PDA

View Full Version : Win32.Agent.adb won't disappear



Mar_Rib
2012-05-04, 11:09
Hi,
My spybot has detected a trojan called win32.agent.adb. Even though spybot corrected it, the trojan appeared again after I did the second scan.
I think this trojan might be the one responsible for this ---» ´´~~ and ^^ (duplication of accent marks)... :s

Could you please help me with this issue?

Thank you for your time and help! =)

Here is the DDS report:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by User at 9:00:04 on 2012-05-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.351.2070.18.8096.5598 [GMT 1:00]
.
AV: G Data InternetSecurity 2011 *Enabled/Updated* {54ACC2FC-837E-E665-7A92-5352D560D5EF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G Data Personal Firewall *Enabled* {6C9743D9-C911-E73D-51CD-FA672BB39294}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Windows\system32\conhost.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe
C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\ASUS.SYS\SIONExportService.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Common Files\G Data\AVKProxy\AvkBap64.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.pt/
uDefault_Page_URL = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
mWinlogon: Userinit=userinit.exe
BHO: G Data WebFilter: {0124123d-61b4-456f-af86-78c53a0790c5} - C:\Program Files (x86)\G Data\InternetSecurity\WebFilter\AvkWebIE.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: G Data WebFilter: {0124123d-61b4-456f-af86-78c53a0790c5} - C:\Program Files (x86)\G Data\InternetSecurity\WebFilter\AvkWebIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [AdobeBridge]
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
mRun: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOS~2.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
TCP: DhcpNameServer = 213.13.175.65 212.55.154.174 212.55.154.190
TCP: Interfaces\{6C69B304-E3A8-4A52-BFDB-01262BE32BDF} : DhcpNameServer = 213.13.175.65 212.55.154.174 212.55.154.190
TCP: Interfaces\{6C69B304-E3A8-4A52-BFDB-01262BE32BDF}\079647164616 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{6C69B304-E3A8-4A52-BFDB-01262BE32BDF}\4586F6D637F6E6244423446383 : DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{6C69B304-E3A8-4A52-BFDB-01262BE32BDF}\56465727F616D6 : DhcpNameServer = 193.137.16.65 193.137.16.145 193.137.16.75
TCP: Interfaces\{6C69B304-E3A8-4A52-BFDB-01262BE32BDF}\C464D265F646 : DhcpNameServer = 192.168.25.2
TCP: Interfaces\{94A59F7C-B91E-44A0-8A1B-28CABCA82446} : DhcpNameServer = 192.168.25.2
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{0124123D-61B4-456f-AF86-78C53A0790C5}
{53707962-6F74-2D53-2644-206D7942484F}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AA58ED58-01DD-4d91-8333-CF10577473F7}
{0124123D-61B4-456f-AF86-78C53A0790C5}
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
mRun-x64: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun-x64: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
mRun-x64: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun-x64: [RemoteControl10] "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"
mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
mRun-x64: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
============= SERVICES / DRIVERS ===============
.
R0 GDBehave;GDBehave;C:\Windows\system32\drivers\GDBehave.sys --> C:\Windows\system32\drivers\GDBehave.sys [?]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-5-26 17536]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 GDMnIcpt;GDMnIcpt;\??\C:\Windows\system32\drivers\MiniIcpt.sys --> C:\Windows\system32\drivers\MiniIcpt.sys [?]
R1 gdwfpcd;G DATA WFP CD;C:\Windows\system32\drivers\gdwfpcd64.sys --> C:\Windows\system32\drivers\gdwfpcd64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-4-21 1136640]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe [2011-7-8 88704]
R2 AVKProxy;Proxy do G Data AntiVírus;C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2010-8-10 1072200]
R2 AVKService;G Data Scheduler;C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [2010-8-10 410696]
R2 AVKWCtl;G Data Sentinela do sistema de ficheiros;C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2010-3-15 1778336]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-3-30 923984]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-3-30 1001808]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-4-21 134928]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-1-14 1839616]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-4-12 1997416]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-5-3 1153368]
R2 Splashtop MDES;Splashtop Meta Data Export Service;C:\ASUS.SYS\SIONExportService.exe [2011-5-10 338208]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-5-27 378472]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-17 134928]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-4-12 2655768]
R3 AiCharger;ASUS Charger Driver;C:\Windows\system32\DRIVERS\AiCharger.sys --> C:\Windows\system32\DRIVERS\AiCharger.sys [?]
R3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-3-30 1321296]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]
R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
R3 GDFwSvc;G Data Personal Firewall;C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2010-4-16 1666096]
R3 GDPkIcpt;GDPkIcpt;\??\C:\Windows\system32\drivers\PktIcpt.sys --> C:\Windows\system32\drivers\PktIcpt.sys [?]
R3 GDScan;G Data Scanner;C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [2010-4-22 339016]
R3 HookCentre;HookCentre;\??\C:\Windows\system32\drivers\HookCentre.sys --> C:\Windows\system32\drivers\HookCentre.sys [?]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys --> C:\Windows\system32\DRIVERS\iwdbus.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Serviço Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-3 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-16 253088]
S3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 cphs;Intel(R) Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-2-14 276248]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Serviço Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-3 136176]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Serviço de Tecnologias de Activação do Windows;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-05-03 17:25:48 -------- d-----w- C:\Program Files\CCleaner
2012-05-03 17:25:31 -------- d-----w- C:\Users\User\AppData\Local\Google
2012-05-03 13:26:33 -------- d-----w- C:\Users\User\AppData\Roaming\Malwarebytes
2012-05-03 13:26:30 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2012-05-03 13:26:29 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-03 13:26:28 22104 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-03 13:26:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-03 13:06:15 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-05-03 13:06:15 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-05-03 11:30:05 -------- d-----w- C:\Users\User\AppData\Local\G DATA
2012-05-02 20:55:03 -------- d-----w- C:\Users\User\AppData\Local\Windows Live
2012-05-02 20:54:45 -------- d-----w- C:\Users\User\AppData\Local\{FCE76A81-D966-4E2A-BEDE-21970D98B724}
2012-05-02 08:06:30 16200 ----a-w- C:\Windows\stinger.sys
2012-05-02 08:06:13 -------- d-----w- C:\Program Files (x86)\stinger
2012-05-01 21:00:29 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EDF11637-ED57-44F5-957B-F99F04341B73}\mpengine.dll
2012-05-01 11:39:11 -------- d-----w- C:\Users\User\AppData\Roaming\dclogs
2012-05-01 11:39:06 1097728 ----a-w- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOS~2.EXE
2012-05-01 11:06:42 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2012-05-01 10:59:59 -------- d-----w- C:\Users\User\AppData\Local\Adobe
2012-04-26 16:47:33 -------- d-----w- C:\Program Files (x86)\Satillana MIM
2012-04-23 14:46:05 -------- d-----w- C:\Users\User\AppData\Local\{F16823D5-E2C4-40BF-9C2B-A907C2D6BA7E}
2012-04-23 14:46:05 -------- d-----w- C:\Users\User\AppData\Local\{6773AA2D-EFE5-4BF6-8179-0E4A5190A62B}
2012-04-23 14:02:02 -------- d-----w- C:\Users\User\AppData\Local\Diagnostics
2012-04-18 18:01:57 -------- d-----w- C:\Program Files\WinPcap
2012-04-18 18:01:50 3623592 ----a-w- C:\Program Files (x86)\Common Files\ApnToolbarInstaller.exe
2012-04-18 18:01:50 143240 ----a-w- C:\Program Files (x86)\Common Files\ApnStub.exe
2012-04-17 19:49:04 -------- d-----w- C:\Program Files (x86)\Microsoft WSE
2012-04-17 19:48:35 3977496 ----a-w- C:\Windows\System32\d3dx9_31.dll
2012-04-17 19:48:35 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll
2012-04-17 19:41:02 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-04-17 19:40:59 -------- d-----w- C:\Users\User\AppData\Roaming\DAEMON Tools Lite
2012-04-17 19:40:59 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2012-04-17 19:40:16 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2012-04-17 18:10:34 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2012-04-17 18:10:34 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2012-04-17 18:10:34 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2012-04-17 18:10:34 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2012-04-17 18:10:34 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2012-04-17 18:10:34 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2012-04-17 18:10:34 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2012-04-17 18:06:22 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS
2012-04-17 18:06:22 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-04-17 17:23:33 -------- d-----w- C:\ProgramData\ASUS
2012-04-17 17:18:56 -------- d-----w- C:\Users\User\AppData\Local\{375F6513-C406-4855-BBF5-AE473559B0EB}
2012-04-17 17:16:48 -------- d-----w- C:\Users\User\AppData\Roaming\MAGIX
2012-04-17 15:32:09 -------- d-----w- C:\Users\User\AppData\Local\Cyberlink
2012-04-17 14:27:10 -------- d-----w- C:\Users\User\AppData\Roaming\Princess Isabella
2012-04-17 10:27:25 -------- d-----w- C:\Windows\SysWow64\Wat
2012-04-17 10:27:25 -------- d-----w- C:\Windows\System32\Wat
2012-04-17 10:17:00 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-04-17 10:11:24 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-17 10:11:24 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-17 10:11:24 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-17 10:08:17 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-17 10:08:17 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-17 10:08:17 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-17 10:08:17 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-17 10:08:17 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-17 10:08:17 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-17 10:08:17 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-17 09:31:59 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-04-16 20:46:36 -------- d-----w- C:\Program Files (x86)\uTorrent
2012-04-16 20:45:34 -------- d-----w- C:\Users\User\AppData\Roaming\uTorrent
2012-04-16 20:43:54 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-16 20:43:54 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-16 20:43:54 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-16 20:43:53 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-04-16 20:43:53 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-04-16 20:43:53 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-16 20:43:53 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-04-16 16:42:48 -------- d-----w- C:\Users\User\AppData\Roaming\FLEXnet
2012-04-16 16:42:46 -------- d-----w- C:\Users\User\AppData\Roaming\Nuance
2012-04-16 16:42:44 -------- d-----w- C:\Users\User\AppData\Roaming\Zeon
2012-04-16 13:00:38 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-04-16 12:54:38 106224 ----a-w- C:\Windows\SysWow64\drivers\GRD.sys
2012-04-16 12:38:00 40392 ----a-w- C:\Windows\System32\drivers\GDBehave.sys
2012-04-16 12:37:59 57288 ----a-w- C:\Windows\System32\drivers\PktIcpt.sys
2012-04-16 12:37:56 49096 ----a-w- C:\Windows\System32\drivers\HookCentre.sys
2012-04-16 12:37:44 84936 ----a-w- C:\Windows\System32\drivers\MiniIcpt.sys
2012-04-16 12:37:43 48584 ----a-w- C:\Windows\System32\drivers\gdwfpcd64.sys
2012-04-16 12:37:35 -------- d-----w- C:\ProgramData\G Data
2012-04-16 12:37:35 -------- d-----w- C:\Program Files (x86)\G Data
2012-04-16 12:37:35 -------- d-----w- C:\Program Files (x86)\Common Files\G Data
2012-04-16 12:36:04 -------- d-----w- C:\Users\User\AppData\Local\Downloaded Installations
2012-04-16 12:00:32 -------- d-----w- C:\Program Files (x86)\The KMPlayer
2012-04-16 10:01:29 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-16 10:01:29 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-16 09:54:47 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-04-16 09:54:30 -------- d-----w- C:\Users\User\AppData\Local\Microsoft Help
2012-04-16 09:49:03 -------- d-----w- C:\Program Files (x86)\AVG
2012-04-16 09:45:23 -------- d--h--w- C:\ProgramData\Common Files
2012-04-16 09:44:57 -------- d-----w- C:\ProgramData\MFAData
2012-04-16 01:36:27 -------- d-----w- C:\Users\User\AppData\Roaming\ASUS WebStorage
2012-04-16 01:34:00 -------- d-----w- C:\Users\User\AppData\Local\Power2Go
2012-04-16 01:32:13 -------- d-sh--we C:\Programme
2012-04-16 01:32:13 -------- d-sh--we C:\ProgramData\Vorlagen
2012-04-16 01:32:13 -------- d-sh--we C:\ProgramData\Startmenü
2012-04-16 01:32:13 -------- d-sh--we C:\ProgramData\Favoriten
2012-04-16 01:32:13 -------- d-sh--we C:\ProgramData\Dokumente
2012-04-16 01:32:13 -------- d-sh--we C:\ProgramData\Anwendungsdaten
2012-04-16 01:32:13 -------- d-sh--we C:\Program Files\Gemeinsame Dateien
2012-04-16 01:32:13 -------- d-sh--we C:\Dokumente und Einstellungen
2012-04-12 20:59:51 -------- d--h--w- C:\ASUS.DAT
2012-04-12 20:59:51 -------- d-----w- C:\ProgramData\FolderView
2012-04-12 20:05:03 -------- d-----w- C:\eSupport
2012-04-12 19:38:24 -------- d-----w- C:\Windows\System32\AsMakeLink
2012-04-12 19:38:23 80512 ----a-w- C:\Windows\AsusScr_N5_En Uninstaller.exe
2012-04-12 19:38:19 3058304 ----a-w- C:\Windows\AsScrPro.exe
2012-04-12 19:38:19 287176399 ------w- C:\Windows\System32\AsusScr_N5_En.scr
2012-04-12 19:37:56 -------- d-----w- C:\ProgramData\USBChargerPlus
2012-04-12 19:37:54 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2012-04-12 19:36:22 16768 ----a-w- C:\Windows\System32\drivers\AiCharger.sys
2012-04-12 19:35:06 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-04-12 19:35:06 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-04-12 19:35:06 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2012-04-12 19:31:04 -------- d-----w- C:\ProgramData\ASUS Music Maker
2012-04-12 19:31:04 -------- d-----w- C:\Program Files (x86)\ASUS Music Maker
2012-04-12 19:30:59 -------- d-----w- C:\ProgramData\MAGIX
2012-04-12 19:30:58 -------- d-----w- C:\Program Files (x86)\Common Files\MAGIX Services
2012-04-12 19:30:27 -------- d--h--w- C:\dvmexp
2012-04-12 19:30:06 -------- d--h--w- C:\ASUS.SYS
2012-04-12 19:30:00 -------- d--h--w- C:\temp
2012-04-12 19:28:39 -------- d-----w- C:\Program Files (x86)\Intel Corporation
2012-04-12 19:28:39 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation
2012-04-12 19:24:11 -------- d-----w- C:\ProgramData\Roaming
2012-04-12 19:23:33 -------- d-----w- C:\Program Files (x86)\Cisco
2012-04-12 19:23:25 -------- d-----w- C:\Program Files\Synaptics
2012-04-12 19:21:47 -------- d-----w- C:\Program Files (x86)\ASM104xUSB3
2012-04-12 19:21:43 -------- d-----w- C:\ProgramData\AmUStor
2012-04-12 19:21:43 -------- d-----w- C:\Program Files (x86)\AmIcoSingLun
2012-04-12 19:21:08 -------- d-----w- C:\ProgramData\SonicFocus
2012-04-12 19:21:06 -------- d-----w- C:\Windows\SysWow64\RTCOM
2012-04-12 19:21:06 -------- d-----w- C:\Program Files\Realtek
2012-04-12 19:19:28 -------- d-----w- C:\Windows\SysWow64\NV
2012-04-12 19:19:28 -------- d-----w- C:\Windows\System32\NV
2012-04-12 19:15:40 -------- d-----w- C:\Program Files\Common Files\Intel
2012-04-12 19:15:40 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2012-04-12 19:14:27 8192 ----a-w- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
2012-04-12 19:14:27 8192 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll
2012-04-12 19:14:24 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2012-04-12 19:11:47 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2012-04-12 19:11:43 -------- d-----w- C:\Intel
2012-04-12 19:10:21 951680 ----a-w- C:\Windows\System32\drivers\ndis.sys
.
==================== Find3M ====================
.
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-14 17:55:04 276248 ----a-w- C:\Windows\SysWow64\IntelCpHeciSvc.exe
2012-02-14 17:55:02 5886232 ----a-w- C:\Windows\System32\GfxUI.exe
2012-02-14 17:55:02 511768 ----a-w- C:\Windows\System32\igfxsrvc.exe
2012-02-14 17:55:02 440600 ----a-w- C:\Windows\System32\igfxpers.exe
2012-02-14 17:55:02 398616 ----a-w- C:\Windows\System32\hkcmd.exe
2012-02-14 17:55:02 250136 ----a-w- C:\Windows\System32\igfxext.exe
2012-02-14 17:55:02 184600 ----a-w- C:\Windows\System32\difx64.exe
2012-02-14 17:55:02 170264 ----a-w- C:\Windows\System32\igfxtray.exe
2012-02-14 17:53:26 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2653.dll
2012-02-14 17:47:40 8086528 ----a-w- C:\Windows\System32\igdumd64.dll
2012-02-14 17:47:38 14692224 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys
2012-02-14 17:47:06 963912 ----a-w- C:\Windows\SysWow64\igkrng600.bin
2012-02-14 17:47:06 963912 ----a-w- C:\Windows\System32\igkrng600.bin
2012-02-14 17:47:06 79360 ----a-w- C:\Windows\System32\igdde64.dll
2012-02-14 17:47:06 261208 ----a-w- C:\Windows\SysWow64\igfcg600m.bin
2012-02-14 17:47:06 261208 ----a-w- C:\Windows\System32\igfcg600m.bin
2012-02-14 17:44:54 6120960 ----a-w- C:\Windows\SysWow64\igdumd32.dll
2012-02-14 17:44:24 58880 ----a-w- C:\Windows\SysWow64\igdde32.dll
2012-02-14 17:42:58 9605632 ----a-w- C:\Windows\System32\igd10umd64.dll
2012-02-14 17:35:26 7794688 ----a-w- C:\Windows\SysWow64\igd10umd32.dll
2012-02-14 17:07:18 18125312 ----a-w- C:\Windows\System32\ig4icd64.dll
2012-02-14 16:59:56 13209600 ----a-w- C:\Windows\SysWow64\ig4icd32.dll
2012-02-14 16:56:42 110592 ----a-w- C:\Windows\System32\hccutils.dll
2012-02-14 16:56:34 9216 ----a-w- C:\Windows\System32\IGFXDEVLib.dll
2012-02-14 16:56:34 430080 ----a-w- C:\Windows\System32\igfxdev.dll
2012-02-14 16:56:34 172032 ----a-w- C:\Windows\System32\gfxSrvc.dll
2012-02-14 16:56:06 286208 ----a-w- C:\Windows\System32\igfxrenu.lrc
2012-02-14 16:56:04 142336 ----a-w- C:\Windows\System32\igfxdo.dll
2012-02-14 16:56:02 9007616 ----a-w- C:\Windows\System32\igfxress.dll
2012-02-14 16:55:06 25088 ----a-w- C:\Windows\SysWow64\igfxexps32.dll
2012-02-14 16:54:36 321024 ----a-w- C:\Windows\SysWow64\igfxdv32.dll
2012-02-14 16:53:08 524800 ----a-w- C:\Windows\System32\iglhsip64.dll
2012-02-14 16:53:08 519680 ----a-w- C:\Windows\SysWow64\iglhsip32.dll
2012-02-14 16:53:08 2967040 ----a-w- C:\Windows\System32\igfxcmjit64.dll
2012-02-14 16:53:08 237056 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll
2012-02-14 16:53:08 2321408 ----a-w- C:\Windows\SysWow64\igfxcmjit32.dll
2012-02-14 16:53:08 213504 ----a-w- C:\Windows\System32\iglhcp64.dll
2012-02-14 16:53:08 193024 ----a-w- C:\Windows\System32\igfxcmrt64.dll
2012-02-14 16:53:08 177152 ----a-w- C:\Windows\SysWow64\iglhcp32.dll
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-07 10:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
.
============= FINISH: 9:01:06,15 ===============

I've also attached the zip'ed attach report from DDS.

Thank you for your time and help! =)

Scolabar
2012-05-06, 11:24
Hi Mar_Rib,

Firstly, welcome to the Safer-Networking Malware Removal Forum. :)
My name is Scolabar, and I'll be helping you with your malware problems.
Logs can take a while to research, so please be patient.
If you no longer require help I would be grateful if you would let me know.

Please note the following important guidelines before proceeding:
The instructions that will be provided are for YOUR computer and system only!
Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
If you have any questions or do not understand something, please do not hesitate to ask, don't guess or assume.
Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
Only reply to this thread, do not start another. Please, continue responding, until I give you the All Clean.
Absence of symptoms does not necessarily mean that everything is clear.
DO NOT run any other fix or removal tools unless instructed to do so!
DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!
Please Note: If you haven't done so already, please read this topic "BEFORE You POST"(Please read this Procedure Before Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288) where the conditions for receiving help here are explained.

Windows 7 Advice:
Please Note: The programs I ask you to use will need to be run in Administrator Mode.
In order to do this Right-click on the program file and select the Run as Administrator option.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
If prompted, please click on the Allow button.
Reference: User Account Control (UAC) and Running as Administrator (http://support.microsoft.com/kb/922708)


Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
In light of this, it would be advisable for you to back up any important files and folders that you don't want to lose before we start.

Backup Your Data - Windows 7 (http://support.microsoft.com/kb/971759)
If you follow these guidelines, things should proceed smoothly. :)
I am currently reviewing your log and will return, as soon as possible, with additional instructions.

Thank you for your patience.

Scolabar

Scolabar
2012-05-06, 11:31
Hi Mar_Rib,

Thank you again for your patience. :)

Please read these instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before proceeding please make sure any open programs are closed.

Step 1:
Business Computer?

Entries in the log provided lead me to believe this computer may connect to a business network.
Please confirm whether or not this computer is a company-owned computer, a computer used for business or connects to a business network.
If this is not the case, please proceed with Step 2 and clarify for what purposes this computer is used in your next post.

Step 2:
MGA Diagnostics

Please download this tool (http://go.microsoft.com/fwlink/?linkid=52012) from Microsoft and Save it to your Desktop.
Right-click on MGADiag.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
Click on the Continue button to proceed.
The program will now run. It will take a short while to complete its diagnosis, please be patient.
When it has finished click on the Copy button.
Click on Start and then click on the Start Search box in the Start Menu.
Copy and Paste the following value into the open text entry box:

notepad

Then click on the magnifying glass symbol or press Enter.
This will open an empty Notepad file.
Paste the copied contents into the new Notepad window and Save the file as mgadiag.txt to your Desktop.
Click on the OK button to exit the MGA Diagnostics program.
Then Copy and Paste the entire contents of mgadiag.txt into your next reply.
Step 3:
WVCheck

Please download WVCheck (http://artellos.com/ccount/click.php?id=7) and Save it to your Desktop.
Right-click on WVCheck.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
Read the comments on the screen and then press Enter.
The scan can take a while depending on the size of your hard drive.
Once the program is finished, a scan report named WVCheck_hhmm_dd-mm-yyyy.txt will automatically saved to your Desktop and opened in Notepad.
Please Copy and Paste the entire contents of WVCheck_hhmm_dd-mm-yyyy.txt into your next reply.
Step 4:
CKScanner

Please download CKScanner (http://downloads.malwareremoval.com/CKScanner.exe) and Save it to your Desktop.
Make sure that CKScanner.exe is on your Desktop before running the application!
Right-click on CKScanner.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
Then click on the Search For Files button.
When the scan has finished (- the hourglass cursor will disappear when the scan has completed) click on the Save List To File button.
A text file will be created on your Desktop named ckfiles.txt. A message box will verify the file saved.
Note: Please run the program ONCE only.
Click on the Exit button to close the program.
Double-click on the ckfiles.txt file to open it.
Then Copy and Paste the entire contents of the file into your next reply.
Step 5:
Include in Next Post

Did you have any problems carrying out the instructions?
Is this computer used for business purposes? Does the computer connect to a business network? If not, please clarify for what purposes the computer is used.
mgadiag.txt.
WVCheck_hhmm_dd-mm-yyyy.txt.
ckfiles.txt.
Do you have original Windows installation media for your PC?

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

Mar_Rib
2012-05-06, 13:24
Hello Scolabar,
Firstly, thank you for your help.

I had no difficulties, at least for now, with the instructuions. They're quite clear. :) As I'm portuguese, and english is not my native language, some technical vocabulary may be an issue (but in case of doubt I'll ask) and my spelling may be, sometimes, incorrect. Sorry for that! Said that, I'll continue.

My computer is not used for business purposes. Personal use only. Sometimes I use school's wireless network that I configured as business network. But I believe that wasn't what you were referring to. So, my answer is no.

Here it is the mgadiag.txt. I'm still a bit confused with this because you said it would take a short while to complete, but I pressed continue and a second after the diagnostic was finished...I don't know if something bad occured:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-2QWT6-HCQXJ-9YQTR
Windows Product Key Hash: PVjSC5x6njvqunmbCY3lOD7rYDo=
Windows Product ID: 00359-OEM-8992687-00007
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {7CDE671D-0276-4218-8760-92ADD614A472}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.120305-1505
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 103 Blocked VLK
Microsoft Office Enterprise 2007 - 103 Blocked VLK
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{7CDE671D-0276-4218-8760-92ADD614A472}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-9YQTR</PKey><PID>00359-OEM-8992687-00007</PID><PIDType>2</PIDType><SID>S-1-5-21-3494332765-2371890562-776866448</SID><SYSTEM><Manufacturer>ASUSTeK Computer Inc.</Manufacturer><Model>N55SF</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>N55SF.207</Version><SMBIOSVersion major="2" minor="6"/><Date>20110829000000.000000+000</Date></BIOS><HWID>43223207018400FE</HWID><UserLCID>0816</UserLCID><SystemLCID>0816</SystemLCID><TimeZone>Hora padrão de GMT(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>103</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>103</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>ACD7202654E586</Val><Hash>fFic3JgCreGGRxyF8uMWB4R4Jcg=</Hash><Pid>89388-707-1528066-65488</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="103"/><App Id="16" Version="12" Result="103"/><App Id="18" Version="12" Result="103"/><App Id="19" Version="12" Result="103"/><App Id="1A" Version="12" Result="103"/><App Id="1B" Version="12" Result="103"/><App Id="44" Version="12" Result="103"/><App Id="A1" Version="12" Result="103"/><App Id="BA" Version="12" Result="103"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Versão do serviço de licenciamento de software: 6.1.7601.17514

Nome: Windows(R) 7, HomePremium edition
Descrição: Windows Operating System - Windows(R) 7, OEM_SLP channel
ID da Activação: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
ID da Aplicação: 55c92734-d682-4d71-983e-d6ec3f16059f
PID Expandido: 00359-00178-926-800007-02-1033-7600.0000-2092009
ID da Instalação: 103945100771347876031204703693001654880335757805060443
URL de Certificado do Processador: http://go.microsoft.com/fwlink/?LinkID=88338
URL de Certificado do Computador: http://go.microsoft.com/fwlink/?LinkID=88339
URL da Licença de Utilização: http://go.microsoft.com/fwlink/?LinkID=88341
URL de Certificado da Chave do Produto: http://go.microsoft.com/fwlink/?LinkID=88340
Chave de Produto Parcial: 9YQTR
Estado da Licença: Licenciado
Contagem de rearmamentos restantes do Windows: 1
Hora fidedigna: 06-05-2012 11:03:11

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 4:17:2012 13:32
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: NAAAAAIAAQABAAIAAAABAAAABAABAAEAln0ks3cW0ily+1JA5tES6MqEsqEe1ki9SAYucw==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC _ASUS_ Notebook
FACP _ASUS_ Notebook
DBGP _ASUS_ Notebook
HPET _ASUS_ Notebook
MCFG _ASUS_ Notebook
ECDT _ASUS_ Notebook
SLIC _ASUS_ Notebook
SSDT PmRef Cpu0Ist
SSDT PmRef Cpu0Ist
ASF! INTEL HCG


Now, here it goes the WVcheck.txt:

Windows Validation Check
Version: 1.9.12.5
Log Created On: 1107_06-05-2012
-----------------------

Windows Information
-----------------------
Windows Version: Windows 7 Service Pack 1
Windows Mode: Normal
Systemroot Path: C:\Windows

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
-----------------------
Last Success Time for Update Detection: 2012-05-06 09:37:40
Last Success Time for Update Download: 2012-05-04 13:11:42
Last Success Time for Update Installation: 2012-05-04 13:11:46


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ELVD6SE5\_history;sz=300x250;tile=1;dcopt=ist;plat=pc;klg=pt-pt;kt=K;kga=-1;kr=F;kw=uma+antiga+manha;kgg=-1;kcr=us;dc_dedup=1;kmyd=ad_creative_1;ord=983828044806096[1].htm
Size: 282 bytes
Creation; 5/5/2012 19:31:30
Modification; 5/5/2012 19:31:30
MD5; 2003016856b6f37ffb2c07ee5854c491
Matched: *AntiGA*
-----------------------
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PJJNM0G3\history;sz=300x250;tile=1;dcopt=ist;plat=pc;klg=pt-pt;kt=K;kga=-1;kr=F;kw=uma+antiga+manha;kgg=-1;kcr=us;dc_dedup=1;kmyd=ad_creative_1;ord=2099731727538519[1].htm
Size: 282 bytes
Creation; 5/5/2012 19:31:37
Modification; 5/5/2012 19:31:37
MD5; 2003016856b6f37ffb2c07ee5854c491
Matched: *AntiGA*
-----------------------
C:\Windows\System32\slwga.dll
Size: 14336 bytes
Creation; 18/2/2011 19:49:48
Modification; 20/11/2010 12:21:26
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\SysWOW64\slwga.dll
Size: 14336 bytes
Creation; 18/2/2011 19:49:48
Modification; 20/11/2010 12:21:26
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16385_none_5b467ba9bd0679bb\slwga.dll
Size: 14848 bytes
Creation; 14/7/2009 0:52:11
Modification; 14/7/2009 2:41:54
MD5; cc03cf9f24946dcbd70acb3e1b2f05bf
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_5d778f71b9f4fd55\slwga.dll
Size: 15360 bytes
Creation; 18/2/2011 19:49:28
Modification; 20/11/2010 13:27:28
MD5; b6d6886149573278cba6abd44c4317f5
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16385_none_ff27e02604a90885\slwga.dll
Size: 13824 bytes
Creation; 14/7/2009 0:36:22
Modification; 14/7/2009 2:16:15
MD5; 01fe4bdd0b47a7d8bf34d78d2bc23ddb
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_0158f3ee01978c1f\slwga.dll
Size: 14336 bytes
Creation; 18/2/2011 19:49:48
Modification; 20/11/2010 12:21:26
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - 5e0db2d8b2750543cd2ebb9ea8e6cdd3


-------- End of File, program close at 1110_06-05-2012 --------

Concerning the CKScanner I didn't install it because I have malwarebytes installed on my pc and I didn't know if it would cause problems. Please tell me if I need to uninstall malware bytes.

Finally, what do you mean with original Windows installation media?

Mar_Rib

Scolabar
2012-05-08, 10:19
Hi Mar_Rib,

I thought I had replied to your post, but evidently not. My apologies. :sad:

Thank you for the logs and your feedback.


... As I'm portuguese, and english is not my native language, some technical vocabulary may be an issue (but in case of doubt I'll ask) and my spelling may be, sometimes, incorrect. Sorry for that! Said that, I'll continue.No problem. I will try to keep the instructions simple. Just ask, if you have any questions.


... Sometimes I use school's wireless network that I configured as business network. ...When you connect to the school's network, are you connecting to the school's servers or just using the school's network to browse the Internet?

If you connect to the school's servers, it is very important you inform the school's IT department as soon as possible as any malware infection(s) could have been passed on.


Concerning the CKScanner I didn't install it because I have malwarebytes installed on my pc and I didn't know if it would cause problems. Please tell me if I need to uninstall malware bytes.You do not need to uninstall MalwareBytes' Anti-Malware.

Please complete the instructions for the CKScanner tool and post the log in your next reply.


... what do you mean with original Windows installation media?Do you have the original Windows 7 installation DVD for your computer?


Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

Mar_Rib
2012-05-08, 10:56
Hi Scolabar.

No problem..I'm patient. :)

Concerning the network, I only use it to browse the internet.

Moving on, here it is the ckscanner file:

CKScanner - Additional Security Risks - These are not necessarily bad
c:\users\user\documents\jogos\sims 3\crack\ts3.exe
c:\users\user\documents\jogos\sims 3\crack\tslhost.dll
c:\users\user\documents\jogos\sims 3\the sims 3\crack\ts3.exe
c:\users\user\documents\jogos\sims 3\the.sims.3-crack only\crack.rar
c:\users\user\documents\jogos\sims 3\the.sims.3-crack only\how to crack.txt
c:\users\user\downloads\adobe photoshop cs5 extended\crack\adbe_crack - 32bit.rar
c:\users\user\downloads\adobe photoshop cs5 extended\crack\adbe_crack - 64bit.rar
c:\users\user\downloads\adobe photoshop cs5 extended\crack\apcs5 - crack read me.txt
scanner sequence 3.CE.11.FNNAMI
----- EOF -----


And yes, I have original windows installation media.

p.s. Yesterday, after shuting down my PC and turned it on again appeared an error message of ERUNT saying it wasn't possible to save something..(I can't remember what...) and that I should make something manually! :|

Mar_Rib

Scolabar
2012-05-09, 05:54
Hi Mar_Rib,

Thank you for the CKScanner log and update regarding ERUNT.

Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before we proceed please make sure any open programs are closed.

Step 1:
Cracked/Pirated Software Detected!

Having checked through your logs I can detect that cracked software has been downloaded and installed on this computer.


c:\users\user\documents\jogos\sims 3\crack\ts3.exe
c:\users\user\documents\jogos\sims 3\crack\tslhost.dll
c:\users\user\documents\jogos\sims 3\the sims 3\crack\ts3.exe
c:\users\user\documents\jogos\sims 3\the.sims.3-crack only\crack.rar
c:\users\user\documents\jogos\sims 3\the.sims.3-crack only\how to crack.txt
c:\users\user\downloads\adobe photoshop cs5 extended\crack\adbe_crack - 32bit.rar
c:\users\user\downloads\adobe photoshop cs5 extended\crack\adbe_crack - 64bit.rar
c:\users\user\downloads\adobe photoshop cs5 extended\crack\apcs5 - crack read me.txt

In addition to the above, an illegal copy of Microsoft Office is installed on this computer:


Microsoft Office Enterprise 2007

This may or may not be related to your computer issues, however, if you wish to continue receiving assistance, then you must remove the above crack files and uninstall all illegal programs.

May I draw your attention to THIS TOPIC (http://forums.spybot.info/showpost.php?p=25290&postcount=4).

We do not support the use of illegal Pirated/Warez/Cracked software.

If seeking help in our Malware removal forum please know that users who have programs obtained by such methods will be asked to remove them, since our help could otherwise be seen as aiding copyright violations. Aside from the legalities be aware malware authors prey on users looking to circumvent a software's protection mechanisms. There is a high risk of infection involved in downloading and running crack codes.

Step 2:
Re-Run CKScanner

Please re-run CKScanner once only. Then Copy and Paste the contents of the ckfiles.txt log into your next reply.

Step 3:
Re-Run DDS

Please re-run DDS. Then Copy and Paste the contents of the DDS.txt and Attach.txt files into your next post.

Step 4:
Include in Next Post

Did you have any problems carrying out the instructions?
ckfiles.txt.
DDS.txt.
Attach.txt.

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

Mar_Rib
2012-05-09, 10:44
Hi Scolabar,

I removed all the the files you asked me to, but I really can't unistall office because it's essential for my work.

I understand that you can't continue helping me with this issue, so thank you for your time and help!

Mar_ Rib

Scolabar
2012-05-10, 03:20
Hi Mar_Rib,

If Microsoft Office 2007 is, as you say, essential for your work, I would strongly advise that the illegal version of the software is removed and a legitimate copy of the software is purchased and installed in its place. A fully-functional Student version of the software can be purchased relatively cheaply. :scratch:

The continued use of P2P File Sharing software (- see the advisory below) and Cracked/Pirated software will not only eventually completely compromise your own computer but could also potentially compromise the rest of the computers on the school network. :bomb:

Advisory - P2P Software

IMPORTANT: There are also signs of a P2P (Peer-to-Peer) File Sharing Program installed on your computer that I also advise should be uninstalled.


µTorrent
P2P File Sharing Programs are used as a major conduit for spreading malware infection to computer systems these days.

P2P programs open up access to the computer on which the program is installed. The computer's settings are more often than not changed in a manner that renders the computer insecure and access to the computer remains open even when the program is not in use. Consequently, the system's security is completely compromised.

So be aware that it is not just what is downloaded that causes problems, just having a P2P program installed is like leaving all the doors to your house unlocked.

I advise you take the time to read the following articles that explain the risk of installing these programs:

Perils of P2P File Sharing (http://www.techsupportforum.com/forums/f50/perils-of-p2p-file-sharing-305923.html)
Use of P2P File Sharing Programs (http://spywarewarrior.com/viewtopic.php?t=26216)
Clean/Infected P2P Programs (http://malwareremoval.com/p2pindex.php)
Risks of Peer-to-Peer Systems (http://www.fbi.gov/scams-safety/peertopeer/oeertopeer)
File sharing infects 500,000 computers (http://www.itpro.co.uk/195672/file-sharing-infects-500-000-computers)
File-sharing dangers involve more than legal troubles (http://www.usatoday.com/tech/columnist/kimkomando/2006-04-13-file-sharing-woes_x.htm)
How to Prevent the Online Invasion of Spyware and Adware (http://www.internetworldstats.com/articles/art053.htm)

I will now arrange for this topic to be closed.


Scolabar