TechSpot

Win 32 malware-gen problems

By JDK88
Jun 18, 2012
  1. I think a got a Win32 Malware-Gen on my PC.

    after my pc didn't want to start up I downloaded avast! in the safe modus (Which I'm currently in). after a full scan it told me something about Win32 Malware-gen. I deleted the file in the hope it would help but it didnt.

    Everytime I start my pc in the regular mode, I need to log in. After that it freezes when I try to click on something.

    Hopefully someone has an answers to my problem:)
    Thanks in advance,

    JDK88
     
  2. JDK88

    JDK88 TS Rookie Topic Starter

    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.06.18.07

    Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
    Internet Explorer 8.0.7601.17514
    Job der Kinderen :: JOBDERKINDEREN [administrator]

    Protection: Disabled

    18/06/2012 22:24:45
    mbam-log-2012-06-18 (22-24-45).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 266688
    Time elapsed: 3 minute(s), 56 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  3. JDK88

    JDK88 TS Rookie Topic Starter

    and I Removed a Trojan_Hopper.exe
     
  4. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
    JDK88 likes this.
  5. JDK88

    JDK88 TS Rookie Topic Starter

    Yes I will
     
  6. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    OK...
     
  7. JDK88

    JDK88 TS Rookie Topic Starter

    Sorry Broni, what do I have to do first?
     
  8. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Re-read my reply #4.
     
  9. JDK88

    JDK88 TS Rookie Topic Starter

    I downloaded alvast! and did the scan, second I did the Malwarebytes. here is the log:

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.06.21.06

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    Job der Kinderen :: JOBDERKINDEREN [administrator]

    24/06/2012 15:18:45
    mbam-log-2012-06-24 (15-18-45).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 268605
    Time elapsed: 5 minute(s), 2 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  10. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Go on....
     
  11. JDK88

    JDK88 TS Rookie Topic Starter

    GMER:
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-06-26 10:21:58
    Windows 6.1.7601 Service Pack 1
    Running: 9o0hmksn.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x46 0x44 0x85 0x6C ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC7 0x85 0xF2 0xC3 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x04 0x84 0x1E 0xE5 ...

    ---- Files - GMER 1.0.15 ----

    File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS816CA.log 1048576 bytes

    ---- EOF - GMER 1.0.15 ----
     
  12. JDK88

    JDK88 TS Rookie Topic Starter

    DDS:
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
    Run by Job der Kinderen at 10:55:32 on 2012-06-26
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3963.3258 [GMT 2:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\Explorer.EXE
    C:\Windows\system32\ctfmon.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Users\JOBDER~1\Desktop\Cleaning\Spybot - Search & Destroy\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
    uRun: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe /A
    uRun: [Facebook Update] "C:\Users\Job der Kinderen\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    uRun: [SpybotSD TeaTimer] C:\Users\Job der Kinderen\Desktop\Cleaning\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [ThreatFire] C:\Users\Job der Kinderen\Desktop\Cleaning\ThreatFire\TFTray.exe
    StartupFolder: C:\Users\JOBDER~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Job der Kinderen\AppData\Roaming\Dropbox\bin\Dropbox.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: &Verzenden naar OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Users\JOBDER~1\Desktop\Cleaning\Spybot - Search & Destroy\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.1 8.8.8.8 8.8.4.4
    TCP: Interfaces\{291712B0-5C29-4A10-B733-CFBE89962186} : DhcpNameServer = 192.168.1.1 8.8.8.8 8.8.4.4
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Users\JOBDER~1\Desktop\Cleaning\Spybot - Search & Destroy\SDHelper.dll
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    mRun-x64: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
    mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun-x64: [ThreatFire] C:\Users\Job der Kinderen\Desktop\Cleaning\ThreatFire\TFTray.exe
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Job der Kinderen\AppData\Roaming\Mozilla\Firefox\Profiles\6t98svv1.default\
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
    FF - plugin: C:\Users\Job der Kinderen\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    FF - plugin: C:\Users\Job der Kinderen\AppData\Local\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Users\Job der Kinderen\AppData\Roaming\Mozilla\Firefox\Profiles\6t98svv1.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    S1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]
    S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    S1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    S2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    S2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-6-18 44768]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2010-10-1 68136]
    S2 gupdate;Google Updateservice (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-8 135664]
    S2 MBAMService;MBAMService;C:\Users\Job der Kinderen\Desktop\Cleaning\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-18 654408]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-13 2214504]
    S2 SBSDWSCService;SBSD Security Center Service;C:\Users\Job der Kinderen\Desktop\Cleaning\Spybot - Search & Destroy\SDWinSec.exe [2012-6-19 1153368]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-4-5 158856]
    S2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2010-10-1 114688]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-20 378984]
    S2 ThreatFire;ThreatFire;C:\Users\Job der Kinderen\Desktop\Cleaning\ThreatFire\TFService.exe service --> C:\Users\Job der Kinderen\Desktop\Cleaning\ThreatFire\TFService.exe service [?]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-1 2320920]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-22 257696]
    S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
    S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2009-10-15 87336]
    S3 etdrv;etdrv;C:\Windows\etdrv.sys [2010-10-1 25640]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-12-8 1315592]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-8 135664]
    S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2010-10-1 30528]
    S3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
    S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-06-26 08:40:15 9013136 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{82827488-20D5-40EB-8A09-21BB7D7E2A8A}\mpengine.dll
    2012-06-26 08:30:54 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{D672AFF4-4337-407E-926D-0A99B1EEE53C}
    2012-06-26 08:29:13 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{EF40F944-B46C-45E5-A293-11DCC1EA2DCC}
    2012-06-26 07:53:07 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{AB14867C-8B7E-4DDB-927E-8409FAB8DAC8}
    2012-06-26 07:52:52 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{C0CD00A8-8E72-4CF1-9C14-81E48BC1A990}
    2012-06-25 17:40:53 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{D4889851-82D4-4DAE-B21B-EB0D0CA1C694}
    2012-06-25 17:40:41 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{D90B9709-BCD9-4D23-A3FB-ABDAAD595471}
    2012-06-25 17:25:22 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{D64EEF56-A8A6-4BE9-AB20-1AF9226C3FDB}
    2012-06-25 17:25:10 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{B863EFB1-B8B8-4698-8271-BDC85D8C30BF}
    2012-06-25 14:31:18 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{CB337A44-853A-4FED-A074-F540FCFBA86F}
    2012-06-25 14:31:06 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{4C8F61A2-B8CA-475D-B350-83F7004DB5B7}
    2012-06-25 05:55:13 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{EA1A12DD-0507-46FF-A2D6-37DF5C02D2D4}
    2012-06-25 05:55:00 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{2506B82E-0900-420A-AC4F-36572C75BD2C}
    2012-06-24 09:36:24 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{9C07E09C-FDB2-44BB-9449-383DAF69987C}
    2012-06-24 07:30:52 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{1B7099A8-A706-44F0-B70D-5716454A0742}
    2012-06-24 07:30:40 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{7C807792-E340-42F9-818B-0278E3B8EE17}
    2012-06-24 07:19:29 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{72D61257-CDDC-4FBE-AEAC-4893B0470221}
    2012-06-24 07:19:17 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{FAD23B71-D75C-4220-A1ED-0E97C6FA69DF}
    2012-06-24 06:11:15 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{4CADD0B8-A9CD-4A57-A673-C0DF4979EAF2}
    2012-06-24 06:11:03 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{335FF896-1521-4E7D-91E8-983E745B98AD}
    2012-06-23 17:07:19 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{450C2602-2CBE-4808-98AF-C8E271B42369}
    2012-06-23 17:07:08 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{29663E22-B97B-4D1A-B549-3D18A6287A08}
    2012-06-23 16:54:29 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{154F4AF6-C2C1-4397-96D4-B79629F6B4E0}
    2012-06-23 16:54:07 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{8F2D57EC-2B14-4DFA-AD0C-FA456DA6B4A8}
    2012-06-23 16:16:48 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{A1B9E899-1E85-492D-91CD-CE04DEFD85CE}
    2012-06-23 16:16:35 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{AB5E2DB3-2A3C-4C97-AEDC-22A8D93DA9E2}
    2012-06-23 07:08:38 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{E76D7981-D61E-4267-A698-5832189F345B}
    2012-06-23 07:08:26 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{BB264797-B386-40ED-92D7-897494A1F3DD}
    2012-06-22 17:35:10 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{299D6F13-5C00-40B7-982F-52715EEE695C}
    2012-06-22 17:34:58 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{68E94815-3AE1-4C4B-9337-7EA1EDF6AD5F}
    2012-06-22 14:41:47 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{BBBCE876-BFF1-4E59-8FDA-8323112E39D3}
    2012-06-22 14:41:34 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{6BCD5955-2AFC-4CC9-A5F1-B87BA6F6F6FF}
    2012-06-22 06:21:16 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{3EDA3542-6BA3-4449-B0E0-F7E7044126CF}
    2012-06-22 06:21:00 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{F93B3A9D-5F8A-4BB4-8F86-342372950AD4}
    2012-06-21 15:18:49 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{910E51BC-3E76-489A-A39D-0B5A23971146}
    2012-06-21 15:18:38 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{62B6E66B-AEC3-4C95-8865-5C7092917000}
    2012-06-21 05:24:19 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{7FA44E26-DACC-486C-B5B8-0E4BE41D864A}
    2012-06-21 05:24:05 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{03BA5D29-82E4-4EF4-9CFB-9705537B16D5}
    2012-06-20 21:35:46 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{694D2294-434F-4D35-BCDE-CC40D626DD76}
    2012-06-20 21:35:31 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{E06A6C63-2AD5-4071-95F5-255157526AB2}
    2012-06-20 05:57:35 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{B8E4B885-65DC-494A-A534-617606AC8E1B}
    2012-06-20 05:57:16 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{31E61343-CD81-4E9A-AC84-BFEF6EE84AE6}
    2012-06-20 05:54:27 9013136 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-06-19 18:50:16 74824 ----a-w- C:\Windows\System32\drivers\TfSysMon.sys
    2012-06-19 18:50:16 65072 ----a-w- C:\Windows\System32\drivers\TfFsMon.sys
    2012-06-19 18:50:16 41888 ----a-w- C:\Windows\System32\drivers\TfNetMon.sys
    2012-06-19 18:50:15 -------- d-----w- C:\ProgramData\PC Tools
    2012-06-19 18:00:17 -------- d-----w- C:\Users\Job der Kinderen\DoctorWeb
    2012-06-19 16:52:04 -------- d-----w- C:\Users\Job der Kinderen\AppData\Roaming\SUPERAntiSpyware.com
    2012-06-19 16:51:53 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2012-06-19 16:51:53 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2012-06-19 16:24:09 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2012-06-18 20:11:15 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{A9E3B292-07B3-48CD-BD08-9AE308903B51}
    2012-06-18 19:55:38 -------- d-----w- C:\Users\Job der Kinderen\AppData\Roaming\Malwarebytes
    2012-06-18 19:55:34 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-06-18 19:55:34 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-06-18 17:09:22 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2012-06-18 17:09:21 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2012-06-18 17:09:17 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2012-06-18 17:08:33 41184 ----a-w- C:\Windows\avastSS.scr
    2012-06-18 17:08:23 -------- d-----w- C:\ProgramData\AVAST Software
    2012-06-18 17:08:23 -------- d-----w- C:\Program Files\AVAST Software
    2012-06-18 05:17:12 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{83F0F012-1D90-4E88-A8C3-93B04B48F4C0}
    2012-06-17 15:50:32 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{F3456F1D-377B-4C89-8636-DF3612508750}
    2012-06-15 08:02:32 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{1ABAB431-C325-4B8C-8363-1DF1AC3BB88F}
    2012-06-14 05:55:42 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{9A8EDC63-D8E9-44A2-AD5F-2E615910D5B9}
    2012-06-14 05:55:29 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{D743F3B2-F84C-4EE1-AE37-6D507BEFC52F}
    2012-06-13 06:06:06 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-06-13 06:06:06 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-06-13 06:06:06 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-06-13 05:57:57 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{9E456BCF-2DAF-4689-91FB-3CC457829BEF}
    2012-06-13 05:57:45 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{3F1C778F-683F-4584-8A7B-FE8535213E8F}
    2012-06-12 06:00:14 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{BD4B2F4A-2022-471F-937F-E3A931FD7EE8}
    2012-06-12 06:00:02 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{0BE1C546-5079-450B-AD7D-30E8958EE0B2}
    2012-06-11 05:52:41 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{A2F7AA8C-0E0E-4AA8-96F7-1E106B049C38}
    2012-06-11 05:52:29 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{46B9B157-9C40-4EDF-B6E7-8C93495A73D2}
    2012-06-10 11:28:17 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{44405AAB-3989-4549-A632-1A9F90F8B2C5}
    2012-06-10 11:28:05 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{600ACFEB-6BED-4238-BCBA-1B70EB6A01B3}
    2012-06-09 11:06:37 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{2FCCC962-B79D-4A8C-BB38-4E47B6EDADD4}
    2012-06-09 11:06:25 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{13D14F29-149B-4625-8F3C-F9EBFB0A9963}
    2012-06-09 01:36:09 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-09 01:35:54 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-09 01:35:40 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-09 01:35:40 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-08 17:38:56 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{DEB93950-2B4B-4198-BDBD-7CC235AA4338}
    2012-06-08 17:38:44 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{F1A2AFEE-B32A-4F34-9655-BAE97DFC4B92}
    2012-06-08 05:47:16 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{9CFF3EED-0C6B-49E8-875E-26C0AE93F12A}
    2012-06-08 05:47:04 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{34642675-C7FE-4EA2-BD37-64F64CCBEFAF}
    2012-06-07 15:08:13 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{76D84811-78C0-4F4A-B05D-48A4A26A4CB2}
    2012-06-07 15:07:59 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{C95664EE-E196-493E-A056-3978CE504860}
    2012-06-07 05:51:40 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{96B7A69B-4EBE-4390-B25F-07F113831DE2}
    2012-06-07 05:51:24 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{A6F65DF4-BAAC-4495-AF3E-8C8C0CAA8B7E}
    2012-06-06 06:32:05 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{B483F667-ED80-42DC-B918-8ED76DFE5E0A}
    2012-06-06 06:31:53 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{5B57DBB1-98CF-4CF5-A13D-B88F4C7BA8AA}
    2012-06-05 05:02:41 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{6164906A-27A8-40FA-9F72-EED39331A3B5}
    2012-06-05 05:02:28 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{5CFBC3B5-D5E4-4CEC-96B0-D8D26DB59F2F}
    2012-06-04 05:32:35 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{F0B1115F-9A55-469D-A0F2-238976259095}
    2012-06-04 05:32:23 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{FEAF9C77-300C-4DDE-BCDC-2E89160BE0D0}
    2012-06-03 09:28:29 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{8CBF2003-544B-429C-834D-510944C5A274}
    2012-06-03 09:28:16 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{58116E21-9659-4EFD-A988-729E6649F042}
    2012-06-02 10:08:25 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{231F2F70-0053-4C37-AA0B-16BA4CE33BFB}
    2012-06-02 10:08:14 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{B4DF299B-BB57-462F-BEE6-1EDAD6174C26}
    2012-06-02 07:36:39 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{C2E971A7-E03D-44EE-AE27-04DC7F8CA64C}
    2012-06-02 07:36:25 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{7D58B23D-39E8-4602-A97C-C1364BFC6820}
    2012-06-01 05:57:50 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{E8EF04B5-7F0A-459D-8732-27D0986A5D22}
    2012-06-01 05:57:37 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{FA2E4059-BE1A-45B3-A6BC-F3E702A38645}
    2012-05-31 05:48:23 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{410EC1D3-6830-4125-BF57-68C1B7CDBF23}
    2012-05-31 05:48:09 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{D2737C0C-DBAF-4DAF-8F0B-5BB13B59AB9A}
    2012-05-30 05:49:36 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{0D1C87DF-92F1-4C98-9A7B-FE527477FA2F}
    2012-05-30 05:49:22 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{9B29476A-CC4A-44C7-AB68-028088FF7DD9}
    2012-05-29 05:50:38 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{EE1CF24F-F997-4F01-8A70-59BBC66B6698}
    2012-05-29 05:50:26 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{3B880AAE-7331-4E69-B0E3-8170719DE674}
    2012-05-28 05:39:20 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{1DAFA5E4-56B8-49AF-B26C-DDF97D9E9B51}
    2012-05-28 05:39:08 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{28FFD7E6-6509-4F1B-A69D-90201F66E1CF}
    2012-05-27 10:44:03 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{23CE778E-B3CB-4EB6-977C-9868403761B7}
    2012-05-27 10:43:50 -------- d-----w- C:\Users\Job der Kinderen\AppData\Local\{0B79D3B2-9780-4B4A-AAF5-04A72CC561B8}
    .
    ==================== Find3M ====================
    .
    2012-06-26 08:28:03 25640 ----a-w- C:\Windows\gdrv.sys
    2012-05-22 06:05:21 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-22 06:05:21 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
    2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
    2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
    2012-04-28 05:32:05 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
    2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
    2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2012-04-20 03:45:41 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-04-20 03:16:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
    2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
    2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    .
    ============= FINISH: 10:56:15,63 ===============
     
  13. JDK88

    JDK88 TS Rookie Topic Starter

    Attach:
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/10/2010 23:11:04
    System Uptime: 26/06/2012 10:37:06 (0 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | H55M-UD2H
    Processor: Intel(R) Core(TM) i3 CPU 560 @ 3.33GHz | Socket 1156 | 3333/133mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 931 GiB total, 651,565 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: avast! Network Shield Support
    Device ID: ROOT\LEGACY_ASWTDI\0000
    Manufacturer:
    Name: avast! Network Shield Support
    PNP Device ID: ROOT\LEGACY_ASWTDI\0000
    Service: aswTdi
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Security Processor Loader Driver
    Device ID: ROOT\LEGACY_SPLDR\0000
    Manufacturer:
    Name: Security Processor Loader Driver
    PNP Device ID: ROOT\LEGACY_SPLDR\0000
    Service: spldr
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: sptd
    Device ID: ROOT\LEGACY_SPTD\0000
    Manufacturer:
    Name: sptd
    PNP Device ID: ROOT\LEGACY_SPTD\0000
    Service: sptd
    .
    ==== System Restore Points ===================
    .
    RP1825: 21/06/2012 7:53:32 - Automatic creation
    RP1829: 22/06/2012 8:50:13 - Automatic creation
    RP1831: 23/06/2012 18:46:30 - Automatic creation
    RP1833: 24/06/2012 10:00:09 - Automatic creation
    RP1840: 26/06/2012 10:22:32 - Automatic creation
    RP1841: 26/06/2012 10:30:57 - Windows Update
    .
    ==== Installed Programs ======================
    .
    @BIOS
    µTorrent
    Adobe AIR
    Adobe Download Assistant
    Adobe InDesign CS5.5
    Adobe Photoshop CS5.1
    Adobe Reader 9.5.1 - Nederlands
    Age of Mythology
    Apple Application Support
    Apple Software Update
    AutoGreen B09.1014.2
    avast! Free Antivirus
    BlackBerry App World Browser Plugin
    BlackBerry Desktop Software 6.1
    BlackBerry Device Software Updater
    CameraHelperMsi
    COMSOL 4.2
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    DES 2.0
    Dropbox
    DWGeditor
    Easy Tune 6 B10.0521.1
    erLT
    Facebook Video Calling 1.2.0.159
    Google Chrome
    Google Update Helper
    Intel(R) Control Center
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Components
    iPhone-configuratieprogramma
    Java Auto Updater
    Java(TM) 6 Update 29
    Junk Mail filter update
    Logitech-webcamsoftware
    LWS Facebook
    LWS Gallery
    LWS Help_main
    LWS Launcher
    LWS Motion Detection
    LWS Pictures And Video
    LWS Twitter
    LWS Video Mask Maker
    LWS Webcam Software
    LWS WLM Plugin
    LWS YouTube Plugin
    Malwarebytes Anti-Malware version 1.61.0.1400
    Microsoft Office 2003 Web Components
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (Dutch) 2010
    Microsoft Office Excel MUI (Dutch) 2010
    Microsoft Office Groove MUI (Dutch) 2010
    Microsoft Office InfoPath MUI (Dutch) 2010
    Microsoft Office OneNote MUI (Dutch) 2010
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (Dutch) 2010
    Microsoft Office PowerPoint MUI (Dutch) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (Dutch) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (German) 2010
    Microsoft Office Proofing (Dutch) 2010
    Microsoft Office Publisher MUI (Dutch) 2010
    Microsoft Office Shared MUI (Dutch) 2010
    Microsoft Office Word MUI (Dutch) 2010
    Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual Studio 2005 Tools for Applications - ENU
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    Mozilla Firefox 13.0.1 (x86 nl)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML4 Parser
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    ON_OFF Charge B10.0427.1
    PDF Settings CS5
    PhotoView 360
    QuickTime
    Realtek Ethernet Controller Driver For Windows 7
    Realtek High Definition Audio Driver
    Safari
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
    Skype™ 5.9
    Smart 6 B10.0422.1
    SolidWorks 2010 x64 Edition SP0
    SolidWorks eDrawings 2010
    Spotify
    Spybot - Search & Destroy
    Teach2000 version 8.53
    ThreatFire
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    VLC media player 1.1.11
    Vtune 7.16
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    WinZip 15.0
    Write-N-Cite
    .
    ==== Event Viewer Messages From Past Week ========
    .
    26/06/2012 10:54:26, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    26/06/2012 10:46:01, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service SkypeUpdate with arguments "/ComService" in order to run the server: {CC957078-B838-47C4-A7CF-626E7A82FC58}
    26/06/2012 10:40:07, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    26/06/2012 10:40:07, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    26/06/2012 10:38:39, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    26/06/2012 10:38:39, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    26/06/2012 10:38:38, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    26/06/2012 10:38:33, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    26/06/2012 10:37:43, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AppleCharger aswSnx aswSP aswTdi discache MpFilter SASDIFSV SASKUTIL spldr sptd Wanarpv6
    26/06/2012 10:37:10, Error: sptd [4] - Driver detected an internal error in its data structures for .
    26/06/2012 10:30:11, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    26/06/2012 10:30:11, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: JobderKinderen\Job der Kinderen Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    26/06/2012 10:30:11, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: JobderKinderen\Job der Kinderen Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    26/06/2012 10:30:11, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: JobderKinderen\Job der Kinderen Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    26/06/2012 10:30:11, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: JobderKinderen\Job der Kinderen Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    26/06/2012 10:30:11, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...7.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: JobderKinderen\Job der Kinderen Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    26/06/2012 10:30:11, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...7.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: JobderKinderen\Job der Kinderen Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    26/06/2012 10:30:11, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...7.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: JobderKinderen\Job der Kinderen Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    26/06/2012 10:30:11, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...7.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: JobderKinderen\Job der Kinderen Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    26/06/2012 10:28:06, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: SBSD Security Center Service is not a valid Win32 application.
    26/06/2012 10:28:05, Error: Service Control Manager [7000] - The ThreatFire service failed to start due to the following error: ThreatFire is not a valid Win32 application.
    26/06/2012 10:25:57, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
    26/06/2012 10:02:22, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    26/06/2012 10:02:22, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...7.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    26/06/2012 10:02:22, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...7.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    26/06/2012 10:02:22, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...7.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    26/06/2012 10:02:22, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...7.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    25/06/2012 20:06:15, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    25/06/2012 16:58:03, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    24/06/2012 9:39:58, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    23/06/2012 19:24:50, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    23/06/2012 19:24:45, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    23/06/2012 19:24:33, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
    23/06/2012 18:01:51, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    22/06/2012 8:31:50, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.129.268.0).
    22/06/2012 8:31:46, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070643 Error description: Fatal error during installation.
    22/06/2012 20:36:14, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    22/06/2012 20:20:32, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    22/06/2012 17:03:58, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    22/06/2012 1:24:29, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    21/06/2012 17:42:37, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.117.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    20/06/2012 7:54:20, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    19/06/2012 7:43:37, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    19/06/2012 20:51:13, Error: Service Control Manager [7030] - The ThreatFire service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    19/06/2012 17:28:44, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AppleCharger aswSnx aswSP aswTdi discache MpFilter spldr sptd Wanarpv6
    .
    ==== End Of File ===========================
     
  14. JDK88

    JDK88 TS Rookie Topic Starter

    Thanks for helping me Broni!

    I did everything in Safe modus because it keept on crashing. Another thing, I cant use my Word program anymore. Maybe that got something to do with the Virus?
     
  15. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    You're running two AV programs, Avast and MSE.
    You must uninstall one of them.

    When done....

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  16. JDK88

    JDK88 TS Rookie Topic Starter

    ComboFix 12-06-28.01 - Job der Kinderen 28/06/2012 8:47.1.4 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3963.1996 [GMT 2:00]
    Running from: c:\users\Job der Kinderen\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Install.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-28 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-28 06:53 . 2012-06-28 06:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-06-27 05:50 . 2012-06-27 05:50 -------- d-----w- c:\program files\Windows Live
    2012-06-19 18:50 . 2011-02-22 11:57 74824 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
    2012-06-19 18:50 . 2011-02-22 11:57 41888 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
    2012-06-19 18:50 . 2011-02-22 11:57 65072 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
    2012-06-19 18:50 . 2012-06-19 18:50 -------- d-----w- c:\programdata\PC Tools
    2012-06-19 18:00 . 2012-06-19 18:15 -------- d-----w- c:\users\Job der Kinderen\DoctorWeb
    2012-06-19 16:52 . 2012-06-19 16:52 -------- d-----w- c:\users\Job der Kinderen\AppData\Roaming\SUPERAntiSpyware.com
    2012-06-19 16:51 . 2012-06-19 16:52 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-06-19 16:51 . 2012-06-19 16:51 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-06-19 16:24 . 2012-06-19 16:51 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2012-06-18 19:55 . 2012-06-18 19:55 -------- d-----w- c:\users\Job der Kinderen\AppData\Roaming\Malwarebytes
    2012-06-18 19:55 . 2012-06-18 19:55 -------- d-----w- c:\programdata\Malwarebytes
    2012-06-18 19:55 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-18 17:09 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-06-18 17:09 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-06-18 17:09 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-06-18 17:09 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-06-18 17:09 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-06-18 17:09 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
    2012-06-18 17:09 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-06-18 17:08 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
    2012-06-18 17:08 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-06-18 17:08 . 2012-06-18 17:23 -------- d-----w- c:\programdata\AVAST Software
    2012-06-18 17:08 . 2012-06-18 17:08 -------- d-----w- c:\program files\AVAST Software
    2012-06-13 06:06 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-06-13 06:06 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-06-13 06:06 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-06-09 01:36 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-09 01:36 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-09 01:36 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-09 01:36 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-09 01:35 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-09 01:35 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-09 01:35 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-09 01:35 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-09 01:35 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-28 06:54 . 2010-10-01 21:28 25640 ----a-w- c:\windows\gdrv.sys
    2012-05-22 06:05 . 2012-05-22 06:05 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-05-22 06:05 . 2011-05-19 07:05 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-04-23 04:21 . 2012-04-23 04:21 53248 ----a-r- c:\users\Job der Kinderen\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2012-03-30 11:35 . 2012-05-09 08:33 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Job der Kinderen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Job der Kinderen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Job der Kinderen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Job der Kinderen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
    "TBPanel"="c:\program files (x86)\Vtune\TBPanel.exe" [2011-01-27 2236416]
    "Facebook Update"="c:\users\Job der Kinderen\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-02-23 137536]
    "SpybotSD TeaTimer"="c:\users\Job der Kinderen\Desktop\Cleaning\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-11 4786048]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
    "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
    "ThreatFire"="c:\users\Job der Kinderen\Desktop\Cleaning\ThreatFire\TFTray.exe" [2011-02-22 378128]
    .
    c:\users\Job der Kinderen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Job der Kinderen\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-08 135664]
    R2 SBSDWSCService;SBSD Security Center Service;c:\users\Job der Kinderen\Desktop\Cleaning\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]
    R2 ThreatFire;ThreatFire;c:\users\Job der Kinderen\Desktop\Cleaning\ThreatFire\TFService.exe service [x]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-22 257696]
    R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
    R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2009-10-15 87336]
    R3 etdrv;etdrv;c:\windows\etdrv.sys [2010-10-01 25640]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-12-08 1315592]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-08 135664]
    R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-09-09 30528]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 271872]
    R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-02-22 41888]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-01 1255736]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-01 834544]
    S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-02-22 65072]
    S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-02-22 74824]
    S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-04-27 21544]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 69976]
    S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
    S2 MBAMService;MBAMService;c:\users\Job der Kinderen\Desktop\Cleaning\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
    S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-20 378984]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-02-14 155752]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-22 06:05]
    .
    2012-06-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-342277662-3814480884-1719931436-1000Core.job
    - c:\users\Job der Kinderen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-23 15:53]
    .
    2012-06-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-342277662-3814480884-1719931436-1000UA.job
    - c:\users\Job der Kinderen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-23 15:53]
    .
    2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-08 21:10]
    .
    2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-08 21:10]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Job der Kinderen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Job der Kinderen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Job der Kinderen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Job der Kinderen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-28 161304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-28 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-28 415256]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: &Verzenden naar OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1 8.8.8.8 8.8.4.4
    FF - ProfilePath - c:\users\Job der Kinderen\AppData\Roaming\Mozilla\Firefox\Profiles\6t98svv1.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-COMSOL42 - c:\comsol42\bin\win64\comsoluninstall.exe
    AddRemove-VLC media player - c:\program files (x86)vlcmediaplayer\uninstall.exe
    AddRemove-{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA} - c:\program files (x86)\Intel\Intel(R) Graphics Media Accelerator Driver\Uninstall\setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ThreatFire]
    "AlternateImagePath"=""
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
    .
    **************************************************************************
    .
    Completion time: 2012-06-28 08:59:41 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-06-28 06:59
    .
    Pre-Run: 700.260.880.384 bytes free
    Post-Run: 701.635.686.400 bytes free
    .
    - - End Of File - - 554C380EC5771C885D95739D67665C94
     
  17. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    I don't see anything malicious there.

    In this forum, we make sure, your computer is free of malware and your computer is clean :)
    Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
    You'll get more attention.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...