Author Topic: [Completed] Unable to connect to internet; Redirects; api.mybrowserbar? (Read 2266 times)

apimybrowserbarf · « **Reply #31 on:** August 20, 2012, 10:48:38 AM »

haha.

The results: MSE found nothing. However it was on Quick Scan - should I let it do a Full scan instead/just to be sure?
EDIT: Actually, i'm gonna let it do it now anyways for the time being. I also uninstalled Java 6 Update 20 and 31.

What next? Browsers work apart from Mozilla's starting page still directing searches to yahoo (which can be solved by setting google it's actual frontsite). It really does seem like that things are working fine once again...

I'm gonna talk with dad over when/what Windows Updates to install.

1972vet · « **Reply #32 on:** August 20, 2012, 01:15:07 PM »

Quote from: apimybrowserbarf on August 20, 2012, 10:48:38 AM

haha.

The results: MSE found nothing. However it was on Quick Scan - should I let it do a Full scan instead/just to be sure?
EDIT: Actually, i'm gonna let it do it now anyways for the time being. I also uninstalled Java 6 Update 20 and 31.

What next? Browsers work apart from Mozilla's starting page still directing searches to yahoo (which can be solved by setting google it's actual frontsite). It really does seem like that things are working fine once again...

I'm gonna talk with dad over when/what Windows Updates to install.

Click Here...and follow those instructions to make google the home page. Type anything you want to search for now into that google search box and see if the redirection still occurs. Let me know on your next reply. And by the way, Dad should install ALL the updates presented during the Windows Update scan.

In addition to those updates, let's update any other on board software found to be outdated:
Download FileHippo's Update Checker. Double-click the FHSetup.exe file to install it. When the install completes, you'll find the Update Checker shortcut on the desk top. Double-click on it and a scan begins with the results showing in your browser. Any software it finds to be out of date, will be presented in your browser. Just click on the download link provided there to download your software updates. Ignore the beta software unless you want that...during the scanner initialization, you can click the settings link, then click the results tab and check the box "Hide beta versions". After clicking the OK button, click the "Retry" link to continue the scan with those settings. Please remember to post back your results. Thanks!

apimybrowserbarf · « **Reply #33 on:** August 20, 2012, 02:49:13 PM »

Quote

Click Here...and follow those instructions to make google the home page. Type anything you want to search for now into that google search box and see if the redirection still occurs. Let me know on your next reply. And by the way, Dad should install ALL the updates presented during the Windows Update scan.

Oh! I mean by google search I meant the home page/the tab or page that opens in Mozilla Firefox where you see the logo of Firefox and underneath it is the search bar - I think before That bar was set to search from google. The actual google search just fine without redirections.

And ¨:^B Erm, i'll forward your words and update everything...

UPDATE: I've got some news: the full scan DID find malware from my little brother's account! A whole lot of them! I put all of them into guarantine per your directions. Unfortunately, I could not get logs from this program so I just copied the (finnish) descriptions into a txt myself and pasted here. I changed to descriptions to english:

--

TrojanDownloader:Win32/Karagany.I

Luokka: Trojan downloader

Kuvaus: Tämä ohjelma on vaarallinen ja lataa muita ohjelmia.

Suositeltu toiminto: Poista tämä ohjelma heti.

Kohteet:
file:C:\Users\Tatu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\7a775ce4-571fee88

----

HackTool:Win32/Keygen

Luokka: Työkalu

Kuvaus: This programs action might be harmful.

Suositeltu toiminto: Salli tämä havaittu kohde vain, jos luotat ohjelmaan tai ohjelmistojulkaisijaan.

Kohteet:
containerfile:D:\Ladattu sheibe\Guitar.Pro.v6.0.7.9063.Windows.Keymaker-EMBRACE.rar
containerfile:D:\Ladattu sheibe\Guitar.Pro.v6.0.7.9063_guitarpro.vn_guitarpro.vn.zip
file:D:\Ladattu sheibe\Guitar.Pro.v6.0.7.9063.Windows.Keymaker-EMBRACE.rar->Guitar.Pro.v6.0.7.9063.Windows.Keymaker-EMBRACE\Guitar.Pro.v6.0.7.9063.Windows.Keymaker-EMBRACE\keygen.exe
file:D:\Ladattu sheibe\Guitar.Pro.v6.0.7.9063_guitarpro.vn_guitarpro.vn.zip->keygen.exe

---------

Exploit:Java/Blacole.ES

Luokka: Security hole utilizing program (uses the computer in which it is installed).

Kuvaus: Tämä ohjelma on vaarallinen ja käyttää hyväkseen tietokonetta, johon se on asennettu.

Suositeltu toiminto: Poista tämä ohjelma heti.

Kohteet:
containerfile:C:\Users\Tatu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\41de33e1-3bbbcec0
containerfile:C:\Users\Tatu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\5c5c769-2173450b
file:C:\Users\Tatu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\41de33e1-3bbbcec0->Inc.class
file:C:\Users\Tatu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\5c5c769-2173450b->Inc.class

--------

Exploit:Java/CVE-2010-0840.QE

Luokka: Security hole utilizing program (uses the computer in which it is installed).

Kuvaus: Tämä ohjelma on vaarallinen ja käyttää hyväkseen tietokonetta, johon se on asennettu.

Suositeltu toiminto: Poista tämä ohjelma heti.

Kohteet:
containerfile:C:\Users\Tatu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\41de33e1-3bbbcec0
containerfile:C:\Users\Tatu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\5c5c769-2173450b
file:C:\Users\Tatu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\41de33e1-3bbbcec0->ER.class
file:C:\Users\Tatu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\5c5c769-2173450b->ER.class

---------

Exploit:Java/CVE-2009-3869.M

Luokka: Security hole utilizing program (uses the computer in which it is installed).

Kuvaus: Tämä ohjelma on vaarallinen ja käyttää hyväkseen tietokonetta, johon se on asennettu.

Suositeltu toiminto: Poista tämä ohjelma heti.

Kohteet:
containerfile:C:\Users\Tatu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\640c67b5-6389784f
file:C:\Users\Tatu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\640c67b5-6389784f->vmain.class

--

I'll do as you say as well.

apimybrowserbarf · « **Reply #34 on:** August 20, 2012, 03:18:04 PM »

PROBLEM: I could update 2 files but the SP3 for Office failed to update due to "unknown reason", giving code 8024002D - I need to ask my dad if the Office was installed from a CD or DVD disc.
Edit: I tried it again and it gave me a window after making a recovery point saying the following (tranlated by me):
"Trying to use an feature from CD-disc or other portable device which is not avaible. Please insert Microsoft Office XP Professional and Frontpage and select OK."

I tried to press ok since there is only one source listen (along with "Browse" option next to it) and it says the following (translated):
"The path Microsoft Office XP Professional and FrontPage is not found. Please ensure that you have the required authorization/rights to this path/location and try again, or try to look for the installation packet from PROPLUS.MSI file, from which you can install Microsoft Office XP Professional and FrontPage."

Should I also install Microsoft Silverlight? It's an optional program and all I know is that it jumps on in my laptop at wrong occasions occasionally :-P.

----

RESULTS: Following files need updating according to FileHippo:

Adobe Reader 10.1.4
  Installed Version: 9.5.2.295
C:\Program Files (x86)\Adobe\Reader 9.0\Reader
48.49MB


Apache OpenOffice 3.4.0
  Installed Version: 3.2.1
C:\Program Files (x86)\OpenOffice.org 3\program
144.77MB


CDBurnerXP 4.4.1.3099
  Installed Version: 4.3.8.2568
C:\Program Files\CDBurnerXP
5.06MB


CutePDF Writer 3.0
  Installed Version: 2.7.3.1
C:\Program Files (x86)\Acro Software\CutePDF Writer
4.48MB


Firefox 14.0.1
  Installed Version: 14.0.0.0
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7
16.04MB


Flash Player 11.3.300.257 (IE) 64-bit
  Installed Version: 11.2.202.235
C:\Windows\System32\Macromed\Flash
8.80MB


Flash Player 11.3.300.271 (IE)
  Installed Version: 11.2.202.235
C:\Windows\System32\Macromed\Flash
8.80MB


Flash Player 11.3.300.271 (Non-IE)
  Installed Version: 11.3.300.268
C:\Windows\SysWOW64\Macromed\Flash
9.37MB


Java Runtime Environment 1.7.0.6 (64-bit)
  Installed Version: 1.7.0.5
C:\Program Files (x86)\Java\jre7\bin
31.18MB


QuickTime Player 7.72.80.56
  Installed Version: 7.66.71.0
C:\Program Files (x86)\QuickTime
37.65MB


WinRAR 4.20 (64-bit)
  Installed Version: 3.91.3.0
C:\Program Files\WinRAR
1.58MB

Total size: 316.22MB

1972vet · « **Reply #35 on:** August 21, 2012, 06:53:55 AM »

Delete those quarantined files using the software to do that...and download all those updates that FileHippo reported. As to the Microsoft Office update issue, you should be able to follow the prompts just fine with the installation media inserted. If it tells you that the file is located on some other source not available, clicking the navigation button (browse) should take you right to it since, as soon as you click "Browse", the location that Windows found should already be highlighted. If nothing shows up as highlighted, then you MUST call Microsoft to notify them as to the error that THEIR software is providing for you during your update attempt.

It may be due to some registration or activation issue and some of these can also relate to malware...not that there is any on the system at present, but any time previously, there could have been some tampering in an area that Microsoft is sensitive to (hidden registry keys for example). That, and the fact that there has been previous use of the registry cleaning software. It is entirely possible that from having used it, one or more registry keys required for Microsoft to update your installed Office stuff have been removed or altered to some extent (certain key values being deleted for example).

Post back and let me know what the current status is once you have done all that. Thanks, and good luck!

apimybrowserbarf · « **Reply #36 on:** August 22, 2012, 02:51:49 AM »

Hi, I apologize for the lack of updates. I have been busy as my parent came back from travelling. The internet has worked just fine.

* My dad found the installation disc for Office so when we used that (when Windows Update asked for it), the update progressed and installed succesfully. All the updates have been installed now.

* I installed all the updates FileHippo asked for.

* I put off the connect through proxy - setting from Firefox.

* There were also old warning messages in the bottom right corner... I got bothered by the warning - icon so I checked what it's about. It said that the security setting to internet are altered and that I'd need to check them. I did and I found this part of security setting in Windows I haven't seen before... I can't find it anymore but It was certainly part of Control Panel -> Security or something along that. The left slider was set to "High" but the right slider was set to "Modified" without a slider... I clicked "Return to default settings" and so the slider appeared and was set to "High". Maybe the trojan's did this modification to security settings? It's hard to say now after of course.

What next? The computer is running much more quicker and smoother now.

Quote

The Registry has no need of "cleaning". Alleged "Registry Cleaners" scan for and locate what are purported to be keys and/or values in the registry that are found to be either orphaned, or pointing to a wrong file path...or to a file that is missing. The danger in removing these entries is the fact that on occasion, a user will find that certain programs/features are broken. The worst of these, a broken system indeed resulting in a non-booting situation. Yes, it has happened and continues to happen. Granted, it's rare, but your Father I'm certain, would not like to be one among them.

My father goes on and on about cleaning the registry from unnecessary pointers and that "if you look at the web, CCleaner has a great reputation of being safe by detecting & removing only pointers that no longer exist, that it rarely causes any kind of complications".

This kind of bothers me actually because I know that installing & uninstalling programs leave lot of debris to the computer - for example, Nero 7 left a massive amount of hanging registry pointers. And I've been told that it's the useless registry keys that slow the computer down.

So are you saying that even if I know that a certain program is uninstalled, I shouldn't try to remove the registry pointers (you can apparently make CCleaner's own system restore point just in case something goes wrong after removing the registry keys)? What are the options in case the computer starts to fill with/slow down with unnecessary registry keys?

1972vet · « **Reply #37 on:** August 22, 2012, 06:43:45 AM »

Quote

My father goes on and on about cleaning the registry from unnecessary pointers and that "if you look at the web, CCleaner has a great reputation of being safe by detecting & removing only pointers that no longer exist, that it rarely causes any kind of complications".
I'm quite aware of CCleaner's reputation. I've been around long before CCleaner came into it's own. I'm also quite aware of all the issues that it HAS caused over the years. I'm NOT aware of any of it's victims who were happy about any of them, but as you stated, these are rare.

However, it's those rare few that one shouldn't discount since at any time, any of you who use the registry "cleaning" feature and happily click away the registry keys that the scan presents, can become another unhappey statistic. Nuff said...

For those like you though, who consider themselves among the "expert" group, there should be no issues for them since they would research each and every single registry key presented during the scan in order to make the decision to remove them...or not.

This kind of bothers me actually because I know that installing & uninstalling programs leave lot of debris to the computer - for example, Nero 7 left a massive amount of hanging registry pointers. And I've been told that it's the useless registry keys that slow the computer down.
I'll address both of the points you make here:
1) Programs that leave behind stray registry entries of a consequential number, are programs that were poorly written. That said, once one learns of a poorly written program, one should avoid using such a one.

2) Orphaned registry keys, even of such a magnitude that you assert, perhaps slow down any computer system to such an extent that a difference is nearly impossible to detect. Perhaps, if you COULD detect it, you may find a difference measured in fractions of a second. I challenege anyone to correct me...and I have offered this challenege for a good many years now with no contest. The difference in computer performance from left over registry keys cluttering the registry is so miniscule that special equitment would be needed to even come close to an accurate measurement.

All that said, when the risk is a non booting system or other broken application, be it software or hardware, can you honestly say in all sincerity that the risk of removing stray registry keys is worth the effort? Especially since it makes virtually NO difference whatsoever, as to the system's performance?

There is more...much more of a performance issue caused by a fragmented disk than from the existence of stray registry keys.

So are you saying that even if I know that a certain program is uninstalled, I shouldn't try to remove the registry pointers (you can apparently make CCleaner's own system restore point just in case something goes wrong after removing the registry keys)? What are the options in case the computer starts to fill with/slow down with unnecessary registry keys?
As stated above, stray registry keys won't cause your system any noticable performance issues. And, as far as I know, CCleaner does not make a system restore point. Restore points fill up the disk and CCleaners objective is to remove clutter from the disk...not add to it. I believe what you are referring to though, is the registry backup that it makes. And, if you insist on using this feature, you should at least keep the backup file. However, it serves absolutely no useful purpose for a non-booting machine. If the machine won't boot, then your backup file is also fotter. Keep using these type of applications, and one day you run a real risk of transforming your system into a very expensive door stop.

OK, let's give combofix another run. Please open a blank Notepad by clicking start-->run...Then, in the run box type Notepad.exe and click "OK".
Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

Combofix will run again automatically. Please post back the new log that will be generated. Thanks!
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

KILLALL::

folder::
C:\ProgramData\HitmanPro
C:\Program Files (x86)\YTD Toolbar
C:\ProgramData\YTD Video Downloader

reglock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

dds::
uURLSearchHooks: YTD Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} -
BHO: YTD Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} -
TB: YTD Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} -

apimybrowserbarf · « **Reply #38 on:** August 22, 2012, 07:53:00 AM »

Thanks for insight once again. Here is the log as requested:

ComboFix 12-08-18.03 - Pasi 22.08.2012 16:37:28.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.358.1035.18.4094.3092 [GMT 3:00]
Sijainti: c:\users\Pasi\Desktop\username321.exe
Käytetyt komentorivivalitsimet :: c:\users\Pasi\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\HitmanPro
c:\programdata\HitmanPro\Banner.bin
c:\programdata\HitmanPro\Remnants.bin
.
Saastunut kopio tiedostosta c:\windows\SysWow64\kernel32.dll löytyi ja poistettiin
Puhdas kopio palautettiin paikasta - c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_fc7f5397ba9be6d3\kernel32.dll
.
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2012-07-22 to 2012-08-22 )))))))))))))))))
.
.
2012-08-22 13:44 . 2012-08-22 13:44   --------   d-----w-   c:\users\Tillu\AppData\Local\temp
2012-08-22 13:44 . 2012-08-22 13:44   --------   d-----w-   c:\users\Tatu\AppData\Local\temp
2012-08-22 13:44 . 2012-08-22 13:44   --------   d-----w-   c:\users\Rami\AppData\Local\temp
2012-08-22 13:44 . 2012-08-22 13:44   --------   d-----w-   c:\users\Nelli\AppData\Local\temp
2012-08-22 13:44 . 2012-08-22 13:44   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-08-21 17:43 . 2012-08-21 17:43   --------   d-----w-   c:\users\Rami\AppData\Roaming\Apple Computer
2012-08-21 15:56 . 2012-08-21 15:56   159744   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-08-21 15:56 . 2012-08-21 15:56   159744   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-08-21 15:56 . 2012-08-21 15:56   159744   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-08-21 15:56 . 2012-08-21 15:56   159744   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-08-21 15:56 . 2012-08-21 15:56   159744   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-08-21 15:56 . 2012-08-21 15:56   159744   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-08-21 15:56 . 2012-08-21 15:56   159744   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-08-21 15:55 . 2012-08-21 15:56   --------   d-----w-   c:\program files (x86)\QuickTime
2012-08-21 15:54 . 2012-08-21 15:54   --------   d-----w-   c:\program files (x86)\Apple Software Update
2012-08-21 15:51 . 2012-08-21 15:51   --------   d-----w-   c:\users\Pasi\AppData\Local\Apple Computer
2012-08-21 15:47 . 2012-08-21 15:47   --------   d-----w-   c:\users\Pasi\AppData\Local\Apple
2012-08-21 13:19 . 2012-08-01 22:58   9309624   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{71597CCF-A7E6-4777-AFE1-FBE3D8793E9E}\mpengine.dll
2012-08-20 21:13 . 2012-05-04 09:59   514560   ----a-w-   c:\windows\SysWow64\qdvd.dll
2012-08-20 21:13 . 2012-05-04 11:00   366592   ----a-w-   c:\windows\system32\qdvd.dll
2012-08-20 20:59 . 2012-08-20 20:59   --------   d-----w-   c:\program files (x86)\FileHippo.com
2012-08-20 16:15 . 2012-08-20 16:15   927800   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D325D83B-BEC2-42D2-83B7-9386BFFB382D}\gapaengine.dll
2012-08-20 16:15 . 2012-06-29 00:04   9133488   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-20 16:13 . 2012-08-20 16:13   --------   d-----w-   c:\program files (x86)\Microsoft Security Client
2012-08-20 16:13 . 2012-08-20 16:14   --------   d-----w-   c:\program files\Microsoft Security Client
2012-08-19 16:52 . 2012-08-19 16:52   --------   d-----w-   c:\windows\SysWow64\wbem\Performance
2012-08-19 16:50 . 2008-05-07 19:03   303616   ----a-w-   C:\SetACL.exe
2012-08-19 16:49 . 2004-06-11 13:33   290304   ----a-w-   C:\subinacl.exe
2012-08-19 16:48 . 2012-08-19 16:48   --------   d-----w-   C:\RegBackup
2012-08-19 15:39 . 2012-08-19 16:57   181064   ----a-w-   c:\windows\PSEXESVC.EXE
2012-08-19 15:24 . 2012-08-19 16:50   --------   d-----w-   C:\Tweaking.com_Windows_Repair_Logs
2012-08-18 12:51 . 2012-08-18 12:51   --------   d-----w-   c:\users\Rami\AppData\Roaming\Malwarebytes
2012-08-18 03:33 . 2012-06-29 10:04   9133488   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{3916EADA-4C36-4E62-A701-3B3449AAE2B5}\mpengine.dll
2012-08-15 21:21 . 2012-06-29 03:51   887296   ----a-w-   c:\program files\Internet Explorer\iedvtool.dll
2012-08-15 21:21 . 2012-06-29 03:50   499200   ----a-w-   c:\program files\Internet Explorer\jsdbgui.dll
2012-08-15 21:21 . 2012-06-29 03:44   816640   ----a-w-   c:\windows\system32\jscript.dll
2012-08-15 21:21 . 2012-06-29 00:10   678912   ----a-w-   c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-08-15 21:21 . 2012-06-29 00:10   387584   ----a-w-   c:\program files (x86)\Internet Explorer\jsdbgui.dll
2012-08-15 21:21 . 2012-06-29 04:55   17809920   ----a-w-   c:\windows\system32\mshtml.dll
2012-08-15 21:21 . 2012-06-29 04:09   10925568   ----a-w-   c:\windows\system32\ieframe.dll
2012-08-15 07:32 . 2012-08-15 07:32   --------   d-----w-   c:\program files (x86)\Common Files\Java
2012-08-15 07:32 . 2012-08-15 07:32   --------   d-----w-   c:\program files (x86)\Oracle
2012-08-15 07:31 . 2012-07-05 19:06   772544   ----a-w-   c:\windows\SysWow64\npDeployJava1.dll
2012-08-11 18:54 . 2012-08-11 18:54   --------   d-----w-   c:\users\Tatu\AppData\Roaming\Malwarebytes
2012-08-11 18:54 . 2012-08-11 18:54   --------   d-----w-   c:\programdata\Malwarebytes
2012-08-11 18:54 . 2012-08-11 18:54   --------   d-----w-   c:\program files (x86)\MBMA
2012-08-11 18:54 . 2012-07-03 10:46   24904   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-08-05 16:43 . 2012-08-05 16:43   --------   d-----w-   c:\users\Rami\AppData\Roaming\Wargaming.net
2012-07-30 21:52 . 2012-07-30 21:52   103904   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-07-26 05:47 . 2012-07-26 05:47   --------   d-----w-   c:\users\Pasi\AppData\Local\Macromedia
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-21 16:24 . 2012-04-02 07:52   696520   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-21 16:24 . 2011-05-16 09:03   73416   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 21:19 . 2009-12-21 12:12   62134624   ----a-w-   c:\windows\system32\MRT.exe
2012-07-15 04:53 . 2012-07-15 04:53   4024320   ----a-w-   c:\program files (x86)\GUTBF6F.tmp
2012-07-05 19:06 . 2010-05-04 19:40   687544   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2012-06-25 13:36 . 2012-06-25 13:36   466456   ----a-w-   c:\windows\system32\wrap_oal.dll
2012-06-25 13:36 . 2012-06-25 13:36   444952   ----a-w-   c:\windows\SysWow64\wrap_oal.dll
2012-06-25 13:36 . 2012-06-25 13:36   122904   ----a-w-   c:\windows\system32\OpenAL32.dll
2012-06-25 13:36 . 2012-06-25 13:36   109080   ----a-w-   c:\windows\SysWow64\OpenAL32.dll
2012-06-24 18:17 . 2012-06-24 18:17   164352   ----a-w-   c:\windows\SysWow64\SpoonUninstall.exe
2012-06-13 09:24 . 2012-06-13 09:13   2829   ----a-w-   c:\windows\War3Unin.pif
2012-06-13 09:24 . 2012-06-13 09:13   139264   ----a-w-   c:\windows\War3Unin.exe
2012-06-09 05:43 . 2012-07-11 05:28   14172672   ----a-w-   c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 05:28   2004480   ----a-w-   c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 05:28   1881600   ----a-w-   c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 05:27   1133568   ----a-w-   c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 05:28   1390080   ----a-w-   c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 05:28   1236992   ----a-w-   c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 05:27   805376   ----a-w-   c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-19 05:42   38424   ----a-w-   c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 05:42   2428952   ----a-w-   c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 05:42   57880   ----a-w-   c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 05:42   44056   ----a-w-   c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 05:42   701976   ----a-w-   c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 05:42   2622464   ----a-w-   c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 05:42   99840   ----a-w-   c:\windows\system32\wudriver.dll
2012-06-02 12:19 . 2012-06-19 05:42   186752   ----a-w-   c:\windows\system32\wuwebv.dll
2012-06-02 12:15 . 2012-06-19 05:42   36864   ----a-w-   c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 05:27   458704   ----a-w-   c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 05:27   95600   ----a-w-   c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 05:27   151920   ----a-w-   c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 05:27   340992   ----a-w-   c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 05:27   307200   ----a-w-   c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 05:27   22016   ----a-w-   c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 05:27   225280   ----a-w-   c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 05:27   219136   ----a-w-   c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 05:27   96768   ----a-w-   c:\windows\SysWow64\sspicli.dll
2012-05-26 12:34 . 2012-05-26 12:34   2829   ----a-w-   c:\windows\DiabUnin.pif
2012-05-26 12:34 . 2012-05-26 12:34   118784   ----a-w-   c:\windows\DiabUnin.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-20_10.24.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-09 19:43 . 2012-02-09 19:43   61248 c:\windows\SysWOW64\OpenCL.dll
- 2009-07-14 04:54 . 2012-08-20 10:23   16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-20 15:07   16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-20 10:23   32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-20 15:07   32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-20 15:07   16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-20 10:23   16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-21 12:22 . 2012-08-22 05:18   48214 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-22 05:18   40364 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-10 16:10 . 2012-08-21 17:45   12498 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1415641805-828064493-1863220564-1007_UserData.bin
+ 2009-12-21 12:22 . 2012-08-20 15:44   16268 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1415641805-828064493-1863220564-1001_UserData.bin
+ 2009-08-10 12:29 . 2012-08-22 13:29   83350 c:\windows\system32\perfc00B.dat
+ 2012-02-09 19:43 . 2012-02-09 19:43   68928 c:\windows\system32\OpenCL.dll
+ 2009-07-14 05:30 . 2012-08-20 21:16   86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2012-08-16 05:25   86016 c:\windows\system32\DriverStore\infpub.dat
+ 2012-02-09 19:43 . 2012-02-09 19:43   68928 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d895694e10f22a11\OpenCL64.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   61248 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d895694e10f22a11\OpenCL.dll
+ 2012-03-20 17:44 . 2012-03-20 17:44   98688 c:\windows\system32\drivers\NisDrvWFP.sys
+ 2009-07-14 04:46 . 2012-08-22 05:22   92352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-04-03 08:46 . 2011-10-28 09:36   90112 c:\windows\Installer\{9028040B-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2010-04-03 08:46 . 2012-08-21 15:24   90112 c:\windows\Installer\{9028040B-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2010-04-03 08:46 . 2011-10-28 09:36   45056 c:\windows\Installer\{9028040B-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2010-04-03 08:46 . 2012-08-21 15:24   45056 c:\windows\Installer\{9028040B-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2010-04-03 08:46 . 2011-10-28 09:36   22528 c:\windows\Installer\{9028040B-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2010-04-03 08:46 . 2012-08-21 15:24   22528 c:\windows\Installer\{9028040B-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2010-04-03 08:46 . 2012-08-21 15:24   30720 c:\windows\Installer\{9028040B-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2010-04-03 08:46 . 2011-10-28 09:36   30720 c:\windows\Installer\{9028040B-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2010-04-03 08:46 . 2011-10-28 09:36   16384 c:\windows\Installer\{9028040B-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2010-04-03 08:46 . 2012-08-21 15:24   16384 c:\windows\Installer\{9028040B-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2010-04-03 08:46 . 2011-10-28 09:36   34304 c:\windows\Installer\{9028040B-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2010-04-03 08:46 . 2012-08-21 15:24   34304 c:\windows\Installer\{9028040B-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2010-04-03 08:46 . 2012-08-21 15:24   81920 c:\windows\Installer\{9028040B-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2010-04-03 08:46 . 2011-10-28 09:36   81920 c:\windows\Installer\{9028040B-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2012-08-21 15:54 . 2012-08-21 15:54   27136 c:\windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
+ 2011-01-10 00:23 . 2012-08-20 11:32   4116 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-02-09 19:43 . 2012-02-09 19:43   4096 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d895694e10f22a11\nvdetx.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   4096 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d895694e10f22a11\nvdet.dll
- 2012-08-20 10:23 . 2012-08-20 10:23   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-22 13:45 . 2012-08-22 13:45   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-22 13:45 . 2012-08-22 13:45   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-20 10:23 . 2012-08-20 10:23   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-04-03 08:46 . 2012-08-21 15:24   3584 c:\windows\Installer\{9028040B-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2010-04-03 08:46 . 2011-10-28 09:36   3584 c:\windows\Installer\{9028040B-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2010-04-03 08:46 . 2012-08-21 15:24   8192 c:\windows\Installer\{9028040B-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2010-04-03 08:46 . 2011-10-28 09:36   8192 c:\windows\Installer\{9028040B-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2010-04-03 08:46 . 2012-08-21 15:24   2560 c:\windows\Installer\{9028040B-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2010-04-03 08:46 . 2011-10-28 09:36   2560 c:\windows\Installer\{9028040B-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2000-06-02 15:48 . 2000-06-02 15:48   427520 c:\windows\SysWOW64\MPG4C32.DLL
+ 2012-08-21 16:21 . 2012-08-21 16:24   690888 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_Plugin.exe
+ 2012-04-02 07:52 . 2012-08-21 16:24   250568 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-08-15 07:31 . 2012-08-15 07:31   227824 c:\windows\SysWOW64\javaws.exe
+ 2009-12-26 20:51 . 2012-08-20 14:39   392492 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-12-26 12:44 . 2012-08-22 12:42   691294 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-08-10 12:29 . 2012-08-22 13:29   443680 c:\windows\system32\perfh00B.dat
+ 2009-07-14 02:36 . 2012-08-22 13:29   618160 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-22 13:29   107440 c:\windows\system32\perfc009.dat
- 2009-12-21 12:07 . 2012-05-31 09:25   279656 c:\windows\system32\MpSigStub.exe
+ 2009-12-21 12:07 . 2012-01-31 12:44   279656 c:\windows\system32\MpSigStub.exe
+ 2012-08-21 16:21 . 2012-08-21 16:24   420552 c:\windows\system32\Macromed\Flash\FlashUtil64_11_4_402_265_Plugin.exe
+ 2009-07-14 04:45 . 2012-08-21 17:43   436496 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 05:30 . 2012-08-20 21:16   143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-08-16 05:25   143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-08-16 05:25   143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-08-20 21:16   143360 c:\windows\system32\DriverStore\infstor.dat
+ 2012-02-09 19:43 . 2012-02-09 19:43   962368 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d895694e10f22a11\nvumdshimx.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   812352 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d895694e10f22a11\nvumdshim.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   310592 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d895694e10f22a11\nvml.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   260416 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d895694e10f22a11\nvinitx.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   215360 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d895694e10f22a11\nvinit.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   201024 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d895694e10f22a11\nvidia-smi.exe
+ 2012-02-09 19:43 . 2012-02-09 19:43   202752 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d895694e10f22a11\nvdxgiwrapx.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   182080 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d895694e10f22a11\nvdxgiwrap.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   324516 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d895694e10f22a11\nvdrsdb.bin
+ 2012-02-09 19:43 . 2012-02-09 19:43   301376 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d895694e10f22a11\nvdecodemft32.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   364352 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d895694e10f22a11\nvdecodemft.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   261120 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d895694e10f22a11\Nvd3d9wrapx.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   236352 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d895694e10f22a11\Nvd3d9wrap.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   224064 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d895694e10f22a11\dbInstaller.exe
+ 2012-03-20 17:44 . 2012-03-20 17:44   203888 c:\windows\system32\drivers\MpFilter.sys
+ 2009-07-14 05:01 . 2012-08-22 13:44   434952 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-05-22 16:20 . 2012-08-21 22:15   868904 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1415641805-828064493-1863220564-1007-12288.dat
+ 2008-04-11 07:11 . 2008-04-11 07:11   233472 c:\windows\Installer\1ae3779.msi
+ 2012-08-20 16:14 . 2012-08-20 16:14   109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe
+ 2012-08-20 16:14 . 2012-08-20 16:14   123352 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\MSE.exe
+ 2012-08-20 16:14 . 2012-08-20 16:14   109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe
+ 2012-08-20 16:14 . 2012-08-20 16:14   109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe
+ 2012-08-20 16:14 . 2012-08-20 16:14   109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe
- 2010-04-03 08:46 . 2011-10-28 09:36   114688 c:\windows\Installer\{9028040B-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2010-04-03 08:46 . 2012-08-21 15:24   114688 c:\windows\Installer\{9028040B-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2010-04-03 08:46 . 2011-10-28 09:36   167936 c:\windows\Installer\{9028040B-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2010-04-03 08:46 . 2012-08-21 15:24   167936 c:\windows\Installer\{9028040B-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2012-02-09 19:43 . 2012-02-09 19:43   7713088 c:\windows\SysWOW64\nvwgf2um.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   2517312 c:\windows\SysWOW64\nvcuvid.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   2437440 c:\windows\SysWOW64\nvcuvenc.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   5892928 c:\windows\SysWOW64\nvcuda.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   2301248 c:\windows\SysWOW64\nvapi.dll
+ 2012-08-21 16:21 . 2012-08-21 16:24   9813704 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
+ 2012-08-21 16:21 . 2012-08-21 16:24   1807560 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
+ 2011-08-09 22:48 . 2011-07-16 04:49   1114112 c:\windows\SysWOW64\kernel32.dll
- 2011-08-09 22:48 . 2011-07-16 04:24   1114112 c:\windows\SysWOW64\kernel32.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   9717568 c:\windows\system32\nvwgf2umx.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   1466176 c:\windows\system32\nvgenco64.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   1737536 c:\windows\system32\nvdispco64.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   2672448 c:\windows\system32\nvcuvid.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   2872640 c:\windows\system32\nvcuvenc.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   8008000 c:\windows\system32\nvcuda.dll
+ 2009-10-26 18:35 . 2012-02-09 19:43   2660160 c:\windows\system32\nvapi64.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   9717568 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d895694e10f22a11\nvwgf2umx.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   7713088 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d895694e10f22a11\nvwgf2um.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   1466176 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d895694e10f22a11\nvgenco64.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   1737536 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d895694e10f22a11\nvdispco64.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   2517312 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d895694e10f22a11\nvcuvid32.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   2672448 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d895694e10f22a11\nvcuvid.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   2872640 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d895694e10f22a11\nvcuvenc64.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   2437440 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d895694e10f22a11\nvcuvenc.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   5892928 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d895694e10f22a11\nvcuda32.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   8008000 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d895694e10f22a11\nvcuda.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   2660160 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d895694e10f22a11\nvapi64.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   2301248 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d895694e10f22a11\nvapi.dll
+ 2009-07-14 04:45 . 2012-08-21 17:44   7130306 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-08-16 05:29   7130306 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-12-21 12:18 . 2012-08-22 13:44   1583296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-12-21 00:49 . 2012-08-22 13:44   6897428 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1415641805-828064493-1863220564-1007-8192.dat
+ 2011-01-16 09:53 . 2012-08-21 16:27   6022968 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1415641805-828064493-1863220564-1001-8192.dat
+ 2012-06-20 09:16 . 2012-08-21 16:27   1420584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1415641805-828064493-1863220564-1001-12288.dat
+ 2012-03-26 16:21 . 2012-03-26 16:21   7622656 c:\windows\Installer\1cee3a.msi
+ 2012-01-25 01:52 . 2012-01-25 01:52   2323456 c:\windows\Installer\1ae37a9.msi
+ 2012-02-09 19:43 . 2012-02-09 19:43   19443520 c:\windows\SysWOW64\nvoglv32.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   15009600 c:\windows\SysWOW64\nvd3dum.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   17543488 c:\windows\SysWOW64\nvcompiler.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   25541952 c:\windows\system32\nvoglv64.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   17642816 c:\windows\system32\nvd3dumx.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   25222976 c:\windows\system32\nvcompiler.dll
+ 2012-08-21 16:21 . 2012-08-21 16:24   12812488 c:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   25541952 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d895694e10f22a11\nvoglv64.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   19443520 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d895694e10f22a11\nvoglv32.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   13624128 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d895694e10f22a11\nvlddmkm.sys
+ 2012-02-09 19:43 . 2012-02-09 19:43   17642816 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d895694e10f22a11\nvd3dumx.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   15009600 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d895694e10f22a11\nvd3dum.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   71579376 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d895694e10f22a11\NvCplSetupInt.exe
+ 2012-02-09 19:43 . 2012-02-09 19:43   17543488 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d895694e10f22a11\nvcompiler32.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   25222976 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d895694e10f22a11\nvcompiler.dll
+ 2012-02-09 19:43 . 2012-02-09 19:43   13624128 c:\windows\system32\drivers\nvlddmkm.sys
+ 2012-04-18 19:28 . 2012-04-18 19:28   26820096 c:\windows\Installer\1ae3b6d.msi
+ 2012-04-18 14:50 . 2012-04-18 14:50   20396032 c:\windows\Installer\1ae3888.msi
+ 2004-02-24 14:18 . 2004-02-24 14:18   57439292 c:\windows\Installer\1ae3772.msp
.
-- Snapshot nollattu tähän hetkeen --
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-21 39408]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
"Spotify Web Helper"="d:\spotify\Data\SpotifyWebHelper.exe" [2012-08-04 1193176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-04-27 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-05-07 75048]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
.
c:\users\Nelli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\
LaunchCenter.lnk - c:\program files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe [2009-8-31 2351104]
.
c:\users\Rami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\
LaunchCenter.lnk - c:\program files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe [2009-8-31 2351104]
.
c:\users\Tatu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\users\Tillu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\
LaunchCenter.lnk - c:\program files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe [2009-8-31 2351104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LaunchCenter.lnk - c:\program files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe [2009-8-31 2351104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ     kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google-päivityspalvelu (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys

R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe

R3 GGSAFERDriver;GGSAFER Driver;d:\garena plus\Room\safedrv.sys

R3 gupdatem;Google Päivitä-palvelu (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-06 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoftin verkon tarkastus;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2011-08-17 27136]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2010-02-26 12288]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2010-02-26 173056]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2011-08-17 19968]
R3 PVUSB;CESG502 64bit USB Driver;c:\windows\system32\DRIVERS\CESG64.sys [2007-02-19 63808]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windowsin aktivointitekniikoiden palvelu;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-08 1255736]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-06-22 828912]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/12/21 13:59];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2009-05-07 19:05 146928]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-09-07 155752]
S3 SNXPCAMD;SUNIX Mulit-I/O Card Driver;c:\windows\system32\DRIVERS\snxpcamd.sys [2009-06-25 62464]
S3 SNXPPAMD;SUNIX Parallel Port Driver;c:\windows\system32\DRIVERS\snxppamd.sys [2009-06-25 133632]
.
.
'Ajoitetut tehtävät'-kansion sisältö
.
2012-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-04 22:26]
.
2012-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-04 22:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-05 8060960]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Täydentävä tarkistus -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.fi/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Vie Microsoft E&xceliin - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.100.1
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://85.23.161.214/activex/AMC.cab
FF - ProfilePath - c:\users\Pasi\AppData\Roaming\Mozilla\Firefox\Profiles\nhgo6yp4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.fi
FF - prefs.js: keyword.URL - hxxp://fi.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - POISTETUT JÄMÄRIVIT - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------
.
[HKEY_USERS\S-1-5-21-1415641805-828064493-1863220564-1001\Software\SecuROM\License information*]
"datasecu"=hex:a3,28,a5,42,11,dc,ea,07,1b,e2,c0,54,36,40,91,f1,6a,ef,e9,af,09,
63,b6,84,28,0d,7f,de,64,b6,49,ec,71,b2,66,3e,18,4e,2c,22,05,39,90,1c,f3,14,\
"rkeysecu"=hex:5e,09,10,d5,26,c0,fd,18,81,87,5e,10,89,e3,38,fe
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Muut prosessit ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
.
**************************************************************************
.
Valmistumisajankohta: 2012-08-22 16:49:48 - kone käynnistettiin uudelleen
ComboFix-quarantined-files.txt 2012-08-22 13:49
ComboFix2.txt 2012-08-20 11:28
.
Ennen ajoa: 353 693 020 160 tavua vapaana
Ajon jälkeen: 353 133 223 936 tavua vapaana
.
- - End Of File - - 9B4C18945D7489747621C451B1188565

1972vet · « **Reply #39 on:** August 22, 2012, 08:20:45 AM »

My apologies...there were two of these and I missed one of them:
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

...so we need to run another script:
Please open another blank Notepad...Then, copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...and, as before, change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

Combofix will run again automatically. Please post back the new log that will be generated. Thanks!
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

KILLALL::

reglock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

This should clear everything that I found and that system should be doing well now. At this point, it would be advised to run a system defrag. On the next reply, let me know if there are any other issues we can help with. Thanks!

apimybrowserbarf · « **Reply #40 on:** August 22, 2012, 08:52:15 AM »

I'll do the defragmenting in the meanwhile. I need to know if the log is alright - how does it look like?

ComboFix 12-08-18.03 - Pasi 22.08.2012 17:29:48.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.358.1035.18.4094.2745 [GMT 3:00]
Sijainti: c:\users\Pasi\Desktop\username321.exe
Käytetyt komentorivivalitsimet :: c:\users\Pasi\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2012-07-22 to 2012-08-22 )))))))))))))))))
.
.
2012-08-22 14:35 . 2012-08-22 14:35   --------   d-----w-   c:\users\Tillu\AppData\Local\temp
2012-08-22 14:35 . 2012-08-22 14:35   --------   d-----w-   c:\users\Tatu\AppData\Local\temp
2012-08-22 14:35 . 2012-08-22 14:35   --------   d-----w-   c:\users\Rami\AppData\Local\temp
2012-08-22 14:35 . 2012-08-22 14:35   --------   d-----w-   c:\users\Nelli\AppData\Local\temp
2012-08-22 14:35 . 2012-08-22 14:35   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-08-22 14:00 . 2012-08-01 22:58   9309624   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{177053F5-ABED-407E-992E-8F7CEB8CCA14}\mpengine.dll
2012-08-21 17:43 . 2012-08-21 17:43   --------   d-----w-   c:\users\Rami\AppData\Roaming\Apple Computer
2012-08-21 15:56 . 2012-08-21 15:56   159744   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-08-21 15:56 . 2012-08-21 15:56   159744   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-08-21 15:56 . 2012-08-21 15:56   159744   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-08-21 15:56 . 2012-08-21 15:56   159744   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-08-21 15:56 . 2012-08-21 15:56   159744   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-08-21 15:56 . 2012-08-21 15:56   159744   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-08-21 15:56 . 2012-08-21 15:56   159744   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-08-21 15:55 . 2012-08-21 15:56   --------   d-----w-   c:\program files (x86)\QuickTime
2012-08-21 15:54 . 2012-08-21 15:54   --------   d-----w-   c:\program files (x86)\Apple Software Update
2012-08-21 15:51 . 2012-08-21 15:51   --------   d-----w-   c:\users\Pasi\AppData\Local\Apple Computer
2012-08-21 15:47 . 2012-08-21 15:47   --------   d-----w-   c:\users\Pasi\AppData\Local\Apple
2012-08-20 21:13 . 2012-05-04 09:59   514560   ----a-w-   c:\windows\SysWow64\qdvd.dll
2012-08-20 21:13 . 2012-05-04 11:00   366592   ----a-w-   c:\windows\system32\qdvd.dll
2012-08-20 20:59 . 2012-08-20 20:59   --------   d-----w-   c:\program files (x86)\FileHippo.com
2012-08-20 16:15 . 2012-08-20 16:15   927800   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D325D83B-BEC2-42D2-83B7-9386BFFB382D}\gapaengine.dll
2012-08-20 16:15 . 2012-06-29 00:04   9133488   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-20 16:13 . 2012-08-20 16:13   --------   d-----w-   c:\program files (x86)\Microsoft Security Client
2012-08-20 16:13 . 2012-08-20 16:14   --------   d-----w-   c:\program files\Microsoft Security Client
2012-08-19 16:52 . 2012-08-19 16:52   --------   d-----w-   c:\windows\SysWow64\wbem\Performance
2012-08-19 16:50 . 2008-05-07 19:03   303616   ----a-w-   C:\SetACL.exe
2012-08-19 16:49 . 2004-06-11 13:33   290304   ----a-w-   C:\subinacl.exe
2012-08-19 16:48 . 2012-08-19 16:48   --------   d-----w-   C:\RegBackup
2012-08-19 15:39 . 2012-08-19 16:57   181064   ----a-w-   c:\windows\PSEXESVC.EXE
2012-08-19 15:24 . 2012-08-19 16:50   --------   d-----w-   C:\Tweaking.com_Windows_Repair_Logs
2012-08-18 12:51 . 2012-08-18 12:51   --------   d-----w-   c:\users\Rami\AppData\Roaming\Malwarebytes
2012-08-18 03:33 . 2012-06-29 10:04   9133488   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{3916EADA-4C36-4E62-A701-3B3449AAE2B5}\mpengine.dll
2012-08-15 21:21 . 2012-06-29 03:51   887296   ----a-w-   c:\program files\Internet Explorer\iedvtool.dll
2012-08-15 21:21 . 2012-06-29 03:50   499200   ----a-w-   c:\program files\Internet Explorer\jsdbgui.dll
2012-08-15 21:21 . 2012-06-29 03:44   816640   ----a-w-   c:\windows\system32\jscript.dll
2012-08-15 21:21 . 2012-06-29 00:10   678912   ----a-w-   c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-08-15 21:21 . 2012-06-29 00:10   387584   ----a-w-   c:\program files (x86)\Internet Explorer\jsdbgui.dll
2012-08-15 21:21 . 2012-06-29 04:55   17809920   ----a-w-   c:\windows\system32\mshtml.dll
2012-08-15 21:21 . 2012-06-29 04:09   10925568   ----a-w-   c:\windows\system32\ieframe.dll
2012-08-15 07:32 . 2012-08-15 07:32   --------   d-----w-   c:\program files (x86)\Common Files\Java
2012-08-15 07:32 . 2012-08-15 07:32   --------   d-----w-   c:\program files (x86)\Oracle
2012-08-15 07:31 . 2012-07-05 19:06   772544   ----a-w-   c:\windows\SysWow64\npDeployJava1.dll
2012-08-11 18:54 . 2012-08-11 18:54   --------   d-----w-   c:\users\Tatu\AppData\Roaming\Malwarebytes
2012-08-11 18:54 . 2012-08-11 18:54   --------   d-----w-   c:\programdata\Malwarebytes
2012-08-11 18:54 . 2012-08-11 18:54   --------   d-----w-   c:\program files (x86)\MBMA
2012-08-11 18:54 . 2012-07-03 10:46   24904   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-08-05 16:43 . 2012-08-05 16:43   --------   d-----w-   c:\users\Rami\AppData\Roaming\Wargaming.net
2012-07-30 21:52 . 2012-07-30 21:52   103904   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-07-26 05:47 . 2012-07-26 05:47   --------   d-----w-   c:\users\Pasi\AppData\Local\Macromedia
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-21 16:24 . 2012-04-02 07:52   696520   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-21 16:24 . 2011-05-16 09:03   73416   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 21:19 . 2009-12-21 12:12   62134624   ----a-w-   c:\windows\system32\MRT.exe
2012-07-15 04:53 . 2012-07-15 04:53   4024320   ----a-w-   c:\program files (x86)\GUTBF6F.tmp
2012-07-05 19:06 . 2010-05-04 19:40   687544   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2012-06-25 13:36 . 2012-06-25 13:36   466456   ----a-w-   c:\windows\system32\wrap_oal.dll
2012-06-25 13:36 . 2012-06-25 13:36   444952   ----a-w-   c:\windows\SysWow64\wrap_oal.dll
2012-06-25 13:36 . 2012-06-25 13:36   122904   ----a-w-   c:\windows\system32\OpenAL32.dll
2012-06-25 13:36 . 2012-06-25 13:36   109080   ----a-w-   c:\windows\SysWow64\OpenAL32.dll
2012-06-24 18:17 . 2012-06-24 18:17   164352   ----a-w-   c:\windows\SysWow64\SpoonUninstall.exe
2012-06-13 09:24 . 2012-06-13 09:13   2829   ----a-w-   c:\windows\War3Unin.pif
2012-06-13 09:24 . 2012-06-13 09:13   139264   ----a-w-   c:\windows\War3Unin.exe
2012-06-09 05:43 . 2012-07-11 05:28   14172672   ----a-w-   c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 05:28   2004480   ----a-w-   c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 05:28   1881600   ----a-w-   c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 05:27   1133568   ----a-w-   c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 05:28   1390080   ----a-w-   c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 05:28   1236992   ----a-w-   c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 05:27   805376   ----a-w-   c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-19 05:42   38424   ----a-w-   c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 05:42   2428952   ----a-w-   c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 05:42   57880   ----a-w-   c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 05:42   44056   ----a-w-   c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 05:42   701976   ----a-w-   c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 05:42   2622464   ----a-w-   c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 05:42   99840   ----a-w-   c:\windows\system32\wudriver.dll
2012-06-02 12:19 . 2012-06-19 05:42   186752   ----a-w-   c:\windows\system32\wuwebv.dll
2012-06-02 12:15 . 2012-06-19 05:42   36864   ----a-w-   c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 05:27   458704   ----a-w-   c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 05:27   95600   ----a-w-   c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 05:27   151920   ----a-w-   c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 05:27   340992   ----a-w-   c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 05:27   307200   ----a-w-   c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 05:27   22016   ----a-w-   c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 05:27   225280   ----a-w-   c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 05:27   219136   ----a-w-   c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 05:27   96768   ----a-w-   c:\windows\SysWow64\sspicli.dll
2012-05-26 12:34 . 2012-05-26 12:34   2829   ----a-w-   c:\windows\DiabUnin.pif
2012-05-26 12:34 . 2012-05-26 12:34   118784   ----a-w-   c:\windows\DiabUnin.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-08-22_13.45.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-21 12:22 . 2012-08-22 13:47   48270 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-22 13:47   40452 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-21 12:22 . 2012-08-22 13:47   16408 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1415641805-828064493-1863220564-1001_UserData.bin
- 2009-08-10 12:29 . 2012-08-22 13:29   83350 c:\windows\system32\perfc00B.dat
+ 2009-08-10 12:29 . 2012-08-22 14:28   83350 c:\windows\system32\perfc00B.dat
- 2009-12-21 19:46 . 2012-08-18 08:01   16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-21 19:46 . 2012-08-22 14:21   16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-21 19:46 . 2012-08-18 08:01   49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-21 19:46 . 2012-08-22 14:21   49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-22 14:21   16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-18 08:01   16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-10 00:23 . 2012-08-22 14:36   4116 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-01-10 00:23 . 2012-08-20 11:32   4116 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-08-22 13:45 . 2012-08-22 13:45   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-22 14:36 . 2012-08-22 14:36   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-22 14:36 . 2012-08-22 14:36   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-22 13:45 . 2012-08-22 13:45   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-08-10 12:29 . 2012-08-22 13:29   443680 c:\windows\system32\perfh00B.dat
+ 2009-08-10 12:29 . 2012-08-22 14:28   443680 c:\windows\system32\perfh00B.dat
- 2009-07-14 02:36 . 2012-08-22 13:29   618160 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-22 14:28   618160 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-22 14:28   107440 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-08-22 13:29   107440 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-08-22 13:44   434952 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-22 14:36   434952 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-21 39408]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
"Spotify Web Helper"="d:\spotify\Data\SpotifyWebHelper.exe" [2012-08-04 1193176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-04-27 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-05-07 75048]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
.
c:\users\Nelli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\
LaunchCenter.lnk - c:\program files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe [2009-8-31 2351104]
.
c:\users\Rami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\
LaunchCenter.lnk - c:\program files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe [2009-8-31 2351104]
.
c:\users\Tatu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\users\Tillu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\
LaunchCenter.lnk - c:\program files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe [2009-8-31 2351104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LaunchCenter.lnk - c:\program files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe [2009-8-31 2351104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ     kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google-päivityspalvelu (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys

R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe

R3 GGSAFERDriver;GGSAFER Driver;d:\garena plus\Room\safedrv.sys

R3 gupdatem;Google Päivitä-palvelu (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-06 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoftin verkon tarkastus;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2011-08-17 27136]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2010-02-26 12288]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2010-02-26 173056]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2011-08-17 19968]
R3 PVUSB;CESG502 64bit USB Driver;c:\windows\system32\DRIVERS\CESG64.sys [2007-02-19 63808]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windowsin aktivointitekniikoiden palvelu;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-08 1255736]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-06-22 828912]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/12/21 13:59];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2009-05-07 19:05 146928]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-09-07 155752]
S3 SNXPCAMD;SUNIX Mulit-I/O Card Driver;c:\windows\system32\DRIVERS\snxpcamd.sys [2009-06-25 62464]
S3 SNXPPAMD;SUNIX Parallel Port Driver;c:\windows\system32\DRIVERS\snxppamd.sys [2009-06-25 133632]
.
.
'Ajoitetut tehtävät'-kansion sisältö
.
2012-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-04 22:26]
.
2012-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-04 22:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-05 8060960]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Täydentävä tarkistus -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.fi/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Vie Microsoft E&xceliin - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.100.1
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://85.23.161.214/activex/AMC.cab
FF - ProfilePath - c:\users\Pasi\AppData\Roaming\Mozilla\Firefox\Profiles\nhgo6yp4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.fi
FF - prefs.js: keyword.URL - hxxp://fi.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - POISTETUT JÄMÄRIVIT - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------
.
[HKEY_USERS\S-1-5-21-1415641805-828064493-1863220564-1001\Software\SecuROM\License information*]
"datasecu"=hex:a3,28,a5,42,11,dc,ea,07,1b,e2,c0,54,36,40,91,f1,6a,ef,e9,af,09,
63,b6,84,28,0d,7f,de,64,b6,49,ec,71,b2,66,3e,18,4e,2c,22,05,39,90,1c,f3,14,\
"rkeysecu"=hex:5e,09,10,d5,26,c0,fd,18,81,87,5e,10,89,e3,38,fe
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Muut prosessit ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
.
**************************************************************************
.
Valmistumisajankohta: 2012-08-22 17:46:31 - kone käynnistettiin uudelleen
ComboFix-quarantined-files.txt 2012-08-22 14:46
ComboFix2.txt 2012-08-22 13:49
ComboFix3.txt 2012-08-20 11:28
.
Ennen ajoa: 353 207 619 584 tavua vapaana
Ajon jälkeen: 352 914 534 400 tavua vapaana
.
- - End Of File - - 71A114B652A54FA29C6A559B62AF5224

1972vet · « **Reply #41 on:** August 22, 2012, 04:14:52 PM »

Looks good. Any other issues?

apimybrowserbarf · « **Reply #42 on:** August 23, 2012, 02:44:12 AM »

Not that I can tell off. Are there some finalizing steps to this that we'll do now?

1972vet · « **Reply #43 on:** August 23, 2012, 07:12:33 AM »

Indeed...we need to uninstall combofix, which is in itself, another run (effectively) of that utility, so to perform this, you must disable the same security applications that we disabled when you ran it as before...then you can delete the tools we downloaded, as well as their associated logs. Click start, then in the "Search programs and files" box, type Run. When the "Run" box opens, copy/paste the following, then press the Enter key:
ComboFix /Uninstall

Performing this function will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again for you automatically (re-setting system restore removes the old and infected restore points).

To assist in the prevention of malicious software intrusion and infections, you can begin by reading "How to boost your malware defense and protect your PC"...

Please remember to keep antivirus software on board and always use it's real time protection feature. Run a complete system scan at least once a week...preferably in Safe mode.

A word of caution
Security vendors, in recent years, have partnered with "Ask.com" in providing the "Ask Toolbar" bundled with their download(s).

Although the toolbar is considered to be a Legitimate program, it is nonetheless questionable as to it's behavior. It is alleged to be spyware/adware as the behavior of this application tracks a user's history and sends "search" information to it's servers in order to provide a user with targeted search results, many of these results may also be for questionable web sites. In fairness, one should keep in mind, google does the same thing regarding search results.

This tracking is considered by many of us in the security field, to be offensive.

Some of the "Download links" that I may provide, may also contain this program bundled with it. If you choose not to use it, the bundled software will always contain an "Opt Out" measure via some checkbox. The user can check (or uncheck) this box to prevent the download.

If a user isn't cautious and may have mistakenly installed this program, it can easily be removed via the "Uninstall" string provided with the software. Detailed instructions how to remove the program can be found Here.

If your antivirus program is a licensed version that is about to expire, you can consider using one of these available free on the public domain:

Microsoft Security Essentials
AntiVir Personal Edition Classic
Avast! 4 Home Edition

Those of us in the online safety/security community have tried and tested these programs to determine their abilities. Having in mind, nothing is ever a guarantee regarding computer security, these programs nevertheless, combined with the rest of these recommendations are certain to have an impact in helping to keep your system running free and clear. I personally have been completely satisfied from having tested and used each one of those at one time or another.

Immunize your browser by installing Spywareblaster. What does it do?

Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restricts the actions of potentially unwanted sites in Internet Explorer.

Keep your anti-virus and spyware definitions up to date. Be sure to scan often.

Web of Trust, (WOT,) warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

Green to go
Yellow for caution
Red to stop

WOT has an add-on available for both Firefox and IE.

Install the Winpatrol security monitor utility. WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. What I hear most from users is how much they like the startup control feature and it's ease of use. Need help understanding something about Winpatol? Here it is.

Windows Vista and Windows 7 have a software firewall built in and activated by default. This native firewall is a big improvement and is fine by itself. However, there are third party software Firewalls that offer a bit more configuration options.

Below you can choose from several of the freeware Firewalls available on the public domain. Even though you may have a Firewall already installed, keep this list handy should you choose not to renew your subscription for whatever reason. I should also mention, if you choose to use a third party firewall, make certain the Windows firewall is turned off to prevent conflict issues.

...and please remember, you should have only one of these types of third party firewalls running on board:

Zone Alarm...Windows 2k/XP/Vista

Outpost Free

Comodo...I highly recommend this firewall, but it may just be best suited for advanced users.

Important Note...along with some of these third party firewalls mentioned, it's own anti-virus engine is included so be aware of these, and first uninstall any other anti-virus product you may have installed before you install one of these which includes it's own anti-virus engine.

Stay updated with the most recent Windows patches using Microsoft's Windows Update. Make it easy on yourself, and set this feature to Automatic.

Keep your installed software up to date by downloading the free FileHippo Update Checker. Double-click the FHSetup.exe file to install it. When the install completes, you'll find the Update Checker shortcut on the desk top.

Double-click on it and a scan begins with the results showing in your browser. Any software it finds to be out of date, will be presented in your browser. Just click on the download link provided there to download your software updates. Ignore the beta software unless you want that...during the scanner initialization, you can click the settings link, then click the results tab and check the box "Hide beta versions". After clicking the OK button, click the "Retry" link to continue the scan with those settings.

Using an alternate browser can reduce your chance of certain infections installing themselves. I recommend installing Mozilla Firefox. If you don't already have "Firefox", please consider installing and using this browser for surfing.

If you still wish to use Internet Explorer, please make sure you install SpywareBlaster (from above) to protect you from most ActiveX infections.

Run CCleaner often. Please avoid using the "registry" cleaning feature of this utility unless you consider yourself an expert. Contrary to popular thought, the Windows Registry has no need of any "cleaning". I personally challenge anyone to show a substantial benefit from having used any of these "registry cleaning" programs. There is none. Any difference at all is so miniscule that it's nearly impossible to calculate.

On the flip side, rather than any benefit, there is the possibility of slicing out enough pieces of the registry to render things useless...and that includes the operating system.

By default, CCleaner will ask you if you want to backup what is removed, and I suggest you do just that. If you have already used this option and found that something no longer works properly, please find the backup that was created and use it to restore that particular item. Remember, using this to clean the disk is absolutely useful and beneficial. A novice needs only to use the disk cleaning feature...and avoid the registry cleaning aspect. It's not difficult...just don't bother to click the Registry button on the menu.

CCleaner is an excellent...and fast disk cleaning utility that can easily be configured to suit your needs. Often, users find a simple reboot resolves a quirky performance issue which can come about as a result of the collection of temp files while browsing the web...and if you configure CCleaner to run on start up, then your system could be kept running fast and clean with each new user session.

The Yahoo Toolbar is included by default during the installation of the CCleaner utility...if you DO NOT WANT IT, be sure to remove the check from the "Add CCleaner Yahoo! Toolbar and use CCleaner from your browser" option during installation setup or else just download the Slim version (no toolbar...last download link at the bottom of that page).

Or if you just want to run your on board Disk Cleanup ("Start--> Programs-->Accessories-->System Tools-->Disk Cleanup" ), just open the utility and check off the following:
Downloaded Program Files, Temporary Internet Files, Recycle Bin, and Temporary Files.

Don't forget to check your system's "defragmenter" settings. With Windows Vista, you have the option to set this as a scheduled event. It is best to have your system's "defrag" function scheduled for at least once a week.

So how did I get infected in the first place?
Regards, and Happy Surfing!

1972vet · « **Reply #44 on:** August 23, 2012, 07:13:52 AM »

This thread is now closed as the issue appears to be resolved.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

News:

Author Topic: [Completed] Unable to connect to internet; Redirects; api.mybrowserbar? (Read 2266 times)

1972vet

Re: [Completed] Unable to connect to internet; Redirects; api.mybrowserbar?

apimybrowserbarf

Re: [Completed] Unable to connect to internet; Redirects; api.mybrowserbar?

1972vet

Re: [Completed] Unable to connect to internet; Redirects; api.mybrowserbar?

apimybrowserbarf

Re: [Completed] Unable to connect to internet; Redirects; api.mybrowserbar?

apimybrowserbarf

Re: [Completed] Unable to connect to internet; Redirects; api.mybrowserbar?

1972vet

Re: [Completed] Unable to connect to internet; Redirects; api.mybrowserbar?

apimybrowserbarf

Re: [Completed] Unable to connect to internet; Redirects; api.mybrowserbar?

1972vet

Re: [Completed] Unable to connect to internet; Redirects; api.mybrowserbar?

apimybrowserbarf

Re: [Completed] Unable to connect to internet; Redirects; api.mybrowserbar?

1972vet

Re: [Completed] Unable to connect to internet; Redirects; api.mybrowserbar?

apimybrowserbarf

Re: [Completed] Unable to connect to internet; Redirects; api.mybrowserbar?

1972vet

Re: [Completed] Unable to connect to internet; Redirects; api.mybrowserbar?

apimybrowserbarf

Re: [Completed] Unable to connect to internet; Redirects; api.mybrowserbar?

1972vet

Re: [Completed] Unable to connect to internet; Redirects; api.mybrowserbar?

1972vet

Re: [Completed] Unable to connect to internet; Redirects; api.mybrowserbar?