14 14:37:54 -------- d-sh--we C:\ProgramData\Skrivbord2011-10-14 14:37:54 -------- d-sh--we C:\ProgramData\Mallar2011-10-14 14:37:54 -------- d-sh--we C:\ProgramData\Favoriter2011-10-14 14:37:54 -------- d-sh--we C:\ProgramData\Dokument2011-10-14 14:37:54 -------- d-sh--we C:\Program Files\Delade filer2011-10-14 14:37:54 -------- d-sh--we C:\Program2011-10-14 14:37:54 -------- d-sh--we C:\Documents and Settings.==================== Find3M ====================.2011-09-14 09:47:42 60416 ----a-w- C:\Windows\System32\OVDecode64.dll2011-09-14 09:47:40 53760 ----a-w- C:\Windows\SysWow64\OVDecode.dll2011-09-14 09:47:22 51200 ----a-w- C:\Windows\System32\OpenCL.dll2011-09-14 09:47:18 43520 ----a-w- C:\Windows\SysWow64\OpenCL.dll2011-09-14 09:47:10 16652288 ----a-w- C:\Windows\System32\amdocl64.dll2011-09-14 09:46:58 13625856 ----a-w- C:\Windows\SysWow64\amdocl.dll2011-09-14 09:38:30 44032 ----a-w- C:\Windows\System32\amdoclcl64.dll2011-09-14 09:38:28 37376 ----a-w- C:\Windows\SysWow64\amdoclcl.dll2011-09-08 18:27:22 10203648 ----a-w- C:\Windows\System32\drivers\atikmdag.sys2011-09-08 17:59:44 24229376 ----a-w- C:\Windows\System32\atio6axx.dll2011-09-08 17:39:44 18534912 ----a-w- C:\Windows\SysWow64\atioglxx.dll2011-09-08 17:34:20 151552 ----a-w- C:\Windows\System32\atiapfxx.exe2011-09-08 17:34:10 732672 ----a-w- C:\Windows\SysWow64\aticfx32.dll2011-09-08 17:32:58 862720 ----a-w- C:\Windows\System32\aticfx64.dll2011-09-08 17:30:38 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll2011-09-08 17:30:26 486912 ----a-w- C:\Windows\System32\atieclxx.exe2011-09-08 17:29:56 204288 ----a-w- C:\Windows\System32\atiesrxx.exe2011-09-08 17:28:54 120320 ----a-w- C:\Windows\System32\atitmm64.dll2011-09-08 17:28:38 423424 ----a-w- C:\Windows\System32\atipdl64.dll2011-09-08 17:28:32 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll2011-09-08 17:28:22 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll2011-09-08 17:28:18 21504 ----a-w- C:\Windows\System32\atimuixx.dll2011-09-08 17:28:14 59392 ----a-w- C:\Windows\System32\atiedu64.dll2011-09-08 17:28:10 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll2011-09-08 17:24:38 4204032 ----a-w- C:\Windows\SysWow64\atidxx32.dll2011-09-08 17:18:56 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll2011-09-08 17:18:22 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll2011-09-08 17:18:08 3888640 ----a-w- C:\Windows\System32\atiumd6a.dll2011-09-08 17:16:00 4944896 ----a-w- C:\Windows\System32\atidxx64.dll2011-09-08 17:09:42 51200 ----a-w- C:\Windows\System32\aticalrt64.dll2011-09-08 17:09:40 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll2011-09-08 17:09:30 44544 ----a-w- C:\Windows\System32\aticalcl64.dll2011-09-08 17:09:28 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll2011-09-08 17:09:18 8723456 ----a-w- C:\Windows\System32\aticaldd64.dll2011-09-08 17:08:24 4064768 ----a-w- C:\Windows\SysWow64\atiumdva.dll2011-09-08 17:05:52 7331840 ----a-w- C:\Windows\SysWow64\aticaldd.dll2011-09-08 17:05:44 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll2011-09-08 17:00:02 5428736 ----a-w- C:\Windows\System32\atiumd64.dll2011-09-08 16:59:48 58880 ----a-w- C:\Windows\System32\coinst.dll2011-09-08 16:53:20 381952 ----a-w- C:\Windows\System32\atiadlxx.dll2011-09-08 16:53:12 270336 ----a-w- C:\Windows\SysWow64\atiadlxy.dll2011-09-08 16:52:58 15360 ----a-w- C:\Windows\System32\atig6pxx.dll2011-09-08 16:52:56 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll2011-09-08 16:52:56 13312 ----a-w- C:\Windows\System32\atiglpxx.dll2011-09-08 16:52:54 39936 ----a-w- C:\Windows\System32\atig6txx.dll2011-09-08 16:52:46 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll2011-09-08 16:52:40 310784 ----a-w- C:\Windows\System32\drivers\atikmpag.sys2011-09-08 16:52:00 40960 ----a-w- C:\Windows\System32\atiuxp64.dll2011-09-08 16:51:54 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll2011-09-08 16:51:50 38912 ----a-w- C:\Windows\System32\atiu9p64.dll2011-09-08 16:51:44 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll2011-09-08 16:51:28 45056 ----a-w- C:\Windows\System32\atitmp64.dll2011-09-08 16:51:12 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\atimpc64.dll2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\amdpcom64.dll2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll2011-09-06 13:56:50 2764288 ----a-w- C:\Windows\System32\win32k.sys.============= FINISH: 1:58:28,17 =============== Link to post Share on other sites More sharing options...
Staff screen317 Posted October 23, 2011 Staff ID:488359 Share Posted October 23, 2011 Hi, Next, please run a free online scan with the ESET Online Scanner Note: You will need to use Internet Explorer for this scan.Tick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick Scan Wait for the scan to finishUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topic Next, download my Security Check from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document. Let me know how things are running now and what issues remain. Link to post Share on other sites More sharing options...
extro Posted October 24, 2011 Author ID:488555 Share Posted October 24, 2011 ESET scans says no threats found. And i cant find the log. Still got the same problem.From the moment i start my computer till the time i turn it off, i get pop-ups every 3rd minut or something, that says Internet explorer have stopped working and then DEP(DATA EXECUTION PROVENTION) comes up and says Internet explorer have been shut down to proect your computer. IM not even trying to run internet explorer, the popups comes even when I pulled out the Internet cable. and whenever i try to run Internet explorer, internet explorer(no addons),firefox it gets shutdown imiediatly and DEP comes again. The only internet that is working is Internet explorer(64 bits). I also cant do windows update, I get an error code, FFFFFFFE, and when i google it, they say that if i see that error code, my computer might be infected. I just dont get it.. apperently something i got the computer is trying to run internet explorer and my DEP is shutting it down to protect my computer, and its getting really annoying since i cant do anything on the computer for all the popups thats keep coming. Just while writing this ive been closing about 14 pop-ups...Thanks in advance for any help you can give me!Results of screen317's Security Check version 0.99.24 Windows Vista x64 (UAC is enabled) Out of date service pack!! Internet Explorer 9 `````````````````````````````` Antivirus/Firewall Check: ESET Online Scanner v3 Norton Internet Security WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware ```````````````````````````````` Process Check: objlist.exe by Laurent Norton ccSvcHst.exe Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe ESET ESET Online Scanner OnlineCmdLineScanner.exe ``````````End of Log```````````` Link to post Share on other sites More sharing options...
extro Posted October 28, 2011 Author ID:489644 Share Posted October 28, 2011 Okay its been 4 days now since i got any answers so im going to try and bump this since i got some new info. I know you guys got alot to do and im not trying to complain:) I got all the same problems as stated at my recent post.Ive ran Avira Antivirus Premium 2012 (free 30 days) and heres the log2011-10-28,15:57:41 [iNFO] ---------------------------------------------------------2011-10-28,15:57:41 [iNFO] Avira Antivirus Premium 2012 has been started successfully!2011-10-28,15:57:49 [iNFO] Realtime Protection version: 12.01.00.18, Engine version 8.2.6.84, VDF version: 7.11.16.662011-10-28,15:57:50 [iNFO] The program is running as a fully functional evaluation version.2011-10-28,15:57:50 [iNFO] Online services are available:2011-10-28,15:57:50 [iNFO] Realtime Protection was enabled.2011-10-28,15:57:50 [iNFO] On-Access configuration used: - Files to scan: scan files from local drives - Files to scan: Use file extension list: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CPX .CRT .CSH .DLL .DLO .DO* .DRV .EMF .EML .EXE* .FAS .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT* .PPAM .PPS* .PPT* .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SLD? .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL* .XML .XXX .ZIP - Device mode: Scan file on open, scan file on close - Actions: ask the user - Scan archive: Disabled - Heuristic: Enabled - Win32 file heuristic: Medium detection level - Logfile report level Default2011-10-28,15:58:44 [iNFO] Update process started!2011-10-28,15:58:56 [iNFO] Current Engine Version: 8.2.6.1002011-10-28,15:58:56 [iNFO] Current Pattern File: 7.11.16.1982011-10-28,16:00:11 [DETECTION] The boot sector of Master boot sector HD0 contains code from 'BOO/TDss.D'.2011-10-28,16:00:11 [DETECTION] The boot sector of C: contains code from 'BOO/TDss.D'.2011-10-28,16:00:11 [DETECTION] The boot sector of Master boot sector HD0 contains code from 'BOO/TDss.D'.2011-10-28,16:00:11 [DETECTION] The boot sector of D: contains code from 'BOO/TDss.D'.My D DRIVE is says Access Denied (D:). :/ and i got no idea how to open it. also i dont know how to remove these virus or whatever they are. PLEASE help me =) Link to post Share on other sites More sharing options...
Staff screen317 Posted October 31, 2011 Staff ID:490693 Share Posted October 31, 2011 Hi,My apologies for the delay.Please grab fresh copies of ComboFix and TDSSKiller, run them, and post their logs. Link to post Share on other sites More sharing options...
extro Posted November 1, 2011 Author ID:491050 Share Posted November 1, 2011 Hi heres the combofix log and tdsskiller log.ComboFix 11-11-01.04 - Robin 2011-11-01 18:44:17.2.2 - x64Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.4094.2689 [GMT 1:00]Körs från: c:\users\Robin\Desktop\ComboFix.exeAV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..(((((((((((((((((((((((( Filer skapade från 2011-10-01 till 2011-11-01 ))))))))))))))))))))))))))))))..2011-11-01 20:55 . 2011-11-01 20:55 -------- d-----w- c:\users\Default\AppData\Local\temp2011-10-29 13:14 . 2011-10-29 13:14 -------- d-----w- c:\windows\CheckSur2011-10-28 13:57 . 2011-10-19 15:03 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys2011-10-28 13:57 . 2011-10-19 15:03 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys2011-10-28 13:57 . 2011-10-19 15:03 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys2011-10-28 13:57 . 2011-10-28 13:57 -------- d-----w- c:\program files (x86)\Avira2011-10-25 20:01 . 2011-10-25 20:01 -------- d-----w- c:\program files (x86)\Microsoft Silverlight2011-10-25 19:58 . 2011-10-27 12:57 -------- d-----w- c:\windows\system32\catroot22011-10-25 19:40 . 2011-10-25 19:40 -------- d-----w- C:\110e8b8638607aaf4f452011-10-24 19:20 . 2011-10-24 19:20 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help2011-10-24 18:45 . 2011-05-24 17:14 270720 ------w- c:\windows\system32\MpSigStub.exe2011-10-24 18:31 . 2010-04-06 08:34 345984 ----a-w- c:\windows\system32\drivers\netio.sys2011-10-24 14:20 . 2011-10-24 14:20 -------- d-----w- c:\program files (x86)\ESET2011-10-17 17:40 . 2011-10-17 17:40 -------- d-----w- c:\program files (x86)\Nero2011-10-17 17:39 . 2008-05-02 05:26 1414440 ----a-w- c:\windows\SysWow64\ShellManager310E2D762.dll2011-10-17 17:12 . 2011-10-17 17:12 -------- d-----w- c:\windows\Sun2011-10-17 17:01 . 2011-03-12 22:52 1653760 ----a-w- c:\windows\system32\XpsPrint.dll2011-10-17 17:01 . 2011-03-12 21:55 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll2011-10-17 14:20 . 2011-10-17 14:20 -------- d-----w- c:\windows\SysWow64\spool2011-10-17 14:20 . 2011-10-17 14:20 -------- d-----w- c:\program files (x86)\Windows Portable Devices2011-10-17 14:20 . 2011-10-17 14:20 -------- d-----w- c:\program files\Windows Portable Devices2011-10-16 22:35 . 2009-10-01 01:02 30208 ----a-w- c:\windows\SysWow64\WPDShextAutoplay.exe2011-10-16 22:21 . 2009-09-10 02:00 92672 ----a-w- c:\windows\SysWow64\UIAnimation.dll2011-10-16 22:21 . 2009-09-10 02:07 3815424 ----a-w- c:\windows\system32\UIRibbon.dll2011-10-16 22:21 . 2009-09-10 02:06 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll2011-10-16 22:21 . 2009-09-10 02:05 103424 ----a-w- c:\windows\system32\UIAnimation.dll2011-10-16 22:21 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\SysWow64\UIRibbon.dll2011-10-16 22:21 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll2011-10-16 20:24 . 2011-02-22 14:13 288768 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll2011-10-16 20:24 . 2011-02-22 14:47 479744 ----a-w- c:\windows\system32\XpsGdiConverter.dll2011-10-16 20:24 . 2011-02-22 13:53 1555968 ----a-w- c:\windows\system32\DWrite.dll2011-10-16 20:24 . 2011-02-22 13:53 1149440 ----a-w- c:\windows\system32\FntCache.dll2011-10-16 20:24 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll2011-10-16 20:24 . 2010-05-04 19:40 316928 ----a-w- c:\windows\system32\msshsq.dll2011-10-16 20:24 . 2010-05-04 19:13 231424 ----a-w- c:\windows\SysWow64\msshsq.dll2011-10-16 20:24 . 2011-07-11 13:45 2048 ----a-w- c:\windows\system32\tzres.dll2011-10-16 20:24 . 2011-07-11 13:25 2048 ----a-w- c:\windows\SysWow64\tzres.dll2011-10-16 20:22 . 2011-01-20 16:07 258048 ----a-w- c:\windows\SysWow64\winspool.drv2011-10-16 20:22 . 2011-01-20 14:40 34304 ----a-w- c:\windows\system32\mfpmp.exe2011-10-16 20:22 . 2011-01-20 16:04 98816 ----a-w- c:\windows\SysWow64\mfps.dll2011-10-16 20:22 . 2011-08-25 16:20 735744 ----a-w- c:\windows\system32\UIAutomationCore.dll2011-10-16 20:22 . 2011-08-25 16:19 332288 ----a-w- c:\windows\system32\oleacc.dll2011-10-16 20:22 . 2011-08-25 16:15 555520 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll2011-10-16 20:22 . 2011-08-25 16:14 238080 ----a-w- c:\windows\SysWow64\oleacc.dll2011-10-16 20:22 . 2011-08-25 13:54 4096 ----a-w- c:\windows\system32\oleaccrc.dll2011-10-16 20:22 . 2011-08-25 13:31 4096 ----a-w- c:\windows\SysWow64\oleaccrc.dll2011-10-16 20:22 . 2011-08-25 16:19 847360 ----a-w- c:\windows\system32\oleaut32.dll2011-10-16 20:22 . 2011-08-25 16:14 563712 ----a-w- c:\windows\SysWow64\oleaut32.dll2011-10-16 01:14 . 2011-10-16 01:14 -------- d-----w- c:\windows\SysWow64\ca-ES2011-10-16 01:14 . 2011-10-16 01:14 -------- d-----w- c:\windows\SysWow64\eu-ES2011-10-16 01:14 . 2011-10-16 01:14 -------- d-----w- c:\windows\SysWow64\vi-VN2011-10-16 01:14 . 2011-10-16 01:14 -------- d-----w- c:\windows\system32\ca-ES2011-10-16 01:14 . 2011-10-16 01:14 -------- d-----w- c:\windows\system32\eu-ES2011-10-16 01:14 . 2011-10-16 01:14 -------- d-----w- c:\windows\system32\vi-VN2011-10-16 00:54 . 2011-10-16 00:54 -------- d-----w- c:\windows\system32\EventProviders2011-10-16 00:50 . 2009-04-11 07:11 1081856 ----a-w- c:\windows\system32\qmgr.dll2011-10-16 00:49 . 2009-04-11 07:11 690688 ----a-w- c:\windows\system32\wpcao.dll2011-10-16 00:48 . 2009-04-11 06:28 247808 ----a-w- c:\windows\SysWow64\drvstore.dll2011-10-16 00:48 . 2009-04-11 06:28 83968 ----a-w- c:\windows\SysWow64\wbem\wmiutils.dll2011-10-16 00:48 . 2009-04-11 06:28 30208 ----a-w- c:\windows\SysWow64\wbem\wbemprox.dll2011-10-16 00:48 . 2009-04-11 06:28 189440 ----a-w- c:\windows\SysWow64\wbem\mofd.dll2011-10-16 00:48 . 2009-04-11 06:28 614912 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll2011-10-16 00:48 . 2009-04-11 06:28 265728 ----a-w- c:\windows\SysWow64\wbem\esscli.dll2011-10-16 00:46 . 2009-04-11 07:11 43520 ----a-w- c:\windows\system32\wbem\wbemprox.dll2011-10-16 00:46 . 2009-04-11 07:11 1172992 ----a-w- c:\windows\system32\wbem\wbemcore.dll2011-10-16 00:46 . 2009-04-11 07:11 891392 ----a-w- c:\windows\system32\wbem\fastprox.dll2011-10-16 00:45 . 2009-04-11 07:11 936448 ----a-w- c:\windows\system32\SmiEngine.dll2011-10-16 00:45 . 2009-04-11 07:11 293888 ----a-w- c:\windows\system32\wdscore.dll2011-10-16 00:45 . 2009-04-11 07:10 138752 ----a-w- c:\windows\system32\PkgMgr.exe2011-10-16 00:45 . 2009-04-11 07:11 315904 ----a-w- c:\windows\system32\drvstore.dll2011-10-15 23:21 . 2011-10-15 23:21 0 ----a-w- c:\windows\ativpsrm.bin2011-10-15 22:57 . 2011-10-15 22:57 -------- d-----w- c:\program files (x86)\AMD APP2011-10-15 22:55 . 2011-10-15 22:55 -------- d-----w- c:\program files (x86)\ATI Technologies2011-10-15 22:45 . 2011-10-15 22:57 -------- d-----w- c:\program files\ATI Technologies2011-10-15 22:45 . 2011-10-15 22:45 -------- d-----w- c:\program files\ATI2011-10-15 22:44 . 2011-10-15 22:44 -------- d-----w- C:\ATI2011-10-15 22:07 . 2011-10-15 22:07 525544 ----a-w- c:\windows\system32\deployJava1.dll2011-10-15 22:06 . 2011-10-15 22:06 -------- d-----w- c:\program files\Java2011-10-15 21:33 . 2011-10-15 21:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2011-10-15 21:33 . 2011-08-31 15:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys2011-10-15 20:53 . 2011-10-15 20:53 -------- d-----w- c:\program files (x86)\VideoLAN2011-10-15 12:01 . 2009-08-24 11:47 442368 ----a-w- c:\windows\system32\winhttp.dll2011-10-15 12:01 . 2009-08-24 11:36 377344 ----a-w- c:\windows\SysWow64\winhttp.dll2011-10-15 12:00 . 2009-11-04 04:49 31232 ----a-w- c:\windows\system32\drivers\sv-SE\http.sys.mui2011-10-15 12:00 . 2010-09-06 18:28 179712 ----a-w- c:\windows\system32\srvsvc.dll2011-10-15 12:00 . 2010-09-06 18:28 12288 ----a-w- c:\windows\system32\sscore.dll2011-10-15 12:00 . 2010-09-06 18:27 17920 ----a-w- c:\windows\system32\netevent.dll2011-10-15 12:00 . 2010-09-06 16:20 9728 ----a-w- c:\windows\SysWow64\sscore.dll2011-10-15 12:00 . 2010-09-06 16:19 17920 ----a-w- c:\windows\SysWow64\netevent.dll2011-10-15 10:57 . 2009-11-08 08:55 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll2011-10-15 10:57 . 2009-11-08 08:55 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll2011-10-15 10:57 . 2009-11-08 08:55 48960 ----a-w- c:\windows\system32\netfxperf.dll2011-10-15 10:57 . 2009-11-08 08:55 444752 ----a-w- c:\windows\system32\mscoree.dll2011-10-15 10:57 . 2009-11-08 08:55 320352 ----a-w- c:\windows\system32\PresentationHost.exe2011-10-15 10:57 . 2009-11-08 08:55 297808 ----a-w- c:\windows\SysWow64\mscoree.dll2011-10-15 10:57 . 2009-11-08 08:55 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe2011-10-15 10:57 . 2009-11-08 08:55 1942856 ----a-w- c:\windows\system32\dfshim.dll2011-10-15 10:57 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll2011-10-15 10:57 . 2009-11-08 08:55 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll2011-10-15 10:14 . 2011-03-03 15:59 32256 ----a-w- c:\windows\system32\Apphlpdm.dll2011-10-15 10:14 . 2011-03-03 15:40 28672 ----a-w- c:\windows\SysWow64\Apphlpdm.dll2011-10-15 10:14 . 2011-03-03 14:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll2011-10-15 10:14 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\SysWow64\GameUXLegacyGDFs.dll2011-10-15 09:27 . 2010-10-19 04:56 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll2011-10-15 09:27 . 2010-10-19 04:27 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll2011-10-15 09:24 . 2009-01-08 01:20 537088 ----a-w- c:\program files\Internet Explorer\pdm.dll2011-10-15 09:24 . 2009-01-08 01:20 358904 ----a-w- c:\program files\Internet Explorer\msdbg2.dll2011-10-15 09:24 . 2009-01-08 01:20 355832 ----a-w- c:\program files (x86)\Internet Explorer\pdm.dll2011-10-15 09:24 . 2009-01-08 01:20 265720 ----a-w- c:\program files (x86)\Internet Explorer\msdbg2.dll2011-10-15 08:51 . 2010-02-24 09:28 294912 ----a-w- c:\windows\system32\browserchoice.exe2011-10-15 08:50 . 2010-02-20 23:15 32768 ----a-w- c:\windows\system32\nshhttp.dll2011-10-15 08:50 . 2010-02-20 23:06 24064 ----a-w- c:\windows\SysWow64\nshhttp.dll2011-10-15 08:50 . 2010-02-20 23:14 33792 ----a-w- c:\windows\system32\httpapi.dll2011-10-15 08:50 . 2010-02-20 23:05 30720 ----a-w- c:\windows\SysWow64\httpapi.dll2011-10-15 08:50 . 2010-02-20 21:30 620032 ----a-w- c:\windows\system32\drivers\http.sys2011-10-15 08:45 . 2009-08-01 06:27 201184 ----a-w- c:\windows\SysWow64\winrm.vbs2011-10-15 08:40 . 2010-06-28 17:21 1915904 ----a-w- c:\windows\system32\ole32.dll2011-10-15 08:39 . 2009-09-10 15:27 1486848 ----a-w- c:\program files\Windows Media Player\setup_wm.exe2011-10-15 08:39 . 2009-09-10 15:27 372736 ----a-w- c:\windows\system32\unregmp2.exe2011-10-15 08:39 . 2009-09-10 14:58 1418752 ----a-w- c:\program files (x86)\Windows Media Player\setup_wm.exe2011-10-15 08:39 . 2009-09-10 14:58 310784 ----a-w- c:\windows\SysWow64\unregmp2.exe2011-10-15 08:36 . 2009-07-15 14:47 368128 ----a-w- c:\windows\system32\wmpdxm.dll2011-10-15 08:36 . 2009-07-15 12:39 313344 ----a-w- c:\windows\SysWow64\wmpdxm.dll2011-10-15 08:36 . 2009-07-15 10:23 43520 ----a-w- c:\windows\system32\msdxm.tlb2011-10-15 08:36 . 2009-07-15 10:23 18432 ----a-w- c:\windows\system32\amcompat.tlb..(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))).2011-09-14 09:47 . 2011-09-14 09:47 60416 ----a-w- c:\windows\system32\OVDecode64.dll2011-09-14 09:47 . 2011-09-14 09:47 53760 ----a-w- c:\windows\SysWow64\OVDecode.dll2011-09-14 09:47 . 2011-09-14 09:47 51200 ----a-w- c:\windows\system32\OpenCL.dll2011-09-14 09:47 . 2011-09-14 09:47 43520 ----a-w- c:\windows\SysWow64\OpenCL.dll2011-09-14 09:47 . 2011-09-14 09:47 16652288 ----a-w- c:\windows\system32\amdocl64.dll2011-09-14 09:46 . 2011-09-14 09:46 13625856 ----a-w- c:\windows\SysWow64\amdocl.dll2011-09-14 09:38 . 2011-09-14 09:38 44032 ----a-w- c:\windows\system32\amdoclcl64.dll2011-09-14 09:38 . 2011-09-14 09:38 37376 ----a-w- c:\windows\SysWow64\amdoclcl.dll2011-09-08 18:27 . 2011-09-08 18:27 10203648 ----a-w- c:\windows\system32\drivers\atikmdag.sys2011-09-08 17:59 . 2011-09-08 17:59 24229376 ----a-w- c:\windows\system32\atio6axx.dll2011-09-08 17:39 . 2011-09-08 17:39 18534912 ----a-w- c:\windows\SysWow64\atioglxx.dll2011-09-08 17:34 . 2011-09-08 17:34 151552 ----a-w- c:\windows\system32\atiapfxx.exe2011-09-08 17:34 . 2011-09-08 17:34 732672 ----a-w- c:\windows\SysWow64\aticfx32.dll2011-09-08 17:32 . 2011-09-08 17:32 862720 ----a-w- c:\windows\system32\aticfx64.dll2011-09-08 17:30 . 2011-09-08 17:30 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll2011-09-08 17:30 . 2011-09-08 17:30 486912 ----a-w- c:\windows\system32\atieclxx.exe2011-09-08 17:29 . 2011-09-08 17:29 204288 ----a-w- c:\windows\system32\atiesrxx.exe2011-09-08 17:28 . 2011-09-08 17:28 120320 ----a-w- c:\windows\system32\atitmm64.dll2011-09-08 17:28 . 2011-09-08 17:28 423424 ----a-w- c:\windows\system32\atipdl64.dll2011-09-08 17:28 . 2011-09-08 17:28 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll2011-09-08 17:28 . 2011-09-08 17:28 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll2011-09-08 17:28 . 2011-09-08 17:28 21504 ----a-w- c:\windows\system32\atimuixx.dll2011-09-08 17:28 . 2011-09-08 17:28 59392 ----a-w- c:\windows\system32\atiedu64.dll2011-09-08 17:28 . 2011-09-08 17:28 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll2011-09-08 17:24 . 2011-09-08 17:24 4204032 ----a-w- c:\windows\SysWow64\atidxx32.dll2011-09-08 17:18 . 2011-09-08 17:18 1113088 ----a-w- c:\windows\system32\atiumd6v.dll2011-09-08 17:18 . 2011-09-08 17:18 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll2011-09-08 17:18 . 2011-09-08 17:18 3888640 ----a-w- c:\windows\system32\atiumd6a.dll2011-09-08 17:16 . 2011-09-08 17:16 4944896 ----a-w- c:\windows\system32\atidxx64.dll2011-09-08 17:09 . 2011-09-08 17:09 51200 ----a-w- c:\windows\system32\aticalrt64.dll2011-09-08 17:09 . 2011-09-08 17:09 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll2011-09-08 17:09 . 2011-09-08 17:09 44544 ----a-w- c:\windows\system32\aticalcl64.dll2011-09-08 17:09 . 2011-09-08 17:09 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll2011-09-08 17:09 . 2011-09-08 17:09 8723456 ----a-w- c:\windows\system32\aticaldd64.dll2011-09-08 17:08 . 2011-09-08 17:08 4064768 ----a-w- c:\windows\SysWow64\atiumdva.dll2011-09-08 17:05 . 2011-09-08 17:05 7331840 ----a-w- c:\windows\SysWow64\aticaldd.dll2011-09-08 17:05 . 2011-09-08 17:05 4289024 ----a-w- c:\windows\SysWow64\atiumdag.dll2011-09-08 17:00 . 2011-09-08 17:00 5428736 ----a-w- c:\windows\system32\atiumd64.dll2011-09-08 16:59 . 2011-09-08 16:59 58880 ----a-w- c:\windows\system32\coinst.dll2011-09-08 16:53 . 2011-09-08 16:53 381952 ----a-w- c:\windows\system32\atiadlxx.dll2011-09-08 16:53 . 2011-09-08 16:53 270336 ----a-w- c:\windows\SysWow64\atiadlxy.dll2011-09-08 16:52 . 2011-09-08 16:52 15360 ----a-w- c:\windows\system32\atig6pxx.dll2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\SysWow64\atiglpxx.dll2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\system32\atiglpxx.dll2011-09-08 16:52 . 2011-09-08 16:52 39936 ----a-w- c:\windows\system32\atig6txx.dll2011-09-08 16:52 . 2011-09-08 16:52 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll2011-09-08 16:52 . 2011-09-08 16:52 310784 ----a-w- c:\windows\system32\drivers\atikmpag.sys2011-09-08 16:52 . 2011-09-08 16:52 40960 ----a-w- c:\windows\system32\atiuxp64.dll2011-09-08 16:51 . 2011-09-08 16:51 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll2011-09-08 16:51 . 2011-09-08 16:51 38912 ----a-w- c:\windows\system32\atiu9p64.dll2011-09-08 16:51 . 2011-09-08 16:51 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll2011-09-08 16:51 . 2011-09-08 16:51 45056 ----a-w- c:\windows\system32\atitmp64.dll2011-09-08 16:51 . 2011-09-08 16:51 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll2011-09-08 16:51 . 2011-09-08 16:51 54784 ----a-w- c:\windows\system32\atimpc64.dll2011-09-08 16:51 . 2011-09-08 16:51 54784 ----a-w- c:\windows\system32\amdpcom64.dll2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll..(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))..*Not* tomma poster & legitima standardposter visas inte. REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SmpcSys"="c:\program files (x86)\Packard Bell\SetupMyPC\SmpSys.exe" [2009-03-18 1160736]"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2009-03-25 1840424].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]"NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableUIADesktopToggle"= 0 (0x0).R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]S2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2011-10-19 342480]S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-19 86224]S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-10-19 463824]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]...--------- x86-64 -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-09-12 182808]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-10 7212576]"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-10 1833504]"FijiKeyboard"="c:\acer\Preload\Autorun\DRV\FIJI Keyboard\ABoard.exe" [2008-09-18 79416].------- Extra genomsökning -------.uLocal Page = c:\windows\system32\blank.htmmStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=041d&m=imedia_s3710&r=1v3610112706p0385vq25y4752932nmLocal Page = c:\windows\SysWOW64\blank.htmIE: E&xportera till Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dllTCP: DhcpNameServer = 83.255.245.11 193.150.193.150CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll.- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -.AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe...--------------------- LÅSTA REGISTERNYCKLAR ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]@Denied: (A 2) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]@="Shockwave Flash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]@Denied: (A 2) (Everyone)@="".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]@="FlashBroker".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\.Sluttid: 2011-11-01 22:14:23ComboFix-quarantined-files.txt 2011-11-01 21:14ComboFix2.txt 2011-10-21 23:46.Före genomsökningen: 372 289 335 296 byte ledigtEfter genomsökningen: 372 724 264 960 byte ledigt.- - End Of File - - E502452BD88BCA96E655A315C07FCAFD22:28:47.0209 4184 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:0122:28:47.0339 4184 ============================================================22:28:47.0339 4184 Current date / time: 2011/11/01 22:28:47.033922:28:47.0339 4184 SystemInfo:22:28:47.0339 4184 22:28:47.0339 4184 OS Version: 6.0.6002 ServicePack: 2.022:28:47.0339 4184 Product type: Workstation22:28:47.0339 4184 ComputerName: ROBIN-DATOR22:28:47.0339 4184 UserName: Robin22:28:47.0339 4184 Windows directory: C:\Windows22:28:47.0339 4184 System windows directory: C:\Windows22:28:47.0339 4184 Running under WOW6422:28:47.0339 4184 Processor architecture: Intel x6422:28:47.0339 4184 Number of processors: 222:28:47.0339 4184 Page size: 0x100022:28:47.0339 4184 Boot type: Normal boot22:28:47.0339 4184 ============================================================22:28:47.0641 4184 Initialize success22:29:13.0879 2828 ============================================================22:29:13.0879 2828 Scan started22:29:13.0879 2828 Mode: Manual; 22:29:13.0879 2828 ============================================================22:29:14.0442 2828 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys22:29:14.0445 2828 ACPI - ok22:29:14.0584 2828 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys22:29:14.0589 2828 adp94xx - ok22:29:14.0694 2828 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys22:29:14.0697 2828 adpahci - ok22:29:14.0785 2828 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys22:29:14.0787 2828 adpu160m - ok22:29:14.0884 2828 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys22:29:14.0886 2828 adpu320 - ok22:29:14.0997 2828 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys22:29:15.0000 2828 AFD - ok22:29:15.0087 2828 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys22:29:15.0088 2828 agp440 - ok22:29:15.0198 2828 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys22:29:15.0199 2828 aic78xx - ok22:29:15.0307 2828 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys22:29:15.0308 2828 aliide - ok22:29:15.0401 2828 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys22:29:15.0401 2828 amdide - ok22:29:15.0497 2828 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys22:29:15.0498 2828 AmdK8 - ok22:29:15.0755 2828 amdkmdag (446a1aad34191665a8df6092bd8eb5a8) C:\Windows\system32\DRIVERS\atikmdag.sys22:29:15.0823 2828 amdkmdag - ok22:29:15.0912 2828 amdkmdap (f8f8a908fdb005a65ddf7238c814eea5) C:\Windows\system32\DRIVERS\atikmpag.sys22:29:15.0914 2828 amdkmdap - ok22:29:16.0030 2828 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys22:29:16.0031 2828 arc - ok22:29:16.0042 2828 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys22:29:16.0043 2828 arcsas - ok22:29:16.0070 2828 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys22:29:16.0071 2828 AsyncMac - ok22:29:16.0093 2828 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys22:29:16.0094 2828 atapi - ok22:29:16.0154 2828 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys22:29:16.0155 2828 avgntflt - ok22:29:16.0177 2828 avipbb (d959309ececca73fc79f8ef8521346b2) C:\Windows\system32\DRIVERS\avipbb.sys22:29:16.0178 2828 avipbb - ok22:29:16.0221 2828 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys22:29:16.0222 2828 avkmgr - ok22:29:16.0232 2828 Beep - ok22:29:16.0271 2828 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys22:29:16.0272 2828 blbdrive - ok22:29:16.0300 2828 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys22:29:16.0301 2828 bowser - ok22:29:16.0327 2828 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys22:29:16.0328 2828 BrFiltLo - ok22:29:16.0348 2828 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys22:29:16.0349 2828 BrFiltUp - ok22:29:16.0381 2828 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys22:29:16.0382 2828 Brserid - ok22:29:16.0397 2828 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys22:29:16.0398 2828 BrSerWdm - ok22:29:16.0416 2828 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys22:29:16.0417 2828 BrUsbMdm - ok22:29:16.0424 2828 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys22:29:16.0425 2828 BrUsbSer - ok22:29:16.0440 2828 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys22:29:16.0441 2828 BTHMODEM - ok22:29:16.0558 2828 catchme - ok22:29:16.0679 2828 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys22:29:16.0680 2828 cdfs - ok22:29:16.0727 2828 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys22:29:16.0728 2828 cdrom - ok22:29:16.0758 2828 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys22:29:16.0759 2828 circlass - ok22:29:16.0803 2828 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys22:29:16.0807 2828 CLFS - ok22:29:16.0855 2828 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys22:29:16.0856 2828 cmdide - ok22:29:16.0874 2828 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys22:29:16.0874 2828 Compbatt - ok22:29:16.0894 2828 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys22:29:16.0894 2828 crcdisk - ok22:29:16.0958 2828 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys22:29:16.0960 2828 DfsC - ok22:29:17.0014 2828 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys22:29:17.0015 2828 disk - ok22:29:17.0056 2828 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys22:29:17.0056 2828 drmkaud - ok22:29:17.0104 2828 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys22:29:17.0112 2828 DXGKrnl - ok22:29:17.0133 2828 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys22:29:17.0135 2828 E1G60 - ok22:29:17.0179 2828 e1yexpress (bddc6f6c49633aa85a30a989418e30f4) C:\Windows\system32\DRIVERS\e1y60x64.sys22:29:17.0183 2828 e1yexpress - ok22:29:17.0217 2828 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys22:29:17.0219 2828 Ecache - ok22:29:17.0250 2828 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys22:29:17.0256 2828 elxstor - ok22:29:17.0293 2828 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys22:29:17.0294 2828 ErrDev - ok22:29:17.0335 2828 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys22:29:17.0338 2828 exfat - ok22:29:17.0383 2828 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys22:29:17.0386 2828 fastfat - ok22:29:17.0412 2828 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys22:29:17.0413 2828 fdc - ok22:29:17.0445 2828 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys22:29:17.0447 2828 FileInfo - ok22:29:17.0466 2828 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys22:29:17.0468 2828 Filetrace - ok22:29:17.0510 2828 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys22:29:17.0511 2828 flpydisk - ok22:29:17.0549 2828 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys22:29:17.0554 2828 FltMgr - ok22:29:17.0584 2828 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys22:29:17.0586 2828 Fs_Rec - ok22:29:17.0609 2828 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys22:29:17.0611 2828 gagp30kx - ok22:29:17.0678 2828 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys22:29:17.0683 2828 HdAudAddService - ok22:29:17.0736 2828 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys22:29:17.0750 2828 HDAudBus - ok22:29:17.0776 2828 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys22:29:17.0777 2828 HidBth - ok22:29:17.0797 2828 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys22:29:17.0798 2828 HidIr - ok22:29:17.0816 2828 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys22:29:17.0817 2828 HidUsb - ok22:29:17.0856 2828 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys22:29:17.0858 2828 HpCISSs - ok22:29:17.0905 2828 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys22:29:17.0911 2828 HTTP - ok22:29:17.0935 2828 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys22:29:17.0936 2828 i2omp - ok22:29:17.0952 2828 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys22:29:17.0953 2828 i8042prt - ok22:29:18.0021 2828 iaStor (756879fa65978df948437ce3fd1eaccd) C:\Windows\system32\DRIVERS\iaStor.sys22:29:18.0025 2828 iaStor - ok22:29:18.0043 2828 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys22:29:18.0048 2828 iaStorV - ok22:29:18.0060 2828 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys22:29:18.0061 2828 iirsp - ok22:29:18.0163 2828 IntcAzAudAddService (fdfc40441fac0f3114a974168125279f) C:\Windows\system32\drivers\RTKVHD64.sys22:29:18.0197 2828 IntcAzAudAddService - ok22:29:18.0221 2828 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys22:29:18.0222 2828 intelide - ok22:29:18.0239 2828 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys22:29:18.0240 2828 intelppm - ok22:29:18.0280 2828 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys22:29:18.0281 2828 IpFilterDriver - ok22:29:18.0297 2828 IpInIp - ok22:29:18.0321 2828 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys22:29:18.0323 2828 IPMIDRV - ok22:29:18.0338 2828 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys22:29:18.0340 2828 IPNAT - ok22:29:18.0358 2828 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys22:29:18.0359 2828 IRENUM - ok22:29:18.0376 2828 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys22:29:18.0377 2828 isapnp - ok22:29:18.0411 2828 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys22:29:18.0414 2828 iScsiPrt - ok22:29:18.0431 2828 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys22:29:18.0432 2828 iteatapi - ok22:29:18.0453 2828 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys22:29:18.0454 2828 iteraid - ok22:29:18.0462 2828 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys22:29:18.0464 2828 kbdclass - ok22:29:18.0506 2828 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys22:29:18.0507 2828 kbdhid - ok22:29:18.0558 2828 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys22:29:18.0566 2828 KSecDD - ok22:29:18.0582 2828 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys22:29:18.0583 2828 ksthunk - ok22:29:18.0625 2828 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys22:29:18.0626 2828 lltdio - ok22:29:18.0655 2828 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys22:29:18.0657 2828 LSI_FC - ok22:29:18.0669 2828 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys22:29:18.0671 2828 LSI_SAS - ok22:29:18.0681 2828 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys22:29:18.0682 2828 LSI_SCSI - ok22:29:18.0693 2828 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys22:29:18.0696 2828 luafv - ok22:29:18.0745 2828 Lycosa (e5ecf40e5fd459141e5f6685ffd51804) C:\Windows\system32\drivers\Lycosa.sys22:29:18.0746 2828 Lycosa - ok22:29:18.0783 2828 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys22:29:18.0784 2828 MBAMProtector - ok22:29:18.0821 2828 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys22:29:18.0822 2828 megasas - ok22:29:18.0863 2828 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys22:29:18.0870 2828 MegaSR - ok22:29:18.0896 2828 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys22:29:18.0897 2828 Modem - ok22:29:18.0917 2828 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys22:29:18.0919 2828 monitor - ok22:29:18.0934 2828 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys22:29:18.0935 2828 mouclass - ok22:29:18.0947 2828 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys22:29:18.0948 2828 mouhid - ok22:29:18.0964 2828 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys22:29:18.0966 2828 MountMgr - ok22:29:19.0002 2828 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys22:29:19.0005 2828 mpio - ok22:29:19.0021 2828 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys22:29:19.0022 2828 mpsdrv - ok22:29:19.0042 2828 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys22:29:19.0044 2828 Mraid35x - ok22:29:19.0069 2828 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys22:29:19.0072 2828 MRxDAV - ok22:29:19.0100 2828 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys22:29:19.0103 2828 mrxsmb - ok22:29:19.0114 2828 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys22:29:19.0118 2828 mrxsmb10 - ok22:29:19.0129 2828 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys22:29:19.0130 2828 mrxsmb20 - ok22:29:19.0168 2828 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys22:29:19.0170 2828 msahci - ok22:29:19.0203 2828 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys22:29:19.0205 2828 msdsm - ok22:29:19.0250 2828 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys22:29:19.0251 2828 Msfs - ok22:29:19.0271 2828 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys22:29:19.0273 2828 msisadrv - ok22:29:19.0311 2828 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys22:29:19.0312 2828 MSKSSRV - ok22:29:19.0326 2828 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys22:29:19.0327 2828 MSPCLOCK - ok22:29:19.0359 2828 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys22:29:19.0360 2828 MSPQM - ok22:29:19.0400 2828 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys22:29:19.0405 2828 MsRPC - ok22:29:19.0423 2828 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys22:29:19.0425 2828 mssmbios - ok22:29:19.0450 2828 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys22:29:19.0451 2828 MSTEE - ok22:29:19.0466 2828 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys22:29:19.0468 2828 Mup - ok22:29:19.0506 2828 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys22:29:19.0508 2828 NativeWifiP - ok22:29:19.0551 2828 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys22:29:19.0563 2828 NDIS - ok22:29:19.0580 2828 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys22:29:19.0581 2828 NdisTapi - ok22:29:19.0602 2828 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys22:29:19.0602 2828 Ndisuio - ok22:29:19.0639 2828 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys22:29:19.0642 2828 NdisWan - ok22:29:19.0660 2828 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys22:29:19.0661 2828 NDProxy - ok22:29:19.0693 2828 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys22:29:19.0695 2828 NetBIOS - ok22:29:19.0735 2828 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys22:29:19.0740 2828 netbt - ok22:29:19.0774 2828 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys22:29:19.0776 2828 nfrd960 - ok22:29:19.0822 2828 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys22:29:19.0824 2828 Npfs - ok22:29:19.0849 2828 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys22:29:19.0850 2828 nsiproxy - ok22:29:19.0915 2828 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys22:29:19.0948 2828 Ntfs - ok22:29:19.0958 2828 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys22:29:19.0959 2828 Null - ok22:29:19.0985 2828 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys22:29:19.0987 2828 nvraid - ok22:29:20.0003 2828 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys22:29:20.0004 2828 nvstor - ok22:29:20.0031 2828 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys22:29:20.0034 2828 nv_agp - ok22:29:20.0043 2828 NwlnkFlt - ok22:29:20.0055 2828 NwlnkFwd - ok22:29:20.0110 2828 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys22:29:20.0111 2828 ohci1394 - ok22:29:20.0163 2828 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys22:29:20.0165 2828 Parport - ok22:29:20.0205 2828 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys22:29:20.0207 2828 partmgr - ok22:29:20.0239 2828 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys22:29:20.0241 2828 pci - ok22:29:20.0260 2828 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys22:29:20.0261 2828 pciide - ok22:29:20.0279 2828 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys22:29:20.0283 2828 pcmcia - ok22:29:20.0314 2828 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys22:29:20.0320 2828 PEAUTH - ok22:29:20.0422 2828 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys22:29:20.0425 2828 PptpMiniport - ok22:29:20.0447 2828 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys22:29:20.0449 2828 Processor - ok22:29:20.0491 2828 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys22:29:20.0493 2828 PSched - ok22:29:20.0507 2828 PxHlpa64 (a6bf0a9b5a30d743623ca0d3be35df05) C:\Windows\system32\Drivers\PxHlpa64.sys22:29:20.0509 2828 PxHlpa64 - ok22:29:20.0563 2828 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys22:29:20.0596 2828 ql2300 - ok22:29:20.0617 2828 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys22:29:20.0619 2828 ql40xx - ok22:29:20.0648 2828 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys22:29:20.0650 2828 QWAVEdrv - ok22:29:20.0674 2828 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys22:29:20.0675 2828 RasAcd - ok22:29:20.0729 2828 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys22:29:20.0731 2828 Rasl2tp - ok22:29:20.0771 2828 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys22:29:20.0772 2828 RasPppoe - ok22:29:20.0810 2828 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys22:29:20.0813 2828 RasSstp - ok22:29:20.0860 2828 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys22:29:20.0865 2828 rdbss - ok22:29:20.0873 2828 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys22:29:20.0876 2828 RDPCDD - ok22:29:20.0920 2828 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys22:29:20.0925 2828 rdpdr - ok22:29:20.0934 2828 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys22:29:20.0935 2828 RDPENCDD - ok22:29:20.0962 2828 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys22:29:20.0966 2828 RDPWD - ok22:29:21.0013 2828 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys22:29:21.0015 2828 rspndr - ok22:29:21.0063 2828 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys22:29:21.0065 2828 sbp2port - ok22:29:21.0112 2828 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys22:29:21.0113 2828 secdrv - ok22:29:21.0146 2828 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys22:29:21.0147 2828 Serenum - ok22:29:21.0172 2828 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys22:29:21.0174 2828 Serial - ok22:29:21.0196 2828 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys22:29:21.0197 2828 sermouse - ok22:29:21.0235 2828 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys22:29:21.0236 2828 sffdisk - ok22:29:21.0254 2828 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys22:29:21.0255 2828 sffp_mmc - ok22:29:21.0272 2828 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys22:29:21.0273 2828 sffp_sd - ok22:29:21.0292 2828 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys22:29:21.0293 2828 sfloppy - ok22:29:21.0315 2828 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys22:29:21.0316 2828 SiSRaid2 - ok22:29:21.0326 2828 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys22:29:21.0330 2828 SiSRaid4 - ok22:29:21.0379 2828 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys22:29:21.0381 2828 Smb - ok22:29:21.0427 2828 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys22:29:21.0429 2828 spldr - ok22:29:21.0480 2828 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys22:29:21.0484 2828 srv - ok22:29:21.0522 2828 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys22:29:21.0526 2828 srv2 - ok22:29:21.0543 2828 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys22:29:21.0546 2828 srvnet - ok22:29:21.0606 2828 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys22:29:21.0607 2828 swenum - ok22:29:21.0644 2828 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys22:29:21.0645 2828 Symc8xx - ok22:29:21.0661 2828 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys22:29:21.0663 2828 Sym_hi - ok22:29:21.0688 2828 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys22:29:21.0689 2828 Sym_u3 - ok22:29:21.0772 2828 Tcpip (19a7321e3a5f1ddb215d2815dcc8f8e4) C:\Windows\system32\drivers\tcpip.sys22:29:21.0793 2828 Tcpip - ok22:29:21.0823 2828 Tcpip6 (19a7321e3a5f1ddb215d2815dcc8f8e4) C:\Windows\system32\DRIVERS\tcpip.sys22:29:21.0836 2828 Tcpip6 - ok22:29:21.0885 2828 tcpipreg (2aa1b7ebc271e995f3358c1fa7a1d35b) C:\Windows\system32\drivers\tcpipreg.sys22:29:21.0887 2828 tcpipreg - ok22:29:21.0910 2828 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys22:29:21.0912 2828 TDPIPE - ok22:29:21.0930 2828 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys22:29:21.0931 2828 TDTCP - ok22:29:21.0965 2828 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys22:29:21.0967 2828 tdx - ok22:29:22.0004 2828 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys22:29:22.0005 2828 TermDD - ok22:29:22.0067 2828 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys22:29:22.0069 2828 tssecsrv - ok22:29:22.0078 2828 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys22:29:22.0079 2828 tunmp - ok22:29:22.0096 2828 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys22:29:22.0097 2828 tunnel - ok22:29:22.0128 2828 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys22:29:22.0130 2828 uagp35 - ok22:29:22.0175 2828 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys22:29:22.0180 2828 udfs - ok22:29:22.0227 2828 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys22:29:22.0229 2828 uliagpkx - ok22:29:22.0258 2828 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys22:29:22.0263 2828 uliahci - ok22:29:22.0294 2828 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys22:29:22.0297 2828 UlSata - ok22:29:22.0318 2828 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys22:29:22.0321 2828 ulsata2 - ok22:29:22.0341 2828 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys22:29:22.0343 2828 umbus - ok22:29:22.0364 2828 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys22:29:22.0367 2828 usbccgp - ok22:29:22.0387 2828 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys22:29:22.0389 2828 usbcir - ok22:29:22.0425 2828 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys22:29:22.0426 2828 usbehci - ok22:29:22.0475 2828 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys22:29:22.0480 2828 usbhub - ok22:29:22.0507 2828 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys22:29:22.0508 2828 usbohci - ok22:29:22.0518 2828 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys22:29:22.0519 2828 usbprint - ok22:29:22.0550 2828 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS22:29:22.0551 2828 USBSTOR - ok22:29:22.0568 2828 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys22:29:22.0570 2828 usbuhci - ok22:29:22.0600 2828 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys22:29:22.0602 2828 vga - ok22:29:22.0620 2828 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys22:29:22.0621 2828 VgaSave - ok22:29:22.0630 2828 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys22:29:22.0632 2828 viaide - ok22:29:22.0675 2828 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys22:29:22.0677 2828 volmgr - ok22:29:22.0728 2828 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys22:29:22.0734 2828 volmgrx - ok22:29:22.0796 2828 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys22:29:22.0801 2828 volsnap - ok22:29:22.0829 2828 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys22:29:22.0831 2828 vsmraid - ok22:29:22.0863 2828 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys22:29:22.0864 2828 WacomPen - ok22:29:22.0887 2828 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys22:29:22.0889 2828 Wanarp - ok22:29:22.0895 2828 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys22:29:22.0896 2828 Wanarpv6 - ok22:29:22.0931 2828 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys22:29:22.0932 2828 Wd - ok22:29:22.0972 2828 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys22:29:22.0985 2828 Wdf01000 - ok22:29:23.0061 2828 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys22:29:23.0062 2828 WmiAcpi - ok22:29:23.0103 2828 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys22:29:23.0105 2828 ws2ifsl - ok22:29:23.0153 2828 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys22:29:23.0156 2828 WUDFRd - ok22:29:23.0179 2828 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR022:29:23.0199 2828 \Device\Harddisk0\DR0 - ok22:29:23.0204 2828 Boot (0x1200) (b34903156eab691d41dcc345924fda04) \Device\Harddisk0\DR0\Partition022:29:23.0205 2828 \Device\Harddisk0\DR0\Partition0 - ok22:29:23.0229 2828 Boot (0x1200) (601e18b5a49bc37aebaaee34f1944989) \Device\Harddisk0\DR0\Partition122:29:23.0230 2828 \Device\Harddisk0\DR0\Partition1 - ok22:29:23.0231 2828 ============================================================22:29:23.0231 2828 Scan finished22:29:23.0231 2828 ============================================================22:29:23.0245 4824 Detected object count: 022:29:23.0245 4824 Actual detected object count: 022:29:50.0125 3532 Deinitialize success Link to post Share on other sites More sharing options...
Staff screen317 Posted November 7, 2011 Staff ID:492308 Share Posted November 7, 2011 Hi,This is odd. Next, download MBRCheck.exe by a_d_13 and save it to your Desktop.Run it; when it completes, a log will be available on your Desktop (MBRCheck xxxxxx .txt) where xxxxxx is the time it ran.Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it Click the "Scan" button to start scan. Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time)Please post the contents of that log in your next reply.There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply. Link to post Share on other sites More sharing options...
extro Posted November 7, 2011 Author ID:492442 Share Posted November 7, 2011 Hi.Here the first scan with the first program you gave me. The MBRCheck.exe found something, but i didnt know if i should remove it or not so i didnt remove it.Please tell me if i should have it removed or not Heres the log:MBRCheck, version 1.2.3© 2010, ADCommand-line: Windows Version: Windows Vista Home Premium EditionWindows Information: Service Pack 2 (build 6002), 64-bitBase Board Manufacturer: Packard BellBIOS Manufacturer: AMISystem Manufacturer: Packard BellSystem Product Name: imedia S3710Logical Drives Mask: 0x000005fcKernel Drivers (total 139): 0x01E5A000 \SystemRoot\system32\ntoskrnl.exe 0x01E14000 \SystemRoot\system32\hal.dll 0x0060B000 \SystemRoot\system32\kdcom.dll 0x0060E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x00649000 \SystemRoot\system32\PSHED.dll 0x0065D000 \SystemRoot\system32\CLFS.SYS 0x006BA000 \SystemRoot\system32\CI.dll 0x00804000 \SystemRoot\system32\drivers\Wdf01000.sys 0x008DE000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x008EC000 \SystemRoot\system32\drivers\acpi.sys 0x00942000 \SystemRoot\system32\drivers\WMILIB.SYS 0x0094B000 \SystemRoot\system32\drivers\msisadrv.sys 0x00955000 \SystemRoot\system32\drivers\pci.sys 0x00985000 \SystemRoot\System32\drivers\partmgr.sys 0x0099A000 \SystemRoot\system32\drivers\volmgr.sys 0x0076C000 \SystemRoot\System32\drivers\volmgrx.sys 0x009AE000 \SystemRoot\System32\drivers\mountmgr.sys 0x00A03000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x00B1F000 \SystemRoot\system32\drivers\atapi.sys 0x00B27000 \SystemRoot\system32\drivers\ataport.SYS 0x00B4B000 \SystemRoot\system32\drivers\fltmgr.sys 0x00B92000 \SystemRoot\system32\drivers\fileinfo.sys 0x00BA6000 \SystemRoot\System32\Drivers\PxHlpa64.sys 0x00C0B000 \SystemRoot\System32\Drivers\ksecdd.sys 0x00E06000 \SystemRoot\system32\drivers\ndis.sys 0x00C92000 \SystemRoot\system32\drivers\msrpc.sys 0x00CE2000 \SystemRoot\system32\drivers\NETIO.SYS 0x01002000 \SystemRoot\System32\drivers\tcpip.sys 0x01176000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x0120E000 \SystemRoot\System32\Drivers\Ntfs.sys 0x0138E000 \SystemRoot\system32\drivers\volsnap.sys 0x013D2000 \SystemRoot\System32\Drivers\spldr.sys 0x013DA000 \SystemRoot\System32\Drivers\mup.sys 0x011A2000 \SystemRoot\System32\drivers\ecache.sys 0x013EC000 \SystemRoot\system32\drivers\disk.sys 0x011CE000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x01200000 \SystemRoot\system32\drivers\crcdisk.sys 0x0231D000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x02329000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x02332000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x02345000 \SystemRoot\system32\DRIVERS\atikmpag.sys 0x02408000 \SystemRoot\system32\DRIVERS\atikmdag.sys 0x02E16000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x02EF9000 \SystemRoot\System32\drivers\watchdog.sys 0x02F09000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x02396000 \SystemRoot\system32\DRIVERS\e1y60x64.sys 0x023E3000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x00D3B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x023EF000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x00FD7000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x00FE9000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x00D97000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x00DA3000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x02FF6000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x00DBF000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x0300C000 \SystemRoot\system32\DRIVERS\storport.sys 0x03069000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x03076000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x03099000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x030A5000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x030D6000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x030E6000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x03104000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x0311C000 \SystemRoot\system32\DRIVERS\termdd.sys 0x0312F000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x0313D000 \SystemRoot\system32\DRIVERS\swenum.sys 0x0313F000 \SystemRoot\system32\DRIVERS\ks.sys 0x03173000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x0317E000 \SystemRoot\system32\DRIVERS\umbus.sys 0x0318E000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x00BB2000 \SystemRoot\system32\drivers\HdAudio.sys 0x009C1000 \SystemRoot\system32\drivers\portcls.sys 0x031D6000 \SystemRoot\system32\drivers\drmk.sys 0x031F9000 \SystemRoot\system32\drivers\ksthunk.sys 0x03C03000 \SystemRoot\system32\drivers\RTKVHD64.sys 0x03DA9000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x03DBD000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x03DC7000 \SystemRoot\System32\Drivers\Null.SYS 0x03DDB000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x03DE3000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x00D81000 \SystemRoot\System32\drivers\vga.sys 0x007D2000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x03DD0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x03000000 \SystemRoot\system32\drivers\rdpencdd.sys 0x00C00000 \SystemRoot\System32\Drivers\Msfs.SYS 0x03E09000 \SystemRoot\System32\Drivers\Npfs.SYS 0x03E1A000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x03E23000 \SystemRoot\system32\DRIVERS\tdx.sys 0x03E40000 \SystemRoot\system32\DRIVERS\smb.sys 0x03E5B000 \SystemRoot\system32\drivers\afd.sys 0x03EC6000 \SystemRoot\System32\DRIVERS\netbt.sys 0x03F0A000 \SystemRoot\system32\drivers\ws2ifsl.sys 0x03F15000 \SystemRoot\system32\DRIVERS\pacer.sys 0x03F33000 \SystemRoot\system32\DRIVERS\netbios.sys 0x03F42000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x03F5D000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x03FAA000 \SystemRoot\system32\drivers\nsiproxy.sys 0x03FB6000 \SystemRoot\System32\Drivers\dfsc.sys 0x03FD3000 \SystemRoot\system32\DRIVERS\avkmgr.sys 0x04007000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x0402D000 \SystemRoot\System32\Drivers\crashdmp.sys 0x0403B000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x04157000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0x0416F000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x00060000 \SystemRoot\System32\win32k.sys 0x04171000 \SystemRoot\System32\drivers\Dxapi.sys 0x0417D000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x04199000 \SystemRoot\system32\drivers\Lycosa.sys 0x0419E000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x041A7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x041B9000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x041C4000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x041CF000 \SystemRoot\system32\DRIVERS\monitor.sys 0x004F0000 \SystemRoot\System32\TSDDD.dll 0x00670000 \SystemRoot\System32\cdd.dll 0x03FDD000 \SystemRoot\system32\drivers\luafv.sys 0x02200000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x02220000 \SystemRoot\system32\drivers\spsys.sys 0x041E2000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x022BA000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x0600E000 \SystemRoot\system32\drivers\HTTP.sys 0x060B1000 \SystemRoot\System32\Drivers\fastfat.SYS 0x060E6000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x0610F000 \SystemRoot\system32\DRIVERS\bowser.sys 0x0612D000 \SystemRoot\System32\drivers\mpsdrv.sys 0x06147000 \SystemRoot\system32\drivers\mrxdav.sys 0x0616E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x06197000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x061E0000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x022D2000 \SystemRoot\System32\DRIVERS\srv2.sys 0x06C03000 \SystemRoot\System32\DRIVERS\srv.sys 0x06C96000 \SystemRoot\system32\drivers\peauth.sys 0x06D4C000 \SystemRoot\System32\Drivers\secdrv.SYS 0x06D57000 \SystemRoot\System32\drivers\tcpipreg.sys 0x06D67000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0x06D87000 \SystemRoot\system32\DRIVERS\WUDFPf.sys 0x06D9D000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x06DB9000 \??\C:\Windows\system32\drivers\mbam.sys 0x76F20000 \Windows\System32\ntdll.dllProcesses (total 66): 0 System Idle Process 4 System 480 C:\Windows\System32\smss.exe 608 csrss.exe 672 C:\Windows\System32\wininit.exe 692 csrss.exe 728 C:\Windows\System32\services.exe 744 C:\Windows\System32\lsass.exe 752 C:\Windows\System32\lsm.exe 880 C:\Windows\System32\winlogon.exe 932 C:\Windows\System32\svchost.exe 1000 C:\Windows\System32\svchost.exe 236 C:\Windows\System32\svchost.exe 364 C:\Windows\System32\atiesrxx.exe 508 C:\Windows\System32\svchost.exe 516 C:\Windows\System32\svchost.exe 600 C:\Windows\System32\svchost.exe 1132 C:\Windows\System32\audiodg.exe 1156 C:\Windows\System32\svchost.exe 1180 C:\Windows\System32\SLsvc.exe 1224 C:\Windows\System32\svchost.exe 1368 C:\Windows\System32\svchost.exe 1388 C:\Windows\System32\atieclxx.exe 1620 C:\Windows\System32\spoolsv.exe 1644 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 1696 C:\Windows\System32\svchost.exe 1968 C:\Windows\System32\taskeng.exe 2040 C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe 1124 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 1420 C:\Windows\System32\HidService.exe 1788 C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe 2016 C:\Windows\SysWOW64\IoctlSvc.exe 1152 C:\Windows\System32\svchost.exe 1560 C:\Windows\System32\svchost.exe 2060 C:\Windows\System32\svchost.exe 2088 C:\Windows\System32\SearchIndexer.exe 2240 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe 2364 WUDFHost.exe 2716 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe 2732 C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe 2744 C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe 2968 C:\Windows\System32\taskeng.exe 2432 C:\Windows\System32\dwm.exe 2988 C:\Windows\explorer.exe 3316 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe 3336 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 3368 C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\ABoard.exe 3412 C:\Program Files (x86)\Packard Bell\SetupMyPC\SmpSys.exe 3480 C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\AOSD.exe 3544 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe 3568 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe 3588 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 3760 C:\Program Files\Windows Media Player\wmpnscfg.exe 3832 C:\Program Files\Windows Media Player\wmpnetwk.exe 4084 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 3208 C:\Windows\System32\svchost.exe 3216 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe 2844 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 2372 C:\Program Files\Internet Explorer\iexplore.exe 2020 C:\Windows\System32\SearchFilterHost.exe 5036 C:\Windows\System32\SearchProtocolHost.exe 4992 C:\Windows\System32\consent.exe 4144 dllhost.exe 5108 dllhost.exe 5080 C:\Users\Robin\Desktop\MBRCheck.exe 2440 C:\Windows\SysWOW64\conime.exe\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`a9900000 (NTFS)\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000076`46b00000 (NTFS)PhysicalDrive0 Model Number: WDCWD10EADS-00M2B0, Rev: 01.00A01 Size Device Name MBR Status -------------------------------------------- 931 GB \\.\PhysicalDrive0 MBR Code Faked! SHA1: 38BE7869FCCF026F920DA4A541B12E68993C36EDFound non-standard or infected MBR.Enter 'Y' and hit ENTER for more options, or 'N' to exit: Heres the second scan with the program aswMBR.exe :aswMBR version 0.9.8.986 Copyright© 2011 AVAST SoftwareRun date: 2011-11-07 18:11:38-----------------------------18:11:38.669 OS Version: Windows x64 6.0.6002 Service Pack 218:11:38.669 Number of processors: 2 586 0x170A18:11:38.669 ComputerName: ROBIN-DATOR UserName: Robin18:11:39.902 Initialize success18:12:47.860 AVAST engine defs: 1111070018:13:00.792 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-118:13:00.792 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 318:13:00.792 Disk 0 MBR read successfully18:13:00.808 Disk 0 MBR scan18:13:00.886 Disk 0 MBR:Alureon-I [Rtk]18:13:00.886 Disk 0 TDL4@MBR code has been found18:13:00.902 Disk 0 Windows VISTA default MBR code found via API18:13:00.902 Disk 0 MBR hidden18:13:00.902 Disk 0 MBR [TDL4] **ROOTKIT**18:13:00.902 Disk 0 trace - called modules:18:13:00.917 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8006d27254]<<18:13:00.917 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006a57790]18:13:00.917 3 CLASSPNP.SYS[fffffa60011cfc33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004c55050]18:13:00.933 \Driver\iaStor[0xfffffa80040f0720] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8006d2725418:13:02.555 AVAST engine scan C:\Windows18:13:08.592 AVAST engine scan C:\Windows\system3218:14:46.904 AVAST engine scan C:\Windows\system32\drivers18:14:58.728 AVAST engine scan C:\Users\Robin18:15:59.256 AVAST engine scan C:\ProgramData18:17:33.371 Scan finished successfully18:19:49.496 Disk 0 MBR has been saved successfully to "C:\Users\Robin\Desktop\MBR.dat"18:19:49.511 The log file has been saved successfully to "C:\Users\Robin\Desktop\aswMBR.txt"Also adding the attached file.MBR.zip Link to post Share on other sites More sharing options...
Staff screen317 Posted November 12, 2011 Staff ID:493869 Share Posted November 12, 2011 Hi,Reboot.Have the redirects stopped? This looks like a new variant of a TDL4 infection which we are actively researching.Grab fresh copies of TDSSKiller and ComboFix and run them; post their logs. Link to post Share on other sites More sharing options...
extro Posted November 12, 2011 Author ID:493920 Share Posted November 12, 2011 Hi,Reboot.Have the redirects stopped? This looks like a new variant of a TDL4 infection which we are actively researching.Grab fresh copies of TDSSKiller and ComboFix and run them; post their logs.Hi, im glad that your trying to help me. But im starting to get a little irritated now. Feels like your not reading what im saying?1. I never said i had any problems with redirects? I got problems that Dataexecutionprevention or whats it name is, Is shutting down my internet every 3 minuts because its trying to protect my computer. I also cant use any other web browser then Internet explorer (64 bits) all other browsers get shut down imidieatly. I cant update my computer because i got virus, Avira antivirus finds virus BOO/TDss in boot C and D.2. How could anything have stopped or changed since i havent done anything? You clearly stated this: •Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time). So nothing have changed.So ye im sorry but it feels like your answering someones elses post:/ Ill get started with the news tddskiller and combofix, But i dont see how it will make any change since they cant find anything. While the MBR scan found LOTS but im not allowed to press Fix?Thanks again for your help. Link to post Share on other sites More sharing options...
extro Posted November 12, 2011 Author ID:493923 Share Posted November 12, 2011 Okay, I now for some reason got google redirects... Yay!Well anyway heres the combofix log and tddskiller log.ComboFix 11-11-12.02 - Robin 2011-11-12 10:28:04.3.2 - x64Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.4094.2430 [GMT 1:00]Körs från: c:\users\Robin\Desktop\ComboFix.exeAV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..(((((((((((((((((((((((( Filer skapade från 2011-10-12 till 2011-11-12 ))))))))))))))))))))))))))))))..2011-11-12 10:05 . 2011-11-12 10:05 -------- d-----w- c:\users\Default\AppData\Local\temp2011-11-09 15:42 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat2011-11-09 15:42 . 2011-10-17 11:41 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat2011-11-09 15:42 . 2011-09-20 21:06 1423744 ----a-w- c:\windows\system32\drivers\tcpip.sys2011-11-09 15:42 . 2011-09-20 14:04 40448 ----a-w- c:\windows\system32\drivers\tcpipreg.sys2011-11-09 15:42 . 2011-09-30 16:16 893440 ----a-w- c:\program files\Common Files\System\wab32.dll2011-11-09 15:42 . 2011-09-30 16:16 50688 ----a-w- c:\program files\Windows Mail\wabimp.dll2011-11-09 15:42 . 2011-09-30 15:57 707584 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll2011-10-29 13:14 . 2011-10-29 13:14 -------- d-----w- c:\windows\CheckSur2011-10-28 13:57 . 2011-10-19 15:03 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys2011-10-28 13:57 . 2011-10-19 15:03 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys2011-10-28 13:57 . 2011-10-19 15:03 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys2011-10-28 13:57 . 2011-10-28 13:57 -------- d-----w- c:\program files (x86)\Avira2011-10-25 20:01 . 2011-10-25 20:01 -------- d-----w- c:\program files (x86)\Microsoft Silverlight2011-10-25 19:58 . 2011-11-07 15:24 -------- d-----w- c:\windows\system32\catroot22011-10-25 19:40 . 2011-10-25 19:40 -------- d-----w- C:\110e8b8638607aaf4f452011-10-24 19:20 . 2011-10-24 19:20 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help2011-10-24 18:45 . 2011-05-24 17:14 270720 ------w- c:\windows\system32\MpSigStub.exe2011-10-24 18:31 . 2010-04-06 08:34 345984 ----a-w- c:\windows\system32\drivers\netio.sys2011-10-24 14:20 . 2011-10-24 14:20 -------- d-----w- c:\program files (x86)\ESET2011-10-17 17:40 . 2011-10-17 17:40 -------- d-----w- c:\program files (x86)\Nero2011-10-17 17:39 . 2008-05-02 05:26 1414440 ----a-w- c:\windows\SysWow64\ShellManager310E2D762.dll2011-10-17 17:12 . 2011-10-17 17:12 -------- d-----w- c:\windows\Sun2011-10-17 17:01 . 2011-03-12 22:52 1653760 ----a-w- c:\windows\system32\XpsPrint.dll2011-10-17 17:01 . 2011-03-12 21:55 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll2011-10-17 14:20 . 2011-10-17 14:20 -------- d-----w- c:\windows\SysWow64\spool2011-10-17 14:20 . 2011-10-17 14:20 -------- d-----w- c:\program files (x86)\Windows Portable Devices2011-10-17 14:20 . 2011-10-17 14:20 -------- d-----w- c:\program files\Windows Portable Devices2011-10-16 22:35 . 2009-10-01 01:02 30208 ----a-w- c:\windows\SysWow64\WPDShextAutoplay.exe2011-10-16 22:21 . 2009-09-10 02:00 92672 ----a-w- c:\windows\SysWow64\UIAnimation.dll2011-10-16 22:21 . 2009-09-10 02:07 3815424 ----a-w- c:\windows\system32\UIRibbon.dll2011-10-16 22:21 . 2009-09-10 02:06 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll2011-10-16 22:21 . 2009-09-10 02:05 103424 ----a-w- c:\windows\system32\UIAnimation.dll2011-10-16 22:21 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\SysWow64\UIRibbon.dll2011-10-16 22:21 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll2011-10-16 20:24 . 2011-02-22 14:13 288768 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll2011-10-16 20:24 . 2011-02-22 14:47 479744 ----a-w- c:\windows\system32\XpsGdiConverter.dll2011-10-16 20:24 . 2011-02-22 13:53 1555968 ----a-w- c:\windows\system32\DWrite.dll2011-10-16 20:24 . 2011-02-22 13:53 1149440 ----a-w- c:\windows\system32\FntCache.dll2011-10-16 20:24 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll2011-10-16 20:24 . 2010-05-04 19:40 316928 ----a-w- c:\windows\system32\msshsq.dll2011-10-16 20:24 . 2010-05-04 19:13 231424 ----a-w- c:\windows\SysWow64\msshsq.dll2011-10-16 20:24 . 2011-07-11 13:45 2048 ----a-w- c:\windows\system32\tzres.dll2011-10-16 20:24 . 2011-07-11 13:25 2048 ----a-w- c:\windows\SysWow64\tzres.dll2011-10-16 20:22 . 2011-01-20 16:07 258048 ----a-w- c:\windows\SysWow64\winspool.drv2011-10-16 20:22 . 2011-01-20 14:40 34304 ----a-w- c:\windows\system32\mfpmp.exe2011-10-16 20:22 . 2011-01-20 16:04 98816 ----a-w- c:\windows\SysWow64\mfps.dll2011-10-16 20:22 . 2011-08-25 16:20 735744 ----a-w- c:\windows\system32\UIAutomationCore.dll2011-10-16 20:22 . 2011-08-25 16:19 332288 ----a-w- c:\windows\system32\oleacc.dll2011-10-16 20:22 . 2011-08-25 16:15 555520 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll2011-10-16 20:22 . 2011-08-25 16:14 238080 ----a-w- c:\windows\SysWow64\oleacc.dll2011-10-16 20:22 . 2011-08-25 13:54 4096 ----a-w- c:\windows\system32\oleaccrc.dll2011-10-16 20:22 . 2011-08-25 13:31 4096 ----a-w- c:\windows\SysWow64\oleaccrc.dll2011-10-16 20:22 . 2011-08-25 16:19 847360 ----a-w- c:\windows\system32\oleaut32.dll2011-10-16 20:22 . 2011-08-25 16:14 563712 ----a-w- c:\windows\SysWow64\oleaut32.dll2011-10-16 20:21 . 2011-08-03 03:00 579072 ----a-w- c:\windows\system32\psisdecd.dll2011-10-16 20:21 . 2011-07-29 16:01 293376 ----a-w- c:\windows\SysWow64\psisdecd.dll2011-10-16 20:21 . 2011-07-29 16:01 217088 ----a-w- c:\windows\SysWow64\psisrndr.ax2011-10-16 20:21 . 2011-07-29 16:00 57856 ----a-w- c:\windows\SysWow64\MSDvbNP.ax2011-10-16 20:21 . 2011-07-29 16:00 69632 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax2011-10-16 20:21 . 2011-08-03 03:00 125952 ----a-w- c:\windows\system32\psisrndr.ax2011-10-16 20:21 . 2011-08-03 02:58 188416 ----a-w- c:\windows\system32\MSNP.ax2011-10-16 20:21 . 2011-08-03 02:58 73216 ----a-w- c:\windows\system32\MSDvbNP.ax2011-10-16 20:21 . 2011-08-03 02:58 100352 ----a-w- c:\windows\system32\Mpeg2Data.ax2011-10-16 01:14 . 2011-10-16 01:14 -------- d-----w- c:\windows\SysWow64\ca-ES2011-10-16 01:14 . 2011-10-16 01:14 -------- d-----w- c:\windows\SysWow64\eu-ES2011-10-16 01:14 . 2011-10-16 01:14 -------- d-----w- c:\windows\SysWow64\vi-VN2011-10-16 01:14 . 2011-10-16 01:14 -------- d-----w- c:\windows\system32\ca-ES2011-10-16 01:14 . 2011-10-16 01:14 -------- d-----w- c:\windows\system32\eu-ES2011-10-16 01:14 . 2011-10-16 01:14 -------- d-----w- c:\windows\system32\vi-VN2011-10-16 00:54 . 2011-10-16 00:54 -------- d-----w- c:\windows\system32\EventProviders2011-10-16 00:50 . 2009-04-11 07:11 1081856 ----a-w- c:\windows\system32\qmgr.dll2011-10-16 00:49 . 2009-04-11 07:11 690688 ----a-w- c:\windows\system32\wpcao.dll2011-10-16 00:48 . 2009-04-11 06:28 247808 ----a-w- c:\windows\SysWow64\drvstore.dll2011-10-16 00:48 . 2009-04-11 06:28 83968 ----a-w- c:\windows\SysWow64\wbem\wmiutils.dll2011-10-16 00:48 . 2009-04-11 06:28 30208 ----a-w- c:\windows\SysWow64\wbem\wbemprox.dll2011-10-16 00:48 . 2009-04-11 06:28 189440 ----a-w- c:\windows\SysWow64\wbem\mofd.dll2011-10-16 00:48 . 2009-04-11 06:28 614912 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll2011-10-16 00:48 . 2009-04-11 06:28 265728 ----a-w- c:\windows\SysWow64\wbem\esscli.dll2011-10-16 00:46 . 2009-04-11 07:11 43520 ----a-w- c:\windows\system32\wbem\wbemprox.dll2011-10-16 00:46 . 2009-04-11 07:11 1172992 ----a-w- c:\windows\system32\wbem\wbemcore.dll2011-10-16 00:46 . 2009-04-11 07:11 891392 ----a-w- c:\windows\system32\wbem\fastprox.dll2011-10-16 00:45 . 2009-04-11 07:11 936448 ----a-w- c:\windows\system32\SmiEngine.dll2011-10-16 00:45 . 2009-04-11 07:11 293888 ----a-w- c:\windows\system32\wdscore.dll2011-10-16 00:45 . 2009-04-11 07:10 138752 ----a-w- c:\windows\system32\PkgMgr.exe2011-10-16 00:45 . 2009-04-11 07:11 315904 ----a-w- c:\windows\system32\drvstore.dll2011-10-15 23:21 . 2011-10-15 23:21 0 ----a-w- c:\windows\ativpsrm.bin2011-10-15 22:57 . 2011-10-15 22:57 -------- d-----w- c:\program files (x86)\AMD APP2011-10-15 22:55 . 2011-10-15 22:55 -------- d-----w- c:\program files (x86)\ATI Technologies2011-10-15 22:45 . 2011-10-15 22:57 -------- d-----w- c:\program files\ATI Technologies2011-10-15 22:45 . 2011-10-15 22:45 -------- d-----w- c:\program files\ATI2011-10-15 22:44 . 2011-10-15 22:44 -------- d-----w- C:\ATI2011-10-15 22:07 . 2011-10-15 22:07 525544 ----a-w- c:\windows\system32\deployJava1.dll2011-10-15 22:06 . 2011-10-15 22:06 -------- d-----w- c:\program files\Java2011-10-15 21:33 . 2011-10-15 21:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2011-10-15 21:33 . 2011-08-31 15:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys2011-10-15 20:53 . 2011-10-15 20:53 -------- d-----w- c:\program files (x86)\VideoLAN2011-10-15 12:01 . 2009-08-24 11:47 442368 ----a-w- c:\windows\system32\winhttp.dll2011-10-15 12:01 . 2009-08-24 11:36 377344 ----a-w- c:\windows\SysWow64\winhttp.dll2011-10-15 12:00 . 2009-11-04 04:49 31232 ----a-w- c:\windows\system32\drivers\sv-SE\http.sys.mui2011-10-15 12:00 . 2010-09-06 18:28 179712 ----a-w- c:\windows\system32\srvsvc.dll2011-10-15 12:00 . 2010-09-06 18:28 12288 ----a-w- c:\windows\system32\sscore.dll2011-10-15 12:00 . 2010-09-06 18:27 17920 ----a-w- c:\windows\system32\netevent.dll2011-10-15 12:00 . 2010-09-06 16:20 9728 ----a-w- c:\windows\SysWow64\sscore.dll2011-10-15 12:00 . 2010-09-06 16:19 17920 ----a-w- c:\windows\SysWow64\netevent.dll2011-10-15 10:57 . 2009-11-08 08:55 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll2011-10-15 10:57 . 2009-11-08 08:55 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll2011-10-15 10:57 . 2009-11-08 08:55 48960 ----a-w- c:\windows\system32\netfxperf.dll2011-10-15 10:57 . 2009-11-08 08:55 444752 ----a-w- c:\windows\system32\mscoree.dll2011-10-15 10:57 . 2009-11-08 08:55 320352 ----a-w- c:\windows\system32\PresentationHost.exe2011-10-15 10:57 . 2009-11-08 08:55 297808 ----a-w- c:\windows\SysWow64\mscoree.dll2011-10-15 10:57 . 2009-11-08 08:55 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe2011-10-15 10:57 . 2009-11-08 08:55 1942856 ----a-w- c:\windows\system32\dfshim.dll2011-10-15 10:57 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll2011-10-15 10:57 . 2009-11-08 08:55 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll2011-10-15 10:14 . 2011-03-03 15:59 32256 ----a-w- c:\windows\system32\Apphlpdm.dll2011-10-15 10:14 . 2011-03-03 15:40 28672 ----a-w- c:\windows\SysWow64\Apphlpdm.dll2011-10-15 10:14 . 2011-03-03 14:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll2011-10-15 10:14 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\SysWow64\GameUXLegacyGDFs.dll2011-10-15 09:27 . 2010-10-19 04:56 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll2011-10-15 09:27 . 2010-10-19 04:27 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll2011-10-15 09:24 . 2009-01-08 01:20 537088 ----a-w- c:\program files\Internet Explorer\pdm.dll2011-10-15 09:24 . 2009-01-08 01:20 358904 ----a-w- c:\program files\Internet Explorer\msdbg2.dll2011-10-15 09:24 . 2009-01-08 01:20 355832 ----a-w- c:\program files (x86)\Internet Explorer\pdm.dll2011-10-15 09:24 . 2009-01-08 01:20 265720 ----a-w- c:\program files (x86)\Internet Explorer\msdbg2.dll..(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))).2011-09-14 09:47 . 2011-09-14 09:47 60416 ----a-w- c:\windows\system32\OVDecode64.dll2011-09-14 09:47 . 2011-09-14 09:47 53760 ----a-w- c:\windows\SysWow64\OVDecode.dll2011-09-14 09:47 . 2011-09-14 09:47 51200 ----a-w- c:\windows\system32\OpenCL.dll2011-09-14 09:47 . 2011-09-14 09:47 43520 ----a-w- c:\windows\SysWow64\OpenCL.dll2011-09-14 09:47 . 2011-09-14 09:47 16652288 ----a-w- c:\windows\system32\amdocl64.dll2011-09-14 09:46 . 2011-09-14 09:46 13625856 ----a-w- c:\windows\SysWow64\amdocl.dll2011-09-14 09:38 . 2011-09-14 09:38 44032 ----a-w- c:\windows\system32\amdoclcl64.dll2011-09-14 09:38 . 2011-09-14 09:38 37376 ----a-w- c:\windows\SysWow64\amdoclcl.dll2011-09-08 18:27 . 2011-09-08 18:27 10203648 ----a-w- c:\windows\system32\drivers\atikmdag.sys2011-09-08 17:59 . 2011-09-08 17:59 24229376 ----a-w- c:\windows\system32\atio6axx.dll2011-09-08 17:39 . 2011-09-08 17:39 18534912 ----a-w- c:\windows\SysWow64\atioglxx.dll2011-09-08 17:34 . 2011-09-08 17:34 151552 ----a-w- c:\windows\system32\atiapfxx.exe2011-09-08 17:34 . 2011-09-08 17:34 732672 ----a-w- c:\windows\SysWow64\aticfx32.dll2011-09-08 17:32 . 2011-09-08 17:32 862720 ----a-w- c:\windows\system32\aticfx64.dll2011-09-08 17:30 . 2011-09-08 17:30 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll2011-09-08 17:30 . 2011-09-08 17:30 486912 ----a-w- c:\windows\system32\atieclxx.exe2011-09-08 17:29 . 2011-09-08 17:29 204288 ----a-w- c:\windows\system32\atiesrxx.exe2011-09-08 17:28 . 2011-09-08 17:28 120320 ----a-w- c:\windows\system32\atitmm64.dll2011-09-08 17:28 . 2011-09-08 17:28 423424 ----a-w- c:\windows\system32\atipdl64.dll2011-09-08 17:28 . 2011-09-08 17:28 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll2011-09-08 17:28 . 2011-09-08 17:28 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll2011-09-08 17:28 . 2011-09-08 17:28 21504 ----a-w- c:\windows\system32\atimuixx.dll2011-09-08 17:28 . 2011-09-08 17:28 59392 ----a-w- c:\windows\system32\atiedu64.dll2011-09-08 17:28 . 2011-09-08 17:28 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll2011-09-08 17:24 . 2011-09-08 17:24 4204032 ----a-w- c:\windows\SysWow64\atidxx32.dll2011-09-08 17:18 . 2011-09-08 17:18 1113088 ----a-w- c:\windows\system32\atiumd6v.dll2011-09-08 17:18 . 2011-09-08 17:18 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll2011-09-08 17:18 . 2011-09-08 17:18 3888640 ----a-w- c:\windows\system32\atiumd6a.dll2011-09-08 17:16 . 2011-09-08 17:16 4944896 ----a-w- c:\windows\system32\atidxx64.dll2011-09-08 17:09 . 2011-09-08 17:09 51200 ----a-w- c:\windows\system32\aticalrt64.dll2011-09-08 17:09 . 2011-09-08 17:09 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll2011-09-08 17:09 . 2011-09-08 17:09 44544 ----a-w- c:\windows\system32\aticalcl64.dll2011-09-08 17:09 . 2011-09-08 17:09 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll2011-09-08 17:09 . 2011-09-08 17:09 8723456 ----a-w- c:\windows\system32\aticaldd64.dll2011-09-08 17:08 . 2011-09-08 17:08 4064768 ----a-w- c:\windows\SysWow64\atiumdva.dll2011-09-08 17:05 . 2011-09-08 17:05 7331840 ----a-w- c:\windows\SysWow64\aticaldd.dll2011-09-08 17:05 . 2011-09-08 17:05 4289024 ----a-w- c:\windows\SysWow64\atiumdag.dll2011-09-08 17:00 . 2011-09-08 17:00 5428736 ----a-w- c:\windows\system32\atiumd64.dll2011-09-08 16:59 . 2011-09-08 16:59 58880 ----a-w- c:\windows\system32\coinst.dll2011-09-08 16:53 . 2011-09-08 16:53 381952 ----a-w- c:\windows\system32\atiadlxx.dll2011-09-08 16:53 . 2011-09-08 16:53 270336 ----a-w- c:\windows\SysWow64\atiadlxy.dll2011-09-08 16:52 . 2011-09-08 16:52 15360 ----a-w- c:\windows\system32\atig6pxx.dll2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\SysWow64\atiglpxx.dll2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\system32\atiglpxx.dll2011-09-08 16:52 . 2011-09-08 16:52 39936 ----a-w- c:\windows\system32\atig6txx.dll2011-09-08 16:52 . 2011-09-08 16:52 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll2011-09-08 16:52 . 2011-09-08 16:52 310784 ----a-w- c:\windows\system32\drivers\atikmpag.sys2011-09-08 16:52 . 2011-09-08 16:52 40960 ----a-w- c:\windows\system32\atiuxp64.dll2011-09-08 16:51 . 2011-09-08 16:51 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll2011-09-08 16:51 . 2011-09-08 16:51 38912 ----a-w- c:\windows\system32\atiu9p64.dll2011-09-08 16:51 . 2011-09-08 16:51 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll2011-09-08 16:51 . 2011-09-08 16:51 45056 ----a-w- c:\windows\system32\atitmp64.dll2011-09-08 16:51 . 2011-09-08 16:51 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll2011-09-08 16:51 . 2011-09-08 16:51 54784 ----a-w- c:\windows\system32\atimpc64.dll2011-09-08 16:51 . 2011-09-08 16:51 54784 ----a-w- c:\windows\system32\amdpcom64.dll2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll..(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))..*Not* tomma poster & legitima standardposter visas inte. REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SmpcSys"="c:\program files (x86)\Packard Bell\SetupMyPC\SmpSys.exe" [2009-03-18 1160736]"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2009-03-25 1840424].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]"NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableUIADesktopToggle"= 0 (0x0).R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]S2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2011-10-19 342480]S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-19 86224]S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-10-19 463824]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]..--- Övriga tjänster/drivrutiner i minnet ---.*NewlyCreated* - 78248637*Deregistered* - 78248637..--------- x86-64 -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-09-12 182808]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-10 7212576]"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-10 1833504]"FijiKeyboard"="c:\acer\Preload\Autorun\DRV\FIJI Keyboard\ABoard.exe" [2008-09-18 79416].------- Extra genomsökning -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://google.se/mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=041d&m=imedia_s3710&r=1v3610112706p0385vq25y4752932nmLocal Page = c:\windows\SysWOW64\blank.htmIE: E&xportera till Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dllTCP: DhcpNameServer = 83.255.245.11 193.150.193.150CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll.- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -.AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe...--------------------- LÅSTA REGISTERNYCKLAR ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]@Denied: (A 2) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]@="Shockwave Flash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]@Denied: (A 2) (Everyone)@="".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]@="FlashBroker".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\.Sluttid: 2011-11-12 11:24:09ComboFix-quarantined-files.txt 2011-11-12 10:24ComboFix2.txt 2011-11-01 21:14.Före genomsökningen: 372 303 831 040 byte ledigtEfter genomsökningen: 376 107 548 672 byte ledigt.- - End Of File - - 25A9C07D21AC7C7A25F39903F4CA72C310:12:10.0907 1360 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:1510:12:11.0232 1360 ============================================================10:12:11.0232 1360 Current date / time: 2011/11/12 10:12:11.023210:12:11.0232 1360 SystemInfo:10:12:11.0232 1360 10:12:11.0232 1360 OS Version: 6.0.6002 ServicePack: 2.010:12:11.0232 1360 Product type: Workstation10:12:11.0232 1360 ComputerName: ROBIN-DATOR10:12:11.0232 1360 UserName: Robin10:12:11.0232 1360 Windows directory: C:\Windows10:12:11.0232 1360 System windows directory: C:\Windows10:12:11.0232 1360 Running under WOW6410:12:11.0232 1360 Processor architecture: Intel x6410:12:11.0232 1360 Number of processors: 210:12:11.0232 1360 Page size: 0x100010:12:11.0232 1360 Boot type: Normal boot10:12:11.0232 1360 ============================================================10:12:11.0580 1360 Initialize success10:12:21.0370 3508 ============================================================10:12:21.0370 3508 Scan started10:12:21.0370 3508 Mode: Manual; SigCheck; TDLFS; 10:12:21.0370 3508 ============================================================10:12:21.0914 3508 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys10:12:22.0071 3508 ACPI - ok10:12:22.0145 3508 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys10:12:22.0172 3508 adp94xx - ok10:12:22.0201 3508 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys10:12:22.0222 3508 adpahci - ok10:12:22.0239 3508 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys10:12:22.0254 3508 adpu160m - ok10:12:22.0276 3508 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys10:12:22.0293 3508 adpu320 - ok10:12:22.0347 3508 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys10:12:27.0426 3508 AFD - ok10:12:27.0454 3508 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys10:12:27.0473 3508 agp440 - ok10:12:27.0491 3508 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys10:12:27.0513 3508 aic78xx - ok10:12:27.0540 3508 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys10:12:27.0559 3508 aliide - ok10:12:27.0582 3508 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys10:12:27.0598 3508 amdide - ok10:12:27.0615 3508 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys10:12:27.0805 3508 AmdK8 - ok10:12:28.0017 3508 amdkmdag (446a1aad34191665a8df6092bd8eb5a8) C:\Windows\system32\DRIVERS\atikmdag.sys10:12:28.0419 3508 amdkmdag - ok10:12:28.0507 3508 amdkmdap (f8f8a908fdb005a65ddf7238c814eea5) C:\Windows\system32\DRIVERS\atikmpag.sys10:12:28.0562 3508 amdkmdap - ok10:12:28.0668 3508 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys10:12:28.0687 3508 arc - ok10:12:28.0724 3508 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys10:12:28.0745 3508 arcsas - ok10:12:28.0778 3508 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys10:12:28.0849 3508 AsyncMac - ok10:12:28.0865 3508 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys10:12:28.0884 3508 atapi - ok10:12:28.0918 3508 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys10:12:28.0973 3508 avgntflt - ok10:12:29.0009 3508 avipbb (d959309ececca73fc79f8ef8521346b2) C:\Windows\system32\DRIVERS\avipbb.sys10:12:29.0031 3508 avipbb - ok10:12:29.0063 3508 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys10:12:29.0079 3508 avkmgr - ok10:12:29.0103 3508 Beep - ok10:12:29.0146 3508 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys10:12:29.0226 3508 blbdrive - ok10:12:29.0268 3508 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys10:12:29.0323 3508 bowser - ok10:12:29.0353 3508 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys10:12:29.0442 3508 BrFiltLo - ok10:12:29.0464 3508 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys10:12:29.0519 3508 BrFiltUp - ok10:12:29.0541 3508 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys10:12:29.0689 3508 Brserid - ok10:12:29.0711 3508 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys10:12:29.0790 3508 BrSerWdm - ok10:12:29.0809 3508 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys10:12:29.0891 3508 BrUsbMdm - ok10:12:29.0927 3508 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys10:12:30.0018 3508 BrUsbSer - ok10:12:30.0036 3508 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys10:12:30.0121 3508 BTHMODEM - ok10:12:30.0261 3508 catchme - ok10:12:30.0291 3508 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys10:12:30.0355 3508 cdfs - ok10:12:30.0382 3508 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys10:12:30.0426 3508 cdrom - ok10:12:30.0452 3508 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys10:12:30.0515 3508 circlass - ok10:12:30.0552 3508 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys10:12:30.0576 3508 CLFS - ok10:12:30.0616 3508 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys10:12:30.0630 3508 cmdide - ok10:12:30.0648 3508 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys10:12:30.0661 3508 Compbatt - ok10:12:30.0676 3508 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys10:12:30.0690 3508 crcdisk - ok10:12:30.0739 3508 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys10:12:30.0776 3508 DfsC - ok10:12:30.0806 3508 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys10:12:30.0823 3508 disk - ok10:12:30.0861 3508 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys10:12:30.0899 3508 drmkaud - ok10:12:30.0952 3508 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys10:12:30.0990 3508 DXGKrnl - ok10:12:31.0009 3508 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys10:12:31.0056 3508 E1G60 - ok10:12:31.0107 3508 e1yexpress (bddc6f6c49633aa85a30a989418e30f4) C:\Windows\system32\DRIVERS\e1y60x64.sys10:12:31.0125 3508 e1yexpress - ok10:12:31.0156 3508 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys10:12:31.0174 3508 Ecache - ok10:12:31.0209 3508 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys10:12:31.0233 3508 elxstor - ok10:12:31.0270 3508 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys10:12:31.0330 3508 ErrDev - ok10:12:31.0380 3508 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys10:12:31.0433 3508 exfat - ok10:12:31.0478 3508 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys10:12:31.0551 3508 fastfat - ok10:12:31.0571 3508 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys10:12:31.0629 3508 fdc - ok10:12:31.0659 3508 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys10:12:31.0674 3508 FileInfo - ok10:12:31.0693 3508 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys10:12:31.0760 3508 Filetrace - ok10:12:31.0797 3508 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys10:12:31.0841 3508 flpydisk - ok10:12:31.0887 3508 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys10:12:31.0906 3508 FltMgr - ok10:12:31.0927 3508 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys10:12:31.0985 3508 Fs_Rec - ok10:12:32.0004 3508 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys10:12:32.0019 3508 gagp30kx - ok10:12:32.0083 3508 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys10:12:32.0156 3508 HdAudAddService - ok10:12:32.0220 3508 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys10:12:32.0315 3508 HDAudBus - ok10:12:32.0338 3508 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys10:12:32.0436 3508 HidBth - ok10:12:32.0457 3508 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys10:12:32.0539 3508 HidIr - ok10:12:32.0578 3508 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys10:12:32.0645 3508 HidUsb - ok10:12:32.0674 3508 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys10:12:32.0688 3508 HpCISSs - ok10:12:32.0725 3508 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys10:12:32.0782 3508 HTTP - ok10:12:32.0806 3508 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys10:12:32.0819 3508 i2omp - ok10:12:32.0834 3508 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys10:12:32.0886 3508 i8042prt - ok10:12:32.0959 3508 iaStor (756879fa65978df948437ce3fd1eaccd) C:\Windows\system32\DRIVERS\iaStor.sys10:12:32.0984 3508 iaStor - ok10:12:33.0016 3508 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys10:12:33.0041 3508 iaStorV - ok10:12:33.0068 3508 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys10:12:33.0084 3508 iirsp - ok10:12:33.0190 3508 IntcAzAudAddService (fdfc40441fac0f3114a974168125279f) C:\Windows\system32\drivers\RTKVHD64.sys10:12:33.0270 3508 IntcAzAudAddService - ok10:12:33.0291 3508 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys10:12:33.0309 3508 intelide - ok10:12:33.0327 3508 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys10:12:33.0381 3508 intelppm - ok10:12:33.0421 3508 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys10:12:33.0468 3508 IpFilterDriver - ok10:12:33.0490 3508 IpInIp - ok10:12:33.0526 3508 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys10:12:33.0566 3508 IPMIDRV - ok10:12:33.0587 3508 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys10:12:33.0633 3508 IPNAT - ok10:12:33.0657 3508 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys10:12:33.0692 3508 IRENUM - ok10:12:33.0711 3508 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys10:12:33.0722 3508 isapnp - ok10:12:33.0760 3508 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys10:12:33.0774 3508 iScsiPrt - ok10:12:33.0795 3508 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys10:12:33.0806 3508 iteatapi - ok10:12:33.0821 3508 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys10:12:33.0832 3508 iteraid - ok10:12:33.0852 3508 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys10:12:33.0862 3508 kbdclass - ok10:12:33.0893 3508 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys10:12:33.0932 3508 kbdhid - ok10:12:33.0985 3508 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys10:12:34.0013 3508 KSecDD - ok10:12:34.0037 3508 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys10:12:34.0094 3508 ksthunk - ok10:12:34.0123 3508 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys10:12:34.0174 3508 lltdio - ok10:12:34.0209 3508 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys10:12:34.0224 3508 LSI_FC - ok10:12:34.0243 3508 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys10:12:34.0258 3508 LSI_SAS - ok10:12:34.0279 3508 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys10:12:34.0294 3508 LSI_SCSI - ok10:12:34.0303 3508 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys10:12:34.0363 3508 luafv - ok10:12:34.0409 3508 Lycosa (e5ecf40e5fd459141e5f6685ffd51804) C:\Windows\system32\drivers\Lycosa.sys10:12:34.0449 3508 Lycosa - ok10:12:34.0477 3508 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys10:12:34.0494 3508 MBAMProtector - ok10:12:34.0519 3508 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys10:12:34.0536 3508 megasas - ok10:12:34.0582 3508 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys10:12:34.0614 3508 MegaSR - ok10:12:34.0639 3508 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys10:12:34.0702 3508 Modem - ok10:12:34.0720 3508 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys10:12:34.0776 3508 monitor - ok10:12:34.0795 3508 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys10:12:34.0812 3508 mouclass - ok10:12:34.0824 3508 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys10:12:34.0886 3508 mouhid - ok10:12:34.0908 3508 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys10:12:34.0928 3508 MountMgr - ok10:12:34.0965 3508 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys10:12:34.0985 3508 mpio - ok10:12:35.0006 3508 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys10:12:35.0070 3508 mpsdrv - ok10:12:35.0096 3508 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys10:12:35.0112 3508 Mraid35x - ok10:12:35.0160 3508 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys10:12:35.0212 3508 MRxDAV - ok10:12:35.0238 3508 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys10:12:35.0290 3508 mrxsmb - ok10:12:35.0302 3508 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys10:12:35.0341 3508 mrxsmb10 - ok10:12:35.0380 3508 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys10:12:35.0415 3508 mrxsmb20 - ok10:12:35.0448 3508 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys10:12:35.0465 3508 msahci - ok10:12:35.0486 3508 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys10:12:35.0505 3508 msdsm - ok10:12:35.0545 3508 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys10:12:35.0613 3508 Msfs - ok10:12:35.0632 3508 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys10:12:35.0650 3508 msisadrv - ok10:12:35.0683 3508 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys10:12:35.0756 3508 MSKSSRV - ok10:12:35.0776 3508 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys10:12:35.0839 3508 MSPCLOCK - ok10:12:35.0853 3508 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys10:12:35.0910 3508 MSPQM - ok10:12:35.0948 3508 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys10:12:35.0969 3508 MsRPC - ok10:12:35.0989 3508 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys10:12:36.0003 3508 mssmbios - ok10:12:36.0021 3508 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys10:12:36.0064 3508 MSTEE - ok10:12:36.0083 3508 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys10:12:36.0098 3508 Mup - ok10:12:36.0141 3508 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys10:12:36.0171 3508 NativeWifiP - ok10:12:36.0221 3508 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys10:12:36.0254 3508 NDIS - ok10:12:36.0262 3508 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys10:12:36.0300 3508 NdisTapi - ok10:12:36.0321 3508 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys10:12:36.0363 3508 Ndisuio - ok10:12:36.0401 3508 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys10:12:36.0450 3508 NdisWan - ok10:12:36.0469 3508 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys10:12:36.0516 3508 NDProxy - ok10:12:36.0554 3508 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys10:12:36.0613 3508 NetBIOS - ok10:12:36.0662 3508 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys10:12:36.0699 3508 netbt - ok10:12:36.0735 3508 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys10:12:36.0748 3508 nfrd960 - ok10:12:36.0795 3508 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys10:12:36.0832 3508 Npfs - ok10:12:36.0851 3508 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys10:12:36.0886 3508 nsiproxy - ok10:12:36.0951 3508 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys10:12:37.0018 3508 Ntfs - ok10:12:37.0050 3508 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys10:12:37.0092 3508 Null - ok10:12:37.0112 3508 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys10:12:37.0125 3508 nvraid - ok10:12:37.0141 3508 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys10:12:37.0152 3508 nvstor - ok10:12:37.0170 3508 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys10:12:37.0183 3508 nv_agp - ok10:12:37.0190 3508 NwlnkFlt - ok10:12:37.0199 3508 NwlnkFwd - ok10:12:37.0239 3508 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys10:12:37.0273 3508 ohci1394 - ok10:12:37.0324 3508 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys10:12:37.0397 3508 Parport - ok10:12:37.0430 3508 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys10:12:37.0442 3508 partmgr - ok10:12:37.0479 3508 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys10:12:37.0493 3508 pci - ok10:12:37.0509 3508 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys10:12:37.0519 3508 pciide - ok10:12:37.0551 3508 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys10:12:37.0566 3508 pcmcia - ok10:12:37.0595 3508 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys10:12:37.0685 3508 PEAUTH - ok10:12:37.0783 3508 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys10:12:37.0815 3508 PptpMiniport - ok10:12:37.0830 3508 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys10:12:37.0874 3508 Processor - ok10:12:37.0920 3508 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys10:12:37.0953 3508 PSched - ok10:12:37.0973 3508 PxHlpa64 (a6bf0a9b5a30d743623ca0d3be35df05) C:\Windows\system32\Drivers\PxHlpa64.sys10:12:37.0985 3508 PxHlpa64 - ok10:12:38.0023 3508 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys10:12:38.0083 3508 ql2300 - ok10:12:38.0111 3508 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys10:12:38.0125 3508 ql40xx - ok10:12:38.0148 3508 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys10:12:38.0198 3508 QWAVEdrv - ok10:12:38.0219 3508 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys10:12:38.0277 3508 RasAcd - ok10:12:38.0312 3508 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys10:12:38.0356 3508 Rasl2tp - ok10:12:38.0406 3508 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys10:12:38.0457 3508 RasPppoe - ok10:12:38.0496 3508 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys10:12:38.0514 3508 RasSstp - ok10:12:38.0554 3508 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys10:12:38.0593 3508 rdbss - ok10:12:38.0605 3508 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys10:12:38.0649 3508 RDPCDD - ok10:12:38.0681 3508 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys10:12:38.0722 3508 rdpdr - ok10:12:38.0730 3508 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys10:12:38.0783 3508 RDPENCDD - ok10:12:38.0812 3508 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys10:12:38.0843 3508 RDPWD - ok10:12:38.0880 3508 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys10:12:38.0912 3508 rspndr - ok10:12:38.0957 3508 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys10:12:38.0967 3508 sbp2port - ok10:12:38.0995 3508 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys10:12:39.0051 3508 secdrv - ok10:12:39.0074 3508 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys10:12:39.0129 3508 Serenum - ok10:12:39.0155 3508 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys10:12:39.0211 3508 Serial - ok10:12:39.0235 3508 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys10:12:39.0268 3508 sermouse - ok10:12:39.0296 3508 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys10:12:39.0340 3508 sffdisk - ok10:12:39.0360 3508 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys10:12:39.0408 3508 sffp_mmc - ok10:12:39.0421 3508 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys10:12:39.0470 3508 sffp_sd - ok10:12:39.0486 3508 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys10:12:39.0540 3508 sfloppy - ok10:12:39.0565 3508 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys10:12:39.0574 3508 SiSRaid2 - ok10:12:39.0589 3508 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys10:12:39.0599 3508 SiSRaid4 - ok10:12:39.0639 3508 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys10:12:39.0670 3508 Smb - ok10:12:39.0710 3508 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys10:12:39.0720 3508 spldr - ok10:12:39.0761 3508 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys10:12:39.0813 3508 srv - ok10:12:39.0849 3508 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys10:12:39.0890 3508 srv2 - ok10:12:39.0910 3508 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys10:12:39.0938 3508 srvnet - ok10:12:39.0972 3508 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys10:12:39.0982 3508 swenum - ok10:12:40.0005 3508 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys10:12:40.0015 3508 Symc8xx - ok10:12:40.0033 3508 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys10:12:40.0044 3508 Sym_hi - ok10:12:40.0060 3508 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys10:12:40.0070 3508 Sym_u3 - ok10:12:40.0165 3508 Tcpip (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\drivers\tcpip.sys10:12:40.0220 3508 Tcpip - ok10:12:40.0265 3508 Tcpip6 (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\DRIVERS\tcpip.sys10:12:40.0334 3508 Tcpip6 - ok10:12:40.0373 3508 tcpipreg (848f87c604b5e674602498cb51067db6) C:\Windows\system32\drivers\tcpipreg.sys10:12:40.0414 3508 tcpipreg - ok10:12:40.0438 3508 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys10:12:40.0491 3508 TDPIPE - ok10:12:40.0513 3508 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys10:12:40.0578 3508 TDTCP - ok10:12:40.0610 3508 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys10:12:40.0652 3508 tdx - ok10:12:40.0691 3508 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys10:12:40.0703 3508 TermDD - ok10:12:40.0739 3508 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys10:12:40.0778 3508 tssecsrv - ok10:12:40.0796 3508 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys10:12:40.0839 3508 tunmp - ok10:12:40.0854 3508 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys10:12:40.0882 3508 tunnel - ok10:12:40.0900 3508 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys10:12:40.0912 3508 uagp35 - ok10:12:40.0957 3508 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys10:12:41.0005 3508 udfs - ok10:12:41.0043 3508 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys10:12:41.0058 3508 uliagpkx - ok10:12:41.0085 3508 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys10:12:41.0105 3508 uliahci - ok10:12:41.0122 3508 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys10:12:41.0137 3508 UlSata - ok10:12:41.0167 3508 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys10:12:41.0184 3508 ulsata2 - ok10:12:41.0203 3508 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys10:12:41.0246 3508 umbus - ok10:12:41.0270 3508 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys10:12:41.0302 3508 usbccgp - ok10:12:41.0326 3508 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys10:12:41.0399 3508 usbcir - ok10:12:41.0449 3508 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys10:12:41.0481 3508 usbehci - ok10:12:41.0525 3508 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys10:12:41.0572 3508 usbhub - ok10:12:41.0581 3508 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys10:12:41.0660 3508 usbohci - ok10:12:41.0677 3508 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys10:12:41.0766 3508 usbprint - ok10:12:41.0803 3508 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS10:12:41.0852 3508 USBSTOR - ok10:12:41.0871 3508 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys10:12:41.0913 3508 usbuhci - ok10:12:41.0939 3508 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys10:12:42.0009 3508 vga - ok10:12:42.0019 3508 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys10:12:42.0076 3508 VgaSave - ok10:12:42.0094 3508 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys10:12:42.0111 3508 viaide - ok10:12:42.0144 3508 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys10:12:42.0164 3508 volmgr - ok10:12:42.0211 3508 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys10:12:42.0242 3508 volmgrx - ok10:12:42.0278 3508 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys10:12:42.0304 3508 volsnap - ok10:12:42.0329 3508 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys10:12:42.0350 3508 vsmraid - ok10:12:42.0380 3508 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys10:12:42.0485 3508 WacomPen - ok10:12:42.0514 3508 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys10:12:42.0567 3508 Wanarp - ok10:12:42.0573 3508 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys10:12:42.0617 3508 Wanarpv6 - ok10:12:42.0658 3508 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys10:12:42.0671 3508 Wd - ok10:12:42.0709 3508 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys10:12:42.0747 3508 Wdf01000 - ok10:12:42.0816 3508 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys10:12:42.0860 3508 WmiAcpi - ok10:12:42.0894 3508 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys10:12:42.0953 3508 ws2ifsl - ok10:12:43.0001 3508 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys10:12:43.0053 3508 WUDFRd - ok10:12:43.0073 3508 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR010:12:43.0212 3508 \Device\Harddisk0\DR0 - ok10:12:43.0221 3508 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR110:12:43.0361 3508 \Device\Harddisk1\DR1 - ok10:12:43.0367 3508 Boot (0x1200) (b34903156eab691d41dcc345924fda04) \Device\Harddisk0\DR0\Partition010:12:43.0369 3508 \Device\Harddisk0\DR0\Partition0 - ok10:12:43.0390 3508 Boot (0x1200) (601e18b5a49bc37aebaaee34f1944989) \Device\Harddisk0\DR0\Partition110:12:43.0392 3508 \Device\Harddisk0\DR0\Partition1 - ok10:12:43.0399 3508 Boot (0x1200) (e3bb535d70b7f285c45d6094e8100204) \Device\Harddisk1\DR1\Partition010:12:43.0400 3508 \Device\Harddisk1\DR1\Partition0 - ok10:12:43.0402 3508 ============================================================10:12:43.0402 3508 Scan finished10:12:43.0402 3508 ============================================================10:12:43.0423 3032 Detected object count: 010:12:43.0423 3032 Actual detected object count: 010:13:29.0571 4500 Deinitialize success Link to post Share on other sites More sharing options...
Staff screen317 Posted November 17, 2011 Staff ID:495681 Share Posted November 17, 2011 Hi,My apologies for the delay.Next, download MBRCheck.exe by a_d_13 and save it to your Desktop.Run it; when it completes, a log will be available on your Desktop (MBRCheck xxxxxx .txt) where xxxxxx is the time it ran.Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it Click the "Scan" button to start scan. Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time)Please post the contents of that log in your next reply.There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply. Link to post Share on other sites More sharing options...
extro Posted November 18, 2011 Author ID:495908 Share Posted November 18, 2011 Hi.MBRCheck, version 1.2.3© 2010, ADCommand-line: Windows Version: Windows Vista Home Premium EditionWindows Information: Service Pack 2 (build 6002), 64-bitBase Board Manufacturer: Packard BellBIOS Manufacturer: AMISystem Manufacturer: Packard BellSystem Product Name: imedia S3710Logical Drives Mask: 0x000005fcKernel Drivers (total 139): 0x01E5D000 \SystemRoot\system32\ntoskrnl.exe 0x01E17000 \SystemRoot\system32\hal.dll 0x00604000 \SystemRoot\system32\kdcom.dll 0x00607000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x00642000 \SystemRoot\system32\PSHED.dll 0x00656000 \SystemRoot\system32\CLFS.SYS 0x006B3000 \SystemRoot\system32\CI.dll 0x00802000 \SystemRoot\system32\drivers\Wdf01000.sys 0x008DC000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x008EA000 \SystemRoot\system32\drivers\acpi.sys 0x00940000 \SystemRoot\system32\drivers\WMILIB.SYS 0x00949000 \SystemRoot\system32\drivers\msisadrv.sys 0x00953000 \SystemRoot\system32\drivers\pci.sys 0x00983000 \SystemRoot\System32\drivers\partmgr.sys 0x00998000 \SystemRoot\system32\drivers\volmgr.sys 0x00765000 \SystemRoot\System32\drivers\volmgrx.sys 0x009AC000 \SystemRoot\System32\drivers\mountmgr.sys 0x00A03000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x00B1F000 \SystemRoot\system32\drivers\atapi.sys 0x00B27000 \SystemRoot\system32\drivers\ataport.SYS 0x00B4B000 \SystemRoot\system32\drivers\fltmgr.sys 0x00B92000 \SystemRoot\system32\drivers\fileinfo.sys 0x00BA6000 \SystemRoot\System32\Drivers\PxHlpa64.sys 0x00C03000 \SystemRoot\System32\Drivers\ksecdd.sys 0x00E05000 \SystemRoot\system32\drivers\ndis.sys 0x00C8A000 \SystemRoot\system32\drivers\msrpc.sys 0x00CDA000 \SystemRoot\system32\drivers\NETIO.SYS 0x01001000 \SystemRoot\System32\drivers\tcpip.sys 0x01175000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x01208000 \SystemRoot\System32\Drivers\Ntfs.sys 0x01388000 \SystemRoot\system32\drivers\volsnap.sys 0x013CC000 \SystemRoot\System32\Drivers\spldr.sys 0x013D4000 \SystemRoot\System32\Drivers\mup.sys 0x011A1000 \SystemRoot\System32\drivers\ecache.sys 0x013E6000 \SystemRoot\system32\drivers\disk.sys 0x011CD000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x00FC8000 \SystemRoot\system32\drivers\crcdisk.sys 0x02320000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x0232C000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x02335000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x02348000 \SystemRoot\system32\DRIVERS\atikmpag.sys 0x02603000 \SystemRoot\system32\DRIVERS\atikmdag.sys 0x03011000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x030F4000 \SystemRoot\System32\drivers\watchdog.sys 0x03104000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x02399000 \SystemRoot\system32\DRIVERS\e1y60x64.sys 0x031F1000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x00D33000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x023E6000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x00FE0000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x00D79000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x00FF2000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x00D9F000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x023F7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x00DBB000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x02406000 \SystemRoot\system32\DRIVERS\storport.sys 0x02463000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x02470000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x02493000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x0249F000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x024D0000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x024E0000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x024FE000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x02516000 \SystemRoot\system32\DRIVERS\termdd.sys 0x02529000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x02537000 \SystemRoot\system32\DRIVERS\swenum.sys 0x02539000 \SystemRoot\system32\DRIVERS\ks.sys 0x0256D000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x02578000 \SystemRoot\system32\DRIVERS\umbus.sys 0x02588000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x00BB2000 \SystemRoot\system32\drivers\HdAudio.sys 0x009BF000 \SystemRoot\system32\drivers\portcls.sys 0x025D0000 \SystemRoot\system32\drivers\drmk.sys 0x025F3000 \SystemRoot\system32\drivers\ksthunk.sys 0x03C0F000 \SystemRoot\system32\drivers\RTKVHD64.sys 0x03DB5000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x03DC9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x03DD3000 \SystemRoot\System32\Drivers\Null.SYS 0x03DE7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x00D89000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x03DEF000 \SystemRoot\System32\drivers\vga.sys 0x007CB000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x03C00000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x03DDC000 \SystemRoot\system32\drivers\rdpencdd.sys 0x00DF4000 \SystemRoot\System32\Drivers\Msfs.SYS 0x03E00000 \SystemRoot\System32\Drivers\Npfs.SYS 0x03E11000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x03E1A000 \SystemRoot\system32\DRIVERS\tdx.sys 0x03E37000 \SystemRoot\system32\DRIVERS\smb.sys 0x03E52000 \SystemRoot\system32\drivers\afd.sys 0x03EBD000 \SystemRoot\System32\DRIVERS\netbt.sys 0x03F01000 \SystemRoot\system32\drivers\ws2ifsl.sys 0x03F0C000 \SystemRoot\system32\DRIVERS\pacer.sys 0x03F2A000 \SystemRoot\system32\DRIVERS\netbios.sys 0x03F39000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x03F54000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x03FA1000 \SystemRoot\system32\drivers\nsiproxy.sys 0x03FAD000 \SystemRoot\System32\Drivers\dfsc.sys 0x03FCA000 \SystemRoot\system32\DRIVERS\avkmgr.sys 0x03FD4000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x0420C000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0x04224000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x04226000 \SystemRoot\System32\Drivers\crashdmp.sys 0x04234000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x04350000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x0436C000 \SystemRoot\system32\drivers\Lycosa.sys 0x04371000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x0437A000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x0438C000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x04397000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x000C0000 \SystemRoot\System32\win32k.sys 0x043A2000 \SystemRoot\System32\drivers\Dxapi.sys 0x043AE000 \SystemRoot\system32\DRIVERS\monitor.sys 0x004E0000 \SystemRoot\System32\TSDDD.dll 0x00630000 \SystemRoot\System32\cdd.dll 0x043C1000 \SystemRoot\system32\drivers\luafv.sys 0x02200000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x02220000 \SystemRoot\system32\drivers\spsys.sys 0x043E3000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x022BA000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x06606000 \SystemRoot\system32\drivers\HTTP.sys 0x066A9000 \SystemRoot\System32\Drivers\fastfat.SYS 0x066DE000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x06707000 \SystemRoot\system32\DRIVERS\bowser.sys 0x06725000 \SystemRoot\System32\drivers\mpsdrv.sys 0x0673F000 \SystemRoot\system32\drivers\mrxdav.sys 0x06766000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x0678F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x067D8000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x022D2000 \SystemRoot\System32\DRIVERS\srv2.sys 0x06C0D000 \SystemRoot\System32\DRIVERS\srv.sys 0x06CA0000 \SystemRoot\system32\drivers\peauth.sys 0x06D56000 \SystemRoot\System32\Drivers\secdrv.SYS 0x06D61000 \SystemRoot\System32\drivers\tcpipreg.sys 0x06D71000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0x06D91000 \SystemRoot\system32\DRIVERS\WUDFPf.sys 0x06DA7000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x06DC3000 \??\C:\Windows\system32\drivers\mbam.sys 0x77030000 \Windows\System32\ntdll.dllProcesses (total 73): 0 System Idle Process 4 System 536 C:\Windows\System32\smss.exe 604 csrss.exe 668 C:\Windows\System32\wininit.exe 688 csrss.exe 724 C:\Windows\System32\services.exe 740 C:\Windows\System32\lsass.exe 748 C:\Windows\System32\lsm.exe 828 C:\Windows\System32\winlogon.exe 936 C:\Windows\System32\svchost.exe 1008 C:\Windows\System32\svchost.exe 380 C:\Windows\System32\svchost.exe 556 C:\Windows\System32\atiesrxx.exe 576 C:\Windows\System32\svchost.exe 712 C:\Windows\System32\svchost.exe 592 C:\Windows\System32\svchost.exe 1096 C:\Windows\System32\audiodg.exe 1164 C:\Windows\System32\svchost.exe 1180 C:\Windows\System32\SLsvc.exe 1224 C:\Windows\System32\svchost.exe 1284 C:\Windows\System32\atieclxx.exe 1380 C:\Windows\System32\svchost.exe 1588 C:\Windows\System32\spoolsv.exe 1612 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 1624 C:\Windows\System32\svchost.exe 1972 C:\Windows\System32\taskeng.exe 2028 C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe 676 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 1364 C:\Windows\System32\HidService.exe 1676 C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe 2012 C:\Windows\SysWOW64\IoctlSvc.exe 2008 C:\Windows\System32\svchost.exe 1444 C:\Windows\System32\svchost.exe 2100 C:\Windows\System32\svchost.exe 2176 C:\Windows\System32\SearchIndexer.exe 2236 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe 2356 WUDFHost.exe 2756 C:\Windows\System32\taskeng.exe 2832 C:\Windows\System32\dwm.exe 2984 C:\Windows\explorer.exe 2536 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe 792 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 2972 C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\ABoard.exe 2920 C:\Program Files (x86)\Packard Bell\SetupMyPC\SmpSys.exe 2960 C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe 2300 C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\AOSD.exe 3124 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe 3156 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe 3196 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 3356 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 3684 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe 3708 C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe 3736 C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe 4012 C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe 4048 C:\Program Files\Windows Media Player\wmpnscfg.exe 4072 C:\Windows\System32\mobsync.exe 1048 C:\Program Files\Windows Media Player\wmpnetwk.exe 2716 C:\Windows\System32\svchost.exe 156 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe 1400 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 2780 C:\Windows\servicing\TrustedInstaller.exe 2872 C:\Windows\System32\svchost.exe 2656 C:\Program Files\Internet Explorer\iexplore.exe 4928 C:\Program Files\Internet Explorer\iexplore.exe 916 C:\Windows\System32\taskeng.exe 4824 C:\Windows\System32\SearchProtocolHost.exe 4276 C:\Windows\System32\SearchFilterHost.exe 728 C:\Windows\System32\SearchProtocolHost.exe 4296 dllhost.exe 4456 dllhost.exe 2964 C:\Users\Robin\Desktop\MBRCheck.exe 3976 C:\Windows\SysWOW64\conime.exe\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`a9900000 (NTFS)\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000076`46b00000 (NTFS)PhysicalDrive0 Model Number: WDCWD10EADS-00M2B0, Rev: 01.00A01 Size Device Name MBR Status -------------------------------------------- 931 GB \\.\PhysicalDrive0 MBR Code Faked! SHA1: 38BE7869FCCF026F920DA4A541B12E68993C36EDFound non-standard or infected MBR.Enter 'Y' and hit ENTER for more options, or 'N' to exit: Options: [1] Dump the MBR of a physical disk to file. [2] Restore the MBR of a physical disk with a standard boot code. [3] Exit.Enter your choice: 3Done!aswMBR version 0.9.8.986 Copyright© 2011 AVAST SoftwareRun date: 2011-11-18 15:23:11-----------------------------15:23:11.593 OS Version: Windows x64 6.0.6002 Service Pack 215:23:11.593 Number of processors: 2 586 0x170A15:23:11.594 ComputerName: ROBIN-DATOR UserName: Robin15:23:12.934 Initialize success15:23:45.930 AVAST engine defs: 1111180015:24:19.042 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-115:24:19.045 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 315:24:19.058 Disk 0 MBR read successfully15:24:19.061 Disk 0 MBR scan15:24:19.153 Disk 0 MBR:Alureon-I [Rtk]15:24:19.157 Disk 0 TDL4@MBR code has been found15:24:19.160 Disk 0 Windows VISTA default MBR code found via API15:24:19.164 Disk 0 MBR hidden15:24:19.168 Disk 0 MBR [TDL4] **ROOTKIT**15:24:19.173 Disk 0 trace - called modules:15:24:19.178 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8006d18254]<<15:24:19.183 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006a47790]15:24:19.188 3 CLASSPNP.SYS[fffffa60011cec33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004c3e050]15:24:19.194 \Driver\iaStor[0xfffffa80040dcae0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8006d1825415:24:20.859 AVAST engine scan C:\Windows15:24:27.509 AVAST engine scan C:\Windows\system3215:26:59.151 AVAST engine scan C:\Windows\system32\drivers15:27:15.640 AVAST engine scan C:\Users\Robin15:28:19.725 AVAST engine scan C:\ProgramData15:30:34.302 Scan finished successfully15:32:39.837 Disk 0 MBR has been saved successfully to "C:\Users\Robin\Desktop\MBR.dat"15:32:39.844 The log file has been saved successfully to "C:\Users\Robin\Desktop\aswMBR.txt"Do you think you could tell me what sort of virus were dealing with since i got no clue. Is it stealing information or just trying to destroy my computer? And is is it removeable or am i way in over my head and should just scrap this pc and get a new one?Thanks again for taking your time looking through this.MBR.zip Link to post Share on other sites More sharing options...
Staff screen317 Posted November 22, 2011 Staff ID:497117 Share Posted November 22, 2011 Hi,Read all these directions before proceeding.When you have the .ISO file downloaded, you need to create a bootable disk or flash drive with it, using a clean PC to do that. The .ISO file is a disk image. It should NOT be burned as a regular file. You need a program like BurnAware Free or ImgBurn that can burn an .ISO image. I think a CD is best as there is no way anything can write on it after it is made, but the USB may be more convenient and easier.Be sure to read these:Download Kaspersky Rescue Disk 10How to record Kaspersky Rescue Disk 10 to an USB device and boot my computer from it?How to record Kaspersky Rescue Disk 10 to a CD/DVD and boot my computer from the disk?Summarizing:Go to a clean PC.Download the .iso image file.Create a CD (or flash drive if you prefer).At the infected PC: put the disk in the drive and reboot.Follow the directions here, but you will find some differences. Familiarize yourself with How to create a report file in Kaspersky Rescue Disk 10?Print the following directions:Boot from Kaspersky Rescue Disk 10:Restart your computer and put the disk in the drive while booting. Press any key. A loading wizard will start (you will see the menu to select the required language). If you do not press any key in 10 seconds, the computer boots from hard drive automatically.Select the required interface language using the arrow-keys on your keyboard.Press the Enter key on the keyboard.In the start up wizard window that opens, select the Kaspersky Rescue Disk. Graphic Mode Click Enter.Click 'A' to accept the agreement.Select operating system from dropdown menu (select Windows whatever)Select Objects to scan: check Disk boot sectors, Hidden startup objects, C:Click My Update Center and update if any availableBack to other tab and click Start Object Scan.(It took 3 hours to scan my 47G)When scan has completed save a report:On the upper part of the Kaspersky Rescue Disk window, click on the Report link.On the bottom right hand corner of the Protection status - Kaspersky Rescue Disk window, click on the Detailed Report button.On the upper right hand corner of the Detailed report window, click on the Save button.After clicking Detailed Report and 'SAVE', a browse window opens. Double-click on the \Click 'disks'.All your drives will be shown and you can easily double-click C and save the report to C:\KasperskyRescueDisk10.txt.Click on the Save button.The report has been saved to the file. Remove the disk from the drive (or disconnect USB) and reboot normally. Link to post Share on other sites More sharing options...
extro Posted November 22, 2011 Author ID:497317 Share Posted November 22, 2011 okay, finally done:) Rebooted the pc and was surprised. Seems like everything is working correct now. I Could update my pc with windows update,i can use normal internet and firefox without the DEP shutting it down, all the pop-ups are gone, google redirects gone, i can see more then 20 picture on google picture searchs. So ye it seems like its working.The saved report from the rescue diskObjects Scan: completed 4 minutes ago (events: 7, objects: 939096, time: 01:19:20) 11/22/11 8:54 PM Task started 11/22/11 8:54 PM Detected: Rootkit.Boot.SST.a /dev/sda 11/22/11 8:54 PM Untreated: Rootkit.Boot.SST.a /dev/sda Postponed 11/22/11 10:13 PM Detected: Rootkit.Boot.SST.a /dev/sda 11/22/11 10:13 PM Disinfected: Rootkit.Boot.SST.a /dev/sda 11/22/11 10:13 PM Disinfected: Rootkit.Boot.SST.a /dev/sda 11/22/11 10:13 PM Task completed Also scanned the pc with Avira Antirus premium 2012 wich was the first program to find the virus, and here the logAvira Antivirus Premium 2012Report file date: den 22 november 2011 22:47Scanning for 3587539 virus strains and unwanted programs.The program is running as a fully functional evaluation version.Online services are available:Licensee : robin lundbergSerial number : 2217053902-PEPWE-0000001Platform : Windows Vista x64Windows version : (Service Pack 2) [6.0.6002]Boot mode : Normally bootedUsername : RobinComputer name : ROBIN-DATORVersion information:BUILD.DAT : 12.0.0.877 42511 Bytes 2011-10-19 18:51:00AVSCAN.EXE : 12.1.0.18 490448 Bytes 2011-10-19 15:03:11AVSCAN.DLL : 12.1.0.17 54224 Bytes 2011-10-19 15:03:34LUKE.DLL : 12.1.0.17 68304 Bytes 2011-10-19 15:03:21AVSCPLR.DLL : 12.1.0.19 99536 Bytes 2011-10-19 15:03:11AVREG.DLL : 12.1.0.22 226512 Bytes 2011-10-19 15:03:10VBASE000.VDF : 7.10.0.0 19875328 Bytes 2009-11-06 18:18:34VBASE001.VDF : 7.11.0.0 13342208 Bytes 2010-12-14 09:07:39VBASE002.VDF : 7.11.3.0 1950720 Bytes 2011-02-09 15:08:51VBASE003.VDF : 7.11.5.225 1980416 Bytes 2011-04-07 10:00:55VBASE004.VDF : 7.11.8.178 2354176 Bytes 2011-05-31 10:18:22VBASE005.VDF : 7.11.10.251 1788416 Bytes 2011-07-07 12:12:53VBASE006.VDF : 7.11.13.60 6411776 Bytes 2011-08-16 07:26:09VBASE007.VDF : 7.11.15.106 2389504 Bytes 2011-10-05 15:03:28VBASE008.VDF : 7.11.15.107 2048 Bytes 2011-10-05 15:03:28VBASE009.VDF : 7.11.15.108 2048 Bytes 2011-10-05 15:03:28VBASE010.VDF : 7.11.15.109 2048 Bytes 2011-10-05 15:03:28VBASE011.VDF : 7.11.15.110 2048 Bytes 2011-10-05 15:03:28VBASE012.VDF : 7.11.15.111 2048 Bytes 2011-10-05 15:03:28VBASE013.VDF : 7.11.15.144 161792 Bytes 2011-10-07 15:03:28VBASE014.VDF : 7.11.15.177 130048 Bytes 2011-10-10 15:03:28VBASE015.VDF : 7.11.15.213 113664 Bytes 2011-10-11 15:03:28VBASE016.VDF : 7.11.16.1 163328 Bytes 2011-10-14 15:03:28VBASE017.VDF : 7.11.16.34 187904 Bytes 2011-10-18 15:03:28VBASE018.VDF : 7.11.16.77 139264 Bytes 2011-10-20 13:58:20VBASE019.VDF : 7.11.16.112 162816 Bytes 2011-10-24 13:58:21VBASE020.VDF : 7.11.16.150 167424 Bytes 2011-10-26 13:58:21VBASE021.VDF : 7.11.16.187 171520 Bytes 2011-10-28 13:58:21VBASE022.VDF : 7.11.16.209 190976 Bytes 2011-10-31 17:57:52VBASE023.VDF : 7.11.16.243 158208 Bytes 2011-11-02 17:09:23VBASE024.VDF : 7.11.17.21 194560 Bytes 2011-11-06 13:49:47VBASE025.VDF : 7.11.17.101 202752 Bytes 2011-11-09 15:33:03VBASE026.VDF : 7.11.17.137 214528 Bytes 2011-11-11 15:46:15VBASE027.VDF : 7.11.17.154 278528 Bytes 2011-11-14 17:06:19VBASE028.VDF : 7.11.17.197 175616 Bytes 2011-11-16 15:17:58VBASE029.VDF : 7.11.17.233 281088 Bytes 2011-11-20 16:18:26VBASE030.VDF : 7.11.18.10 221696 Bytes 2011-11-22 21:22:17VBASE031.VDF : 7.11.18.11 2048 Bytes 2011-11-22 21:22:17Engineversion : 8.2.6.116 AEVDF.DLL : 8.1.2.2 106868 Bytes 2011-10-28 13:58:25AESCRIPT.DLL : 8.1.3.86 471420 Bytes 2011-11-18 14:07:20AESCN.DLL : 8.1.7.2 127349 Bytes 2011-09-01 21:46:02AESBX.DLL : 8.2.1.34 323957 Bytes 2011-09-01 21:46:02AERDL.DLL : 8.1.9.15 639348 Bytes 2011-09-08 21:16:06AEPACK.DLL : 8.2.13.4 684406 Bytes 2011-11-10 17:16:39AEOFFICE.DLL : 8.1.2.20 201083 Bytes 2011-11-18 14:07:19AEHEUR.DLL : 8.1.2.192 3838328 Bytes 2011-11-18 14:07:19AEHELP.DLL : 8.1.18.0 254327 Bytes 2011-10-28 13:58:23AEGEN.DLL : 8.1.5.14 405877 Bytes 2011-11-18 14:07:16AEEMU.DLL : 8.1.3.0 393589 Bytes 2011-09-01 21:46:01AECORE.DLL : 8.1.24.0 196983 Bytes 2011-10-28 13:58:22AEBB.DLL : 8.1.1.0 53618 Bytes 2011-09-01 21:46:01AVWINLL.DLL : 12.1.0.17 27344 Bytes 2011-10-19 15:03:14AVPREF.DLL : 12.1.0.17 51920 Bytes 2011-10-19 15:03:10AVREP.DLL : 12.1.0.17 179920 Bytes 2011-10-19 15:03:11AVARKT.DLL : 12.1.0.17 223184 Bytes 2011-10-19 15:03:08AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 2011-10-19 15:03:09SQLITE3.DLL : 3.7.0.0 398288 Bytes 2011-10-19 15:03:26AVSMTP.DLL : 12.1.0.17 63440 Bytes 2011-10-19 15:03:12NETNT.DLL : 12.1.0.17 17104 Bytes 2011-10-19 15:03:22RCIMAGE.DLL : 12.1.0.17 4493520 Bytes 2011-10-19 15:03:37RCTEXT.DLL : 12.1.0.16 96208 Bytes 2011-10-19 15:03:38Configuration settings for the scan:Jobname.............................: Complete system scanConfiguration file..................: C:\program files (x86)\avira\antivir desktop\sysscan.avpLogging.............................: defaultPrimary action......................: interactiveSecondary action....................: ignoreScan master boot sector.............: onScan boot sector....................: onBoot sectors........................: C:, D:, Process scan........................: onExtended process scan...............: onScan registry.......................: onSearch for rootkits.................: onIntegrity checking of system files..: offScan all files......................: All filesScan archives.......................: onRecursion depth.....................: 20Smart extensions....................: onMacro heuristic.....................: onFile heuristic......................: extendedStart of the scan: den 22 november 2011 22:47Starting master boot sector scan:Master boot sector HD0 [iNFO] No virus was found!Master boot sector HD1 [iNFO] No virus was found!Master boot sector HD2 [iNFO] No virus was found!Master boot sector HD3 [iNFO] No virus was found!Master boot sector HD4 [iNFO] No virus was found!Start scanning boot sectors:Boot sector 'C:\' [iNFO] No virus was found!Boot sector 'D:\' [iNFO] No virus was found!Starting search for hidden objects.HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0A4286EA-E355-44FB-8086-AF3DF7645BD9}\localizedstring [NOTE] The registry entry is invisible.HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0A4286EA-E355-44FB-8086-AF3DF7645BD9}\localizedstringC:\Windows\system32\msxml3.dllC:\Windows\system32\msxml3.dll [NOTE] The registry entry is invisible.C:\Windows\system32\msxml6.dllC:\Windows\system32\msxml6.dll [NOTE] The registry entry is invisible.C:\Windows\system32\unregmp2.exe /ShowWMPC:\Windows\system32\unregmp2.exe [NOTE] The registry entry is invisible.C:\Program Files\Windows Media PlayerC:\Program Files\Windows Media Player [NOTE] The registry entry is invisible.C:\Program Files\Windows Media PlayerC:\Windows\system32\wbem\Logs\WMITracing.logC:\Windows\system32\wbem\Logs\WMITracing.log [NOTE] The registry entry is invisible.HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Applets\SysTray\BattMeter\Flyout\381b4222-f694-41f0-9685-ff5bb260df2e [NOTE] The registry entry is invisible.HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\symboliclinkvalue [NOTE] The registry entry is invisible.C:\Windows\IME\SpTip.DLLC:\Windows\IME\SpTip.DLL [NOTE] The registry entry is invisible.HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\LanguageProfile\0x0000ffff\{6A114E62-E11B-447F-9A58-2D354F5C9204}\display description [NOTE] The registry entry is invisible.HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\dokchampa (truetype) [NOTE] The registry entry is invisible.HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\impact (truetype [NOTE] The registry entry is invisible.HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\calibri (truetype [NOTE] The registry entry is invisible.HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\consolas (truetype [NOTE] The registry entry is invisible.HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\constantia (truetype [NOTE] The registry entry is invisible.HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\corbel (truetype [NOTE] The registry entry is invisible.HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\palatino linotype (truetype [NOTE] The registry entry is invisible.HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\std [NOTE] The registry entry is invisible.HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\dlt [NOTE] The registry entry is invisible.HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\std [NOTE] The registry entry is invisible.HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\dlt [NOTE] The registry entry is invisible.HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Pacific Standard Time\display [NOTE] The registry entry is invisible.HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Time Zones\GTB Standard Time\display [NOTE] The registry entry is invisible.HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Time Zones\Kaliningrad Standard Time\std [NOTE] The registry entry is invisible.HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Time Zones\Kaliningrad Standard Time\dlt [NOTE] The registry entry is invisible.HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Time Zones\Kamchatka Standard Time\std [NOTE] The registry entry is invisible.HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Time Zones\Kamchatka Standard Time\dlt [NOTE] The registry entry is invisible.HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Time Zones\Kamchatka Standard Time\display [NOTE] The registry entry is invisible.HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Time Zones\Magadan Standard Time\std [NOTE] The registry entry is invisible.HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Time Zones\Magadan Standard Time\dlt [NOTE] The registry entry is invisible.HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Time Zones\Mauritius Standard Time\std [NOTE] The registry entry is invisible.HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Time Zones\Mauritius Standard Time\dlt [NOTE] The registry entry is invisible.HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Time Zones\Montevideo Standard Time\std [NOTE] The registry entry is invisible.HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Time Zones\Montevideo Standard Time\dlt [NOTE] The registry entry is invisible.HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Time Zones\Morocco Standard Time\std [NOTE] The registry entry is invisible.HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Time Zones\Morocco Standard Time\dlt [NOTE] The registry entry is invisible.HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Time Zones\Pakistan Standard Time\std [NOTE] The registry entry is invisible.HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Time Zones\Pakistan Standard Time\dlt [NOTE] The registry entry is invisible.HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Time Zones\Paraguay Standard Time\std [NOTE] The registry entry is invisible.HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Time Zones\Paraguay Standard Time\dlt [NOTE] The registry entry is invisible.HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Time Zones\Syria Standard Time\std [NOTE] The registry entry is invisible.HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Time Zones\Syria Standard Time\dlt [NOTE] The registry entry is invisible.HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Time Zones\Turkey Standard Time\std [NOTE] The registry entry is invisible.HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Time Zones\Turkey Standard Time\dlt [NOTE] The registry entry is invisible.HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Time Zones\Ulaanbaatar Standard Time\std [NOTE] The registry entry is invisible.HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Time Zones\Ulaanbaatar Standard Time\dlt [NOTE] The registry entry is invisible.HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Time Zones\UTC\std [NOTE] The registry entry is invisible.HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Time Zones\UTC\stdHKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Time Zones\Venezuela Standard Time\std [NOTE] The registry entry is invisible.HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Time Zones\Venezuela Standard Time\dlt [NOTE] The registry entry is invisible.HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\fdwsupport [NOTE] The registry entry is invisible.HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\cformattags [NOTE] The registry entry is invisible.HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\aformattagcache [NOTE] The registry entry is invisible.HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\cfiltertags [NOTE] The registry entry is invisible.HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\fdwsupport [NOTE] The registry entry is invisible.HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\cformattags [NOTE] The registry entry is invisible.HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\aformattagcache [NOTE] The registry entry is invisible.HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\cfiltertags [NOTE] The registry entry is invisible.HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\fdwsupport [NOTE] The registry entry is invisible.HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\cformattags [NOTE] The registry entry is invisible.HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\aformattagcache [NOTE] The registry entry is invisible.HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\cfiltertags [NOTE] The registry entry is invisible.HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\fdwsupport [NOTE] The registry entry is invisible.HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\cformattags [NOTE] The registry entry is invisible.HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\aformattagcache [NOTE] The registry entry is invisible.HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\cfiltertags [NOTE] The registry entry is invisible.HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\fdwsupport [NOTE] The registry entry is invisible.HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\cformattags [NOTE] The registry entry is invisible.HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\aformattagcache [NOTE] The registry entry is invisible.HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\cfiltertags [NOTE] The registry entry is invisible.HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.siren\fdwsupport [NOTE] The registry entry is invisible.HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.siren\cformattags [NOTE] The registry entry is invisible.HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.siren\aformattagcache [NOTE] The registry entry is invisible.HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.siren\cfiltertags [NOTE] The registry entry is invisible.HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D\MostRecentApplication\name [NOTE] The registry entry is invisible."C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE" /n /ddeC:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE [NOTE] The registry entry is invisible.The scan of running processes will be startedScan process 'avscan.exe' - '69' Module(s) have been scannedScan process 'avcenter.exe' - '100' Module(s) have been scannedScan process 'conime.exe' - '17' Module(s) have been scannedScan process 'NMIndexingService.exe' - '39' Module(s) have been scannedScan process 'AOSD.exe' - '18' Module(s) have been scannedScan process 'avgnt.exe' - '68' Module(s) have been scannedScan process 'NMIndexStoreSvr.exe' - '47' Module(s) have been scannedScan process 'SmpSys.exe' - '26' Module(s) have been scannedScan process 'ABoard.exe' - '19' Module(s) have been scannedScan process 'IAAnotif.exe' - '38' Module(s) have been scannedScan process 'AVWEBGRD.EXE' - '42' Module(s) have been scannedScan process 'avmailc.exe' - '35' Module(s) have been scannedScan process 'IAANTMon.exe' - '36' Module(s) have been scannedScan process 'IoctlSvc.exe' - '22' Module(s) have been scannedScan process 'NBService.exe' - '42' Module(s) have been scannedScan process 'HidService.exe' - '23' Module(s) have been scannedScan process 'avguard.exe' - '66' Module(s) have been scannedScan process 'PhotoshopElementsFileAgent.exe' - '28' Module(s) have been scannedScan process 'sched.exe' - '53' Module(s) have been scannedStarting to scan executable files (registry).The registry was scanned ( '1108' files ).Starting the file scan:Begin scan in 'C:\' <OS>Begin scan in 'D:\' <DATA>End of the scan: den 22 november 2011 23:59Used time: 1:12:21 Hour(s)The scan has been done completely. 37873 Scanned directories 923692 Files were scanned 0 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 Files were deleted 0 Viruses and unwanted programs were repaired 0 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 923692 Files not concerned 5927 Archives were scanned 0 Warnings 75 Notes 628231 Objects were scanned with rootkit scan 78 Hidden objects were foundSo, thanks for all your help! I really appreciate it=) Link to post Share on other sites More sharing options...
Staff screen317 Posted November 27, 2011 Staff ID:498499 Share Posted November 27, 2011 Hi, Next, please run a free online scan with the ESET Online Scanner Note: You will need to use Internet Explorer for this scan.Tick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick Scan Wait for the scan to finishUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topic Next, download my Security Check from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document. Let me know how things are running now and what issues remain. Link to post Share on other sites More sharing options...
extro Posted November 28, 2011 Author ID:498986 Share Posted November 28, 2011 Eset scan didnt find anything, so cant find any log.Results of screen317's Security Check version 0.99.28 Windows Vista x64 (UAC is enabled) Out of date service pack!! Internet Explorer 9 `````````````````````````````` Antivirus/Firewall Check: Avira Antivirus Premium 2012 WMI entry may not exist for antivirus; attempting automatic update. Avira successfully updated! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Adobe Flash Player 11.1.102.55 Adobe Reader 9 Adobe Reader out of date! Mozilla Firefox (8.0.1) ```````````````````````````````` Process Check: objlist.exe by Laurent Avira Antivir avgnt.exe Avira Antivir avguard.exe ``````````End of Log```````````` Link to post Share on other sites More sharing options...
extro Posted November 28, 2011 Author ID:498987 Share Posted November 28, 2011 The computer is working fine, no pop-ups,no DEP messages or google redirects. Link to post Share on other sites More sharing options...
Staff screen317 Posted December 4, 2011 Staff ID:500968 Share Posted December 4, 2011 Great news!Run TFC by OldTimer to clear temporary files:Please download TFC from here and save it to your desktop.Close any open programs and Internet browsers.Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.Please be patient as clearing out temp files may take a while.Once it completes you may be prompted to restart your computer, please do so.Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstallThis uninstalls all of ComboFix's components.Delete SecurityCheck.After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):ESET Online Scanner v3 Adobe Reader 9Restart your computer.Get the latest version of Adobe Reader.Next, it is absolutely essential that you upgrade to Windows Vista Service Pack 2. What you currently have, Service Pack 1, has vulnerabilities that leave you wide open for re-infection. To upgrade, please click Start, type in Windows Update, click Windows Update, then download all available critical updates, including Service Pack 2.Let me know how that goes and if there were any issues updating. Link to post Share on other sites More sharing options...
extro Posted December 4, 2011 Author ID:501062 Share Posted December 4, 2011 Hi, done everything that you asked me to me and everything went okay. No error or other complications.!Computer is still running smooth without pop-ups,google redirects, and no DEP messages:)//Thanks Link to post Share on other sites More sharing options...
Recommended Posts