Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: (F-secure) Sirefef.HC, Sirefef.HD  (Read 273332 times)

0 Members and 1 Guest are viewing this topic.

villadelfia

    Topic Starter


    Rookie

    • Yes
  • Experience: Expert
  • OS: Windows 7
(F-secure) Sirefef.HC, Sirefef.HD
« on: June 27, 2012, 09:09:04 PM »
A week ago my computer started skipping and freezing for a few seconds at a time so I started looking for a solution, I eventually found one by doing a full scan and it solved that problem.

Fast forward to yesterday: I suddenly get a notification about Sirefef.HC and Sirefef.HD so I do a thorough system scan and remove it, reboot, and... it's still there, in exactly the same location.

So I follow the advice on the f-secure page you get when you click on the virus name and run the Rescue CD, and indeed it finds one (and ONLY one) infection, in that one file. So I let it be cleaned, reboot, and then while windows is still loading my desktop I get these small notification boxes saying "Malicious code found in 'file'" by f-secure. And when my desktop finally loads I get a normal detection notification instead.

I would like to note that the rescue cd did NOT find anything in other files commonly infected by sirefef (services.exe, stuff in LocalData folder, a driver) so this must be some brand new strain of sirefef.

I noticed that the location of the files never changed, so I went in there, tried to manually delete the folder they're in, and noticed that services.exe locked them. I killed services.exe (knowing it would force a reboot) and quickly deleted the folder, booted into recovery mode and deleted services.exe replacing it with a known clean one from my laptop which I never use. They had the same filesize and I didn't have an md5sum tool to check if they were the same.

After rebooting yet again, I searched the registry for {251e8921-635b-9ea3-b15c-fa188d6b70fa}, found one entry and removed it. It was an InprocServer32 key.

I then ran f-secure using a full scan again and found nothing, I assumed everything to be clean at that point.

That's where we are now, everything seems clean but it's not the first time it has reappeared after a random amount of time and I would love some certainty. So I would like to have someone willing guide me through one of those thorough checkups using FRST etcetera, if that's possible.



As a sidenote: The virus was located in C:\Windows\Installer\{251e8921-635b-9ea3-b15c-fa188d6b70fa}\U\00000001.@ or $.

SuperDave

  • Malware Removal Specialist


  • Genius
  • Thanked: 1020
  • Certifications: List
  • Experience: Expert
  • OS: Windows 10
Re: (F-secure) Sirefef.HC, Sirefef.HD
« Reply #1 on: June 28, 2012, 01:40:21 PM »
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!


Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.



1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )
Windows 8 and Windows 10 dual boot with two SSD's

villadelfia

    Topic Starter


    Rookie

    • Yes
  • Experience: Expert
  • OS: Windows 7
Re: (F-secure) Sirefef.HC, Sirefef.HD
« Reply #2 on: June 29, 2012, 01:30:29 AM »
Here are the requested logs. It seems like I mostly have many tracking cookies, but then again, who doesn't.

On a sidenote: Did you know that a full scan on ~9TB of data with lots of tiny files and lots of archives takes ages?

SUPERAntiSpyware:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/29/2012 at 06:07 AM

Application Version : 5.5.1006

Core Rules Database Version : 8817
Trace Rules Database Version: 6629

Scan type       : Complete Scan
Total Scan Time : 04:49:31

Operating System Information
Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned      : 818
Memory threats detected   : 0
Registry items scanned    : 74707
Registry threats detected : 0
File items scanned        : 1608655
File threats detected     : 283

Adware.Tracking Cookie
   C:\Users\Villadelfia\AppData\Roaming\Microsoft\Windows\Cookies\QA2THA9I.txt [ /burstnet.com ]
   C:\Users\Villadelfia\AppData\Roaming\Microsoft\Windows\Cookies\ZHCKT7WY.txt [ /accounts.google.com ]
   C:\Users\Villadelfia\AppData\Roaming\Microsoft\Windows\Cookies\ZRCOGRJ0.txt [ /ru4.com ]
   C:\Users\Villadelfia\AppData\Roaming\Microsoft\Windows\Cookies\IPZ16WIY.txt [ /ads.ad4game.com ]
   C:\Users\Villadelfia\AppData\Roaming\Microsoft\Windows\Cookies\3WYE3G6A.txt [ /adserver.adtechus.com ]
   C:\Users\Villadelfia\AppData\Roaming\Microsoft\Windows\Cookies\YAVD3FTO.txt [ /smartadserver.com ]
   C:\Users\Villadelfia\AppData\Roaming\Microsoft\Windows\Cookies\1UQ371O5.txt [ /ads.ookla.com ]
   C:\Users\Villadelfia\AppData\Roaming\Microsoft\Windows\Cookies\07WWGB10.txt [ /mediaplex.com ]
   C:\Users\Villadelfia\AppData\Roaming\Microsoft\Windows\Cookies\3RSR0303.txt [ /maniapub.trackmania.com ]
   C:\Users\Villadelfia\AppData\Roaming\Microsoft\Windows\Cookies\UZXAOGI5.txt [ /adtech.de ]
   C:\Users\Villadelfia\AppData\Roaming\Microsoft\Windows\Cookies\1DZBRQFD.txt [ /tribalfusion.com ]
   C:\Users\Villadelfia\AppData\Roaming\Microsoft\Windows\Cookies\W9BNBEXT.txt [ /casalemedia.com ]
   C:\Users\Villadelfia\AppData\Roaming\Microsoft\Windows\Cookies\U0A6N7P7.txt [ /apmebf.com ]
   C:\Users\Villadelfia\AppData\Roaming\Microsoft\Windows\Cookies\6SBAP33E.txt [ /www.googleadservices.com ]
   C:\Users\Villadelfia\AppData\Roaming\Microsoft\Windows\Cookies\UL0PFQXU.txt [ /advertising.com ]
   C:\Users\Villadelfia\AppData\Roaming\Microsoft\Windows\Cookies\FZP703EX.txt [ /collective-media.net ]
   C:\Users\Villadelfia\AppData\Roaming\Microsoft\Windows\Cookies\D04I3NLJ.txt [ /eaeacom.112.2o7.net ]
   C:\Users\Villadelfia\AppData\Roaming\Microsoft\Windows\Cookies\6D8BT43U.txt [ /tracking.quisma.com ]
   C:\Users\Villadelfia\AppData\Roaming\Microsoft\Windows\Cookies\Q143B3FE.txt [ /media6degrees.com ]
   C:\Users\Villadelfia\AppData\Roaming\Microsoft\Windows\Cookies\3CQDP8Y1.txt [ /ad.360yield.com ]
   C:\Users\Villadelfia\AppData\Roaming\Microsoft\Windows\Cookies\FW0IW0TB.txt [ /fastclick.net ]
   C:\Users\Villadelfia\AppData\Roaming\Microsoft\Windows\Cookies\C0JF91TR.txt [ /invitemedia.com ]
   C:\Users\Villadelfia\AppData\Roaming\Microsoft\Windows\Cookies\GSY6XS2H.txt [ /statcounter.com ]
   C:\Users\Villadelfia\AppData\Roaming\Microsoft\Windows\Cookies\VPQ0A4WQ.txt [ /atdmt.com ]
   C:\Users\Villadelfia\AppData\Roaming\Microsoft\Windows\Cookies\PX6CGZV9.txt [ /ad.zanox.com ]
   C:\Users\Villadelfia\AppData\Roaming\Microsoft\Windows\Cookies\FQA3K2FE.txt [ /ad.yieldmanager.com ]
   C:\Users\Villadelfia\AppData\Roaming\Microsoft\Windows\Cookies\26BSM3BJ.txt [ /at.atwola.com ]
   C:\Users\Villadelfia\AppData\Roaming\Microsoft\Windows\Cookies\MGRUQ3NU.txt [ /lucidmedia.com ]
   C:\Users\Villadelfia\AppData\Roaming\Microsoft\Windows\Cookies\AJ0VL9PX.txt [ /ad.adserver01.de ]
   C:\Users\Villadelfia\AppData\Roaming\Microsoft\Windows\Cookies\YNDRB6KO.txt [ /revsci.net ]
   C:\Users\Villadelfia\AppData\Roaming\Microsoft\Windows\Cookies\LZ0B1J8E.txt [ /interclick.com ]
   C:\Users\Villadelfia\AppData\Roaming\Microsoft\Windows\Cookies\FIODUHWN.txt [ /serving-sys.com ]
   C:\Users\Villadelfia\AppData\Roaming\Microsoft\Windows\Cookies\SIDR4RSS.txt [ /adbrite.com ]
   C:\Users\Villadelfia\AppData\Roaming\Microsoft\Windows\Cookies\ZT3PCHXO.txt [ /ads.pubmatic.com ]
   C:\Users\Villadelfia\AppData\Roaming\Microsoft\Windows\Cookies\MSI61N1X.txt [ /gr.burstnet.com ]
   C:\Users\Villadelfia\AppData\Roaming\Microsoft\Windows\Cookies\1GN5ZR54.txt [ /doubleclick.net ]
   C:\Users\Villadelfia\AppData\Roaming\Microsoft\Windows\Cookies\7PBSKWG8.txt [ /tradedoubler.com ]
   C:\Users\Villadelfia\AppData\Roaming\Microsoft\Windows\Cookies\H65SG483.txt [ /server.cpmstar.com ]
   C:\Users\Villadelfia\AppData\Roaming\Microsoft\Windows\Cookies\FRBPBBL4.txt [ /imrworldwide.com ]
   C:\Users\Villadelfia\AppData\Roaming\Microsoft\Windows\Cookies\C5X5I19C.txt [ /splash.trackmania.com ]
   C:\Users\Villadelfia\AppData\Roaming\Microsoft\Windows\Cookies\IMGNB6RO.txt [ /zedo.com ]
   C:\Users\Villadelfia\AppData\Roaming\Microsoft\Windows\Cookies\HP5CANN4.txt [ /c.atdmt.com ]
   C:\USERS\VILLADELFIA\AppData\Roaming\Microsoft\Windows\Cookies\MUG8ZE60.txt [ Cookie:[email protected]/account/app ]
   C:\USERS\VILLADELFIA\Cookies\ZHCKT7WY.txt [ Cookie:[email protected]/ ]
   C:\USERS\VILLADELFIA\Cookies\3WYE3G6A.txt [ Cookie:[email protected]/ ]
   C:\USERS\VILLADELFIA\Cookies\YAVD3FTO.txt [ Cookie:[email protected]/ ]
   C:\USERS\VILLADELFIA\Cookies\07WWGB10.txt [ Cookie:[email protected]/ ]
   C:\USERS\VILLADELFIA\Cookies\UZXAOGI5.txt [ Cookie:[email protected]/ ]
   C:\USERS\VILLADELFIA\Cookies\W9BNBEXT.txt [ Cookie:[email protected]/ ]
   C:\USERS\VILLADELFIA\Cookies\6SBAP33E.txt [ Cookie:[email protected]/pagead/conversion/1028829086/ ]
   C:\USERS\VILLADELFIA\Cookies\UL0PFQXU.txt [ Cookie:[email protected]/ ]
   C:\USERS\VILLADELFIA\Cookies\FZP703EX.txt [ Cookie:[email protected]/ ]
   C:\USERS\VILLADELFIA\Cookies\D04I3NLJ.txt [ Cookie:[email protected]/ ]
   C:\USERS\VILLADELFIA\Cookies\6D8BT43U.txt [ Cookie:[email protected]/ ]
   C:\USERS\VILLADELFIA\Cookies\Q143B3FE.txt [ Cookie:[email protected]/ ]
   C:\USERS\VILLADELFIA\Cookies\C0JF91TR.txt [ Cookie:[email protected]/ ]
   C:\USERS\VILLADELFIA\Cookies\GSY6XS2H.txt [ Cookie:[email protected]/ ]
   C:\USERS\VILLADELFIA\Cookies\PX6CGZV9.txt [ Cookie:[email protected]/ ]
   C:\USERS\VILLADELFIA\Cookies\FQA3K2FE.txt [ Cookie:[email protected]/ ]
   C:\USERS\VILLADELFIA\Cookies\26BSM3BJ.txt [ Cookie:[email protected]/ ]
   C:\USERS\VILLADELFIA\Cookies\MGRUQ3NU.txt [ Cookie:[email protected]/ ]
   C:\USERS\VILLADELFIA\Cookies\AJ0VL9PX.txt [ Cookie:[email protected]/ ]
   C:\USERS\VILLADELFIA\Cookies\YNDRB6KO.txt [ Cookie:[email protected]/ ]
   C:\USERS\VILLADELFIA\Cookies\LZ0B1J8E.txt [ Cookie:[email protected]/ ]
   C:\USERS\VILLADELFIA\Cookies\SIDR4RSS.txt [ Cookie:[email protected]/ ]
   C:\USERS\VILLADELFIA\Cookies\MSI61N1X.txt [ Cookie:[email protected]/ ]
   C:\USERS\VILLADELFIA\Cookies\1GN5ZR54.txt [ Cookie:[email protected]/ ]
   C:\USERS\VILLADELFIA\Cookies\H65SG483.txt [ Cookie:[email protected]/ ]
   C:\USERS\VILLADELFIA\Cookies\FRBPBBL4.txt [ Cookie:[email protected]/cgi-bin ]
   C:\USERS\VILLADELFIA\Cookies\MUG8ZE60.txt [ Cookie:[email protected]/account/app ]
   C:\USERS\VILLADELFIA\Cookies\C5X5I19C.txt [ Cookie:[email protected]/display/ ]
   C:\USERS\VILLADELFIA\Cookies\HP5CANN4.txt [ Cookie:[email protected]/ ]
   .media6degrees.com [ G:\MAH STUFF\VILLADELFIA\.MOZILLA\FIREFOX\X4XWHWQD.DEFAULT\COOKIES.SQLITE ]
   .media6degrees.com [ G:\MAH STUFF\VILLADELFIA\.MOZILLA\FIREFOX\X4XWHWQD.DEFAULT\COOKIES.SQLITE ]
   .media6degrees.com [ G:\MAH STUFF\VILLADELFIA\.MOZILLA\FIREFOX\X4XWHWQD.DEFAULT\COOKIES.SQLITE ]
   .doubleclick.net [ G:\MAH STUFF\VILLADELFIA\.MOZILLA\FIREFOX\X4XWHWQD.DEFAULT\COOKIES.SQLITE ]
   .adbrite.com [ G:\MAH STUFF\VILLADELFIA\.MOZILLA\FIREFOX\X4XWHWQD.DEFAULT\COOKIES.SQLITE ]
   .adbrite.com [ G:\MAH STUFF\VILLADELFIA\.MOZILLA\FIREFOX\X4XWHWQD.DEFAULT\COOKIES.SQLITE ]
   .adbrite.com [ G:\MAH STUFF\VILLADELFIA\.MOZILLA\FIREFOX\X4XWHWQD.DEFAULT\COOKIES.SQLITE ]
   .adbrite.com [ G:\MAH STUFF\VILLADELFIA\.MOZILLA\FIREFOX\X4XWHWQD.DEFAULT\COOKIES.SQLITE ]
   .dmtracker.com [ G:\MAH STUFF\VILLADELFIA\.MOZILLA\FIREFOX\X4XWHWQD.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ G:\MAH STUFF\VILLADELFIA\.MOZILLA\FIREFOX\X4XWHWQD.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ G:\MAH STUFF\VILLADELFIA\.MOZILLA\FIREFOX\X4XWHWQD.DEFAULT\COOKIES.SQLITE ]
   .revsci.net [ G:\MAH STUFF\VILLADELFIA\.MOZILLA\FIREFOX\X4XWHWQD.DEFAULT\COOKIES.SQLITE ]
   .specificclick.net [ G:\MAH STUFF\VILLADELFIA\.MOZILLA\FIREFOX\X4XWHWQD.DEFAULT\COOKIES.SQLITE ]
   .chitika.net [ G:\MAH STUFF\VILLADELFIA\.MOZILLA\FIREFOX\X4XWHWQD.DEFAULT\COOKIES.SQLITE ]
   .apmebf.com [ G:\MAH STUFF\VILLADELFIA\.MOZILLA\FIREFOX\X4XWHWQD.DEFAULT\COOKIES.SQLITE ]
   .mediaplex.com [ G:\MAH STUFF\VILLADELFIA\.MOZILLA\FIREFOX\X4XWHWQD.DEFAULT\COOKIES.SQLITE ]
   www.linuxquestions.org [ G:\MAH STUFF\VILLADELFIA\.MOZILLA\FIREFOX\X4XWHWQD.DEFAULT\COOKIES.SQLITE ]
   www.linuxquestions.org [ G:\MAH STUFF\VILLADELFIA\.MOZILLA\FIREFOX\X4XWHWQD.DEFAULT\COOKIES.SQLITE ]
   .www.linuxquestions.org [ G:\MAH STUFF\VILLADELFIA\.MOZILLA\FIREFOX\X4XWHWQD.DEFAULT\COOKIES.SQLITE ]
   .www.linuxquestions.org [ G:\MAH STUFF\VILLADELFIA\.MOZILLA\FIREFOX\X4XWHWQD.DEFAULT\COOKIES.SQLITE ]
   .kontera.com [ G:\MAH STUFF\VILLADELFIA\.MOZILLA\FIREFOX\X4XWHWQD.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ G:\MAH STUFF\VILLADELFIA\.MOZILLA\FIREFOX\X4XWHWQD.DEFAULT\COOKIES.SQLITE ]
   .statcounter.com [ G:\MAH STUFF\VILLADELFIA\.MOZILLA\FIREFOX\X4XWHWQD.DEFAULT\COOKIES.SQLITE ]
   .fastclick.net [ G:\MAH STUFF\VILLADELFIA\.MOZILLA\FIREFOX\X4XWHWQD.DEFAULT\COOKIES.SQLITE ]
   .fastclick.net [ G:\MAH STUFF\VILLADELFIA\.MOZILLA\FIREFOX\X4XWHWQD.DEFAULT\COOKIES.SQLITE ]
   .adtech.de [ G:\MAH STUFF\VILLADELFIA\.MOZILLA\FIREFOX\X4XWHWQD.DEFAULT\COOKIES.SQLITE ]
   .tradedoubler.com [ G:\MAH STUFF\VILLADELFIA\.MOZILLA\FIREFOX\X4XWHWQD.DEFAULT\COOKIES.SQLITE ]
   .tradedoubler.com [ G:\MAH STUFF\VILLADELFIA\.MOZILLA\FIREFOX\X4XWHWQD.DEFAULT\COOKIES.SQLITE ]
   .media6degrees.com [ G:\MAH STUFF\VILLADELFIA\.MOZILLA\FIREFOX\X4XWHWQD.DEFAULT\COOKIES.SQLITE ]
   .adserver.adtechus.com [ G:\MAH STUFF\VILLADELFIA\.MOZILLA\FIREFOX\X4XWHWQD.DEFAULT\COOKIES.SQLITE ]
   .game-advertising-online.com [ G:\MAH STUFF\VILLADELFIA\.MOZILLA\FIREFOX\X4XWHWQD.DEFAULT\COOKIES.SQLITE ]
   .imrworldwide.com [ G:\MAH STUFF\VILLADELFIA\.MOZILLA\FIREFOX\X4XWHWQD.DEFAULT\COOKIES.SQLITE ]
   .imrworldwide.com [ G:\MAH STUFF\VILLADELFIA\.MOZILLA\FIREFOX\X4XWHWQD.DEFAULT\COOKIES.SQLITE ]
   .xiti.com [ G:\MAH STUFF\VILLADELFIA\.MOZILLA\FIREFOX\X4XWHWQD.DEFAULT\COOKIES.SQLITE ]
   .kontera.com [ G:\MAH STUFF\VILLADELFIA\.MOZILLA\FIREFOX\X4XWHWQD.DEFAULT\COOKIES.SQLITE ]
   .kontera.com [ G:\MAH STUFF\VILLADELFIA\.MOZILLA\FIREFOX\X4XWHWQD.DEFAULT\COOKIES.SQLITE ]
   .revsci.net [ G:\MAH STUFF\VILLADELFIA\.MOZILLA\FIREFOX\X4XWHWQD.DEFAULT\COOKIES.SQLITE ]
   www.qsstats.com [ G:\MAH STUFF\VILLADELFIA\.MOZILLA\FIREFOX\X4XWHWQD.DEFAULT\COOKIES.SQLITE ]
   stats.belgacom.be [ G:\MAH STUFF\VILLADELFIA\.MOZILLA\FIREFOX\X4XWHWQD.DEFAULT\COOKIES.SQLITE ]
   .invitemedia.com [ G:\MAH STUFF\VILLADELFIA\.MOZILLA\FIREFOX\X4XWHWQD.DEFAULT\COOKIES.SQLITE ]
   .invitemedia.com [ G:\MAH STUFF\VILLADELFIA\.MOZILLA\FIREFOX\X4XWHWQD.DEFAULT\COOKIES.SQLITE ]
   .revsci.net [ G:\MAH STUFF\VILLADELFIA\.MOZILLA\FIREFOX\X4XWHWQD.DEFAULT\COOKIES.SQLITE ]
   .revsci.net [ G:\MAH STUFF\VILLADELFIA\.MOZILLA\FIREFOX\X4XWHWQD.DEFAULT\COOKIES.SQLITE ]
   cdn2.themis-media.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NRVZ4SY3 ]
   disgustingmedia.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NRVZ4SY3 ]
   i.*adult URL* [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NRVZ4SY3 ]
   ia.media-imdb.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NRVZ4SY3 ]
   ictv-tf-ec.indieclicktv.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NRVZ4SY3 ]
   media.ign.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NRVZ4SY3 ]
   media.kyte.tv [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NRVZ4SY3 ]
   media.mtvnservices.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NRVZ4SY3 ]
   media.socialvibe.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NRVZ4SY3 ]
   media.theonion.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NRVZ4SY3 ]
   media1.break.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NRVZ4SY3 ]
   msnbcmedia.msn.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NRVZ4SY3 ]
   secure-us.imrworldwide.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NRVZ4SY3 ]
   sftrack.searchforce.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NRVZ4SY3 ]
   track.shop2market.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NRVZ4SY3 ]
   in.getclicky.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .invitemedia.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .cracked.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .xiti.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .dmtracker.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .imrworldwide.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .imrworldwide.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .2o7.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .mediafire.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .2o7.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .2o7.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .getclicky.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .static.getclicky.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .cracked.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .2o7.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .2o7.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .2o7.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .2o7.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .2o7.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .2o7.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .invitemedia.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .estat.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .cracked.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .2o7.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .histats.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .histats.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .2o7.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .2o7.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .2o7.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .112.2o7.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .2o7.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .2o7.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .2o7.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .2o7.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .cmp.112.2o7.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .statcounter.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .2o7.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .2o7.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .doubleclick.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .2o7.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .tf-media.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .tf-media.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .2o7.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .2o7.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .2o7.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .2o7.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .2o7.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .2o7.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .oracle.112.2o7.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   uk.sitestat.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   uk.sitestat.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .liveperson.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   media.diablofans.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .idgenterprise.112.2o7.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   *Blocked Russian URL* [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .safaribooks.112.2o7.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .2o7.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .2o7.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .microsoftsto.112.2o7.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .bol.112.2o7.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   track.shop2market.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   nl.sitestat.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   nl.sitestat.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   be.sitestat.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   be.sitestat.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   static.freewebs.getclicky.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .sofurry.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .sofurry.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .microsoftwindows.112.2o7.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .linksynergy.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .linksynergy.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .linksynergy.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   pulse-analytics-beacon.reutersmedia.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   www.qsstats.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   www.qsstats.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .liveperson.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .solvemedia.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .solvemedia.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .iphonecountry.myblog.it [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .iphonecountry.myblog.it [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .adverts.ie [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .adverts.ie [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   counter.hitslink.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .cracked.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   www.free-counter.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .legolas-media.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .legolas-media.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .legolas-media.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .dlewarez.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   *Blocked Russian URL* [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .cracked.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   counter.cnw.cz [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   counter.cnw.cz [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   counter.cnw.cz [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   counter.cnw.cz [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .mafiawarez.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .mafiawarez.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .liveperson.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .mediafire.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .mediafire.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .toplist.sk [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   www.linuxquestions.org [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   www.linuxquestions.org [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   account.thequestionsnetwork.org [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   account.thequestionsnetwork.org [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .www.linuxquestions.org [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .www.linuxquestions.org [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .www.linuxquestions.org [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .statcounter.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .openstat.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .gametracker.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   games.*adult URL* [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   games.*adult URL* [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .*adult URL* [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .*adult URL* [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .*adult URL* [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .eaeacom.112.2o7.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .checkstat.nl [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   wstat.wibiya.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   auth.breakmedia.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   us.sitestat.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   us.sitestat.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .invitemedia.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .accounts.google.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .accounts.google.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   accounts.google.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   accounts.youtube.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .shinystat.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   accounts.google.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   accounts.google.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   accounts.google.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .amazonmerchants.122.2o7.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .steelhousemedia.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .steelhousemedia.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .cracked.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .microsoftwlsearchcrm.112.2o7.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .cracked.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .cracked.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .cracked.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   statse.webtrendslive.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .liveperson.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .invitemedia.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .apmebf.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .apmebf.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .liveperson.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   server.iad.liveperson.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .mtvn.112.2o7.net [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .stats.paypal.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   .statcounter.com [ C:\USERS\VILLADELFIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7NTWJAOU.DEFAULT\COOKIES.SQLITE ]
   core.saymedia.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\8ZQSG4EX ]

Heur.Agent/Gen-WhiteBox
   C:\PROGRAM FILES (X86)\PREMIERE AVS GUI\PREMIERE AVS GUI.EXE

Trojan.Agent/Gen-Kazy
   C:\PROGRAMDATA\DESURA\DESURAAPP\GDF\52849572577312.DLL

Trojan.Agent/Gen-Falofn
   C:\USERS\VILLADELFIA\DOCUMENTS\VISUAL STUDIO 2010\PROJECTS\ASDASD\DEBUG\ASDASD.EXEMBAM:
Code: [Select]
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.29.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Villadelfia :: KURUMI [administrator]

29/06/2012 6:56:08
mbam-log-2012-06-29 (06-56-08).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 1474696
Time elapsed: 2 hour(s), 23 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
« Last Edit: June 29, 2012, 04:34:14 PM by SuperDave »

villadelfia

    Topic Starter


    Rookie

    • Yes
  • Experience: Expert
  • OS: Windows 7
Re: (F-secure) Sirefef.HC, Sirefef.HD
« Reply #3 on: June 29, 2012, 01:32:17 AM »
Note that I was not able to "Run as administrator" that option is not there for .scr files. Shouldn't pose a problem, I have UAC off. Also, it shows the wrong AV at the top, I use F-Secure, and it's on.
DDS.txt:
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_31
Run by Villadelfia at 9:22:29 on 2012-06-29
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.32.1033.18.16367.7854 [GMT 2:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\AstSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
C:\Program Files\DirectUpdate v4\DUEngine.exe
C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe
C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE
C:\Windows\SysWOW64\srvany.exe
C:\Windows\KMService.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
G:\Fraps\fraps.exe
C:\Windows\Explorer.EXE
C:\Program Files\NetLimiter 3\nlsvc.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Synergy\synergyd.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\GIGABYTE\smart6\dbios\SDBMSG.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files\NetLimiter 3\NLClientApp.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\DirectUpdate v4\DUControl.exe
C:\Program Files (x86)\ZScreen\ZScreen.exe
F:\Program Files\Steam\Steam.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Users\Villadelfia\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Just Great Software\EditPadPro7\EditPadPro7.exe
G:\Fraps\fraps64.dat
C:\Program Files (x86)\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files (x86)\F-Secure\Anti-Virus\fssm32.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\UltraMon\UltraMonUiAcc.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AcroTray.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\F-Secure\Common\FSM32.EXE
C:\Program Files (x86)\F-Secure\Common\FSHDLL32.EXE
C:\Program Files (x86)\F-Secure\Common\FSHDLL64.EXE
C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe
C:\Program Files (x86)\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\notepad.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Combined Community Codec Pack\MPC\mpc-hc.exe
C:\Windows\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.be/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe /tray
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [DUControl] "C:\Program Files\DirectUpdate v4\DUControl.exe"
uRun: [ZScreen] "C:\Program Files (x86)\ZScreen\ZScreen.exe" -silent
uRun: [Steam] "F:\Program Files\Steam\Steam.exe" -silent
mRun: [<NO NAME>]
mRun: [F-Secure Manager] "C:\Program Files (x86)\F-Secure\Common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "C:\Program Files (x86)\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
mRunOnce: [DES2] C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2.exe state
mRunOnce: [SDBOK] C:\Program Files (x86)\GIGABYTE\smart6\dbios\run.exe
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\VILLAD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Villadelfia\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UltraMon.lnk - C:\Windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL
LSP: C:\Program Files (x86)\FlyVPN\FlyVPNBind.dll
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: DhcpNameServer = 195.130.130.3 195.130.131.3
TCP: Interfaces\{0E575718-CC86-44D6-96EC-450361E15EDE} : DhcpNameServer = 195.130.130.3 195.130.131.3
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64:     AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64:     SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64:     URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64:     SmartSelect - No File
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [(Default)]
mRun-x64: [F-Secure Manager] "C:\Program Files (x86)\F-Secure\Common\FSM32.EXE" /splash
mRun-x64: [F-Secure TNB] "C:\Program Files (x86)\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
mRunOnce-x64: [DES2] C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2.exe state
mRunOnce-x64: [SDBOK] C:\Program Files (x86)\GIGABYTE\smart6\dbios\run.exe
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
Hosts: 74.208.10.249 gs.apple.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Villadelfia\AppData\Roaming\Mozilla\Firefox\Profiles\7ntwjaou.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.1.2063897\npmathplugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\Users\Villadelfia\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
                                                 FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;C:\Windows\System32\drivers\fsbts.sys [2011-9-16 33408]
R0 mvs91xx;mvs91xx;C:\Windows\system32\DRIVERS\mvs91xx.sys --> C:\Windows\system32\DRIVERS\mvs91xx.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\F-Secure\HIPS\drivers\fshs.sys [2012-6-26 61960]
R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys [2012-6-26 15016]
R1 nltdi;nltdi;C:\Program Files\NetLimiter 3\nltdi.sys [2011-3-21 88200]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]
R2 acedrv11;acedrv11;\??\C:\Windows\system32\drivers\acedrv11.sys --> C:\Windows\system32\drivers\acedrv11.sys [?]
R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2011-9-9 68136]
R2 DirectUpdate;DirectUpdate engine;C:\Program Files\DirectUpdate v4\DUEngine.exe [2011-11-5 324336]
R2 Dokan;Dokan;\??\C:\Windows\system32\drivers\dokan.sys --> C:\Windows\system32\drivers\dokan.sys [?]
R2 DokanMounter;DokanMounter;C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [2010-7-5 11776]
R2 Dyyno Launcher;Dyyno Service;C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [2011-1-15 415072]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe [2012-6-26 221864]
R2 HOSTNT;HOSTNT;\??\C:\Windows\system32\drivers\hostnt.sys --> C:\Windows\system32\drivers\hostnt.sys [?]
R2 KMService;KMService;C:\Windows\System32\srvany.exe [2011-9-11 8192]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-1 1262400]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-9-16 80896]
R2 rtpMIDIService;rtpMIDIService;C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe [2011-7-1 1131008]
R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2011-9-9 114688]
R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-3-16 531328]
R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-3-15 370504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R2 Synergy;Synergy;C:\Program Files\Synergy\synergyd.exe [2012-4-12 346112]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-3-19 2666880]
R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys [2012-6-26 199848]
R3 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe [2012-6-26 61088]
R3 Grand;SafeNet GrandDog USB Driver;C:\Windows\system32\DRIVERS\GrandUsb.sys --> C:\Windows\system32\DRIVERS\GrandUsb.sys [?]
R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\system32\drivers\ha20x22k.sys --> C:\Windows\system32\drivers\ha20x22k.sys [?]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech QuickCam Pro 9000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NLNdisMP;NLNdisMP;C:\Windows\system32\DRIVERS\nlndis.sys --> C:\Windows\system32\DRIVERS\nlndis.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RzSynapse;Razer Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys --> C:\Windows\system32\DRIVERS\RzSynapse.sys [?]
R3 teVirtualMIDI64;teVirtualMIDI - Virtual MIDI Driver x64;C:\Windows\system32\DRIVERS\teVirtualMIDI64.sys --> C:\Windows\system32\DRIVERS\teVirtualMIDI64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 EMSLink;EMS Inter-Link driver V3.0;C:\Windows\system32\Drivers\EMSLink_amd64.sys --> C:\Windows\system32\Drivers\EMSLink_amd64.sys [?]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;F:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe --> F:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [?]
S2 Syncrify;Syncrify;C:\Syncrify\Wrapper.exe -s C:\Syncrify\config\wrapper.conf --> C:\Syncrify\Wrapper.exe -s C:\Syncrify\config\wrapper.conf [?]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 AssetUPnP;AssetUPnP;F:\Program Files (x86)\Illustrate\dBpoweramp\Asset-UPnPService.exe --> F:\Program Files (x86)\Illustrate\dBpoweramp\Asset-UPnPService.exe [?]
S3 BrlAPI;BrlAPI;C:\cygwin\bin\cygrunsrv.exe [2012-4-6 129550]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2011-9-8 245760]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-9-8 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-9-9 79360]
S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2011-9-8 79360]
S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2011-11-13 131912]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-9-9 25640]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-9-9 30528]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;C:\Windows\system32\DRIVERS\libusb0.sys --> C:\Windows\system32\DRIVERS\libusb0.sys [?]
S3 McMyAdmin;Launcher Service: McMyAdmin;C:\Users\Villadelfia\Desktop\mcserver\Service\LaunchServ.exe --> C:\Users\Villadelfia\Desktop\mcserver\Service\LaunchServ.exe [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;C:\Windows\system32\DRIVERS\nlndis.sys --> C:\Windows\system32\DRIVERS\nlndis.sys [?]
S3 pspdisp;pspdisp;C:\Windows\system32\DRIVERS\pspdisp_x64.sys --> C:\Windows\system32\DRIVERS\pspdisp_x64.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 rspLLL;rspLLL;C:\Windows\system32\DRIVERS\rspLLL64.sys --> C:\Windows\system32\DRIVERS\rspLLL64.sys [?]
S3 SaiK0836;SaiK0836;C:\Windows\system32\DRIVERS\SaiK0836.sys --> C:\Windows\system32\DRIVERS\SaiK0836.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\system32\DRIVERS\tapoas.sys --> C:\Windows\system32\DRIVERS\tapoas.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 USBTINSP;TI-Nspire(TM) Handheld or TI Network Bridge Device Driver;C:\Windows\system32\DRIVERS\tinspusb.sys --> C:\Windows\system32\DRIVERS\tinspusb.sys [?]
S3 VMLiteUSB;VMLite USB;C:\Windows\system32\Drivers\VMLiteUSB.sys --> C:\Windows\system32\Drivers\VMLiteUSB.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files (x86)\F-Secure\Anti-Virus\win2k\fsfilter.sys [2012-6-26 41896]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files (x86)\F-Secure\Anti-Virus\win2k\fsrec.sys [2012-6-26 27304]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0105;RsFx0105 Driver;C:\Windows\system32\DRIVERS\RsFx0105.sys --> C:\Windows\system32\DRIVERS\RsFx0105.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
.
=============== Created Last 30 ================
.
2012-06-29 04:55:00   24904   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2012-06-29 04:55:00   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-28 23:15:04   --------   d-----w-   C:\Users\Villadelfia\AppData\Roaming\SUPERAntiSpyware.com
2012-06-28 23:14:44   --------   d-----w-   C:\ProgramData\SUPERAntiSpyware.com
2012-06-28 23:14:44   --------   d-----w-   C:\Program Files\SUPERAntiSpyware
2012-06-28 21:54:08   --------   d-----w-   C:\Users\Villadelfia\AppData\Local\LogMeIn Rescue Applet
2012-06-28 21:39:36   355   ----a-w-   C:\Windows\System32\drivers\etc\hosts.ussclean.tmp
2012-06-28 15:41:39   --------   d-----w-   C:\Program Files (x86)\Resource Hacker
2012-06-28 15:12:42   --------   d-----w-   C:\QtSDK
2012-06-28 12:28:04   328704   ----a-w-   C:\Windows\System32\services.exe
2012-06-27 13:38:38   404640   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-27 09:24:12   --------   d-----w-   C:\Windows\pss
2012-06-27 09:13:21   74272   ----a-w-   C:\Windows\System32\RtNicProp64.dll
2012-06-27 09:13:21   107552   ----a-w-   C:\Windows\System32\RTNUninst64.dll
2012-06-27 09:13:16   --------   d-----w-   C:\Program Files (x86)\Realtek
2012-06-26 20:37:53   55960   ----a-w-   C:\Windows\System32\drivers\fsbts.sys
2012-06-26 19:57:00   --------   d-----w-   C:\Users\Villadelfia\AppData\Roaming\Malwarebytes
2012-06-26 19:56:56   --------   d-----w-   C:\ProgramData\Malwarebytes
2012-06-25 20:13:49   --------   d-----w-   C:\SymCache
2012-06-25 20:12:46   --------   d-----w-   C:\Program Files\Microsoft Windows Performance Toolkit
2012-06-25 18:55:22   --------   d-----w-   C:\Program Files (x86)\Red Kawa
2012-06-25 18:51:25   --------   d-----w-   C:\Users\Villadelfia\AppData\Local\Badaboom
2012-06-25 18:50:54   --------   d-----w-   C:\Program Files (x86)\Badaboom2
2012-06-25 17:52:56   646248   ----a-w-   C:\Windows\System32\drivers\Rt64win7.sys
2012-06-25 09:08:32   21560   ----a-w-   C:\Windows\System32\drivers\rspLLL64.sys
2012-06-25 09:08:32   --------   d-----w-   C:\Program Files\LatencyMon
2012-06-25 08:07:43   2382848   ----a-w-   C:\Windows\System32\mshtml.tlb
2012-06-25 08:06:45   514560   ----a-w-   C:\Windows\SysWow64\qdvd.dll
2012-06-25 07:41:10   --------   d-----w-   C:\Intel
2012-06-24 17:15:57   --------   d-sh--w-   C:\Windows\System32\%APPDATA%
2012-06-24 02:14:51   --------   d-----w-   C:\Program Files\WinPcap
2012-06-21 22:58:50   --------   d-----w-   C:\Program Files (x86)\Microsoft WSE
2012-06-21 14:15:22   --------   d-----w-   C:\Program Files (x86)\PCSX2 0.9.8
2012-06-21 04:03:46   2622464   ----a-w-   C:\Windows\System32\wucltux.dll
2012-06-21 04:03:31   99840   ----a-w-   C:\Windows\System32\wudriver.dll
2012-06-21 04:03:14   36864   ----a-w-   C:\Windows\System32\wuapp.exe
2012-06-21 04:03:14   186752   ----a-w-   C:\Windows\System32\wuwebv.dll
2012-06-20 12:34:40   --------   d-----w-   C:\Users\Villadelfia\AppData\Local\Macromedia
2012-06-20 12:31:00   --------   d-----w-   C:\ProgramData\Valve
2012-06-17 20:51:10   --------   d-----w-   C:\Users\Villadelfia\AppData\Local\tctemp
2012-06-17 20:47:46   --------   d-----w-   C:\Program Files (x86)\Wide Angle Software
2012-06-17 18:32:32   --------   d-----w-   C:\Program Files\Unlocker
2012-06-17 17:27:06   --------   d-----w-   C:\Users\Villadelfia\AppData\Roaming\Broken Rules
2012-06-17 15:30:17   --------   d-----w-   C:\Program Files (x86)\Runtime Software
2012-06-17 15:28:11   --------   d-----w-   C:\Runtime.Raid.Reconstructor.v4.03-DOA
2012-06-17 15:13:36   770384   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-17 15:13:36   421200   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-11 18:02:16   71680   ----a-w-   C:\Windows\System32\frapsv64.dll
2012-06-11 18:02:12   65536   ----a-w-   C:\Windows\SysWow64\frapsvid.dll
2012-06-08 01:40:29   1544704   ----a-w-   C:\Windows\System32\DWrite.dll
2012-06-08 01:40:29   1077248   ----a-w-   C:\Windows\SysWow64\DWrite.dll
2012-06-08 01:40:06   75120   ----a-w-   C:\Windows\System32\drivers\partmgr.sys
2012-06-08 01:40:03   1732096   ----a-w-   C:\Program Files\Windows Journal\NBDoc.DLL
2012-06-08 01:40:02   936960   ----a-w-   C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-06-08 01:40:02   1402880   ----a-w-   C:\Program Files\Windows Journal\JNWDRV.dll
2012-06-08 01:40:02   1393664   ----a-w-   C:\Program Files\Windows Journal\JNTFiltr.dll
2012-06-08 01:40:02   1367552   ----a-w-   C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-08 01:39:25   1918320   ----a-w-   C:\Windows\System32\drivers\tcpip.sys
2012-06-05 16:11:13   --------   d-----w-   C:\Syncrify
2012-06-02 23:45:38   --------   d-----w-   C:\Users\Villadelfia\.WebIde40
2012-06-02 23:41:56   --------   d-----w-   C:\Users\Villadelfia\.PyCharm20
2012-06-02 23:40:32   --------   d-----w-   C:\Program Files (x86)\JetBrains
2012-06-01 18:39:46   --------   d-----w-   C:\Users\Villadelfia\AppData\Roaming\TightVNC
2012-06-01 18:39:27   --------   d-----w-   C:\ProgramData\TightVNC
2012-06-01 18:39:27   --------   d-----w-   C:\Program Files\TightVNC
2012-05-31 14:45:46   --------   d-----w-   C:\Program Files\Synergy
.
==================== Find3M  ====================
.
2012-06-28 02:33:17   25640   ----a-w-   C:\Windows\gdrv.sys
2012-06-26 20:34:15   33408   ----a-w-   C:\Windows\SysWow64\drivers\fsbts.sys
2012-06-26 19:46:36   30528   ----a-w-   C:\Windows\GVTDrv64.sys
2012-06-26 19:46:19   25640   ----a-w-   C:\Windows\etdrv.sys
2012-05-20 01:52:02   695578   ----a-w-   C:\Windows\unins001.exe
2012-05-18 02:06:48   2311680   ----a-w-   C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14   1392128   ----a-w-   C:\Windows\System32\wininet.dll
2012-05-18 01:58:39   1494528   ----a-w-   C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22   173056   ----a-w-   C:\Windows\System32\ieUnatt.exe
2012-05-17 22:45:37   1800192   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47   1129472   ----a-w-   C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39   1427968   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45   142848   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45   2382848   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2012-05-15 09:29:47   889664   ----a-w-   C:\Windows\System32\nvvsvc.exe
2012-05-15 09:29:46   63296   ----a-w-   C:\Windows\System32\nvshext.dll
2012-05-15 09:29:46   118080   ----a-w-   C:\Windows\System32\nvmctray.dll
2012-05-15 09:29:45   2621723   ----a-w-   C:\Windows\System32\nvcoproc.bin
2012-05-15 09:29:25   3149632   ----a-w-   C:\Windows\System32\nvsvc64.dll
2012-05-15 09:28:42   6151488   ----a-w-   C:\Windows\System32\nvcpl.dll
2012-05-15 01:32:33   3146752   ----a-w-   C:\Windows\System32\win32k.sys
2012-05-15 00:21:50   423744   ----a-w-   C:\Windows\SysWow64\nvStreaming.exe
2012-05-07 19:13:05   8744608   ----a-w-   C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 11:06:22   5559664   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2012-05-04 11:00:43   366592   ----a-w-   C:\Windows\System32\qdvd.dll
2012-05-04 10:03:53   3968368   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50   3913072   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20   209920   ----a-w-   C:\Windows\System32\profsvc.dll
2012-04-28 05:32:05   1112064   ----a-w-   C:\Windows\System32\rdpcorets.dll
2012-04-28 03:55:21   210944   ----a-w-   C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56   77312   ----a-w-   C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55   149504   ----a-w-   C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27   9216   ----a-w-   C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37   184320   ----a-w-   C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37   140288   ----a-w-   C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36   1462272   ----a-w-   C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42   140288   ----a-w-   C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42   1158656   ----a-w-   C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42   103936   ----a-w-   C:\Windows\SysWow64\cryptnet.dll
2012-04-18 17:08:08   31040   ----a-w-   C:\Windows\System32\nvhdap64.dll
2012-04-18 17:08:03   188736   ----a-w-   C:\Windows\System32\drivers\nvhda64v.sys
2012-04-18 17:08:02   1451840   ----a-w-   C:\Windows\System32\nvhdagenco6420103.dll
2012-04-11 16:13:35   466520   ----a-w-   C:\Windows\System32\wrap_oal.dll
2012-04-11 16:13:35   445016   ----a-w-   C:\Windows\SysWow64\wrap_oal.dll
2012-04-11 16:13:35   123480   ----a-w-   C:\Windows\System32\OpenAL32.dll
2012-04-11 16:13:35   109144   ----a-w-   C:\Windows\SysWow64\OpenAL32.dll
2012-04-07 12:31:40   3216384   ----a-w-   C:\Windows\System32\msi.dll
2012-04-07 11:26:29   2342400   ----a-w-   C:\Windows\SysWow64\msi.dll
2012-04-03 17:21:24   9856   ----a-w-   C:\Windows\System32\drivers\EMSLink_amd64.sys
2012-04-01 11:39:57   282864   ----a-w-   C:\Windows\SysWow64\PnkBstrB.xtr
2012-04-01 11:39:57   282864   ----a-w-   C:\Windows\SysWow64\PnkBstrB.exe
2012-04-01 11:39:34   280904   ----a-w-   C:\Windows\SysWow64\PnkBstrB.ex0
.
============= FINISH:  9:24:36,16 ===============
« Last Edit: June 29, 2012, 04:35:39 PM by SuperDave »

villadelfia

    Topic Starter


    Rookie

    • Yes
  • Experience: Expert
  • OS: Windows 7
Re: (F-secure) Sirefef.HC, Sirefef.HD
« Reply #4 on: June 29, 2012, 01:34:10 AM »
Attach.txt:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 8/09/2011 23:51:02
System Uptime: 28/06/2012 4:31:02 (29 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | Z68X-UD4-B3
Processor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz | Socket 1155 | 4301/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1863 GiB total, 1689,778 GiB free.
D: is Removable
F: is FIXED (NTFS) - 2794 GiB total, 2630,505 GiB free.
G: is FIXED (NTFS) - 2794 GiB total, 2394,45 GiB free.
H: is FIXED (NTFS) - 2306 GiB total, 2142,111 GiB free.
Y: is CDROM ()
Z: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Description: Logitech G13 Joystick
Device ID: LOGIDEVICE\VID_046D&PID_C2AB\1&1A590E2C&0&49835
Manufacturer: (Standard system devices)
Name: Logitech G13 Joystick
PNP Device ID: LOGIDEVICE\VID_046D&PID_C2AB\1&1A590E2C&0&49835
Service: LGVirHid
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: PortableVBoxUSBMon
Device ID: ROOT\LEGACY_VBOXUSBMON\0000
Manufacturer:
Name: PortableVBoxUSBMon
PNP Device ID: ROOT\LEGACY_VBOXUSBMON\0000
Service: VBoxUSBMon
.
==== System Restore Points ===================
.
RP361: 26/06/2012 22:32:40 - is 10.51 build 106 Installation
RP362: 27/06/2012 7:13:59 - Removed Directory Opus
RP363: 27/06/2012 11:12:12 - Verwijderd Realtek Ethernet Controller Driver
RP364: 27/06/2012 11:13:03 - Geïnstalleerd Realtek Ethernet Controller Driver
.
==== Installed Programs ======================
.
@BIOS
1... 2... 3... KICK IT! (Drop That Beat Like an Ugly Baby)
1000 Amps
A.R.E.S.
AaAaAA!!! - A Reckless Disregard for Gravity
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Community Help
Adobe Content Viewer
Adobe Creative Suite 5.5 Master Collection
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.6
Adobe Story
Adobe Widget Browser
AIDA64 Extreme Edition v1.80
Alice Madness Returns
Alien Shooter
Alien Shooter 2: Reloaded
Altarsoft Icon Editor 1.0
Altitude
AmiKit 1.5
Analogue: A Hate Story Demo
Anomaly Warzone Earth
Apple Application Support
Apple Software Update
Aquaria
Arena 3.0
ArgoUML Latest Stable Release 0.34
ArtMoney SE v7.38
Asset UPnP
µTorrent
Audacity 1.3.13 (Unicode)
Audiosurf
AutoGreen B10.1021.1
AviSynth 2.6
Badaboom versionTRIAL_2.0.0.128
Bastion
Batman: Arkham City™
Battlefield 3™
Battlefield: Bad Company™ 2
Battlelog Web Plugins
Beat Hazard
Bejeweled 3
Bejeweled Blitz
Ben There, Dan That!
BIT.TRIP BEAT
BIT.TRIP RUNNER
Blackwell Convergence
Blackwell Deception version 1.0
Blackwell Unbound
Blade Kitten
Blocks That Matter
Bob Came in Pieces
Braid
Breath of Death VII
Broken Sword II: The Smoking Mirror
Broken Sword III: The Sleeping Dragon
Brother BRAdmin Light 1.21.0001
Bullet Candy
Bunch Of Heroes
calibre
Calibrize 2.0
CameraHelperMsi
Cave Story+
Chains
Chantelise
Cheat Engine 6.1
Chime
clrmamepro
CMake 2.8, a cross-platform, open-source build system
Cogs
Combined Community Codec Pack 2011-11-11
Commander Keen Complete Pack
Coniclysm
Corrosion- Cold Winter Waiting
CorsixTH Beta 7
Counter-Strike
Counter-Strike: Source
CraftBukkit Stable Release#1134
Crayon Physics Deluxe
Creative 3DMIDI Player
Creative ALchemy
Creative Audio Control Panel
Creative Console Launcher
Creative Diagnostics
Creative Media Toolbox 6
Creative Media Toolbox 6 (Shared Components)
Creative MediaSource 5
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
Creative WaveStudio 7
Critical Mass
Crystal Reports for Visual Studio
Cthulhu Saves the World
Cubemen
Curse Client
DAEMON Tools Lite
Dark Void Zero
Darksiders
Darwinia
dBpoweramp [Arrange Audio] Codec
dBpoweramp [Audio Info] Codec
dBpoweramp [Calculate Audio CRC] Codec
dBpoweramp [Channel Split] Codec
dBpoweramp [ID Tag Update] Codec
dBpoweramp [Length Split] Codec
dBpoweramp [Multi Encoder] Codec
dBpoweramp [ReplayGain] Codec
dBpoweramp [Tag From Filename] Codec
dBpoweramp AIFF Codec
dBpoweramp CD Writer
dBpoweramp CLI Encoder
dBpoweramp Dalet Codec
dBpoweramp DirectShow Decoder
dBpoweramp DSP Effects
dBpoweramp FLAC Codec
dBpoweramp m4a Codec
dBpoweramp Midi Decoder
dBpoweramp Monkeys Audio Codec
dBPowerAMP Mp2 and BwfMp2 codec
dBpoweramp mp3 (Fraunhofer IIS) Codec
dBpoweramp Musepack Codec
dBpoweramp Music Converter
dBpoweramp Ogg Vorbis Codec
dBpoweramp OptimFROG Codec
dBPowerAMP Real Audio (Helix) Encoder
dBpoweramp Shorten Codec
dBpoweramp Speex Codec
dBPoweramp tooLame MP2 codec
dBpoweramp TTA Codec
dBpoweramp Wave64 Codec
dBpoweramp WavPack Codec
dBpoweramp Windows Media Audio 10 Codec
dBpowerAMP Windows Media Audio 9 Codec
De Complete Sims 1 Collectie
De Sims™ 3
De Sims™ 3 Ambities
De Sims™ 3 Beestenbende
De Sims™ 3 Buitenleven Accessoires
De Sims™ 3 Buurtleven Accessoires
De Sims™ 3 Katy Perry Pakt uit
De Sims™ 3 Levensweg
De Sims™ 3 Luxe Accessoires
De Sims™ 3 Na Middernacht
De Sims™ 3 Showtime
De Sims™ 3 Slaap- en badkamer Accessoires
De Sims™ 3 Supersnelle Accessoires
De Sims™ 3 Wereldavonturen
Dead Horde
Dead Island
Dead Island  1.2.0.0
Dead Rising 2
Dear Esther
DeathSpank
DeathSpank: Thongs Of Virtue
DEFCON
Defense Grid: The Awakening
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DES 2.0
Desura
Desura: The Oil Blue
Deus Ex: Human Revolution
Diablo II
Diablo III
Diamond Dan
Dino D-Day
Dino D-Day SDK
Direct MKV Converter version 2.0.0.0
Disciples II Galleans Return Scenario Editor
Disciples II: Gallean's Return
DiskAid 5.06
DJMaxTrilogy
Doc Clock: The Toasted Sandwich of Time
Doctor Who: The Adventure Games
Doctor Who: The Gunpowder Plot
Dokan Library 0.5.3
Dolby Digital Live Pack
DOOM 3
DOOM 3: Resurrection of Evil
DOOM II: *censored* on Earth
Dota 2
Dota 2 Test
Dotfuscator Software Services - Community Edition
Dropbox
Droplitz
DTS Connect Pack
Dungeon Defenders
Dungeon Keeper 2
Dungeons of Dredmor
Dwarfs!?
Dyyno Broadcaster
EDGE
Eets
erLT
ESN Sonar
Etron USB3.0 Host Controller
Eufloria
Evernote v. 4.5.4
Everything 1.2.1.371
Evil Genius
F-Secure Anti-Virus 2011
Face_Wizard B10.1230.01
Fallout
Fallout 2
Fate of the World
Fences
FileZilla Client 3.5.1
FileZilla Server
Final DOOM
Final Fantasy XII Config Patch HIG-SSE41 v0.04
Final Fantasy XII International ZJS English Patched v0.18
FINAL FANTASY XIV
Flight Control HD
FlyVPN
foobar2000 v1.1.11
Fortix 2
Fractal: Make Blooms Not War
Fraps (remove only)
Fritz 13
Frozen Synapse
Fun With Swarms version 1.0
GameSave Manager
GameSpy Comrade
Geeks3D.com FurMark 1.9.1
Gemini Rue
Gemini Rue version 1.0
Geometry Wars: Retro Evolved
Gish
Git version 1.7.10-preview20120409
GrandDog Run Time System V1.0.35
Gray Matter
GridRunner Revolution
GtkRadiant-1.4.0
Gumboy Crazy Features
Gumboy: Crazy Adventures
GundeadliGne
Gundemonium Recollection
Hacker Evolution
Hacker Evolution - Untold
Hacker Evolution Duality
Half-Life: Source
Hammerfight
Hard Reset
HD Tune Pro 4.61
Heretic: Shadow of the Serpent Riders
HeXen II
HeXen: Beyond Heretic
HeXen: Deathkings of the Dark Citadel
Hi-Rez Studios Authenticate and Update Service
Hitogata Happa
HL-2250DN
HOARD
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2522890)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2529927)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2542054)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2548139)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2549864)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2635973)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
HTC BMP USB Driver
HTC Driver Installer
HxD Hex Editor version 1.7.7.0
iExplorer 2.2.1.3
ImageMagick 6.7.6-8 Q16 (2012-05-01)
ImgBurn
Indiana Jones and the Fate of Atlantis
Indiana Jones and the Last Crusade
inMomentum
Intel(R) Management Engine Components
ioquake3
IrfanView (remove only)
Iron Grip: Warlord
Jamestown
Java Auto Updater
Java(TM) 6 Update 31
JDownloader 0.9
JetBrains PhpStorm 4.0.1
JetBrains PyCharm 2.5.1
Jolly Rover
Just Great Software EditPad Pro 7 v.7.0.6
Lagarith Lossless Codec (1.3.26)
LAME v3.98.3 for Audacity
League of Legends
Legend of Grimrock
Lilith The Will of Demon : Battles of Jalavia v1.1
LinuxLive USB Creator
Logitech-webcamsoftware
Logitech Harmony Remote Software 7
Loom
LOVE (remove only)
Lugaru HD
Lume
Lumines
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Machinarium
Madballs in...Babo: Invasion
Magic: The Gathering — Duels of the Planeswalkers 2012
Malwarebytes Anti-Malware version 1.61.0.1400
MAMEUIFX32
Maple 15
marvell 91xx driver
Master Levels for DOOM II
MatchStick BSP Decompiler
Max and the Magic Marker
Metro 2033
Microsoft .NET Compact Framework 2.0 SP1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Visual C++  Compilers 2010 Standard - enu - x86
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Professional - ENU
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio Macro Tools
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Microsoft XNA Game Studio 4.0
Microsoft XNA Game Studio 4.0 (ARP entry)
Microsoft XNA Game Studio 4.0 (Redists)
Microsoft XNA Game Studio 4.0 (Shared Components)
Microsoft XNA Game Studio 4.0 (Visual Studio)
Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
Microsoft XNA Game Studio 4.0 Documentation
Microsoft XNA Game Studio Platform Tools
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Might & Magic - Clash of Heroes
MinGW-Get version 0.5-beta-20120426-1
MIPSter 2.0
Monopoly by Parker Brothers
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 13.0.1 (x86 en-US)
Mp3tag v2.49a
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
Multi Minecraft Manager
Multiwinia
Native Instruments Traktor 2
NaturalReaderFree
NightSky
Nikopol: Secrets of the Immortals
Nimbus
Notepad++
Nuclear Dawn
Null-modem emulator (com0com)
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Obulis
On the Rain-Slick Precipice of Darkness, Episode One
On the Rain-Slick Precipice of Darkness, Episode Two
ON_OFF Charge B11.0110.1
OpenAL
Orcs Must Die!
Origin
Osmos
osu!
Pando Media Booster
PC Gamer
PCSX2 - Playstation 2 Emulator
PDF Settings CS5
Penumbra: Overture
pgAdmin III 1.14
Phone Disk 1.2.1.1
Plants vs. Zombies: Game of the Year
Postal Plus
PremiumSoft Navicat Premium 10.0
ProtectDisc Driver, Version 11
PS3 Media Server
PSPdisp v0.6
PunkBuster Services
Puzzle Agent
Puzzle Dimension
PxMergeModule
Pyroblazer
PyScripter 2.5.3
Python 2.7.2
Qt SDK
QtSpim
Quake
Quake II
Quake II: Ground Zero
Quake II: The Reckoning
Quake III Arena
Quake III: Team Arena
Quake Live Mozilla Plugin
Quake Mission Pack 1: Scourge of Armagon
Quake Mission Pack 2: Dissolution of Eternity
QuArK 6.6.0 Beta 4
QuickPar 0.9
QuickTime
RAD Video Tools
RAGE
RAID Reconstructor
Rapture3D 2.3.26 Game
Rayman Forever
Razer BlackWidow
Razor2: Hidden Skies
RCT3 Soaked
Really Big Sky
Really Slick Screensavers 0.2
Realm of the Mad God
Realtek Ethernet Controller Driver
Recettear: An Item Shop's Tale
Remote Control USB Driver
Resident Evil 5
Resonance
Resource Hacker Version 3.6.0
Return to Castle Wolfenstein
Revenge of the Titans
RGF HotSpot version 0.6b
Rhythm Zone
Ricochet
RightMark 3DSound 2.3
Riven The sequel to Myst
Rock of Ages
RollerCoaster Tycoon 2 Triple Thrill Pack
RollerCoaster Tycoon Deluxe
RollerCoaster Tycoon® 3
rtpMIDI
Runespell: Overture
RUSH
Rusty Hearts
SABnzbd 0.6.15
Safecracker: The Ultimate Puzzle Adventure
Saints Row: The Third
Saira
Sam & Max 101: Culture Shock
Sam & Max 102: Situation: Comedy
Sam & Max 103: The Mole, the Mob and the Meatball
Sam & Max 104: Abe Lincoln Must Die!
Sam & Max 105: Reality 2.0
Sam & Max 106: Bright Side of the Moon
Sam & Max 201: Ice Station Santa
Sam & Max 202: Moai Better Blues
Sam & Max 203: Night of the Raving Dead
Sam & Max 204: Chariots of the Dogs
Sam & Max 205: What's New Beelzebub?
Sam & Max 301: The Penal Zone
Sam & Max 302: The Tomb of Sammun-Mak
Sam & Max 303: They Stole Max's Brain!
Sam & Max 304: Beyond the Alley of the Dolls
Sam & Max 305: The City that Dares not Sleep
Samorost 2
Sanctum
Scoregasm
Scribus 1.4.0
Secure Download Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2645410)
Security Update for Microsoft Visual Studio Macro Tools (KB2669970)
Sequence
Serious Sam 3 Editor
Serious Sam 3: BFE
Serious Sam Double D
Shadow Era version 1.503
Shadowgrounds
Shadowgrounds: Survivor
Shatter
Sid Meier's Civilization V
SiON MML Editor
Skype Click to Call
Skype™ 5.5
Slik Subversion 1.7.4 (x86)
Smart 6 B10.1221.1
smartmontools
Sonic Generations
Sound Blaster X-Fi
SoundFont Bank Manager
Space Giraffe
Space Quest Collection
SpaceChem
Speedball 2: Tournament
Splashtop Remote Client
Splashtop Streamer
SpotGrit
Spotnet
Stacking
Star Wars: The Old Republic
Steam
Super Crossfire version 1.0
Super Meat Boy
Super Meat Boy Editor
Super Monday Night Combat
Supreme Commander
Supreme Commander: Forged Alliance
swMSM
Syncrify
Synergy
Team Fortress 2 Beta
TeamViewer 7
Terraria
Text to Speech Maker version 2.2.1
The Binding of Isaac
The Blackwell Legacy
The Darkness II
The Dig
The Experiment
The Misadventures of P.B. Winterbottom
The Polynomial
The Ultimate DOOM
The Walking Dead
The Witcher 2 - Assassins of Kings
The Wonderful End of the World
TI-Nspire CAS Teacher Software
TI-Nspire™ CAS Computer Software Docenteneditie
Tidalis
Tiled - Tiled Map Editor
Time Gentlemen, Please!
Titan Quest
Titan Quest: Immortal Throne
To the Moon
Tom Clancy's H.A.W.X
Torchlight 2 Beta
TouchBIOS B11.0824.1
TouchCopy 09
TQVault
TRAUMA
Tribes Ascend Closed Beta
Trine 2
TrueCrypt
U232 P9/P25 10.2.98
Ubisoft Game Launcher
UltraCompare
Unity Web Player
Universal Hashcash Minter
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Uplink
Videora Apple TV Converter 6
Vigil: Blood Bitterness
Vim 7.3.514
Violet UML Editor
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 2.0.1
Voxatron 0.1.3
VVVVVV
WampServer 2.2
WBFS Manager 3.0
WCF RIA Services V1.0 SP1
Who's That Flying?!
Windows Quake Console Uninstall
WinImage
WinPcap 4.1.2
WinSCP 4.3.7
Winter Voices
WinUAE 2.3.3
WinUHA 2.0 RC1 (2005.02.27)
Wizorb
Wolfenstein 3D
Wolfenstein 3D: Spear of Destiny
World of Logs Client (4.2)
World of Warcraft Beta
Worms Reloaded
Worms Ultimate Mayhem
X-Change 3
X-Win32 9.1
XBMC
XSplit
Yacc 0.4.0.3
YAMB
Your Doodles Are Bugged!
Ys Origin
Ys: The Oath in Felghana
YTubePlayer
zbattle.net 1.09 SR-1 beta
Zeno Clash
Zeno Clash Models
ZeroWave 2.0
Zombie Shooter
Zombie Shooter 2
ZScreen 4.9.0.3057
.
==== Event Viewer Messages From Past Week ========
.
29/06/2012 8:21:41, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
28/06/2012 5:54:44, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
28/06/2012 4:32:48, Error: Service Control Manager [7023]  - The Syncrify service terminated with the following error:  Incorrect function.
28/06/2012 4:32:21, Error: Service Control Manager [7000]  - The PortableVBoxUSBMon service failed to start due to the following error:  The system cannot find the path specified.
28/06/2012 4:32:17, Error: Service Control Manager [7003]  - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
28/06/2012 4:32:06, Error: Service Control Manager [7003]  - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
28/06/2012 4:32:03, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
28/06/2012 4:31:48, Error: Service Control Manager [7000]  - The EMS Inter-Link driver V3.0 service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
28/06/2012 3:44:26, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
27/06/2012 2:32:35, Error: F-Secure Gatekeeper [1]  -
27/06/2012 18:15:27, Error: Service Control Manager [7000]  - The PortableVBoxUSBMon service failed to start due to the following error:  The device is not ready.
26/06/2012 23:13:27, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SplashtopRemoteService service.
26/06/2012 22:15:23, Error: Service Control Manager [7034]  - The Metasploit Thin Service service terminated unexpectedly.  It has done this 1 time(s).
26/06/2012 20:02:54, Error: Service Control Manager [7034]  - The UMVPFSrv service terminated unexpectedly.  It has done this 1 time(s).
25/06/2012 9:51:15, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
25/06/2012 9:48:44, Error: Service Control Manager [7023]  - The Function Discovery Resource Publication service terminated with the following error:  %%-2147024891
25/06/2012 9:48:44, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:  %%-2147024891
25/06/2012 9:47:06, Error: Service Control Manager [7024]  - The VMware Workstation Server service terminated with service-specific error %%-1.
25/06/2012 20:49:00, Error: Tcpip [4199]  - The system detected an address conflict for IP address 192.168.1.5 with the system having network hardware address 70-DE-E2-AF-35-C7. Network operations on this system may be disrupted as a result.
25/06/2012 18:42:16, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NeroMediaHomeService.4 service.
25/06/2012 18:29:14, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Nero MediaHome 4 Service service to connect.
25/06/2012 18:29:14, Error: Service Control Manager [7000]  - The Nero MediaHome 4 Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
25/06/2012 11:33:32, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Synergy service to connect.
25/06/2012 11:33:32, Error: Service Control Manager [7000]  - The Synergy service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
22/06/2012 21:26:36, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume SHARED.
.
==== End Of File
And that's all the logs.
« Last Edit: June 29, 2012, 04:42:18 PM by SuperDave »

SuperDave

  • Malware Removal Specialist


  • Genius
  • Thanked: 1020
  • Certifications: List
  • Experience: Expert
  • OS: Windows 10
Re: (F-secure) Sirefef.HC, Sirefef.HD
« Reply #5 on: June 29, 2012, 04:47:52 PM »
Quote
Also, it shows the wrong AV at the top, I use F-Secure, and it's on.
Well, just make sure only one AV is activate at any time.

P2P - I see you have P2P software installed on your machine. (µTorrent)We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
***************************************************
Quote
29/06/2012 8:21:41, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

Open the Start Menu.

2. Click on the Computer button.

3. Right click on your hard drive and click on Properties.

4. Click on the Tools tab.

5. Click on Check Now under the Error checking section. (See circled in red below)



. Click on Continue in the UAC prompt.

7. Make sure both options are checked. (See screenshot below)
NOTE: The Automatically fix file system errors box will be checked by default.

8. Click on the Start button.



9. You will get a pop-up window saying, "Windows can't check this disk while it's use". (See screenshot below)

10. Click on the Schedule disk check button for chkdsk to run the next time you restart your computer.



11. Restart your computer.
**************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
*************************************************
Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply
**************************************************
Download Combofix from any of the links below, and save it to your DESKTOP

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.
  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:


Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
Windows 8 and Windows 10 dual boot with two SSD's

villadelfia

    Topic Starter


    Rookie

    • Yes
  • Experience: Expert
  • OS: Windows 7
Re: (F-secure) Sirefef.HC, Sirefef.HD
« Reply #6 on: June 30, 2012, 02:05:43 AM »
Ok, here are the requested logs.

Also, can you please mention when an instruction can lead to extended periods of computer unavailability? That chkdsk took 7 hours to run, and not because my hard drive is going, but because it's huge, and I have millions and millions of tiny little files on there.

I have a few notes about the SecurityCheck log:
 - UAC has been disabled by choice, that's not a virus.
 - And that's flash 10.3, which has the same security patches as 11.3. I deliberately use an older version, because flash 11.3 makes firefox slow to a crawl.
 - Apparently sirefef disabled my security center service from running, I re-enabled the MSE one, but forgot that one. Anyway, combofix did it for me.

And then a few about the combofix log:
 - Combofix removed the following files it shouldn't have:
   - Input dll for a game called pop'n music:
     C:\devil.dll
   - A lua based game engine and save files for games written in it:
     c:\program files (x86)\love\love.exe
     c:\users\Villadelfia\AppData\Roaming\Love
     c:\users\Villadelfia\AppData\Roaming\Love\mari0\options.txt
     c:\users\Villadelfia\AppData\Roaming\Love\not_tetris_2\highscoresA.txt
     c:\users\Villadelfia\AppData\Roaming\Love\not_tetris_2\highscoresB.txt
     c:\users\Villadelfia\AppData\Roaming\Love\not_tetris_2\options.txt
   - Files related to a network management tool I use to check the health of my network.
     c:\windows\SysWow64\Packet.dll
     c:\windows\SysWow64\pthreadVC.dll
     c:\windows\SysWow64\wpcap.dll
How can I restore these?

Also, sorry that the last log is in dutch, my system language is in english, and it didn't give me an option to run it in english.

SecurityCheck:
Quote
Results of screen317's Security Check version 0.99.42 
 Windows 7 Service Pack 1 x64 (UAC is disabled!) 
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Security Center service is not running! This report may not be accurate!
Microsoft Security Essentials   
  (On Access scanning disabled!)
 Error obtaining update status for antivirus! 
`````````Anti-malware/Other Utilities Check:`````````[/u]
 JavaFX 2.1.1   
 Java(TM) 7 Update 5 
 Adobe Flash Player 10 Flash Player out of Date!
 Mozilla Firefox (13.0.1)
 Mozilla Thunderbird (13.0.1)
````````Process Check: objlist.exe by Laurent````````[/u] 
 F-Secure Anti-Virus fsgk32st.exe 
 F-Secure Anti-Virus FSGK32.EXE 
 F-Secure Anti-Virus fssm32.exe 
 F-Secure Anti-Virus fsav32.exe 
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````[/u]

aswMBR:
Quote
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-30 08:30:47
-----------------------------
08:30:47.925    OS Version: Windows x64 6.1.7601 Service Pack 1
08:30:47.926    Number of processors: 8 586 0x2A07
08:30:47.926    ComputerName: KURUMI  UserName:
08:30:50.187    Initialize success
08:31:24.497    AVAST engine defs: 12062902
08:37:32.998    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
08:37:32.999    Disk 0 Vendor: Hitachi_HDS5C3020ALA632 ML6OA580 Size: 1907729MB BusType: 11
08:37:33.000    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2
08:37:33.001    Disk 1 Vendor: Hitachi_HDS723030ALA640 MKAOA5C0 Size: 2861588MB BusType: 11
08:37:33.002    Disk 2  \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-3
08:37:33.003    Disk 2 Vendor: Hitachi_HDS723030ALA640 MKAOA5C0 Size: 2861588MB BusType: 11
08:37:33.005    Disk 3  \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP4T0L0-4
08:37:33.006    Disk 3 Vendor: Hitachi_HDS723030ALA640 MKAOA5C0 Size: 2861588MB BusType: 11
08:37:33.068    Disk 0 MBR read successfully
08:37:33.070    Disk 0 MBR scan
08:37:33.134    Disk 0 Windows 7 default MBR code
08:37:33.155    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
08:37:33.182    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS      1907625 MB offset 206848
08:37:33.543    Disk 0 scanning C:\Windows\system32\drivers
08:37:50.332    Service scanning
08:38:23.135    Modules scanning
08:38:23.138    Disk 0 trace - called modules:
08:38:23.164    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
08:38:23.167    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800fc28790]
08:38:23.169    3 CLASSPNP.SYS[fffff88001f6e43f] -> nt!IofCallDriver -> [0xfffffa800fa27520]
08:38:23.171    5 ACPI.sys[fffff88000fa97a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800f9eb680]
08:38:25.490    AVAST engine scan C:\Windows
08:38:30.641    AVAST engine scan C:\Windows\system32
08:46:55.737    AVAST engine scan C:\Windows\system32\drivers
08:48:59.085    AVAST engine scan C:\Users\Villadelfia
09:06:54.986    AVAST engine scan C:\ProgramData
09:09:23.761    Scan finished successfully
09:34:55.368    Disk 0 MBR has been saved successfully to "C:\Users\Villadelfia\Desktop\MBR.dat"
09:34:55.370    The log file has been saved successfully to "C:\Users\Villadelfia\Desktop\aswMBR.txt"

ComboFix:
Quote
ComboFix 12-06-28.03 - Villadelfia 30/06/2012   9:36.1.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.32.1033.18.16367.11745 [GMT 2:00]
Gestart vanuit: c:\users\Villadelfia\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\devil.dll
c:\program files (x86)\love\love.exe
c:\programdata\ntuser.dat
c:\users\Villadelfia\AppData\Local\TempDIR
c:\users\Villadelfia\AppData\Roaming\GrabIt
c:\users\Villadelfia\AppData\Roaming\GrabIt\Batch.gba
c:\users\Villadelfia\AppData\Roaming\GrabIt\Groups\ hitnews\grouplist
c:\users\Villadelfia\AppData\Roaming\Love
c:\users\Villadelfia\AppData\Roaming\Love\mari0\options.txt
c:\users\Villadelfia\AppData\Roaming\Love\not_tetris_2\highscoresA.txt
c:\users\Villadelfia\AppData\Roaming\Love\not_tetris_2\highscoresB.txt
c:\users\Villadelfia\AppData\Roaming\Love\not_tetris_2\options.txt
c:\windows\iun6002.exe
c:\windows\ST6UNST.000
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
G:\install.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2012-05-28 to 2012-06-30  ))))))))))))))))))))))))))))))
.
.
2012-06-30 07:41 . 2012-06-30 07:41   --------   d-----w-   c:\users\UpdatusUser\AppData\Local\temp
2012-06-30 07:41 . 2012-06-30 07:41   --------   d-----w-   c:\users\UpdatusUser.KURUMI\AppData\Local\temp
2012-06-30 07:41 . 2012-06-30 07:41   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-06-30 06:44 . 2012-06-30 06:44   --------   d-----w-   c:\program files (x86)\Common Files\Java
2012-06-30 06:43 . 2012-06-30 06:43   --------   d-----w-   c:\program files (x86)\Oracle
2012-06-30 06:42 . 2012-05-04 17:29   772504   ----a-w-   c:\windows\SysWow64\npDeployJava1.dll
2012-06-28 23:15 . 2012-06-28 23:15   --------   d-----w-   c:\users\Villadelfia\AppData\Roaming\SUPERAntiSpyware.com
2012-06-28 23:14 . 2012-06-28 23:15   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-06-28 23:14 . 2012-06-28 23:14   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2012-06-28 21:54 . 2012-06-30 06:19   --------   d-----w-   c:\users\Villadelfia\AppData\Local\LogMeIn Rescue Applet
2012-06-28 21:39 . 2012-06-28 21:39   355   ----a-w-   c:\windows\system32\drivers\etc\hosts.ussclean.tmp
2012-06-28 15:41 . 2012-06-28 15:41   --------   d-----w-   c:\program files (x86)\Resource Hacker
2012-06-28 15:12 . 2012-06-28 15:34   --------   d-----w-   C:\QtSDK
2012-06-28 12:28 . 2009-07-14 11:39   328704   ----a-w-   c:\windows\system32\services.exe
2012-06-27 13:38 . 2012-06-27 13:38   404640   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-27 09:13 . 2011-09-29 09:30   74272   ----a-w-   c:\windows\system32\RtNicProp64.dll
2012-06-27 09:13 . 2011-09-29 09:30   107552   ----a-w-   c:\windows\system32\RTNUninst64.dll
2012-06-27 09:13 . 2012-06-27 09:13   --------   d-----w-   c:\program files (x86)\Realtek
2012-06-26 20:37 . 2012-06-26 20:37   55960   ----a-w-   c:\windows\system32\drivers\fsbts.sys
2012-06-26 19:57 . 2012-06-26 19:57   --------   d-----w-   c:\users\Villadelfia\AppData\Roaming\Malwarebytes
2012-06-26 19:56 . 2012-06-26 19:56   --------   d-----w-   c:\programdata\Malwarebytes
2012-06-25 20:13 . 2012-06-25 20:13   --------   d-----w-   C:\SymCache
2012-06-25 20:12 . 2012-06-25 20:26   --------   d-----w-   c:\program files\Microsoft Windows Performance Toolkit
2012-06-25 18:55 . 2012-06-25 18:55   --------   d-----w-   c:\program files (x86)\Red Kawa
2012-06-25 18:51 . 2012-06-25 18:51   --------   d-----w-   c:\users\Villadelfia\AppData\Local\Badaboom
2012-06-25 18:50 . 2012-06-25 18:50   --------   d-----w-   c:\program files (x86)\Badaboom2
2012-06-25 17:52 . 2011-09-29 09:30   646248   ----a-w-   c:\windows\system32\drivers\Rt64win7.sys
2012-06-25 09:08 . 2012-06-25 09:08   --------   d-----w-   c:\program files\LatencyMon
2012-06-25 09:08 . 2012-05-14 11:17   21560   ----a-w-   c:\windows\system32\drivers\rspLLL64.sys
2012-06-25 08:07 . 2012-05-18 01:51   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2012-06-25 08:06 . 2012-05-04 11:00   366592   ----a-w-   c:\windows\system32\qdvd.dll
2012-06-25 07:41 . 2012-06-25 07:41   --------   d-----w-   C:\Intel
2012-06-24 17:15 . 2012-06-24 17:15   --------   d-sh--w-   c:\windows\system32\%APPDATA%
2012-06-24 17:12 . 2012-06-24 17:12   --------   d-----w-   c:\users\XBMC
2012-06-24 02:14 . 2012-06-24 02:14   --------   d-----w-   c:\program files\WinPcap
2012-06-21 22:58 . 2012-06-21 22:58   --------   d-----w-   c:\program files (x86)\Microsoft WSE
2012-06-21 14:15 . 2012-06-21 14:15   --------   d-----w-   c:\program files (x86)\PCSX2 0.9.8
2012-06-21 04:03 . 2012-06-02 22:19   2428952   ----a-w-   c:\windows\system32\wuaueng.dll
2012-06-21 04:03 . 2012-06-02 22:19   57880   ----a-w-   c:\windows\system32\wuauclt.exe
2012-06-21 04:03 . 2012-06-02 22:19   44056   ----a-w-   c:\windows\system32\wups2.dll
2012-06-21 04:03 . 2012-06-02 22:15   2622464   ----a-w-   c:\windows\system32\wucltux.dll
2012-06-21 04:03 . 2012-06-02 22:19   38424   ----a-w-   c:\windows\system32\wups.dll
2012-06-21 04:03 . 2012-06-02 22:19   701976   ----a-w-   c:\windows\system32\wuapi.dll
2012-06-21 04:03 . 2012-06-02 22:15   99840   ----a-w-   c:\windows\system32\wudriver.dll
2012-06-21 04:03 . 2012-06-02 13:19   186752   ----a-w-   c:\windows\system32\wuwebv.dll
2012-06-21 04:03 . 2012-06-02 13:15   36864   ----a-w-   c:\windows\system32\wuapp.exe
2012-06-20 12:34 . 2012-06-20 12:34   --------   d-----w-   c:\users\Villadelfia\AppData\Local\Macromedia
2012-06-20 12:31 . 2012-06-20 12:31   --------   d-----w-   c:\programdata\Valve
2012-06-17 20:51 . 2012-06-17 20:51   --------   d-----w-   c:\users\Villadelfia\AppData\Local\tctemp
2012-06-17 20:47 . 2012-06-17 20:47   --------   d-----w-   c:\program files (x86)\Wide Angle Software
2012-06-17 18:32 . 2012-06-17 18:32   --------   d-----w-   c:\program files\Unlocker
2012-06-17 17:27 . 2012-06-17 17:27   --------   d-----w-   c:\users\Villadelfia\AppData\Roaming\Broken Rules
2012-06-17 15:30 . 2012-06-17 15:30   --------   d-----w-   c:\program files (x86)\Runtime Software
2012-06-17 15:28 . 2012-06-17 16:15   --------   d-----w-   C:\Runtime.Raid.Reconstructor.v4.03-DOA
2012-06-17 15:13 . 2012-06-17 15:13   770384   ----a-w-   c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-17 15:13 . 2012-06-17 15:13   421200   ----a-w-   c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-11 18:02 . 2012-06-11 18:02   71680   ----a-w-   c:\windows\system32\frapsv64.dll
2012-06-11 18:02 . 2012-06-11 18:02   65536   ----a-w-   c:\windows\SysWow64\frapsvid.dll
2012-06-08 01:40 . 2012-03-03 06:35   1544704   ----a-w-   c:\windows\system32\DWrite.dll
2012-06-08 01:40 . 2012-03-03 05:31   1077248   ----a-w-   c:\windows\SysWow64\DWrite.dll
2012-06-08 01:40 . 2012-03-17 07:58   75120   ----a-w-   c:\windows\system32\drivers\partmgr.sys
2012-06-08 01:40 . 2012-03-31 05:42   1732096   ----a-w-   c:\program files\Windows Journal\NBDoc.DLL
2012-06-08 01:40 . 2012-03-31 05:40   1402880   ----a-w-   c:\program files\Windows Journal\JNWDRV.dll
2012-06-08 01:40 . 2012-03-31 05:40   1367552   ----a-w-   c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-08 01:40 . 2012-03-31 05:40   1393664   ----a-w-   c:\program files\Windows Journal\JNTFiltr.dll
2012-06-08 01:40 . 2012-03-31 04:29   936960   ----a-w-   c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-06-08 01:39 . 2012-03-30 11:35   1918320   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2012-06-05 16:11 . 2012-06-30 07:45   --------   d-----w-   C:\Syncrify
2012-06-02 23:45 . 2012-06-02 23:45   --------   d-----w-   c:\users\Villadelfia\.WebIde40
2012-06-02 23:41 . 2012-06-02 23:41   --------   d-----w-   c:\users\Villadelfia\.PyCharm20
2012-06-02 23:40 . 2012-06-02 23:44   --------   d-----w-   c:\program files (x86)\JetBrains
2012-06-01 18:39 . 2012-06-01 18:39   --------   d-----w-   c:\users\Villadelfia\AppData\Roaming\TightVNC
2012-06-01 18:39 . 2012-06-01 18:39   --------   d-----w-   c:\programdata\TightVNC
2012-06-01 18:39 . 2012-06-01 18:39   --------   d-----w-   c:\program files\TightVNC
2012-05-31 14:45 . 2012-05-31 14:51   --------   d-----w-   c:\program files\Synergy
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-30 07:46 . 2011-09-11 12:07   25640   ----a-w-   c:\windows\gdrv.sys
2012-06-26 20:34 . 2011-09-16 11:25   33408   ----a-w-   c:\windows\SysWow64\drivers\fsbts.sys
2012-06-26 19:46 . 2011-09-08 22:31   30528   ----a-w-   c:\windows\GVTDrv64.sys
2012-06-26 19:46 . 2011-09-08 22:34   25640   ----a-w-   c:\windows\etdrv.sys
2012-05-20 01:52 . 2012-05-20 01:52   695578   ----a-w-   c:\windows\unins001.exe
2012-05-16 00:42 . 2009-08-18 10:49   564632   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-05-16 00:42 . 2009-08-18 09:24   19736   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-15 10:48 . 2012-02-02 23:38   68928   ----a-w-   c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-02-02 23:38   61248   ----a-w-   c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-02-01 14:24   949056   ----a-w-   c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2012-02-01 14:24   19607872   ----a-w-   c:\windows\SysWow64\nvoglv32.dll
2012-05-15 10:48 . 2011-10-24 20:44   8105280   ----a-w-   c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2011-10-24 20:44   2741568   ----a-w-   c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2011-10-24 20:44   25743168   ----a-w-   c:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2011-10-24 20:44   2368832   ----a-w-   c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2011-10-24 20:44   18044224   ----a-w-   c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2011-10-24 20:44   1738048   ----a-w-   c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2011-10-24 20:44   15322432   ----a-w-   c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2011-10-24 20:44   1468224   ----a-w-   c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2011-10-24 20:44   10194752   ----a-w-   c:\windows\system32\nvwgf2umx.dll
2012-05-15 09:29 . 2011-10-24 20:45   889664   ----a-w-   c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2011-10-24 20:45   63296   ----a-w-   c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2011-10-24 20:45   118080   ----a-w-   c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2012-02-01 14:26   2621723   ----a-w-   c:\windows\system32\nvcoproc.bin
2012-05-15 09:29 . 2011-10-24 20:45   3149632   ----a-w-   c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2011-10-24 20:45   6151488   ----a-w-   c:\windows\system32\nvcpl.dll
2012-05-15 00:21 . 2012-05-15 00:21   423744   ----a-w-   c:\windows\SysWow64\nvStreaming.exe
2012-05-07 19:13 . 2012-04-14 00:13   8744608   ----a-w-   c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 17:29 . 2011-09-10 09:47   687504   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2012-04-19 21:47 . 2012-03-04 18:27   704136   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-04-13 08:46 . 2012-04-20 18:10   8917360   ------w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{003CC7BB-B518-4BEF-A9AA-ECBD813F67F0}\mpengine.dll
2012-04-11 16:13 . 2011-09-08 22:18   466520   ----a-w-   c:\windows\system32\wrap_oal.dll
2012-04-11 16:13 . 2011-09-08 22:18   445016   ----a-w-   c:\windows\SysWow64\wrap_oal.dll
2012-04-11 16:13 . 2011-09-08 22:18   123480   ----a-w-   c:\windows\system32\OpenAL32.dll
2012-04-11 16:13 . 2011-09-08 22:18   109144   ----a-w-   c:\windows\SysWow64\OpenAL32.dll
2012-04-03 17:21 . 2012-04-03 17:26   9856   ----a-w-   c:\windows\system32\drivers\EMSLink_amd64.sys
2012-04-01 11:39 . 2011-09-27 23:19   282864   ----a-w-   c:\windows\SysWow64\PnkBstrB.xtr
2012-04-01 11:39 . 2011-09-27 23:16   282864   ----a-w-   c:\windows\SysWow64\PnkBstrB.exe
2012-04-01 11:39 . 2011-09-27 23:16   280904   ----a-w-   c:\windows\SysWow64\PnkBstrB.ex0
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20   64792   ----a-w-   c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20   64792   ----a-w-   c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20   64792   ----a-w-   c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20   64792   ----a-w-   c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20   64792   ----a-w-   c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20   64792   ----a-w-   c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20   64792   ----a-w-   c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20   64792   ----a-w-   c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20   64792   ----a-w-   c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\Villadelfia\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\Villadelfia\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\Villadelfia\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\Villadelfia\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"NetLimiter"="c:\program files\NetLimiter 3\NLClientApp.exe" [2011-03-21 2910208]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"DUControl"="c:\program files\DirectUpdate v4\DUControl.exe" [2011-03-02 52464]
"ZScreen"="c:\program files (x86)\ZScreen\ZScreen.exe" [2012-05-13 1011712]
"Steam"="f:\program files\Steam\Steam.exe" [2012-06-17 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="c:\program files (x86)\F-Secure\Common\FSM32.EXE" [2012-06-26 201384]
"F-Secure TNB"="c:\program files (x86)\F-Secure\FSGUI\TNBUtil.exe" [2012-06-26 1655464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"DES2"="c:\program files (x86)\GIGABYTE\EnergySaver2\des2.exe" [2011-03-08 359024]
"SDBOK"="c:\program files (x86)\GIGABYTE\smart6\dbios\run.exe" [2009-07-06 207400]
.
c:\users\Villadelfia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Villadelfia\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
UltraMon.lnk - c:\windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico [2011-9-8 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk /k:C *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 EMSLink;EMS Inter-Link driver V3.0;c:\windows\system32\Drivers\EMSLink_amd64.sys [2012-04-03 9856]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;f:\program files (x86)\Hi-Rez Studios\HiPatchService.exe

R2 VBoxUSBMon;PortableVBoxUSBMon;d:\virtualbox\Portable-VirtualBox\app64\drivers\USB\filter\VBoxUSBMon.sys

R3 ALSysIO;ALSysIO;c:\users\VILLAD~1\AppData\Local\Temp\ALSysIO64.sys

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 AssetUPnP;AssetUPnP;f:\program files (x86)\Illustrate\dBpoweramp\Asset-UPnPService.exe

R3 BrlAPI;BrlAPI;c:\cygwin\bin\cygrunsrv.exe [2012-03-07 129550]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-09-08 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-09-08 79360]
R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2011-09-08 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-07-07 230488]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-07-07 1445976]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-07-07 95320]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2011-11-16 131912]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-06-26 25640]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-06-26 30528]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\DRIVERS\libusb0.sys [2011-03-19 43456]
R3 McMyAdmin;Launcher Service: McMyAdmin;c:\users\Villadelfia\Desktop\mcserver\Service\LaunchServ.exe

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [2011-03-21 33416]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 pspdisp;pspdisp;c:\windows\system32\DRIVERS\pspdisp_x64.sys [2011-03-19 4608]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 rspLLL;rspLLL;c:\windows\system32\DRIVERS\rspLLL64.sys [2012-05-14 21560]
R3 SaiK0836;SaiK0836;c:\windows\system32\DRIVERS\SaiK0836.sys [2010-06-17 172040]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys

R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2010-08-03 30720]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 USBTINSP;TI-Nspire(TM) Handheld or TI Network Bridge Device Driver;c:\windows\system32\DRIVERS\tinspusb.sys [2012-03-14 142848]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys

R3 VMLiteUSB;VMLite USB;c:\windows\system32\Drivers\VMLiteUSB.sys [2010-08-11 150120]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-09 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464]
R3 X6va005;X6va005;c:\users\VILLAD~1\AppData\Local\Temp\005D7CC.tmp

R4 F-Secure Filter;F-Secure File System Filter;c:\program files (x86)\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2012-06-26 41896]
R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files (x86)\F-Secure\Anti-Virus\Win2K\FSrec.sys [2012-06-26 27304]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-22 311144]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 431464]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2012-06-26 55960]
S0 mvs91xx;mvs91xx;c:\windows\system32\DRIVERS\mvs91xx.sys [2011-08-09 315696]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 21104]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-09-09 270912]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\F-Secure\HIPS\drivers\fshs.sys [2012-06-26 61960]
S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys [2012-06-26 15016]
S1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys [2011-03-21 88200]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 191616]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [2010-07-06 106888]
S2 DokanMounter;DokanMounter;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe [2010-07-05 11776]
S2 Dyyno Launcher;Dyyno Service;c:\program files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [2011-01-15 415072]
S2 HOSTNT;HOSTNT;c:\windows\system32\drivers\hostnt.sys [2011-09-09 13864]
S2 KMService;KMService;c:\windows\system32\srvany.exe

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 rtpMIDIService;rtpMIDIService;c:\program files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe [2011-07-01 1131008]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-03-16 531328]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 Syncrify;Syncrify;c:\syncrify\Wrapper.exe [2003-08-08 106496]
S2 Synergy;Synergy;c:\program files\Synergy\synergyd.exe [2012-04-12 346112]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-07-07 230488]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-07-07 1445976]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-07-07 95320]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-03-07 40832]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-03-07 65280]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys [2012-06-26 199848]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\F-Secure\ORSP Client\fsorsp.exe [2012-06-26 61088]
S3 Grand;SafeNet GrandDog USB Driver;c:\windows\system32\DRIVERS\GrandUsb.sys [2011-09-09 76968]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-07-07 1612888]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2011-09-08 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-09-08 16008]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [2011-03-21 33416]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-09-29 646248]
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2011-05-12 154624]
S3 teVirtualMIDI64;teVirtualMIDI - Virtual MIDI Driver x64;c:\windows\system32\DRIVERS\teVirtualMIDI64.sys [2011-06-26 28160]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]
2010-11-05 01:57   444752   ----a-w-   c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d09c093-f71e-43c3-b948-19316cbd695e}"= "mscoree.dll" [2010-11-05 444752]
.
[HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}]
[HKEY_CLASSES_ROOT\tGBandObj.tGBandObjClass]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20   75544   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20   75544   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20   75544   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20   75544   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20   75544   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20   75544   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20   75544   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20   75544   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20   75544   ----a-w-   c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   97792   ----a-w-   c:\users\Villadelfia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   97792   ----a-w-   c:\users\Villadelfia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   97792   ----a-w-   c:\users\Villadelfia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   97792   ----a-w-   c:\users\Villadelfia\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2010-11-16 104008]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"combofix"="c:\combofix\CF31526.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RPMKickstart"="c:\program files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe" [2010-08-23 2552320]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.be/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
LSP: c:\program files (x86)\F-Secure\FSPS\program\FSLSP.DLL
LSP: c:\program files (x86)\FlyVPN\FlyVPNBind.dll
TCP: Interfaces\{0E575718-CC86-44D6-96EC-450361E15EDE}: NameServer = 8.8.8.8,4.2.2.2
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Villadelfia\AppData\Roaming\Mozilla\Firefox\Profiles\7ntwjaou.default\
FF - prefs.js: browser.startup.homepage - about:home
                                                 FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13
.
- - - - ORPHANS VERWIJDERD - - - -
.
HKLM-Run-DUControl - (no file)
ShellExecuteHooks-{3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - c:\program files\GPSoftware\Directory Opus\dopuslib.dll
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-AmiKit_is1 - f:\amikit\unins000.exe
AddRemove-Asset UPnP - c:\windows\system32\SpoonUninstall.exe
AddRemove-Bejeweled Blitz - f:\program files (x86)\Bejeweled Blitz\uninstall.exe
AddRemove-Blackwell Deception_is1 - f:\program files (x86)\Blackwell Deception\unins000.exe
AddRemove-Blackwell Unbound_is1 - f:\program files (x86)\Blackwell Unbound\unins000.exe
AddRemove-CorsixTH - f:\program files\CorsixTH\Uninstall.exe
AddRemove-CraftBukkit Stable Release#1134 - c:\users\Villadelfia\AppData\Roaming\.craftbukkit\Uninstall.exe
AddRemove-dBpoweramp AIFF Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp CD Writer - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp CLI Encoder - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Dalet Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp DirectShow Decoder - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp FLAC Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp m4a Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Midi Decoder - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Monkeys Audio Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBPowerAMP Mp2 and BwfMp2 codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp mp3 (Fraunhofer IIS) Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Musepack Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Ogg Vorbis Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp OptimFROG Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBPowerAMP Real Audio (Helix) Encoder - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Shorten Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Speex Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBPoweramp tooLame MP2 codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp TTA Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Wave64 Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp WavPack Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Windows Media Audio 10 Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpowerAMP Windows Media Audio 9 Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Arrange Audio] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Audio Info] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Calculate Audio CRC] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Channel Split] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [ID Tag Update] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Length Split] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Multi Encoder] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [ReplayGain] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Tag From Filename] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-Dead Island_is1 - f:\program files (x86)\R.G. Catalyst\Dead Island\Uninstall\unins000.exe
AddRemove-Desura - c:\program files (x86)\Common Files\Desura\\Desura_Uninstaller.exe
AddRemove-Desura_55392193216544 - c:\program files (x86)\Common Files\Desura\\desura.exe
AddRemove-Dungeon Keeper 2_is1 - f:\program files (x86)\GOGcom\Dungeon Keeper 2\unins000.exe
AddRemove-Dungeon Keeper II - f:\program files (x86)\GOGcom\Dungeon Keeper 2\unins000.exe
AddRemove-EditPad Pro 7 - c:\windows\UnDeployV.exe
AddRemove-ESN Sonar-0.70.0 - c:\program files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe
AddRemove-ESN Sonar-0.70.4 - c:\program files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe
AddRemove-Fallout 2_is1 - f:\program files (x86)\GOG.com\Fallout 2\unins000.exe
AddRemove-Fallout_is1 - f:\program files (x86)\GOG.com\Fallout\unins000.exe
AddRemove-Gray Matter_is1 - f:\program files (x86)\Gray Matter\unins000.exe
AddRemove-ioquake3 - f:\program files (x86)\ioquake3\uninstall.exe
AddRemove-ioquake3-q3a - f:\program files (x86)\ioquake3\uninstall-ioquake3-q3a.exe
AddRemove-Maple 15 - f:\program files\Maple 15\uninstall\Uninstall Maple 15.exe
AddRemove-Might & Magic - Clash of Heroes_is1 - f:\program files (x86)\UbiSoft\Might & Magic - Clash of Heroes\unins000.exe
AddRemove-Origin - f:\program files (x86)\Origin\OriginUninstall.exe
AddRemove-DJMaxTrilogy - f:\pentavision\DJMaxTrilogy\Uninstall.exe
AddRemove-PunkBusterSvc - f:\program files (x86)\Origin Games\Battlefield 3\pbsvc.exe
AddRemove-Rage_is1 - f:\program files (x86)\Bethesda Softworks\Rage\unins000.exe
AddRemove-Rayman Forever_is1 - f:\program files (x86)\GOG.com\Rayman Forever\unins000.exe
AddRemove-Riven The sequel to Myst_is1 - f:\program files (x86)\GOG.com\Riven\unins000.exe
AddRemove-RollerCoaster Tycoon 2 Triple Thrill Pack_is1 - f:\program files (x86)\GOGcom\RollerCoaster Tycoon 2 Triple Thrill Pack\unins000.exe
AddRemove-RollerCoaster Tycoon Deluxe_is1 - f:\program files (x86)\GOGcom\RollerCoaster Tycoon Deluxe\unins000.exe
AddRemove-The Darkness II_is1 - f:\program files (x86)\2K Games\The Darkness II\unins000.exe
AddRemove-The Witcher 2 - Assassins of Kings_is1 - f:\program files (x86)\GOG.com\The Witcher 2\unins000.exe
AddRemove-To the Moon1.0 - f:\program files (x86)\To the Moon\uninstall.exe
AddRemove-Voxatron - f:\program files (x86)\Voxatron\uninst.exe
AddRemove-{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010} - f:\program files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe
AddRemove-{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC} - f:\program files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe
AddRemove-{43EA256F-5B76-4E44-AD8B-B892717A10D8}_is1 - f:\program files (x86)\Final Fantasy XII\unins001.exe
AddRemove-{492B042A-70D0-4046-B0B8-27B446027695}_is1 - f:\program files (x86)\Final Fantasy XII\unins000.exe
AddRemove-{4C5D15D2-5351-4F05-A96E-56C20554F977} - f:\program files (x86)\GOGcom\RollerCoaster Tycoon 2 Triple Thrill Pack\unins000.exe
AddRemove-{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB} - c:\program files (x86)\Common Files\BioWare\Uninstall Mass Effect 2.exe
AddRemove-{AE71B0D5-8873-4110-BD84-F5D5174EC342}_is1 - f:\program files (x86)\Radiangames\Super Crossfire\unins000.exe
AddRemove-{B3191224-0F2B-4F40-A81E-8E6190CFEAF9}_is1 - f:\program files (x86)\Gemini Rue\unins000.exe
AddRemove-{F2F5E467-570D-42F9-B524-89304092F90F} - f:\program files\Runic Games\Torchlight 2 Beta\uninstall.exe
AddRemove-ArgoUML Latest Stable Release 0.34 - c:\windows\system32\javaws.exe
AddRemove-Violet UML Editor - c:\windows\system32\javaws.exe
AddRemove-World of Logs Client (4.2) - c:\windows\system32\javaws.exe
AddRemove-XBMC - f:\program files (x86)\XBMC\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\VILLAD~1\AppData\Local\Temp\005D7CC.tmp"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-1954346556-3082657908-907477430-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:93,0b,3e,2b,23,cf,96,98,52,ee,65,28,1d,a6,61,a0,98,e0,5f,51,68,38,7d,
   77,fe,0f,91,20,bc,8f,70,ef,11,59,2d,eb,96,1b,09,71,aa,86,cf,ee,7f,9e,b4,b8,\
"??"=hex:d8,2d,fd,d2,73,61,94,b8,05,1e,48,19,aa,1c,c3,8c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:8b,ba,17,66,63,4c,46,71,7a,7e,31,f7,59,c9,14,4a,bf,26,a5,ca,d8,
   6c,74,b1,08,36,83,08,a3,f4,9e,2c,d8,41,68,fd,e0,2c,f3,6d,e0,0a,5f,6a,13,be,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:8b,ba,17,66,63,4c,46,71,7a,7e,31,f7,59,c9,14,4a,bf,26,a5,ca,d8,
   6c,74,b1,08,36,83,08,a3,f4,9e,2c,d8,41,68,fd,e0,2c,f3,6d,e0,0a,5f,6a,13,be,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\AstSrv.exe
c:\program files (x86)\FileZilla Server\FileZilla Server.exe
c:\program files (x86)\F-Secure\Common\FSMA32.EXE
c:\windows\SysWOW64\srvany.exe
c:\windows\KMService.exe
c:\program files (x86)\F-Secure\Common\FSHDLL32.EXE
g:\fraps\fraps.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
c:\syncrify\jre\bin\java.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
c:\program files (x86)\GIGABYTE\smart6\dbios\SDBMSG.exe
c:\program files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
.
**************************************************************************
.
Voltooingstijd: 2012-06-30  09:53:44 - machine werd herstart
ComboFix-quarantined-files.txt  2012-06-30 07:53
.
Pre-Run: 1.820.662.362.112 bytes free
Post-Run: 1.822.036.680.704 bytes free
.
- - End Of File - - DC5901A8CC2D2A62E65E146B86F974CD

SuperDave

  • Malware Removal Specialist


  • Genius
  • Thanked: 1020
  • Certifications: List
  • Experience: Expert
  • OS: Windows 10
Re: (F-secure) Sirefef.HC, Sirefef.HD
« Reply #7 on: June 30, 2012, 03:10:59 PM »
Quote
can you please mention when an instruction can lead to extended periods of computer unavailability? That chkdsk took 7 hours to run, and not because my hard drive is going, but because it's huge, and I have millions and millions of tiny little files on there.
It's really hard to determine that because every computer is different.
Quote
And that's flash 10.3, which has the same security patches as 11.3. I deliberately use an older version, because flash 11.3 makes firefox slow to a crawl.
Your choice but malware really loves out-of-date programs.

Quote
Combofix removed the following files it shouldn't have:
   - Input dll for a game called pop'n music:
     C:\devil.dll
   - A lua based game engine and save files for games written in it:
     c:\program files (x86)\love\love.exe
     c:\users\Villadelfia\AppData\Roaming\Love
     c:\users\Villadelfia\AppData\Roaming\Love\mari0\options.txt
     c:\users\Villadelfia\AppData\Roaming\Love\not_tetris_2\highscoresA.txt
     c:\users\Villadelfia\AppData\Roaming\Love\not_tetris_2\highscoresB.txt
     c:\users\Villadelfia\AppData\Roaming\Love\not_tetris_2\options.txt
   - Files related to a network management tool I use to check the health of my network.
     c:\windows\SysWow64\Packet.dll
     c:\windows\SysWow64\pthreadVC.dll
     c:\windows\SysWow64\wpcap.dll
How can I restore these?
They are all related to some programs that you've been running on-line. CF removed them because they may have been infected. If you can't get them back we'll try something later.
I also see no sign of F-Secure being your AV.


Please download Rooter and Save it to your desktop.
  • Double click it to start the tool.Vista and Windows7 run as administrator.
  • Click Scan.
  • Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
Windows 8 and Windows 10 dual boot with two SSD's

villadelfia

    Topic Starter


    Rookie

    • Yes
  • Experience: Expert
  • OS: Windows 7
Re: (F-secure) Sirefef.HC, Sirefef.HD
« Reply #8 on: June 30, 2012, 03:27:08 PM »
My Action Center says "F-Secure Anti-Virus 2011 10.51 reports that it is turned on." so yeah.

I have copied the files in the C:\QooBox folder to a usb drive and sha1summed them on my laptop running linux, comparing them against verifiably clean sources, they're the same.

EDIT: Oh wow, I found out why it deleted everything to do with love, in LIST.BAT ComboFix explicitly lists "%ProgFiles%\love\love.exe", "%SYSTEMDRIVE%\devil.dll", "%system%\wpcap.dll"... as files to delete, it doesn't even do a signature check, it just deletes them... I have the batch script that does it before my eyes...

The whole point of flash 10.3 is to be able to run on systems that have trouble with 11.3, but having the same security patches.

Anyway, here's the rooter log:
Quote
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows 7 . (6.1.7601) Service Pack 1
[32_bits] - Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Disabled !
Windows Defender -> Enabled
User Account Control (UAC) -> Disabled !
.
Internet Explorer 9.0.8112.16421
Mozilla Firefox 13.0.1 (en-US)
.
C:\  [Fixed-NTFS] .. ( Total:1862 Go - Free:1693 Go )
D:\  [Removable]
F:\  [Fixed-NTFS] .. ( Total:2794 Go - Free:2624 Go )
G:\  [Fixed-NTFS] .. ( Total:2794 Go - Free:2397 Go )
H:\  [Fixed-NTFS] .. ( Total:2306 Go - Free:2142 Go )
Y:\  [CD_Rom]
Z:\  [CD_Rom]
.
Scan : 23:11.29
Path : C:\Users\Villadelfia\Desktop\Rooter.exe
User : Villadelfia ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ ?????????? (360)
______ ?????????? (508)
______ ?????????? (600)
______ ?????????? (608)
______ ?????????? (664)
______ ?????????? (712)
______ ?????????? (720)
______ ?????????? (728)
______ ?????????? (828)
______ ?????????? (892)
______ C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (916)
______ ?????????? (960)
______ ?????????? (452)
______ ?????????? (516)
______ ?????????? (512)
______ C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (976)
______ C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (1108)
______ ?????????? (1172)
______ ?????????? (1296)
______ ?????????? (1360)
______ ?????????? (1392)
______ ?????????? (1416)
______ ?????????? (1472)
______ ?????????? (1604)
______ ?????????? (1672)
______ ?????????? (1972)
______ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1996)
______ C:\Windows\SysWOW64\AstSrv.exe (1044)
______ ?????????? (1140)
______ C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe (1580)
______ ?????????? (1812)
______ C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe (1456)
______ C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe (2076)
______ C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe (2124)
______ C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe (2160)
______ C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE (2228)
______ C:\Windows\SysWOW64\srvany.exe (2292)
______ C:\Windows\KMService.exe (2352)
______ C:\Program Files (x86)\F-Secure\Common\FSHDLL32.EXE (2364)
______ ?????????? (2380)
______ ?????????? (2436)
______ ?????????? (2528)
______ ?????????? (2568)
______ ?????????? (2584)
______ G:\Fraps\fraps.exe (2612)
______ ?????????? (2648)
______ ?????????? (2964)
______ ?????????? (2712)
______ C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (2244)
______ C:\Windows\SysWOW64\PnkBstrA.exe (3092)
______ ?????????? (3116)
______ C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe (3140)
______ C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe (3212)
______ C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe (3240)
______ C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe (3276)
______ ?????????? (3284)
______ ?????????? (3304)
______ C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (3360)
______ ?????????? (3540)
______ C:\Syncrify\Wrapper.exe (3564)
______ ?????????? (3604)
______ C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (3708)
______ C:\Syncrify\jre\bin\java.exe (3736)
______ ?????????? (3744)
______ ?????????? (3812)
______ ?????????? (3836)
______ ?????????? (4064)
______ C:\Program Files (x86)\Windows Media Player\wmplayer.exe (4104)
______ ?????????? (4244)
______ C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (4412)
______ ?????????? (4556)
______ ?????????? (4704)
______ ?????????? (2288)
______ C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe (1460)
______ C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe (4164)
______ ?????????? (368)
______ ?????????? (5140)
______ C:\Program Files (x86)\GIGABYTE\smart6\dbios\SDBMSG.exe (5304)
______ C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe (2520)
______ ?????????? (3188)
______ ?????????? (2112)
______ ?????????? (5656)
______ ?????????? (3068)
______ ?????????? (1424)
______ C:\Program Files (x86)\ZScreen\ZScreen.exe (5860)
______ F:\Program Files\Steam\Steam.exe (5364)
______ ?????????? (3104)
______ C:\Program Files (x86)\F-Secure\Common\FSM32.EXE (4440)
______ ?????????? (884)
______ ?????????? (4032)
______ ?????????? (1340)
______ C:\Users\Villadelfia\AppData\Roaming\Dropbox\bin\Dropbox.exe (3424)
______ ?????????? (6232)
______ ?????????? (6576)
______ ?????????? (5384)
______ C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe (6200)
______ C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (4004)
______ C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (6724)
______ C:\Program Files (x86)\Just Great Software\EditPadPro7\EditPadPro7.exe (4740)
______ C:\Program Files (x86)\F-Secure\Anti-Virus\FSGK32.EXE (5672)
______ C:\Program Files (x86)\F-Secure\Anti-Virus\fssm32.exe (6888)
______ C:\Program Files (x86)\F-Secure\Anti-Virus\fsav32.exe (6420)
______ C:\Program Files (x86)\Skype\Phone\Skype.exe (4792)
______ C:\Program Files (x86)\uTorrent\uTorrent.exe (5644)
______ C:\Program Files (x86)\iTunes\iTunes.exe (8604)
______ ?????????? (8352)
______ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (7344)
______ ?????????? (8644)
______ C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe (6468)
______ ?????????? (8748)
______ C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (9012)
______ ?????????? (5200)
______ C:\Program Files (x86)\Mozilla Firefox\firefox.exe (8492)
Locked audiodg.exe (8820)
______ C:\Program Files (x86)\Common Files\Steam\SteamService.exe (8404)
______ C:\Program Files (x86)\foobar2000\foobar2000.exe (7000)
______ ?????????? (8392)
______ ?????????? (8632)
______ C:\Users\Villadelfia\Desktop\Rooter.exe (3764)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 19 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:1048576 | Length:104857600)
\Device\Harddisk0\Partition2 (Start_Offset:105906176 | Length:2000290228736)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
.
----------------------\\ Scan completed at 23:11.38
.
C:\Rooter$\Rooter_1.txt - (30/06/2012 | 23:11.38).c
« Last Edit: June 30, 2012, 03:42:09 PM by villadelfia »

SuperDave

  • Malware Removal Specialist


  • Genius
  • Thanked: 1020
  • Certifications: List
  • Experience: Expert
  • OS: Windows 10
Re: (F-secure) Sirefef.HC, Sirefef.HD
« Reply #9 on: June 30, 2012, 07:26:58 PM »
Quote
Oh wow, I found out why it deleted everything to do with love, in LIST.BAT ComboFix explicitly lists "%ProgFiles%\love\love.exe", "%SYSTEMDRIVE%\devil.dll", "%system%\wpcap.dll"... as files to delete, it doesn't even do a signature check, it just deletes them... I have the batch script that does it before my eyes...
ComboFix is a very trusted scanner. If it deleted them, it did so for a reason.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
Windows 8 and Windows 10 dual boot with two SSD's

villadelfia

    Topic Starter


    Rookie

    • Yes
  • Experience: Expert
  • OS: Windows 7
Re: (F-secure) Sirefef.HC, Sirefef.HD
« Reply #10 on: July 01, 2012, 09:23:14 AM »
ComboFix is a very trusted scanner. If it deleted them, it did so for a reason.

Maybe my statement wasn't clear, I have the ComboFix code here in front of me, I read the lines that do the deletion of those files, they are deleted simply because they are there not because they are unsafe. Maybe there is a virus that happens to reside there with the same filename, I don't know, but that's what signature based detection is for. So it did, in fact, not do so for a reason.

For a program that has no documentation because "mere humans" are too stupid to use it and/or malware authors could circumvent it, it's easy to get to the source:
1. Download upx from the upx website.
2. Put it on your desktop and make sure combofix is not read-only.
3. Run upx -d combofix.exe
4. Open up combofix as an archive in 7zip.
5. There you go, in the $0 folder are all the scripts and files powering combofix. You can even run it by manually renaming all the 3XE files to exe and starting the c.bat

Anyway, I'm going to mark this one solved, at this point I'm just running scanner after scanner returning nothing and I'm not running another scanner that does not give you a list to review for deletion after the scan.

I restored the mistakenly deleted files by reading the CF-Script.cmd since no-one except you guys are allowed to know how use combofix.

Dr Jay

  • Malware Removal Specialist


  • Specialist
  • Moderator emeritus
  • Thanked: 119
  • Experience: Guru
  • OS: Windows 10
Re: (F-secure) Sirefef.HC, Sirefef.HD
« Reply #11 on: July 04, 2012, 05:16:13 AM »
Maybe my statement wasn't clear, I have the ComboFix code here in front of me, I read the lines that do the deletion of those files, they are deleted simply because they are there not because they are unsafe. Maybe there is a virus that happens to reside there with the same filename, I don't know, but that's what signature based detection is for. So it did, in fact, not do so for a reason.

Hi!

ComboFix is specifically run based on signatures, whitelists, and blacklists. Now, since you reverse engineered ComboFix, which is illegal, let me tell you that it's actually not a Windows based program. It is a Unix-based program, which means that it is run on its own emulator, Combo-Fix.sys, and gets kernel level access to be able to scan the computer. That is all that I would be allowed to say. There are many of us that know ComboFix in and out, and from what you described it to be is untrue!

If you're curious about ComboFix code, I can ask the developer to contact you.

Now, it appears that your system is either highly infected (with a polymorphic file infector), you're running cracked software, or Sirefef is still very active.

Now, we're going to search for Sirefef...

Download Farbar Recovery Scan Tool and save it to a flash drive.

You will need either the 32 bit version or 64 bit version depending on your system.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt

    [/list]
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64)  and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button.
    • type exit and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.
    ~Dr Jay

    villadelfia

      Topic Starter


      Rookie

      • Yes
    • Experience: Expert
    • OS: Windows 7
    Re: (F-secure) Sirefef.HC, Sirefef.HD
    « Reply #12 on: July 04, 2012, 06:41:43 AM »
    Hi!

    ComboFix is specifically run based on signatures, whitelists, and blacklists. Now, since you reverse engineered ComboFix, which is illegal, let me tell you that it's actually not a Windows based program. It is a Unix-based program, which means that it is run on its own emulator, Combo-Fix.sys, and gets kernel level access to be able to scan the computer. That is all that I would be allowed to say. There are many of us that know ComboFix in and out, and from what you described it to be is untrue!

    If you're curious about ComboFix code, I can ask the developer to contact you.

    Now, it appears that your system is either highly infected (with a polymorphic file infector), you're running cracked software, or Sirefef is still very active.

    I didn't reverse engineer anything (well, up to now), I extracted and read human readable scripts. But now that you mention it, I took a look at Combo-Fix.sys. From what IDA tells me, it contains the code:

    Code: [Select]
    xor eax,eax ;clear eax
    ret 08h ;return to caller

    So basically it's a no-op with the side effect of clearing eax, I'm sure there's a very good reason for it, but that does not an emulator make. (Actually I have a pretty good reason for why you have a no-op driver, it makes it so that you get SYSTEM level privileges when you hook into it, having a driver that does nothing seems a good way to do it.)

    As for the UNIX executables, simply looking at them through a hex editor tells me they were compiled using msvc on an old NT machine. So I don't see why an emulator is needed

    I do not make claims without verifying them, I tried installing a windows 7 virtual machine without internet access, install LOVE (the game engine) on it, hook up a debugger to combofix and I verified that combofix indeed deletes love.exe when installed in program files\love, maybe there is a virus using that name and location, all I know is that combofix does indeed blacklist that location for some reason.

    I also do not get all the secrecy around ComboFix, as it is now, it is trivial to sabotage combofix in memory and disable the self-check before it even begins to run the script.

    -----

    That virtual machine also gave me a chance to verify the integrity of my system, after rebooting into my linux install and updating the vm windows install, I have verified that all the system files are in fact intact. I even checked the other drivers against clean copies from the vendors. I also took checksums of every file on my hard drive.

    After that I rebooted into windows and verified that all those checksums do indeed still match, I found they did with the exception of files that are expected to change (Like the pagefile).

    So now I am quite confident that I do not still have sirefef or any other infection. At least in so far as there are no files or directories being hidden from me and that there are no files that return something completely different than the actual content.

    You seem quite adamant in saying that I am still heavily infected though, I would like to know exactly what makes you say that, perhaps in PM if that information should not be made public.

    -----

    As a final point, I should disclose that I am not an expert in malware (hence coming to this forum to confirm a successful removal) however, my job does involve code disassembly and reverse engineering, I can't say much more about it than that.

    I'm not trying to be rude to anyone, least of all the assistants, I'm just not comfortable with following steps without having any idea what it's looking for. I would like to know if I'm just running a general check or if something in a previous step stood out and this is a response to that. I also don't like that claims of something being a false-positive are simply dismissed, I did some investigation and testing of checksums before claiming that.

    So if you're willing to tell me what makes you believe I am still infected, please do so. Otherwise, this can be marked as solved.

    Dr Jay

    • Malware Removal Specialist


    • Specialist
    • Moderator emeritus
    • Thanked: 119
    • Experience: Guru
    • OS: Windows 10
    Re: (F-secure) Sirefef.HC, Sirefef.HD
    « Reply #13 on: July 04, 2012, 08:54:45 AM »
    So, the system that is infected is just a VM?

    Or did you decide to test the specialists at this forum? I'm the group manager.

    If you're wondering why wpcap.dll and related files were deleted, read here (where the developer commented): http://www.bleepingcomputer.com/forums/topic112327.html/page__p__638337#entry638337

    From what I know, C:\devil.dll is a bot.

    It is common for heavily networking games to have bots in them, good or bad. It's a security risk.

    When you come to a forum to ask for malware help or to "verify if it is gone", you'll have to expect false positives. They're a common problem, especially with popular games.
    ~Dr Jay

    villadelfia

      Topic Starter


      Rookie

      • Yes
    • Experience: Expert
    • OS: Windows 7
    Re: (F-secure) Sirefef.HC, Sirefef.HD
    « Reply #14 on: July 04, 2012, 09:03:16 AM »
    No, the system is a normal install. I created the VM to have a clean point of reference to check my files. And I wasn't trying to test anyone, the question was legitimate.

    I suspected as much for the dll's in the windows folder. Nmap uses them as well, I don't have Nmap installed anymore, and apparently ComboFix doesn't like loose dlls according to that thread.

    And C:\DevIL.dll is a file belonging to LOVE, I think it ended up there when shuffling files around since it shouldn't be there, but it was the same devil.dll.

    As for LOVE, it's not a game, it's a game engine (https://love2d.org/ for more info).

    -----

    The cleanup offered did significantly speed up boot times though, from 6 minutes from power on to workable desktop, to 2 minutes for the same. Thanks.