TechSpot

Laptop infected with W32/Zbot

Solved
By Tobeza
Apr 19, 2012
Topic Status:
Not open for further replies.
  1. So I seem to have infected my laptop with Trojan W32/Zbot.VAL. and I could really use some help of getting rid of it safely.

    This is what mbrcheck says:

    MBRCheck, version 1.2.3
    (c) 2010, AD
    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: Service Pack 1 (build 7601), 64-bit
    Base Board Manufacturer: ASUSTeK Computer Inc.
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer: ASUSTeK Computer Inc.
    System Product Name: K73BY
    Logical Drives Mask: 0x000101fc
    Kernel Drivers (total 220):
    0x03007000 \SystemRoot\system32\ntoskrnl.exe
    0x035EF000 \SystemRoot\system32\hal.dll
    0x00BB8000 \SystemRoot\system32\kdcom.dll
    0x00C1A000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    0x00C27000 \SystemRoot\system32\PSHED.dll
    0x00C3B000 \SystemRoot\system32\CLFS.SYS
    0x00C99000 \SystemRoot\system32\CI.dll
    0x00D59000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00C00000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00E69000 \SystemRoot\System32\Drivers\sptd.sys
    0x00E00000 \SystemRoot\system32\drivers\ACPI.sys
    0x00E57000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x00FDD000 \SystemRoot\system32\drivers\msisadrv.sys
    0x00FE7000 \SystemRoot\system32\drivers\vdrvroot.sys
    0x0106C000 \SystemRoot\system32\drivers\pci.sys
    0x0109F000 \SystemRoot\System32\drivers\partmgr.sys
    0x010B4000 \SystemRoot\system32\drivers\compbatt.sys
    0x010BD000 \SystemRoot\system32\drivers\BATTC.SYS
    0x010C9000 \SystemRoot\system32\drivers\volmgr.sys
    0x010DE000 \SystemRoot\System32\drivers\volmgrx.sys
    0x0113A000 \SystemRoot\system32\drivers\pciide.sys
    0x01141000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x01151000 \SystemRoot\System32\drivers\mountmgr.sys
    0x0116B000 \SystemRoot\system32\drivers\atapi.sys
    0x01174000 \SystemRoot\system32\drivers\ataport.SYS
    0x0119E000 \SystemRoot\system32\drivers\msahci.sys
    0x011A9000 \SystemRoot\system32\DRIVERS\amd_sata.sys
    0x01000000 \SystemRoot\system32\DRIVERS\storport.sys
    0x011BF000 \SystemRoot\system32\DRIVERS\amd_xata.sys
    0x011CC000 \SystemRoot\system32\drivers\amdxata.sys
    0x0121D000 \SystemRoot\system32\drivers\fltmgr.sys
    0x01269000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01405000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x0127D000 \SystemRoot\System32\Drivers\msrpc.sys
    0x015A8000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x012DB000 \SystemRoot\System32\Drivers\cng.sys
    0x015C3000 \SystemRoot\System32\drivers\pcw.sys
    0x015D4000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x016B5000 \SystemRoot\system32\drivers\ndis.sys
    0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x0183A000 \SystemRoot\System32\drivers\tcpip.sys
    0x01A3E000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01A88000 \SystemRoot\system32\drivers\volsnap.sys
    0x01AD4000 \SystemRoot\System32\Drivers\spldr.sys
    0x01ADC000 \SystemRoot\System32\drivers\rdyboost.sys
    0x01B16000 \SystemRoot\System32\Drivers\mup.sys
    0x01B28000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x01B31000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x01B6B000 \SystemRoot\system32\drivers\disk.sys
    0x01B81000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x01800000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x0182A000 \SystemRoot\System32\Drivers\Null.SYS
    0x01833000 \SystemRoot\System32\Drivers\Beep.SYS
    0x01BF2000 \SystemRoot\System32\drivers\vga.sys
    0x0168B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x017A8000 \SystemRoot\System32\drivers\watchdog.sys
    0x017B8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x017C1000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x017CA000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x017D3000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x017DE000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x015DE000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x017EF000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x0134D000 \SystemRoot\system32\drivers\afd.sys
    0x03E46000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x03E8B000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x03E94000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x03EBA000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x03ED0000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x03EDF000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x03EFA000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x03F0E000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x03F5F000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x03F6B000 \??\c:\program files\norman\ngs\bin\ngs64.sys
    0x03F78000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x03F83000 \SystemRoot\System32\drivers\discache.sys
    0x03F92000 \SystemRoot\System32\Drivers\dfsc.sys
    0x03FB0000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x03FC1000 \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
    0x03FCA000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x040AA000 \SystemRoot\system32\DRIVERS\atikmpag.sys
    0x04A05000 \SystemRoot\system32\DRIVERS\atikmdag.sys
    0x040FA000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x04000000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x053DB000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x04046000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x04051000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x041EE000 \SystemRoot\system32\DRIVERS\usbfilter.sys
    0x03E00000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x03E11000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x013D6000 \SystemRoot\system32\DRIVERS\ETD.sys
    0x03E2F000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x03E3E000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
    0x03FF0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x04A00000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x02E7E000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
    0x044B2000 \SystemRoot\system32\DRIVERS\athrx.sys
    0x046D9000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x046E6000 \SystemRoot\System32\Drivers\a0r87biu.SYS
    0x04737000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x04766000 \SystemRoot\system32\DRIVERS\amdppm.sys
    0x0477B000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x04784000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x04794000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x047AA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x047CE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x04400000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x0442F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x0444A000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x0446B000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x04485000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x02EEA000 \SystemRoot\system32\DRIVERS\ks.sys
    0x04487000 \SystemRoot\system32\DRIVERS\btath_bus.sys
    0x04492000 \SystemRoot\system32\DRIVERS\amdiox64.sys
    0x047DA000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x02F2D000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x02F87000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x02F9C000 \SystemRoot\system32\drivers\AtihdW76.sys
    0x02E00000 \SystemRoot\system32\drivers\portcls.sys
    0x02E3D000 \SystemRoot\system32\drivers\drmk.sys
    0x047EC000 \SystemRoot\system32\drivers\ksthunk.sys
    0x06657000 \SystemRoot\system32\drivers\HdAudio.sys
    0x00070000 \SystemRoot\System32\win32k.sys
    0x066B3000 \SystemRoot\System32\drivers\Dxapi.sys
    0x066BF000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x066DA000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x066DC000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x066EA000 \SystemRoot\system32\DRIVERS\btfilter.sys
    0x06732000 \SystemRoot\System32\Drivers\BTHUSB.sys
    0x0674A000 \SystemRoot\System32\Drivers\bthport.sys
    0x067D6000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x06600000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x0662E000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x0663C000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x067F3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x047F2000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x01BB1000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x02E5F000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x00470000 \SystemRoot\System32\TSDDD.dll
    0x044A6000 \SystemRoot\System32\Drivers\dump_diskdump.sys
    0x02FDA000 \SystemRoot\System32\Drivers\dump_amd_sata.sys
    0x01200000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x007A0000 \SystemRoot\System32\cdd.dll
    0x02A03000 \SystemRoot\system32\DRIVERS\rfcomm.sys
    0x02A2F000 \SystemRoot\system32\drivers\BthEnum.sys
    0x02A3F000 \SystemRoot\system32\DRIVERS\bthpan.sys
    0x02A5F000 \SystemRoot\system32\DRIVERS\btath_rcp.sys
    0x02A84000 \SystemRoot\system32\drivers\btath_a2dp.sys
    0x02AEB000 \SystemRoot\system32\DRIVERS\btath_hcrp.sys
    0x02B4E000 \SystemRoot\system32\DRIVERS\btath_flt.sys
    0x02B5D000 \SystemRoot\system32\DRIVERS\btath_lwflt.sys
    0x02B70000 \SystemRoot\system32\drivers\luafv.sys
    0x02B93000 \SystemRoot\system32\DRIVERS\Sftvollh.sys
    0x02B9E000 \SystemRoot\system32\drivers\WudfPf.sys
    0x02BBF000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x062C2000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x06315000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x06328000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x06340000 \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
    0x06348000 \SystemRoot\system32\DRIVERS\vwifimp.sys
    0x07C9A000 \SystemRoot\system32\drivers\HTTP.sys
    0x07D63000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x07D81000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x07D99000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x07C00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x07C4E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x07C72000 \??\C:\Program Files\Norman\Ngs\Bin\nregsec64.sys
    0x06352000 \SystemRoot\system32\drivers\peauth.sys
    0x07C84000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x06200000 \SystemRoot\system32\DRIVERS\Sftfslh.sys
    0x084A4000 \SystemRoot\system32\DRIVERS\Sftplaylh.sys
    0x084F1000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x08522000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x08534000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x08400000 \SystemRoot\System32\DRIVERS\srv.sys
    0x08498000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys
    0x085AF000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x07DC6000 \SystemRoot\system32\drivers\mrxdav.sys
    0x085D8000 \SystemRoot\system32\DRIVERS\nvcv64mf.sys
    0x085EA000 \??\C:\Program Files\Norman\nse\bin\nsak64.sys
    0x77350000 \Windows\System32\ntdll.dll
    0x47A00000 \Windows\System32\smss.exe
    0xFF670000 \Windows\System32\apisetschema.dll
    0xFF5F0000 \Windows\System32\autochk.exe
    0xFF590000 \Windows\System32\usp10.dll
    0xFF3B0000 \Windows\System32\setupapi.dll
    0xFF3A0000 \Windows\System32\nsi.dll
    0xFF2C0000 \Windows\System32\advapi32.dll
    0xFF0B0000 \Windows\System32\ole32.dll
    0xFF010000 \Windows\System32\clbcatq.dll
    0x77200000 \Windows\System32\urlmon.dll
    0x770A0000 \Windows\System32\wininet.dll
    0xFEFE0000 \Windows\System32\imm32.dll
    0xFEEB0000 \Windows\System32\rpcrt4.dll
    0xFE120000 \Windows\System32\shell32.dll
    0xFE0C0000 \Windows\System32\Wldap32.dll
    0x76E90000 \Windows\System32\iertutil.dll
    0xFDFB0000 \Windows\System32\msctf.dll
    0xFDFA0000 \Windows\System32\lpk.dll
    0x76D90000 \Windows\System32\user32.dll
    0xFDF80000 \Windows\System32\imagehlp.dll
    0x77520000 \Windows\System32\psapi.dll
    0xFDEA0000 \Windows\System32\oleaut32.dll
    0xFDE00000 \Windows\System32\comdlg32.dll
    0x76C70000 \Windows\System32\kernel32.dll
    0xFDD90000 \Windows\System32\gdi32.dll
    0xFDD70000 \Windows\System32\sechost.dll
    0x77510000 \Windows\System32\normaliz.dll
    0xFDCF0000 \Windows\System32\shlwapi.dll
    0xFDC50000 \Windows\System32\msvcrt.dll
    0xFDBD0000 \Windows\System32\difxapi.dll
    0xFDB80000 \Windows\System32\ws2_32.dll
    0xFDAE0000 \Windows\System32\comctl32.dll
    0xFDA70000 \Windows\System32\KernelBase.dll
    0xFD900000 \Windows\System32\crypt32.dll
    0xFD8C0000 \Windows\System32\cfgmgr32.dll
    0xFD8A0000 \Windows\System32\devobj.dll
    0xFD860000 \Windows\System32\wintrust.dll
    0xFD850000 \Windows\System32\msasn1.dll
    Processes (total 104):
    0 System Idle Process
    4 System
    284 C:\Windows\System32\smss.exe
    372 csrss.exe
    464 C:\Windows\System32\wininit.exe
    476 csrss.exe
    520 C:\Windows\System32\services.exe
    556 C:\Windows\System32\lsass.exe
    564 C:\Windows\System32\lsm.exe
    604 C:\Windows\System32\winlogon.exe
    732 C:\Windows\System32\svchost.exe
    792 C:\Program Files\Norman\Npm\Bin\elogsvc.exe
    812 C:\Program Files\Norman\Ngs\Bin\nnf.exe
    860 C:\Windows\System32\svchost.exe
    904 C:\Windows\System32\atiesrxx.exe
    980 C:\Windows\System32\svchost.exe
    112 C:\Windows\System32\svchost.exe
    320 C:\Windows\System32\svchost.exe
    1080 C:\Windows\System32\svchost.exe
    1160 C:\Program Files\Norman\Npm\Bin\zanda.exe
    1188 C:\Program Files\Norman\Npm\Bin\nvoy.exe
    1264 C:\Windows\System32\svchost.exe
    1352 C:\Windows\System32\FBAgent.exe
    1372 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    1400 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    1520 C:\Windows\System32\spoolsv.exe
    1548 C:\Windows\System32\svchost.exe
    1636 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    1668 C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    1700 C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
    1772 C:\Windows\System32\svchost.exe
    1868 C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    1336 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    2088 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2128 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    2208 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    2364 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    2576 C:\Windows\System32\svchost.exe
    2772 C:\Windows\System32\svchost.exe
  2. Tobeza

    Tobeza Newcomer, in training Topic Starter

    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org
    Database version: v2012.04.19.01
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Tommi :: TOMMI-PC [administrator]
    Protection: Enabled
    19.4.2012 13:08:46
    mbam-log-2012-04-19 (13-08-46).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 211530
    Time elapsed: 4 minute(s), 17 second(s)
    Memory Processes Detected: 1
    C:\Users\Tommi\AppData\Roaming\Atfe\oqla.exe (Trojan.Agent) -> 4148 -> Delete on reboot.
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{FDB61C17-48FB-967A-651E-BC71B9E064FD} (Trojan.Agent) -> Data: C:\Users\Tommi\AppData\Roaming\Atfe\oqla.exe -> Quarantined and deleted successfully.
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 1
    C:\Users\Tommi\AppData\Roaming\Atfe\oqla.exe (Trojan.Agent) -> Delete on reboot.
    (end)
  3. Tobeza

    Tobeza Newcomer, in training Topic Starter

    And since I seem to be such a retard in reading forum rules I apologize. These are the rest of the infos that are needed.
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-04-19 13:53:54
    Windows 6.1.7601 Service Pack 1
    Running: vol0g9qm.exe

    ---- Registry - GMER 1.0.15 ----
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74de2b3a49f9
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Pro\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1D 0x87 0x75 0xD6 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1C 0xF4 0x84 0x1F ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6B 0x38 0x0C 0xA9 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74de2b3a49f9 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Pro\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1D 0x87 0x75 0xD6 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1C 0xF4 0x84 0x1F ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6B 0x38 0x0C 0xA9 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore@Count 241241
    ---- Files - GMER 1.0.15 ----
    File C:\Users\Tommi\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{77789383-8A08-11E1-9F00-74DE2B3A49F9}.dat 0 bytes
    File C:\Users\Tommi\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{77789384-8A08-11E1-9F00-74DE2B3A49F9}.dat 0 bytes
    File C:\Users\Tommi\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{77789385-8A08-11E1-9F00-74DE2B3A49F9}.dat 0 bytes
    ---- EOF - GMER 1.0.15 ----

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Tommi at 13:26:46 on 2012-04-19
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.358.1033.18.4076.2491 [GMT 3:00]
    .
    AV: Norman Security Suite *Enabled/Updated* {D038CA80-26F3-90BF-94AA-03C4D945E661}
    SP: Norman Security Suite *Enabled/Updated* {6B592B64-00C9-9F31-AE1A-38B6A2C2ACDC}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\Norman\Npm\Bin\elogsvc.exe
    C:\Program Files\Norman\Ngs\Bin\Nnf.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Program Files\Norman\Npm\Bin\Zanda.exe
    C:\Program Files\Norman\npm\bin\nvoy.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\FBAgent.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Norman\Nvc\bin\nhs.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files\ASUS\P4G\BatteryLife.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    C:\Windows\SysWOW64\ACEngSvr.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Norman\Npm\Bin\scheduler.exe
    C:\Program Files\Norman\Npm\Bin\Njeeves.exe
    C:\Program Files\Norman\Nse\Bin\NSESVC.EXE
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Norman\Nvc\Bin\nvcoas.exe
    C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Program Files (x86)\Nokia\Nokia Internet Modem\Wellphone2.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    C:\Program Files\Norman\Npm\Bin\zlh.exe
    C:\Winamp\winampa.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Norman\Nvc\Bin\cclaw.exe
    C:\Program Files\Elantech\ETDCtrlHelper.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Windows\AsScrPro.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    D:\vol0g9qm.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.fi/
    uDefault_Page_URL = hxxp://asus.msn.com
    mStart Page = hxxp://asus.msn.com
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    uRun: [Nokia Internet Modem] "C:\Program Files (x86)\Nokia\Nokia Internet Modem\WellPhone2.exe" /background
    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
    uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
    mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
    mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
    mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [Norman ZANDA] "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
    mRun: [WinampAgent] C:\Winamp\winampa.exe
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    TCP: DhcpNameServer = 46.163.192.130 46.163.192.140
    TCP: Interfaces\{BA946361-17A5-432E-9954-43D14E8DA1DB} : DhcpNameServer = 46.163.192.130 46.163.192.140
    TCP: Interfaces\{C0DE4B94-7D35-413E-A1CA-731F1959DEC6} : DhcpNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    BHO-X64: IESpeakDoc - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    BHO-X64: Google Dictionary Compression sdch - No File
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    mRun-x64: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
    mRun-x64: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
    mRun-x64: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun-x64: [Norman ZANDA] "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
    mRun-x64: [WinampAgent] C:\Winamp\winampa.exe
    mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
    R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
    R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-5-26 17536]
    R1 NGS;Norman General Security Driver;C:\Program Files\Norman\Ngs\Bin\ngs64.sys [2012-1-25 22368]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-7-14 361984]
    R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
    R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-3-13 138400]
    R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-19 654408]
    R2 NHS;Norman Hash Server;C:\Program Files\Norman\Nvc\Bin\nhs.exe [2012-2-20 871264]
    R2 NNFSVC;Norman Network Filtering service;C:\Program Files\Norman\Ngs\Bin\nnf.exe [2012-1-25 231216]
    R2 Norman ZANDA;Norman ZANDA;C:\Program Files\Norman\Npm\Bin\zanda.exe [2012-2-20 431320]
    R2 nregsec;Norman Registry Security driver;C:\Program Files\Norman\Ngs\Bin\nregsec64.sys [2012-1-25 63032]
    R2 NVOY;Norman Resource Provider;C:\Program Files\Norman\Npm\Bin\nvoy.exe [2012-1-25 100936]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
    R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
    R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
    R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
    R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
    R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
    R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 nsesvc;Norman Scanner Engine Service;C:\Program Files\Norman\Nse\Bin\nsesvc.exe [2012-1-25 423752]
    R3 NvcMFlt;NvcMFlt;C:\Windows\system32\DRIVERS\nvcv64mf.sys --> C:\Windows\system32\DRIVERS\nvcv64mf.sys [?]
    R3 nvcoas;Norman Virus Control on-access component;C:\Program Files\Norman\Nvc\Bin\nvcoas.exe [2012-2-21 276984]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 Scheduler;Norman Scheduler Service;C:\Program Files\Norman\Npm\Bin\scheduler.exe [2012-1-25 148240]
    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-1 135664]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-2 253088]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 gupdatem;Google Päivitä-palvelu (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-1 135664]
    S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
    S3 nokiacpo;Nokia Internet Stick Wireless Modem Service Install;C:\Windows\system32\DRIVERS\nokiacpo.sys --> C:\Windows\system32\DRIVERS\nokiacpo.sys [?]
    S3 nokiappo;Nokia Internet Stick Wireless Modem Power Policy Service;C:\Windows\system32\DRIVERS\nokiappo.sys --> C:\Windows\system32\DRIVERS\nokiappo.sys [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
    .
    =============== Created Last 30 ================
    .
    2012-04-19 10:07:12 -------- d-----w- C:\Users\Tommi\AppData\Roaming\Malwarebytes
    2012-04-19 10:06:58 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-04-19 10:06:56 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-04-19 10:06:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-04-19 01:03:35 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F79E1A40-1309-4F7F-B98D-996AC42F8E99}\offreg.dll
    2012-04-17 12:20:31 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F79E1A40-1309-4F7F-B98D-996AC42F8E99}\mpengine.dll
    2012-04-12 00:07:57 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-04-12 00:07:56 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-04-12 00:07:56 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-04-12 00:02:18 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
    2012-04-12 00:02:17 81408 ----a-w- C:\Windows\System32\imagehlp.dll
    2012-04-12 00:02:17 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
    2012-04-12 00:02:17 5120 ----a-w- C:\Windows\System32\wmi.dll
    2012-04-12 00:02:17 220672 ----a-w- C:\Windows\System32\wintrust.dll
    2012-04-12 00:02:17 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-04-12 00:02:17 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2012-04-02 15:09:04 -------- d-----w- C:\Users\Tommi\AppData\Roaming\Elumh
    2012-04-02 15:09:04 -------- d-----w- C:\Users\Tommi\AppData\Roaming\Atfe
    2012-04-01 21:17:40 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-04-01 21:10:47 -------- d-----w- C:\Users\Tommi\AppData\Local\Downloaded Installations
    .
    ==================== Find3M ====================
    .
    2012-04-19 10:19:39 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-04-19 10:17:23 45056 ----a-w- C:\Windows\System32\acovcnt.exe
    2012-03-14 01:30:21 0 ----a-w- C:\Windows\SysWow64\sho2B3F.tmp
    2012-03-12 14:26:37 564792 ----a-w- C:\Windows\System32\drivers\sptd.sys
    2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
    2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
    2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-02-23 07:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2012-02-15 10:15:43 56888 ----a-w- C:\Windows\System32\drivers\nvcv64mf.sys
    2012-02-14 09:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
    2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
    2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
    2012-01-25 06:38:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-01-25 06:38:38 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-01-25 06:33:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    .
    ============= FINISH: 13:28:21,02 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 25.12.2011 19:50:12
    System Uptime: 19.4.2012 13:16:37 (0 hours ago)
    .
    Motherboard: ASUSTeK Computer Inc. | | K73BY
    Processor: AMD E-450 APU with Radeon(tm) HD Graphics | CPU 1 | 1650/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 200 GiB total, 150,072 GiB free.
    D: is FIXED (NTFS) - 240 GiB total, 240,361 GiB free.
    E: is CDROM ()
    F: is FIXED (NTFS) - 1490 GiB total, 445,385 GiB free.
    G: is FIXED (FAT32) - 373 GiB total, 372,082 GiB free.
    H: is FIXED (FAT32) - 931 GiB total, 280,398 GiB free.
    I: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP49: 9.4.2012 21:08:20 - Windows Update
    RP50: 12.4.2012 3:00:27 - Windows Update
    RP51: 17.4.2012 15:19:44 - Windows Update
    .
    ==== Installed Programs ======================
    .
    .
    ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
    Adobe Flash Player 10 Plugin
    Adobe Reader 8.1.0
    AMD VISION Engine Control Center
    ASUS AI Recovery
    ASUS FancyStart
    ASUS LifeFrame3
    ASUS Live Update
    ASUS SmartLogon
    ASUS Splendid Video Enhancement Technology
    ASUS WebStorage
    ASUS Virtual Camera
    ASUS_Screensaver
    AsusVibe2.0
    Atheros Client Installation Program
    ATK Package
    µTorrent
    Bing Bar
    Bookworm Deluxe
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    Catalyst Control Center Profiles Mobile
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Cooking Dash
    CyberLink LabelPrint
    CyberLink Power2Go
    D3DX10
    DAEMON Tools Pro
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Game Park Console
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Governor of Poker
    Hotel Dash Suite Success
    Jewel Quest 3
    Junk Mail filter update
    Last.fm 1.5.4.27091
    Luxor 3
    Mahjongg dimensions
    Malwarebytes Anti-Malware version 1.61.0.1400
    Media Player Classic - Home Cinema v1.5.2.3456
    Mesh Runtime
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office Home and Business 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    MSVCRT
    MSVCRT_amd64
    Nokia Internet Modem
    Nuance PDF Reader
    Plants vs Zombies
    Realtek Ethernet Controller Driver
    Realtek USB 2.0 Card Reader
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
    syncables desktop SE
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Winamp
    Winamp Detector Plug-in
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Fotogalleri
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
    Windows Live Mesh ActiveX-objekt til fjernforbindelser
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Meshin etäyhteyksien ActiveX-komponentti
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Liven asennustyökalu
    Windows Liven sähköposti
    Windows Liven valokuvavalikoima
    WinFlash
    Wireless Console 3
    World of Goo
    .
    ==== End Of File ===========================
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I'll be glad to help you. But it helps me to help you when I have something besides logs!
    How were you advised you had this malware?
    Did Norman AV just pop up and say 'hey there, guess what- you have a W32/Zbot malware infection'!?
    Are you having any problems that you think may be due to the malware?
    ===========================================
    Please disable or uninstall uTorrent and any other file sharing programs while I'm helping you.
    ==========================================
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ========================================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Before you run the Combofix scan, please disable any security software you have running.

    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe [​IMG]& follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      • The Recovery Console was successfully installed.[/b]
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • .Close/disable all anti virus and anti malware programs
      (If you need help with this, please see HERE)
    • .Close any open browsers.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ============================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    Threads are closed after 5 days if there is no reply.
  5. Tobeza

    Tobeza Newcomer, in training Topic Starter

    I was scanning my computer using Norman Security Suite and it said that I have that. Nothing on my computer has indicated but on the Internet my connection has been kinda buggy. Sometimes my connection isn't as fast as it should be. And I'm using Explorer currently
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Okay, "kinda buggy" doesn't tell me much. A slow connection can be due to the type of connection you have, the ISP, not enough RAM, too many processes starting up and/or malware> or possibly a combination of all!

    So please go ahead and run the 2 scans and post the logs.
  7. Tobeza

    Tobeza Newcomer, in training Topic Starter

    So Eses didn't found any malwares so I have no log to post from it

    ComboFix 12-04-20.02 - Tommi 20.04.2012 14:34:32.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.358.1033.18.4076.2324 [GMT 3:00]
    Sijainti: D:\ComboFix.exe
    AV: Norman Security Suite *Disabled/Updated* {D038CA80-26F3-90BF-94AA-03C4D945E661}
    SP: Norman Security Suite *Disabled/Updated* {6B592B64-00C9-9F31-AE1A-38B6A2C2ACDC}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\FullRemove.exe
    F:\autorun.inf
    G:\autorun.inf
    H:\Autorun.inf
    .
    .
    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2012-03-20 to 2012-04-20 )))))))))))))))))
    .
    .
    2012-04-20 11:44 . 2012-04-20 11:44 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-04-19 14:59 . 2012-04-19 14:59 -------- d-----w- c:\program files (x86)\ESET
    2012-04-19 13:27 . 2012-04-19 13:27 -------- d-----w- c:\users\Tommi\AppData\Roaming\f-secure
    2012-04-19 13:17 . 2012-04-19 13:17 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-04-19 13:16 . 2012-04-19 13:16 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-04-19 13:16 . 2012-04-19 13:16 -------- d-----w- c:\program files (x86)\Java
    2012-04-19 10:07 . 2012-04-19 10:07 -------- d-----w- c:\users\Tommi\AppData\Roaming\Malwarebytes
    2012-04-19 10:06 . 2012-04-19 10:06 -------- d-----w- c:\programdata\Malwarebytes
    2012-04-19 10:06 . 2012-04-19 10:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-04-19 10:06 . 2012-04-04 12:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-19 01:03 . 2012-04-19 13:24 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F79E1A40-1309-4F7F-B98D-996AC42F8E99}\offreg.dll
    2012-04-17 12:20 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F79E1A40-1309-4F7F-B98D-996AC42F8E99}\mpengine.dll
    2012-04-12 00:07 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-04-12 00:07 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-04-12 00:07 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-04-12 00:02 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-04-12 00:02 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
    2012-04-12 00:02 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
    2012-04-12 00:02 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-04-12 00:02 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
    2012-04-12 00:02 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
    2012-04-12 00:02 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
    2012-04-02 15:09 . 2012-04-19 10:16 -------- d-----w- c:\users\Tommi\AppData\Roaming\Atfe
    2012-04-02 15:09 . 2012-04-19 09:27 -------- d-----w- c:\users\Tommi\AppData\Roaming\Elumh
    2012-04-01 21:17 . 2012-04-19 10:19 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-04-01 21:10 . 2012-04-01 21:10 -------- d-----w- c:\users\Tommi\AppData\Local\Downloaded Installations
    .
    .
    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-19 10:19 . 2012-01-05 20:33 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-04-19 10:17 . 2011-10-10 21:48 45056 ----a-w- c:\windows\system32\acovcnt.exe
    2012-03-14 01:30 . 2012-03-14 01:30 0 ----a-w- c:\windows\SysWow64\sho2B3F.tmp
    2012-03-12 14:26 . 2012-03-12 14:26 564792 ----a-w- c:\windows\system32\drivers\sptd.sys
    2012-03-06 02:05 . 2012-03-06 02:05 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
    2012-02-23 07:18 . 2012-01-31 10:17 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-02-17 06:38 . 2012-03-13 20:10 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2012-02-17 05:34 . 2012-03-13 20:10 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
    2012-02-17 04:58 . 2012-03-13 20:10 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-02-17 04:57 . 2012-03-13 20:10 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-02-15 10:15 . 2012-02-20 10:46 56888 ----a-w- c:\windows\system32\drivers\nvcv64mf.sys
    2012-02-14 09:09 . 2012-02-14 09:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
    2012-02-10 06:36 . 2012-03-13 20:15 1544192 ----a-w- c:\windows\system32\DWrite.dll
    2012-02-10 05:38 . 2012-03-13 20:15 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-02-03 04:34 . 2012-03-13 20:15 3145728 ----a-w- c:\windows\system32\win32k.sys
    2012-01-25 06:38 . 2012-03-13 20:10 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-01-25 06:38 . 2012-03-13 20:10 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-01-25 06:33 . 2012-03-13 20:10 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    .
    .
    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Nokia Internet Modem"="c:\program files (x86)\Nokia\Nokia Internet Modem\WellPhone2.exe" [2009-10-23 1962648]
    "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-24 740216]
    "DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-02-02 3035968]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
    "ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-03-31 2018032]
    "ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-14 336384]
    "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
    "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
    "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
    "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-06-10 2255360]
    "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "Norman ZANDA"="c:\program files\Norman\Npm\Bin\ZLH.EXE" [2012-02-14 348560]
    "WinampAgent"="c:\winamp\winampa.exe" [2011-12-09 74752]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-1 548528]
    FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe [2011-10-11 12862]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-31 135664]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 253088]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
    R3 gupdatem;Google Päivitä-palvelu (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-31 135664]
    R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 nokiacpo;Nokia Internet Stick Wireless Modem Service Install;c:\windows\system32\DRIVERS\nokiacpo.sys [x]
    R3 nokiappo;Nokia Internet Stick Wireless Modem Power Policy Service;c:\windows\system32\DRIVERS\nokiappo.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536]
    S1 NGS;Norman General Security Driver;c:\program files\norman\ngs\bin\ngs64.sys [2011-07-12 22368]
    S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-14 361984]
    S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
    S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-13 138400]
    S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    S2 NHS;Norman Hash Server;c:\program files\Norman\Nvc\bin\nhs.exe [2012-02-01 871264]
    S2 NNFSVC;Norman Network Filtering service;c:\program files\Norman\Ngs\Bin\Nnf.exe [2011-11-14 231216]
    S2 nregsec;Norman Registry Security driver;c:\program files\Norman\Ngs\Bin\nregsec64.sys [2011-11-11 63032]
    S2 NVOY;Norman Resource Provider;c:\program files\Norman\npm\bin\nvoy.exe [2011-10-19 100936]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
    S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
    S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\Nse\Bin\NSESVC.EXE [2011-03-08 423752]
    S3 NvcMFlt;NvcMFlt;c:\windows\system32\DRIVERS\nvcv64mf.sys [x]
    S3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\Nvc\Bin\nvcoas.exe [2012-02-20 276984]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 Scheduler;Norman Scheduler Service;c:\program files\Norman\Npm\Bin\scheduler.exe [2011-04-11 148240]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
    .
    .
    'Ajoitetut tehtävät'-kansion sisältö
    .
    2012-04-20 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 10:19]
    .
    2012-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-31 22:45]
    .
    2012-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-31 22:45]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
    @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
    [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
    2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
    @="{64174815-8D98-4CE6-8646-4C039977D808}"
    [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
    2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
    "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Täydentävä tarkistus -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.fi/
    mStart Page = hxxp://asus.msn.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 46.163.192.130 46.163.192.140
    .
    - - - - POISTETUT JÄMÄRIVIT - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
    HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
    AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
    .
    .
    .
    --------------------- LUKITUT REKISTERIAVAIMET ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Valmistumisajankohta: 2012-04-20 14:49:34
    ComboFix-quarantined-files.txt 2012-04-20 11:49
    .
    Ennen ajoa: 160 115 240 960 bytes free
    Ajon jälkeen: 161 526 054 912 bytes free
    .
    - - End Of File - - 7F51145E5BB7E0230051F4881D86BD83
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Okay, there are deletions in Combofix that may indicate there is a malware process on all of the following:
    F: is FIXED (NTFS) - >> F:\autorun.inf
    G: is FIXED (FAT32) - >> G:\autorun.inf
    H: is FIXED (FAT32) - >> H:\Autorun.inf

    If you have access or any of these are an external drive or a flash drive, they should be disinfected:
    • Please download Panda USB Vaccine(you must provide valid e-mail and they will send you download link to this e-mail address) to your desktop.
    • Install and run it.
    • Plug in USB drive and click on Vaccinate USB and Vaccinate computer.
    ====================================================
    I see Daemon CD Emulator on the system. This can affect the scans. Please temporarily remove as follows and include any other CD Emulators if running- it looks like it's on auto-startup so you may have to either remove the Daemon process from the staup menu first, or use Safe Mode to run the program to disable it:
    ------------------------------------------------
    To disable CD Emulation programs using DeFogger please perform these steps:
    1. . Please download DeFogger to your desktop.
    2. . Double-click on the DeFogger icon to start the tool.
    3. . The application window will> appear> click on the Disable button to disable your CD Emulation drivers
    4. . At prompt to continue> click on the Yes button to continue
    5. . When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
    DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.
    ---------------------------
    The following can be done when we're finished: cleaning:
    =======================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    KillAll::
    File::
    c:\windows\SysWow64\sho2B3F.tmp
    c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE 
    
    Folder::
    c:\users\Tommi\AppData\Roaming\f-secure
    
    DDS::
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
    uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"=-
    "DAEMON Tools Pro Agent"=-
    
    Clearjavacache::
    
    Driver::
    BBSvc;
    
    FCopy::
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe
    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    =======================================
    Note: I have removed entries for the Bing Bar Toolbar. I've found that some downloads are adding this toolbar and some associated entries such as adware and an updater. Use the Bing search if you want, but don't allow the toolbar if iyou see if pre-checked on any download screen.
    =======================================
    Leave the new Combofix log in your next reply and advise me of how the system is doing and if there are any remaining problems.
  9. Tobeza

    Tobeza Newcomer, in training Topic Starter

    My system seems to be doing quite okay. Atleast I haven't encountered any problems yet (been using it for about 10 minutes at the time of this post).

    ComboFix 12-04-20.02 - Tommi 20.04.2012 18:17:04.2.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.358.1033.18.4076.2484 [GMT 3:00]
    Sijainti: D:\ComboFix.exe
    Käytetyt komentorivivalitsimet :: D:\CFScript.txt
    AV: Norman Security Suite *Disabled/Updated* {D038CA80-26F3-90BF-94AA-03C4D945E661}
    SP: Norman Security Suite *Disabled/Updated* {6B592B64-00C9-9F31-AE1A-38B6A2C2ACDC}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE"
    "c:\windows\SysWow64\sho2B3F.tmp"
    .
    .
    (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Tommi\AppData\Roaming\f-secure
    .
    .
    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2012-03-20 to 2012-04-20 )))))))))))))))))
    .
    .
    2012-04-20 16:42 . 2012-04-20 16:42 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-04-20 16:42 . 2012-04-20 16:42 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2012-04-20 15:01 . 2012-04-20 15:01 -------- d-----w- c:\programdata\Panda Security
    2012-04-20 15:01 . 2012-04-20 15:01 -------- d-----w- c:\program files (x86)\Panda USB Vaccine
    2012-04-19 14:59 . 2012-04-19 14:59 -------- d-----w- c:\program files (x86)\ESET
    2012-04-19 13:17 . 2012-04-19 13:17 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-04-19 13:16 . 2012-04-19 13:16 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-04-19 13:16 . 2012-04-19 13:16 -------- d-----w- c:\program files (x86)\Java
    2012-04-19 10:07 . 2012-04-19 10:07 -------- d-----w- c:\users\Tommi\AppData\Roaming\Malwarebytes
    2012-04-19 10:06 . 2012-04-19 10:06 -------- d-----w- c:\programdata\Malwarebytes
    2012-04-19 10:06 . 2012-04-19 10:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-04-19 10:06 . 2012-04-04 12:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-17 12:20 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F79E1A40-1309-4F7F-B98D-996AC42F8E99}\mpengine.dll
    2012-04-12 00:07 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-04-12 00:07 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-04-12 00:07 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-04-12 00:02 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-04-12 00:02 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
    2012-04-12 00:02 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
    2012-04-12 00:02 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-04-12 00:02 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
    2012-04-12 00:02 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
    2012-04-12 00:02 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
    2012-04-02 15:09 . 2012-04-19 10:16 -------- d-----w- c:\users\Tommi\AppData\Roaming\Atfe
    2012-04-02 15:09 . 2012-04-19 09:27 -------- d-----w- c:\users\Tommi\AppData\Roaming\Elumh
    2012-04-01 21:17 . 2012-04-19 10:19 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-04-01 21:10 . 2012-04-01 21:10 -------- d-----w- c:\users\Tommi\AppData\Local\Downloaded Installations
    .
    .
    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-20 16:44 . 2011-10-10 21:48 45056 ----a-w- c:\windows\system32\acovcnt.exe
    2012-04-19 10:19 . 2012-01-05 20:33 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-03-14 01:30 . 2012-03-14 01:30 0 ----a-w- c:\windows\SysWow64\sho2B3F.tmp
    2012-03-12 14:26 . 2012-03-12 14:26 564792 ----a-w- c:\windows\system32\drivers\sptd.sys
    2012-03-06 02:05 . 2012-03-06 02:05 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
    2012-02-23 07:18 . 2012-01-31 10:17 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-02-17 06:38 . 2012-03-13 20:10 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2012-02-17 05:34 . 2012-03-13 20:10 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
    2012-02-17 04:58 . 2012-03-13 20:10 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-02-17 04:57 . 2012-03-13 20:10 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-02-15 10:15 . 2012-02-20 10:46 56888 ----a-w- c:\windows\system32\drivers\nvcv64mf.sys
    2012-02-14 09:09 . 2012-02-14 09:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
    2012-02-10 06:36 . 2012-03-13 20:15 1544192 ----a-w- c:\windows\system32\DWrite.dll
    2012-02-10 05:38 . 2012-03-13 20:15 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-02-03 04:34 . 2012-03-13 20:15 3145728 ----a-w- c:\windows\system32\win32k.sys
    2012-01-25 06:38 . 2012-03-13 20:10 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-01-25 06:38 . 2012-03-13 20:10 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-01-25 06:33 . 2012-03-13 20:10 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-04-20_11.45.12 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-04-20 16:42 . 2012-04-20 16:42 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
    - 2012-04-19 10:15 . 2012-04-19 10:15 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
    + 2011-02-18 20:13 . 2012-04-20 16:46 48438 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-04-20 16:46 46096 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-12-26 08:48 . 2012-04-20 15:01 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-12-26 08:48 . 2012-04-19 15:14 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-12-26 08:48 . 2012-04-20 15:01 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-12-26 08:48 . 2012-04-19 15:14 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-04-20 15:01 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-04-19 15:14 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-12-25 17:51 . 2012-04-20 16:46 8520 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-377918112-749962694-2802437002-1001_UserData.bin
    - 2012-04-19 10:17 . 2012-04-19 10:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-04-20 16:43 . 2012-04-20 16:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-04-20 16:43 . 2012-04-20 16:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-04-19 10:17 . 2012-04-19 10:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-07-14 05:01 . 2012-04-20 16:42 385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2012-04-19 10:15 385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2012-01-05 20:24 . 2012-04-20 15:04 615756 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-377918112-749962694-2802437002-1001-12288.dat
    - 2011-10-10 21:47 . 2012-04-19 10:16 1375376 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2011-10-10 21:47 . 2012-04-20 16:42 1375376 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2011-12-25 20:30 . 2012-04-20 16:42 22172868 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-377918112-749962694-2802437002-1001-8192.dat
    + 2011-12-25 20:30 . 2012-04-20 15:04 40423028 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-377918112-749962694-2802437002-1001-4096.dat
    .
    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Nokia Internet Modem"="c:\program files (x86)\Nokia\Nokia Internet Modem\WellPhone2.exe" [2009-10-23 1962648]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
    "ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-03-31 2018032]
    "ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-14 336384]
    "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
    "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
    "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
    "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-06-10 2255360]
    "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "Norman ZANDA"="c:\program files\Norman\Npm\Bin\ZLH.EXE" [2012-02-14 348560]
    "WinampAgent"="c:\winamp\winampa.exe" [2011-12-09 74752]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-1 548528]
    FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe [2011-10-11 12862]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-31 135664]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 253088]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
    R3 gupdatem;Google Päivitä-palvelu (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-31 135664]
    R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 nokiacpo;Nokia Internet Stick Wireless Modem Service Install;c:\windows\system32\DRIVERS\nokiacpo.sys [x]
    R3 nokiappo;Nokia Internet Stick Wireless Modem Power Policy Service;c:\windows\system32\DRIVERS\nokiappo.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
    R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
    S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536]
    S1 NGS;Norman General Security Driver;c:\program files\norman\ngs\bin\ngs64.sys [2011-07-12 22368]
    S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-14 361984]
    S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
    S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-13 138400]
    S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    S2 NHS;Norman Hash Server;c:\program files\Norman\Nvc\bin\nhs.exe [2012-02-01 871264]
    S2 NNFSVC;Norman Network Filtering service;c:\program files\Norman\Ngs\Bin\Nnf.exe [2011-11-14 231216]
    S2 nregsec;Norman Registry Security driver;c:\program files\Norman\Ngs\Bin\nregsec64.sys [2011-11-11 63032]
    S2 NVOY;Norman Resource Provider;c:\program files\Norman\npm\bin\nvoy.exe [2011-10-19 100936]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
    S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
    S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\Nse\Bin\NSESVC.EXE [2011-03-08 423752]
    S3 NvcMFlt;NvcMFlt;c:\windows\system32\DRIVERS\nvcv64mf.sys [x]
    S3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\Nvc\Bin\nvcoas.exe [2012-02-20 276984]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 Scheduler;Norman Scheduler Service;c:\program files\Norman\Npm\Bin\scheduler.exe [2011-04-11 148240]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
    .
    .
    'Ajoitetut tehtävät'-kansion sisältö
    .
    2012-04-20 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 10:19]
    .
    2012-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-31 22:45]
    .
    2012-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-31 22:45]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
    @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
    [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
    2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
    @="{64174815-8D98-4CE6-8646-4C039977D808}"
    [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
    2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
    "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
    "ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
    "Setwallpaper"="c:\programdata\SetWallpaper.cmd" [BU]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
    .
    ------- Täydentävä tarkistus -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.fi/
    mStart Page = hxxp://asus.msn.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 46.163.192.130 46.163.192.140
    .
    - - - - POISTETUT JÄMÄRIVIT - - - -
    .
    Toolbar-Locked - (no file)
    .
    .
    .
    --------------------- LUKITUT REKISTERIAVAIMET ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Muut prosessit ------------------------
    .
    c:\program files\Norman\Npm\Bin\elogsvc.exe
    c:\program files\Norman\Npm\Bin\Zanda.exe
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
    c:\program files (x86)\ASUS\Splendid\ACMON.exe
    c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    c:\program files (x86)\Panda USB Vaccine\USBVaccine.exe
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    c:\program files\Norman\Npm\Bin\Njeeves.exe
    .
    **************************************************************************
    .
    Valmistumisajankohta: 2012-04-20 19:53:52 - kone käynnistettiin uudelleen
    ComboFix-quarantined-files.txt 2012-04-20 16:53
    ComboFix2.txt 2012-04-20 11:49
    .
    Ennen ajoa: 161 314 852 864 bytes free
    Ajon jälkeen: 161 283 604 480 bytes free
    .
    - - End Of File - - 7B8B95F6C81156536799ECB852DD9F09
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Okay- I gave you a few days to check the system. If it is still running without incident, I'd like you to remove just a few entries. You do not need to leave the new log:
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    c:\windows\SysWow64\sho2B3F.tmp
    Folder::
    c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE
    c:\users\Tommi\AppData\Roaming\Atfe
    c:\users\Tommi\AppData\Roaming\Elumh
     
    Clearjavacache::
     
    Driver::
    BBSvc
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
    When through: Click on Start> Run> typr in services.msc> Enter> Scroll down to and double click on BBSvc> Change the Startup type to Disabled> Stop the Service> Then Exit.[/B]
    This is the BingBar Update Seervice
    =====================
    Remove all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
      [o] Click START> then RUN
      [o] Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    • Download OTCleanIt by OldTimer and save it to your Desktop.
      [o] Double click OTCleanIt.exe.
      [o] Click the CleanUp! button.
      [o] If you are prompted to Reboot during the cleanup, select Yes.
      [o]The tool will delete itself once it finishes.
      Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
      Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    • Set a new, clean Restore Point
      [o] Click on Start> right click on Computer> Properties
      [o] Select System Protection
      [o] Click on the Create button (near bottom)
      [o] Type a name for the Restore Point
      [o] Click on Create again to save the restore point.
    • Deleting all but the most recent System Protection point in Windows 7
      [o] Click Start> Computer> right click the C Drive and choose Properties> enter.
      [o] Click Disk Cleanup from there.
      [​IMG]
      [o] Click Clean up system files
      This restarts Disk Cleanup to run in elevated mode.
      [o] Click the More Options tab
      [​IMG]
      [o] Click the Clean up under System Restore and Shadow Copies.
      [o] Click OK.
      [o] You will get a confirmation screen> Just click Delete.
      [o] Click OK on the Disk Cleanup Screen.
      [o] Click Delete Files on the Confirmation screen.
    [​IMG]
    This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
    Images courtesy lytebyte.

    Empty the Recycle Bin

    Let me know if you have any questions.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.