Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A lot of malware?


  • This topic is locked This topic is locked
23 replies to this topic

#1 brutus28

brutus28

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 12 October 2012 - 09:12 AM

DDS:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Jeffrey at 15:41:47 on 2012-10-12
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2936.1247 [GMT 2:00]
.
AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atashost.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\KPN\KPN Assistent\KPN_Assistent.exe
C:\Program Files\iMesh Applications\Mediabar\Datamngr\datamngrUI.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Jeffrey\AppData\Roaming\Spotify\spotify.exe
C:\Users\Jeffrey\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Users\Jeffrey\AppData\Roaming\BrowserCompanion\tcbhn.exe
C:\Windows\system32\igfxext.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\Program Files\TeamViewer\Version7\tv_w32.exe
c:\program files\teamviewer\version7\TeamViewer_Desktop.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://search.imesh.net
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://search.gboxapp.com/
mDefault_Page_URL = hxxp://uk.my.yahoo.com/linksys
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Browser Companion Helper: {00cbb66b-1d3b-46d3-9577-323a336acb50} - c:\program files\browsercompanion\jsloader.dll
BHO: Adobe PDF Reader Help bij koppelingen: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Web Assistant: {336d0c35-8a85-403a-b9d2-65c292c39087} - c:\program files\web assistant\Extension32.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Browser Companion Helper Verifier: {963b125b-8b21-49a2-a3a8-e37092276531} - c:\program files\browsercompanion\updatebhoWin32.dll
BHO: DataMngr: {be7a24f5-69cb-4708-b77b-b1eda6043b95} - c:\progra~1\imesha~1\mediabar\datamngr\BROWSE~1.DLL
BHO: Search-Results Toolbar: {bff6b2ca-366c-4a90-b685-d87776deb0d2} - c:\progra~1\imesha~1\mediabar\datamngr\srtool~1\searchresultsDx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo\YontooIEClient.dll
TB: Search-Results Toolbar: {bff6b2ca-366c-4a90-b685-d87776deb0d2} - c:\progra~1\imesha~1\mediabar\datamngr\srtool~1\searchresultsDx.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
TB: {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Spotify] "c:\users\jeffrey\appdata\roaming\spotify\Spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "c:\users\jeffrey\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
uRun: [Driver Pro] c:\program files\driver pro\DPLauncher.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [HDMICtrlMan] c:\program files\toshiba\hdmictrlman\HDMICtrlMan.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [KPN Assistent] c:\program files\kpn\kpn assistent\KPN_Assistent.exe /auto
mRun: [Powersuite Monitor] "c:\program files\uniblue\powersuite\powersuite_monitor.exe"
mRun: [DATAMNGR] c:\progra~1\imesha~1\mediabar\datamngr\DATAMN~1.EXE
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\jeffrey\appdata\roaming\micros~1\windows\startm~1\programs\startup\tcbhn.lnk - c:\users\jeffrey\appdata\roaming\browsercompanion\tcbhn.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\jeffrey\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?NL
IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: DhcpNameServer = 192.168.2.254
TCP: Interfaces\{D16709CF-1C8F-44C7-B090-C36A014163CA} : DhcpNameServer = 192.168.2.254
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\browsercompanion\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\browsercompanion\tdataprotocol.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\browsercompanion\tdataprotocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\imesha~1\mediabar\datamngr\datamngr.dll c:\progra~1\imesha~1\mediabar\datamngr\iebho.dll c:\progra~1\sprote~1\sprote~1.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2012-10-12 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2012-10-12 202928]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2012-10-12 113776]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-10-12 18544]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-10-12 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-10-12 355632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-10-12 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-12 58680]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2011-1-23 20376]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-10-12 44808]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2012-10-12 133912]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-12 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-12 676936]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-10-12 2754984]
R2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\toshiba tempro\TempoSVC.exe [2008-4-24 99720]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\web assistant\ExtensionUpdaterService.exe [2012-5-21 185856]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-7-15 112128]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-12 22856]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-10-12 40776]
R3 NETw5v32;Stuurprogramma voor Intel® Wireless WiFi Link Adapter onder Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-7-15 3658752]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-4-15 51160]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007-4-9 8192]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update-service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-8-11 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-22 250808]
S3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB;c:\windows\system32\drivers\br3gmdm.sys [2007-8-29 100096]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-5-21 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-8-11 136176]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-10-12 13:35:29 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-10-12 13:35:28 -------- d-----w- c:\users\jeffrey\appdata\roaming\Malwarebytes
2012-10-12 13:35:21 -------- d-----w- c:\programdata\Malwarebytes
2012-10-12 13:35:20 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-12 13:35:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-12 13:24:34 -------- d-----w- c:\program files\CCleaner
2012-10-12 12:28:18 113776 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-10-12 12:26:55 202928 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-10-12 12:26:54 18544 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-10-12 12:26:53 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-12 12:26:52 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-12 12:25:50 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-10-12 12:25:49 41224 ----a-w- c:\windows\avastSS.scr
2012-10-12 12:25:08 -------- d-----w- c:\programdata\AVAST Software
2012-10-12 12:25:08 -------- d-----w- c:\program files\AVAST Software
2012-10-12 11:34:26 -------- d-----w- c:\users\jeffrey\appdata\local\{6DF0FE0F-35C3-4D20-B63A-D61E5968C01C}
2012-10-11 13:32:22 -------- d-----w- c:\users\jeffrey\appdata\local\{89BF3EC4-25DC-45D9-A5E6-A81D2DC465FF}
2012-10-11 01:32:00 -------- d-----w- c:\users\jeffrey\appdata\local\{DCAD23EF-392E-4EBF-AC4B-DAA0072E63F6}
2012-10-10 10:52:32 985088 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 10:52:32 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 10:52:31 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 10:52:26 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 10:52:24 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 10:52:20 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-10 10:52:20 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-08 17:08:33 -------- d-----w- c:\users\jeffrey\appdata\local\{609ABF50-AADD-4293-AF99-1B897CC62311}
2012-10-07 08:43:00 -------- d-----w- c:\users\jeffrey\appdata\local\{FAE684BF-DA46-4834-A3B2-F6B1201F2FEA}
2012-10-06 18:25:12 -------- d-----w- c:\programdata\boost_interprocess
2012-10-06 18:25:07 -------- d-----w- c:\users\jeffrey\appdata\roaming\MusicNet
2012-10-06 18:25:01 -------- d-----w- c:\users\jeffrey\appdata\local\iMesh
2012-10-06 18:24:14 -------- d-----w- c:\programdata\iMesh
2012-10-06 18:24:14 -------- d-----w- c:\program files\iMesh Applications
2012-10-06 18:23:50 -------- dc-h--w- c:\programdata\{3002E08A-4925-4821-8D06-D5FC4EBFF034}
2012-10-06 18:13:41 -------- d-----w- c:\users\jeffrey\appdata\local\{1A9006B0-B306-4421-AFF2-5B15C3052727}
2012-10-06 05:58:52 -------- d-----w- c:\users\jeffrey\appdata\local\{85656A86-641A-4C43-89C7-CE658085F614}
2012-10-05 17:58:50 -------- d-----w- c:\users\jeffrey\appdata\local\{57B988AC-D404-432C-8B6B-34B75FE6915E}
2012-10-05 08:02:20 -------- d-----w- c:\users\jeffrey\appdata\roaming\Driver Pro
2012-10-05 08:02:17 -------- d-----w- c:\program files\Driver Pro
2012-10-05 08:01:37 -------- d-----w- c:\users\jeffrey\appdata\local\MFAData
2012-10-05 08:01:37 -------- d-----w- c:\users\jeffrey\appdata\local\Avg2013
2012-10-05 01:06:05 -------- d-----w- c:\users\jeffrey\appdata\local\{1CED5A6E-EE23-4DA5-8AA3-921165446641}
2012-10-04 13:06:03 -------- d-----w- c:\users\jeffrey\appdata\local\{1FB2831E-A1C5-43B1-9F9E-E3576011EA7E}
2012-10-04 01:06:01 -------- d-----w- c:\users\jeffrey\appdata\local\{2D5A1707-6273-4F9D-9C9F-6F1B036EDE26}
2012-10-03 13:05:59 -------- d-----w- c:\users\jeffrey\appdata\local\{73E7D151-A1CD-40F2-98CB-AAA27F5F7428}
2012-10-02 20:11:44 -------- d-----w- c:\users\jeffrey\appdata\local\{8D8A1B52-3E29-45D4-B62A-2B773EE61ECF}
2012-10-02 08:11:27 -------- d-----w- c:\users\jeffrey\appdata\local\{5918AFE5-44C1-4EC7-BB73-8203111D413E}
2012-10-01 14:00:24 -------- d-----w- c:\users\jeffrey\appdata\local\{C9909AB7-B039-4591-A266-B41CC2925454}
2012-09-30 08:54:08 -------- d-----w- c:\program files\Uniblue
2012-09-30 08:37:04 -------- d-----w- c:\users\jeffrey\appdata\local\{D9E314EC-2AC7-44D9-A01D-4DDC3C76F694}
2012-09-29 20:37:03 -------- d-----w- c:\users\jeffrey\appdata\local\{60BB1B9F-6E70-4DD5-8CDD-82A9D8BD64CE}
2012-09-29 08:37:01 -------- d-----w- c:\users\jeffrey\appdata\local\{158EF389-349E-4C45-9D7B-A092892B3575}
2012-09-26 19:41:14 -------- d-----w- c:\users\jeffrey\appdata\local\{E11CE6F8-CBB3-481B-ABAE-B75E063541F0}
2012-09-26 17:16:19 -------- d-----w- c:\users\jeffrey\appdata\roaming\EurekaLog
2012-09-26 07:41:00 -------- d-----w- c:\users\jeffrey\appdata\local\{EF03708E-A8BA-4FF7-BB45-C5F8FFE449C3}
2012-09-25 19:40:59 -------- d-----w- c:\users\jeffrey\appdata\local\{E6C2C994-823D-4B72-9076-1E8C1AB34B39}
2012-09-25 07:40:45 -------- d-----w- c:\users\jeffrey\appdata\local\{8D1D42E0-1953-4C4C-BF48-D976F1507E85}
2012-09-24 14:45:14 -------- d-----w- c:\users\jeffrey\appdata\local\{8D1FEC0E-7123-435B-8258-A935BC63C34C}
2012-09-22 10:34:13 -------- d-----w- c:\users\jeffrey\appdata\local\{270BA5B0-F219-4513-930D-611BAEF0CAA3}
2012-09-19 07:26:06 -------- d-----w- c:\users\jeffrey\appdata\local\{4CA06D56-162B-4B0E-8042-4BE04A13117E}
2012-09-16 10:36:49 -------- d-----w- c:\users\jeffrey\appdata\local\{59B3D011-D02E-446F-8EFF-F0D6C1009021}
2012-09-14 20:18:22 -------- d-----w- c:\users\jeffrey\appdata\local\{291A9591-1546-464E-8C81-0ECF901C0B91}
2012-09-14 20:12:03 -------- d-----w- c:\programdata\Trymedia
.
==================== Find3M ====================
.
2012-10-09 18:14:16 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 18:14:16 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 15:42:31,90 ===============
MBAM:
Malwarebytes Anti-Malware (PRO) 1.65.0.1400
www.malwarebytes.org

Databaseversie: v2012.10.12.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Jeffrey :: PC_VAN_JEFFREY [administrator]

Realtime bescherming: Ingeschakeld

12-10-2012 15:43:09
mbam-log-2012-10-12 (15-43-09).txt

Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 200940
Verstreken tijd: 10 minuut/minuten, 21 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 4
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OptimizerProUpdater (Trojan.Dropper.H) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WxDFastUpdater (Trojan.Dropper.H) -> Succesvol in quarantaine geplaatst en verwijderd.

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 6
C:\ProgramData\ADDICT-THING\bhoclass.dll (PUP.DownloadnSave) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\OptimizerPro\ix_updater.exe (Trojan.Dropper.H) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\GboxUpdater\ix_updater.exe (Trojan.Dropper.H) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\WxDFastUpdater\ix_updater.exe (Trojan.Dropper.H) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Jeffrey\Downloads\installer_bittorrent.exe (PUP.Adbundler) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Jeffrey\Downloads\installer_free_youtube_to_mp3_converter.exe (PUP.Adbundler) -> Succesvol in quarantaine geplaatst en verwijderd.

(einde)
Thanks already!

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:13 AM

Posted 13 October 2012 - 07:37 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 brutus28

brutus28
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 13 October 2012 - 10:34 AM

Security chek:
Results of screen317's Security Check version 0.99.51
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
avast! Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware versie 1.65.0.1400
CCleaner
Java 7 Update 7
Adobe Flash Player 11.4.402.287
Adobe Reader X 10.1.2 Adobe Reader out of Date!
Mozilla Firefox (16.0.1)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast afwServ.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
ADW:
# AdwCleaner v2.004 - Verslag gemaakt op 13/10/2012 om 17:12:54
# Geactualiseerd op 06/10/2012 door Xplode
# Besturingssysteem : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Gebruiker : Jeffrey - PC_VAN_JEFFREY
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : C:\Users\Jeffrey\Desktop\adwcleaner.exe
# Optie [Verwijderen]


***** [Diensten] *****

Gestopt & Verwijdert : Web Assistant Updater

***** [Files / Mappen] *****

File Verwijdert : C:\user.js
File Verwijdert : C:\Users\Jeffrey\AppData\Local\Temp\Uninstall.exe
Map Verwijdert : C:\Program Files\Conduit
Map Verwijdert : C:\Program Files\DAEMON Tools Toolbar
Map Verwijdert : C:\Program Files\Web Assistant
Map Verwijdert : C:\Program Files\Yontoo
Map Verwijdert : C:\ProgramData\Ask
Map Verwijdert : C:\ProgramData\boost_interprocess
Map Verwijdert : C:\ProgramData\GboxUpdater
Map Verwijdert : C:\ProgramData\InstallMate
Map Verwijdert : C:\ProgramData\Premium
Map Verwijdert : C:\ProgramData\Tarma Installer
Map Verwijdert : C:\ProgramData\Trymedia
Map Verwijdert : C:\Users\Jeffrey\AppData\Local\Conduit
Map Verwijdert : C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb
Map Verwijdert : C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Map Verwijdert : C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn
Map Verwijdert : C:\Users\Jeffrey\AppData\LocalLow\bbrs_002.tb
Map Verwijdert : C:\Users\Jeffrey\AppData\LocalLow\Conduit
Map Verwijdert : C:\Users\Jeffrey\AppData\LocalLow\PriceGong
Map Verwijdert : C:\Users\Jeffrey\AppData\LocalLow\Softonic
Map Verwijdert : C:\Users\Jeffrey\AppData\Roaming\BrowserCompanion
Map Verwijdert : C:\Users\Jeffrey\AppData\Roaming\Mozilla\Firefox\Profiles\5u1n6dlb.default\CT2832595
Map Verwijdert : C:\Users\Jeffrey\AppData\Roaming\Mozilla\Firefox\Profiles\5u1n6dlb.default\extensions\{942cd1d4-9cc1-4d31-876a-ea8f489f7a59}
Map Verwijdert : C:\Users\Jeffrey\AppData\Roaming\Mozilla\Firefox\Profiles\5u1n6dlb.default\Smartbar
Map Verwijdert : C:\Users\Jeffrey\AppData\Roaming\OpenCandy

***** [Register] *****

Data Verwijdert : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\IMESHA~1\Mediabar\Datamngr\datamngr.dll C:\PROGRA~1\IMESHA~1\Mediabar\Datamngr\IEBHO.dll c:\progra~1\sprote~1\sprote~1.dll
Sleutel Verwijdert : HKCU\Software\APN DTX
Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\Conduit
Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\Crossrider
Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\PriceGong
Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\SmartBar
Sleutel Verwijdert : HKCU\Software\Conduit
Sleutel Verwijdert : HKCU\Software\DataMngr
Sleutel Verwijdert : HKCU\Software\DataMngr_Toolbar
Sleutel Verwijdert : HKCU\Software\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb
Sleutel Verwijdert : HKCU\Software\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn
Sleutel Verwijdert : HKCU\Software\IGearSettings
Sleutel Verwijdert : HKCU\Software\IM
Sleutel Verwijdert : HKCU\Software\ImInstaller
Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}
Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BrowserCompanion
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Sleutel Verwijdert : HKCU\Software\Softonic
Sleutel Verwijdert : HKLM\Software\BrowserCompanion
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{2656B92B-0207-4afb-BEBF-F5FD231ECD39}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{59570C1F-B692-48c9-91B4-7809E6945287}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{63A0F7FA-2C95-4d7e-AF25-EFCC303D20A1}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{6559E502-6EE1-46b8-A83C-F3A45BDA23EE}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{C63CA8A4-AB4E-49e5-A6C0-33FC86D80205}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{C6A7847E-8931-4a9a-B4EF-72A91E3CCF4D}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{DD0F1D24-E250-4e93-966C-65615720AEFB}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{EC1277BB-1C71-4c0d-BA6D-BFEA16E773A6}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar.CT2849859
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar.CT2865317
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar.CT3208938
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Sleutel Verwijdert : HKLM\Software\Conduit
Sleutel Verwijdert : HKLM\Software\DataMngr
Sleutel Verwijdert : HKLM\SOFTWARE\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb
Sleutel Verwijdert : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Sleutel Verwijdert : HKLM\SOFTWARE\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Sleutel Verwijdert : HKLM\SOFTWARE\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn
Sleutel Verwijdert : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Sleutel Verwijdert : HKLM\Software\Iminent
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Sleutel Verwijdert : HKLM\Software\Tarma Installer
Sleutel Verwijdert : HKLM\Software\Web Assistant
Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Waarde Verwijdert : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Vervangen : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.gboxapp.com/ --> hxxp://www.google.com
Vervangen : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.imesh.net --> hxxp://www.google.com
Vervangen : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.softonic.com/MON00086/tb_v1?SearchSource=15&cc= --> hxxp://www.google.com

-\\ Mozilla Firefox v16.0.1 (nl)

Profielnaam : default
File : C:\Users\Jeffrey\AppData\Roaming\Mozilla\Firefox\Profiles\5u1n6dlb.default\prefs.js

Verwijdert : user_pref("CT2832595.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Verwijdert : user_pref("CT2832595.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Verwijdert : user_pref("CT2832595.FirstTime", "true");
Verwijdert : user_pref("CT2832595.FirstTimeFF3", "true");
Verwijdert : user_pref("CT2832595.UserID", "UN93704453838604059");
Verwijdert : user_pref("CT2832595.activeToolbar", "c3RhZW1tZQ==");
Verwijdert : user_pref("CT2832595.addressBarTakeOverEnabledInHidden", "true");
Verwijdert : user_pref("CT2832595.embeddedsData", "[{\"appId\":\"129333561190981396\",\"apiPermissions\":{\"cross[...]
Verwijdert : user_pref("CT2832595.enableAlerts", "never");
Verwijdert : user_pref("CT2832595.firstTimeDialogOpened", "true");
Verwijdert : user_pref("CT2832595.fixPageNotFoundErrorInHidden", "true");
Verwijdert : user_pref("CT2832595.fixUrls", true);
Verwijdert : user_pref("CT2832595.hxxp___toolbar_innogames_de_toolbars_staemme.APP_WIN_FEATURES", "cmVzaXphYmxlPW[...]
Verwijdert : user_pref("CT2832595.installType", "DirectDownload");
Verwijdert : user_pref("CT2832595.isCheckedStartAsHidden", true);
Verwijdert : user_pref("CT2832595.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Verwijdert : user_pref("CT2832595.isFirstTimeToolbarLoading", "false");
Verwijdert : user_pref("CT2832595.isNewTabEnabled", false);
Verwijdert : user_pref("CT2832595.isPerformedSmartBarTransition", "true");
Verwijdert : user_pref("CT2832595.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Verwijdert : user_pref("CT2832595.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Verwijdert : user_pref("CT2832595.migrateAppsAndComponents", true);
Verwijdert : user_pref("CT2832595.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"[...]
Verwijdert : user_pref("CT2832595.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Verwijdert : user_pref("CT2832595.search.searchAppId", "129333561190981396");
Verwijdert : user_pref("CT2832595.search.searchCount", "0");
Verwijdert : user_pref("CT2832595.searchInNewTabEnabled", "false");
Verwijdert : user_pref("CT2832595.searchInNewTabEnabledInHidden", "true");
Verwijdert : user_pref("CT2832595.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Verwijdert : user_pref("CT2832595.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Verwijdert : user_pref("CT2832595.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Verwijdert : user_pref("CT2832595.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Verwijdert : user_pref("CT2832595.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Verwijdert : user_pref("CT2832595.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Verwijdert : user_pref("CT2832595.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Verwijdert : user_pref("CT2832595.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1350067157394");
Verwijdert : user_pref("CT2832595.serviceLayer_services_appsMetadata_lastUpdate", "1350067157274");
Verwijdert : user_pref("CT2832595.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1350067157785");
Verwijdert : user_pref("CT2832595.serviceLayer_services_login_10.13.1.89_lastUpdate", "1350138904856");
Verwijdert : user_pref("CT2832595.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1350067157852");
Verwijdert : user_pref("CT2832595.serviceLayer_services_searchAPI_lastUpdate", "1350067156715");
Verwijdert : user_pref("CT2832595.serviceLayer_services_serviceMap_lastUpdate", "1350077156536");
Verwijdert : user_pref("CT2832595.serviceLayer_services_toolbarContextMenu_lastUpdate", "1350067157681");
Verwijdert : user_pref("CT2832595.serviceLayer_services_toolbarSettings_lastUpdate", "1350138904702");
Verwijdert : user_pref("CT2832595.serviceLayer_services_translation_lastUpdate", "1350077156598");
Verwijdert : user_pref("CT2832595.settingsINI", true);
Verwijdert : user_pref("CT2832595.smartbar.CTID", "CT2832595");
Verwijdert : user_pref("CT2832595.smartbar.Uninstall", "0");
Verwijdert : user_pref("CT2832595.smartbar.toolbarName", "InnoGames International ");
Verwijdert : user_pref("CT2832595.staemme_token_nl", "YjlkNWU2NzBhZDNmZjZhMDgzMDVmYTFhYmUzNWM1ZjQzMWQzZDBkZA==");
Verwijdert : user_pref("CT2832595.staemme_username_nl", "WkhWMFkyZ2dZMjl0Y0dGdWVTQWdJQ0FnSUNBZ0lDQWdJQ0FnSUE9PQ==[...]
Verwijdert : user_pref("CT2832595.toolbarBornServerTime", "12-10-2012");
Verwijdert : user_pref("CT2832595.toolbarCurrentServerTime", "13-10-2012");
Verwijdert : user_pref("CT2832595.toolbarUrl", "aHR0cDovL3Rvb2xiYXIuaW5ub2dhbWVzLmRlL3Rvb2xiYXJzL3N0YWVtbWUvdG9vb[...]
Verwijdert : user_pref("CT2832595.toolbar_market", "bmw=");
Verwijdert : user_pref("CT2832595_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Verwijdert : user_pref("browser.search.defaulturl", "hxxp://search.gboxapp.com/?q=");
Verwijdert : user_pref("keyword.URL", "hxxp://search.gboxapp.com/?q=");

-\\ Google Chrome v [Onmogelijk de versie te verkrijgen]

File : C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Preferences

Verwijdert [l.8] : homepage = "hxxp://search.imesh.net",
Verwijdert [l.12] : urls_to_restore_on_startup = [ "hxxp://search.imesh.net" ]
Verwijdert [l.1447] : homepage = "hxxp://search.imesh.net",
Verwijdert [l.1645] : urls_to_restore_on_startup = [ "hxxp://search.imesh.net" ]

*************************

AdwCleaner[R1].txt - [21956 octets] - [13/10/2012 17:11:54]
AdwCleaner[S1].txt - [21523 octets] - [13/10/2012 17:12:54]

########## EOF - C:\AdwCleaner[S1].txt - [21584 octets] ##########
Rogue:
RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Jeffrey [Admin rights]
Mode : Remove -- Date : 10/13/2012 17:32:26

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[TASK][SUSP PATH] WxDFastUpdaterRefreshTask.job : C:\ProgramData\WxDFastUpdater\ix_updater.exe -> DELETED
[TASK][SUSP PATH] WxDFastUpdaterLogonTask.job : C:\ProgramData\WxDFastUpdater\ix_updater.exe -> DELETED
[TASK][SUSP PATH] OptimizerProUpdaterRefreshTask.job : C:\ProgramData\OptimizerPro\ix_updater.exe -> DELETED
[TASK][SUSP PATH] OptimizerProUpdaterLogonTask.job : C:\ProgramData\OptimizerPro\ix_updater.exe -> DELETED
[STARTUP][SUSP PATH] tcbhn.lnk @Jeffrey : C:\Users\Jeffrey\AppData\Roaming\BrowserCompanion\tcbhn.exe -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK3252GSX +++++
--- User ---
[MBR] 4dd57599cbb0ca547553c52af76f9c23
[BSP] 6d3776ff02bb8a40e1ad39489891725e : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 154273 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 319025152 | Size: 149471 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

Are this files correct?

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:13 AM

Posted 13 October 2012 - 12:33 PM

Hello

yes those arer correct and you are doing very well

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 brutus28

brutus28
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 13 October 2012 - 01:26 PM

I lost the log of ComboFIX, where can I find it?

The computer works much beter now.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:13 AM

Posted 13 October 2012 - 02:54 PM

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\ComboFix.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 brutus28

brutus28
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 14 October 2012 - 05:27 AM

Thanks Gringo,

ComboFix 12-10-12.01 - Jeffrey 13-10-2012 19:43:24.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2936.1445 [GMT 2:00]
Gestart vanuit: c:\users\Jeffrey\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Vid-Saver
c:\program files\Vid-Saver\Vid-SaverInstaller.log
c:\users\Jeffrey\AppData\Local\Vid-Saver
c:\users\Jeffrey\AppData\Local\Vid-Saver\Chrome\Vid-Saver.crx
c:\users\Public\sdelevURL.tmp
c:\windows\system32\pt
c:\windows\system32\pt\smartfacevcp.dll.mui
c:\windows\system32\pt\toscdspd.cpl.mui
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-09-13 to 2012-10-13 ))))))))))))))))))))))))))))))
.
.
2012-10-13 17:51 . 2012-10-13 17:51 -------- d-----w- c:\users\Jeffrey\AppData\Local\temp
2012-10-13 17:51 . 2012-10-13 17:51 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-10-13 17:51 . 2012-10-13 17:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-13 00:12 . 2012-09-18 22:59 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C0359205-803D-4B63-9C1D-3ECFE3430541}\mpengine.dll
2012-10-12 22:03 . 2012-10-13 16:32 -------- d-----w- c:\program files\theHunter
2012-10-12 18:50 . 2012-10-12 18:50 -------- d-----w- c:\program files\Common Files\Adobe
2012-10-12 17:46 . 2012-10-12 17:46 -------- d-----w- c:\program files\Windows Live SkyDrive
2012-10-12 14:33 . 2012-10-12 14:33 -------- d-----w- C:\Malwarebytes
2012-10-12 14:28 . 2012-10-12 14:28 -------- d-----w- c:\users\Jeffrey\AppData\Roaming\QFX Software
2012-10-12 14:28 . 2012-10-12 14:28 -------- d-----w- c:\programdata\QFX Software
2012-10-12 14:27 . 2012-10-12 14:27 -------- d-----w- c:\program files\KeyScrambler
2012-10-12 14:27 . 2011-12-15 00:41 173880 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2012-10-12 14:17 . 2012-10-12 14:16 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-12 14:16 . 2012-10-12 14:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-12 13:35 . 2012-10-12 13:35 -------- d-----w- c:\users\Jeffrey\AppData\Roaming\Malwarebytes
2012-10-12 13:35 . 2012-10-12 13:35 -------- d-----w- c:\programdata\Malwarebytes
2012-10-12 13:35 . 2012-10-12 13:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-12 13:35 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-12 13:24 . 2012-10-12 13:24 -------- d-----w- c:\program files\CCleaner
2012-10-12 12:28 . 2012-08-21 09:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-12 12:28 . 2012-08-21 09:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-12 12:28 . 2012-08-21 09:13 113776 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-10-12 12:26 . 2012-08-21 09:13 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-12 12:26 . 2012-08-21 09:13 202928 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-10-12 12:26 . 2012-08-21 09:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-12 12:26 . 2012-08-21 09:13 18544 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-10-12 12:26 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-12 12:26 . 2012-08-21 09:13 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-12 12:25 . 2012-07-13 10:47 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-10-12 12:25 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-10-12 12:25 . 2012-08-21 09:12 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-12 12:25 . 2012-10-12 12:25 -------- d-----w- c:\programdata\AVAST Software
2012-10-12 12:25 . 2012-10-12 12:25 -------- d-----w- c:\program files\AVAST Software
2012-10-10 10:52 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 10:52 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 10:52 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 10:52 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 10:52 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 10:52 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-10 10:52 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-06 18:25 . 2012-10-06 18:25 -------- d-----w- c:\users\Jeffrey\AppData\Roaming\MusicNet
2012-10-06 18:25 . 2012-10-08 17:12 -------- d-----w- c:\users\Jeffrey\AppData\Local\iMesh
2012-10-06 18:24 . 2012-10-06 18:25 -------- d-----w- c:\program files\iMesh Applications
2012-10-06 18:24 . 2012-10-06 18:24 -------- d-----w- c:\programdata\iMesh
2012-10-06 18:23 . 2012-10-06 18:25 -------- dc-h--w- c:\programdata\{3002E08A-4925-4821-8D06-D5FC4EBFF034}
2012-10-05 08:02 . 2012-10-05 08:07 -------- d-----w- c:\users\Jeffrey\AppData\Roaming\Driver Pro
2012-10-05 08:02 . 2012-10-05 08:02 -------- d-----w- c:\program files\Driver Pro
2012-10-05 08:01 . 2012-10-05 08:01 -------- d-----w- c:\users\Jeffrey\AppData\Local\MFAData
2012-10-05 08:01 . 2012-10-05 08:01 -------- d-----w- c:\users\Jeffrey\AppData\Local\Avg2013
2012-09-30 08:54 . 2012-09-30 08:54 -------- d-----w- c:\program files\Uniblue
2012-09-26 17:16 . 2012-09-26 17:16 -------- d-----w- c:\users\Jeffrey\AppData\Roaming\EurekaLog
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-12 14:16 . 2010-06-07 16:25 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-09 18:14 . 2012-05-22 11:15 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 18:14 . 2011-12-14 08:29 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-11 01:05 . 2012-10-12 13:49 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bff6b2ca-366c-4a90-b685-d87776deb0d2}]
2012-09-06 21:11 89288 ----a-w- c:\progra~1\IMESHA~1\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bff6b2ca-366c-4a90-b685-d87776deb0d2}"= "c:\progra~1\IMESHA~1\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll" [2012-09-06 89288]
.
[HKEY_CLASSES_ROOT\clsid\{bff6b2ca-366c-4a90-b685-d87776deb0d2}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Spotify"="c:\users\Jeffrey\AppData\Roaming\Spotify\Spotify.exe" [2012-09-14 5576408]
"Spotify Web Helper"="c:\users\Jeffrey\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-09-14 1193176]
"Driver Pro"="c:\program files\Driver Pro\DPLauncher.exe" [2012-06-14 451888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-04-26 716800]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-29 1029416]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Powersuite Monitor"="c:\program files\Uniblue\Powersuite\powersuite_monitor.exe" [2012-07-30 323936]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-4-14 2979144]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer8"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Jeffrey^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk]
path=c:\users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk
backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-05-28 11:40 20480 ----a-w- c:\program files\Google\Google EULA\GoogleEULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 16:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
2007-10-31 20:01 54608 ----a-w- c:\program files\Toshiba\TBS\HSON.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-06-25 07:06 150040 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]
2007-09-28 14:03 75136 ----a-w- c:\program files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPN Assistent]
2011-12-06 13:45 34823496 ----a-w- c:\program files\KPN\KPN Assistent\KPN_Assistent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-06-25 07:06 145944 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2008-01-25 11:33 509816 ----a-w- c:\program files\Toshiba\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
2008-01-11 02:07 574864 ----a-w- c:\program files\Toshiba\Registration\ToshibaRegistration.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba TEMPO]
2008-04-24 08:22 103824 ----a-w- c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2008-01-17 14:27 431456 ----a-w- c:\program files\Toshiba\Power Saver\TPwrMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" /MINIMIZED
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhoud van de 'Gedeelde Taken' map
.
2012-10-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-22 18:14]
.
2012-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-11 14:19]
.
2012-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-11 14:19]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Jeffrey\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.254
FF - ProfilePath - c:\users\Jeffrey\AppData\Roaming\Mozilla\Firefox\Profiles\5u1n6dlb.default\
FF - prefs.js: browser.search.selectedEngine - InnoGames International Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2832595&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2832595&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS VERWIJDERD - - - -
.
URLSearchHooks-{ecce0073-a837-45a2-95b9-600420505f7e} - (no file)
URLSearchHooks-{2d8d9acc-f6d7-4362-8876-a275ca929591} - (no file)
URLSearchHooks-{87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
Toolbar-10 - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
MSConfigStartUp-cfFncEnabler - cfFncEnabler.exe
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\DTLite.exe
MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-NDSTray - NDSTray.exe
MSConfigStartUp-TOSCDSPD - TOSCDSPD.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-13 19:51
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Voltooingstijd: 2012-10-13 19:52:58
ComboFix-quarantined-files.txt 2012-10-13 17:52
.
Pre-Run: 95.379.099.648 bytes beschikbaar
Post-Run: 95.616.126.976 bytes beschikbaar
.
- - End Of File - - 2CF2F66A000DEE3C428608DA11F34726

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:13 AM

Posted 14 October 2012 - 06:14 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 brutus28

brutus28
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 14 October 2012 - 09:17 AM

TDSSKiller:
16:09:48.0842 5936 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
16:09:49.0201 5936 ============================================================
16:09:49.0201 5936 Current date / time: 2012/10/14 16:09:49.0201
16:09:49.0201 5936 SystemInfo:
16:09:49.0201 5936
16:09:49.0201 5936 OS Version: 6.0.6002 ServicePack: 2.0
16:09:49.0201 5936 Product type: Workstation
16:09:49.0201 5936 ComputerName: PC_VAN_JEFFREY
16:09:49.0201 5936 UserName: Jeffrey
16:09:49.0201 5936 Windows directory: C:\Windows
16:09:49.0201 5936 System windows directory: C:\Windows
16:09:49.0201 5936 Processor architecture: Intel x86
16:09:49.0201 5936 Number of processors: 2
16:09:49.0201 5936 Page size: 0x1000
16:09:49.0201 5936 Boot type: Normal boot
16:09:49.0201 5936 ============================================================
16:09:49.0669 5936 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:09:49.0669 5936 ============================================================
16:09:49.0669 5936 \Device\Harddisk0\DR0:
16:09:49.0669 5936 MBR partitions:
16:09:49.0669 5936 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x12D50800
16:09:49.0669 5936 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1303F000, BlocksNum 0x123EF800
16:09:49.0669 5936 ============================================================
16:09:49.0700 5936 C: <-> \Device\Harddisk0\DR0\Partition1
16:09:49.0732 5936 E: <-> \Device\Harddisk0\DR0\Partition2
16:09:49.0732 5936 ============================================================
16:09:49.0732 5936 Initialize success
16:09:49.0732 5936 ============================================================
16:09:58.0296 4880 ============================================================
16:09:58.0296 4880 Scan started
16:09:58.0296 4880 Mode: Manual;
16:09:58.0296 4880 ============================================================
16:09:58.0530 4880 ================ Scan system memory ========================
16:09:58.0530 4880 System memory - ok
16:09:58.0530 4880 ================ Scan services =============================
16:09:58.0810 4880 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
16:09:58.0810 4880 ACPI - ok
16:09:58.0951 4880 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:09:58.0951 4880 AdobeARMservice - ok
16:09:59.0060 4880 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:09:59.0076 4880 AdobeFlashPlayerUpdateSvc - ok
16:09:59.0154 4880 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:09:59.0154 4880 adp94xx - ok
16:09:59.0200 4880 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:09:59.0200 4880 adpahci - ok
16:09:59.0232 4880 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
16:09:59.0247 4880 adpu160m - ok
16:09:59.0278 4880 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:09:59.0278 4880 adpu320 - ok
16:09:59.0341 4880 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:09:59.0341 4880 AeLookupSvc - ok
16:09:59.0403 4880 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
16:09:59.0403 4880 AFD - ok
16:09:59.0450 4880 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:09:59.0450 4880 agp440 - ok
16:09:59.0497 4880 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
16:09:59.0497 4880 aic78xx - ok
16:09:59.0512 4880 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
16:09:59.0512 4880 ALG - ok
16:09:59.0544 4880 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
16:09:59.0544 4880 aliide - ok
16:09:59.0575 4880 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
16:09:59.0575 4880 amdagp - ok
16:09:59.0590 4880 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
16:09:59.0590 4880 amdide - ok
16:09:59.0622 4880 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
16:09:59.0622 4880 AmdK7 - ok
16:09:59.0653 4880 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:09:59.0653 4880 AmdK8 - ok
16:09:59.0715 4880 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
16:09:59.0715 4880 Appinfo - ok
16:09:59.0762 4880 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
16:09:59.0762 4880 arc - ok
16:09:59.0824 4880 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:09:59.0824 4880 arcsas - ok
16:09:59.0871 4880 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
16:09:59.0871 4880 aswFsBlk - ok
16:09:59.0934 4880 [ 09678587C5C70F91720631EF048B4744 ] aswFW C:\Windows\system32\drivers\aswFW.sys
16:09:59.0934 4880 aswFW - ok
16:10:00.0012 4880 [ 31E0D16EB06D09A248AFF20C76F9091B ] aswKbd C:\Windows\system32\drivers\aswKbd.sys
16:10:00.0012 4880 aswKbd - ok
16:10:00.0058 4880 [ F76E51561562AC4105DBBE53FC99BC10 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
16:10:00.0058 4880 aswMonFlt - ok
16:10:00.0136 4880 [ 7B948E3657BEA62E437BC46CA6EF6012 ] aswNdis C:\Windows\system32\DRIVERS\aswNdis.sys
16:10:00.0136 4880 aswNdis - ok
16:10:00.0168 4880 [ C6E5E1E0FB3827B2359F4D394ECAA070 ] aswNdis2 C:\Windows\system32\drivers\aswNdis2.sys
16:10:00.0183 4880 aswNdis2 - ok
16:10:00.0214 4880 [ B7D5E4486BA658ED08624D8084ABB830 ] AswRdr C:\Windows\system32\drivers\AswRdr.sys
16:10:00.0214 4880 AswRdr - ok
16:10:00.0261 4880 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
16:10:00.0261 4880 aswSnx - ok
16:10:00.0308 4880 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\Windows\system32\drivers\aswSP.sys
16:10:00.0308 4880 aswSP - ok
16:10:00.0339 4880 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
16:10:00.0339 4880 aswTdi - ok
16:10:00.0386 4880 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:10:00.0386 4880 AsyncMac - ok
16:10:00.0433 4880 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
16:10:00.0433 4880 atapi - ok
16:10:00.0526 4880 [ 40767B965A8D575D794F1F95E2E017E9 ] atashost C:\Windows\system32\atashost.exe
16:10:00.0526 4880 atashost - ok
16:10:00.0573 4880 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:10:00.0573 4880 AudioEndpointBuilder - ok
16:10:00.0589 4880 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:10:00.0589 4880 Audiosrv - ok
16:10:00.0698 4880 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:10:00.0698 4880 avast! Antivirus - ok
16:10:00.0729 4880 [ DD4C61CB3CDBC8B0A7D2107C6944DC71 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
16:10:00.0729 4880 avast! Firewall - ok
16:10:00.0776 4880 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
16:10:00.0776 4880 Beep - ok
16:10:00.0823 4880 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
16:10:00.0823 4880 BFE - ok
16:10:00.0916 4880 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
16:10:00.0932 4880 BITS - ok
16:10:00.0948 4880 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
16:10:00.0948 4880 blbdrive - ok
16:10:00.0979 4880 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:10:00.0979 4880 bowser - ok
16:10:01.0026 4880 [ 7F223CA635D0BF98E29F13F85C9A9157 ] br3gmdm C:\Windows\system32\DRIVERS\br3gmdm.sys
16:10:01.0026 4880 br3gmdm - ok
16:10:01.0072 4880 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
16:10:01.0072 4880 BrFiltLo - ok
16:10:01.0088 4880 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
16:10:01.0088 4880 BrFiltUp - ok
16:10:01.0119 4880 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
16:10:01.0119 4880 Browser - ok
16:10:01.0150 4880 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
16:10:01.0150 4880 Brserid - ok
16:10:01.0150 4880 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
16:10:01.0166 4880 BrSerWdm - ok
16:10:01.0182 4880 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
16:10:01.0182 4880 BrUsbMdm - ok
16:10:01.0213 4880 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
16:10:01.0213 4880 BrUsbSer - ok
16:10:01.0244 4880 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:10:01.0244 4880 BTHMODEM - ok
16:10:01.0369 4880 catchme - ok
16:10:01.0369 4880 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:10:01.0369 4880 cdfs - ok
16:10:01.0431 4880 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:10:01.0431 4880 cdrom - ok
16:10:01.0462 4880 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
16:10:01.0478 4880 CertPropSvc - ok
16:10:01.0525 4880 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
16:10:01.0525 4880 circlass - ok
16:10:01.0572 4880 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
16:10:01.0587 4880 CLFS - ok
16:10:01.0634 4880 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:10:01.0634 4880 clr_optimization_v2.0.50727_32 - ok
16:10:01.0743 4880 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:10:01.0743 4880 clr_optimization_v4.0.30319_32 - ok
16:10:01.0806 4880 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:10:01.0806 4880 CmBatt - ok
16:10:01.0837 4880 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:10:01.0837 4880 cmdide - ok
16:10:01.0852 4880 [ B6E7991E3D6146C04C85CD31AF22A381 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
16:10:01.0852 4880 CnxtHdAudService - ok
16:10:01.0884 4880 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:10:01.0884 4880 Compbatt - ok
16:10:01.0899 4880 COMSysApp - ok
16:10:01.0962 4880 [ D10D01B2DFCD8D2F32A32ED29E8DA1C2 ] ConfigFree Service C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
16:10:01.0962 4880 ConfigFree Service - ok
16:10:01.0977 4880 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:10:01.0977 4880 crcdisk - ok
16:10:02.0024 4880 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
16:10:02.0024 4880 Crusoe - ok
16:10:02.0071 4880 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:10:02.0071 4880 CryptSvc - ok
16:10:02.0164 4880 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:10:02.0180 4880 DcomLaunch - ok
16:10:02.0211 4880 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:10:02.0211 4880 DfsC - ok
16:10:02.0367 4880 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
16:10:02.0367 4880 DFSR - ok
16:10:02.0445 4880 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
16:10:02.0445 4880 Dhcp - ok
16:10:02.0492 4880 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
16:10:02.0492 4880 disk - ok
16:10:02.0539 4880 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:10:02.0539 4880 Dnscache - ok
16:10:02.0570 4880 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:10:02.0586 4880 dot3svc - ok
16:10:02.0632 4880 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
16:10:02.0632 4880 DPS - ok
16:10:02.0679 4880 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:10:02.0679 4880 drmkaud - ok
16:10:02.0757 4880 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:10:02.0757 4880 DXGKrnl - ok
16:10:02.0788 4880 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
16:10:02.0788 4880 E1G60 - ok
16:10:02.0820 4880 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
16:10:02.0820 4880 EapHost - ok
16:10:02.0898 4880 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
16:10:02.0898 4880 Ecache - ok
16:10:02.0976 4880 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:10:02.0976 4880 ehRecvr - ok
16:10:02.0991 4880 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
16:10:03.0007 4880 ehSched - ok
16:10:03.0022 4880 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
16:10:03.0022 4880 ehstart - ok
16:10:03.0085 4880 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:10:03.0100 4880 elxstor - ok
16:10:03.0147 4880 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
16:10:03.0163 4880 EMDMgmt - ok
16:10:03.0194 4880 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:10:03.0210 4880 ErrDev - ok
16:10:03.0241 4880 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
16:10:03.0256 4880 EventSystem - ok
16:10:03.0319 4880 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
16:10:03.0334 4880 exfat - ok
16:10:03.0366 4880 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:10:03.0366 4880 fastfat - ok
16:10:03.0412 4880 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:10:03.0412 4880 fdc - ok
16:10:03.0459 4880 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
16:10:03.0459 4880 fdPHost - ok
16:10:03.0490 4880 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
16:10:03.0506 4880 FDResPub - ok
16:10:03.0522 4880 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:10:03.0522 4880 FileInfo - ok
16:10:03.0537 4880 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:10:03.0553 4880 Filetrace - ok
16:10:03.0568 4880 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:10:03.0568 4880 flpydisk - ok
16:10:03.0615 4880 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:10:03.0631 4880 FltMgr - ok
16:10:03.0693 4880 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
16:10:03.0709 4880 FontCache - ok
16:10:03.0787 4880 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:10:03.0787 4880 FontCache3.0.0.0 - ok
16:10:03.0818 4880 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:10:03.0818 4880 Fs_Rec - ok
16:10:03.0865 4880 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:10:03.0865 4880 gagp30kx - ok
16:10:03.0912 4880 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
16:10:03.0927 4880 gpsvc - ok
16:10:04.0068 4880 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
16:10:04.0068 4880 gupdate - ok
16:10:04.0068 4880 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:10:04.0068 4880 gupdatem - ok
16:10:04.0130 4880 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:10:04.0130 4880 HdAudAddService - ok
16:10:04.0177 4880 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:10:04.0192 4880 HDAudBus - ok
16:10:04.0224 4880 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:10:04.0224 4880 HidBth - ok
16:10:04.0255 4880 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
16:10:04.0255 4880 HidIr - ok
16:10:04.0286 4880 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
16:10:04.0302 4880 hidserv - ok
16:10:04.0348 4880 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:10:04.0348 4880 HidUsb - ok
16:10:04.0380 4880 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:10:04.0380 4880 hkmsvc - ok
16:10:04.0442 4880 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
16:10:04.0442 4880 HpCISSs - ok
16:10:04.0504 4880 [ FADD7095163CB3CB4073793EBB50FE75 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
16:10:04.0520 4880 HSF_DPV - ok
16:10:04.0551 4880 [ 058783BEDD17615D1FECE09F77960436 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
16:10:04.0551 4880 HSXHWAZL - ok
16:10:04.0598 4880 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:10:04.0598 4880 HTTP - ok
16:10:04.0645 4880 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
16:10:04.0645 4880 i2omp - ok
16:10:04.0692 4880 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:10:04.0707 4880 i8042prt - ok
16:10:04.0770 4880 [ DB0CC620B27A928D968C1A1E9CD9CB87 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
16:10:04.0770 4880 iaStor - ok
16:10:04.0801 4880 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
16:10:04.0801 4880 iaStorV - ok
16:10:04.0879 4880 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:10:04.0879 4880 IDriverT - ok
16:10:04.0972 4880 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:10:04.0988 4880 idsvc - ok
16:10:05.0066 4880 [ 6FB1858D1F0923D122B0331865695041 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
16:10:05.0082 4880 igfx - ok
16:10:05.0097 4880 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:10:05.0113 4880 iirsp - ok
16:10:05.0160 4880 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
16:10:05.0160 4880 IKEEXT - ok
16:10:05.0238 4880 [ 45C0E97875F0C67B32B814749DF24B30 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
16:10:05.0238 4880 IntcHdmiAddService - ok
16:10:05.0253 4880 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
16:10:05.0253 4880 intelide - ok
16:10:05.0300 4880 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:10:05.0300 4880 intelppm - ok
16:10:05.0347 4880 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:10:05.0347 4880 IPBusEnum - ok
16:10:05.0394 4880 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:10:05.0409 4880 IpFilterDriver - ok
16:10:05.0440 4880 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:10:05.0440 4880 iphlpsvc - ok
16:10:05.0456 4880 IpInIp - ok
16:10:05.0487 4880 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
16:10:05.0487 4880 IPMIDRV - ok
16:10:05.0518 4880 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
16:10:05.0518 4880 IPNAT - ok
16:10:05.0534 4880 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:10:05.0534 4880 IRENUM - ok
16:10:05.0565 4880 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:10:05.0565 4880 isapnp - ok
16:10:05.0612 4880 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:10:05.0612 4880 iScsiPrt - ok
16:10:05.0628 4880 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
16:10:05.0643 4880 iteatapi - ok
16:10:05.0659 4880 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
16:10:05.0659 4880 iteraid - ok
16:10:05.0690 4880 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:10:05.0690 4880 kbdclass - ok
16:10:05.0706 4880 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
16:10:05.0706 4880 kbdhid - ok
16:10:05.0737 4880 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
16:10:05.0737 4880 KeyIso - ok
16:10:05.0815 4880 [ 1223A8B567FFDB4B8BB5F59E5F033FDB ] KeyScrambler C:\Windows\system32\drivers\keyscrambler.sys
16:10:05.0815 4880 KeyScrambler - ok
16:10:05.0862 4880 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:10:05.0877 4880 KSecDD - ok
16:10:05.0924 4880 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
16:10:05.0940 4880 KtmRm - ok
16:10:05.0986 4880 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
16:10:05.0986 4880 LanmanServer - ok
16:10:06.0033 4880 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:10:06.0033 4880 LanmanWorkstation - ok
16:10:06.0064 4880 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:10:06.0064 4880 lltdio - ok
16:10:06.0096 4880 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:10:06.0096 4880 lltdsvc - ok
16:10:06.0111 4880 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:10:06.0127 4880 lmhosts - ok
16:10:06.0142 4880 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:10:06.0142 4880 LSI_FC - ok
16:10:06.0158 4880 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:10:06.0158 4880 LSI_SAS - ok
16:10:06.0174 4880 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:10:06.0174 4880 LSI_SCSI - ok
16:10:06.0189 4880 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
16:10:06.0205 4880 luafv - ok
16:10:06.0236 4880 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
16:10:06.0236 4880 MBAMProtector - ok
16:10:06.0298 4880 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:10:06.0298 4880 MBAMScheduler - ok
16:10:06.0330 4880 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
16:10:06.0330 4880 MBAMService - ok
16:10:06.0376 4880 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:10:06.0376 4880 Mcx2Svc - ok
16:10:06.0423 4880 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:10:06.0439 4880 mdmxsdk - ok
16:10:06.0454 4880 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
16:10:06.0454 4880 megasas - ok
16:10:06.0501 4880 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
16:10:06.0501 4880 MegaSR - ok
16:10:06.0579 4880 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
16:10:06.0579 4880 Microsoft Office Groove Audit Service - ok
16:10:06.0642 4880 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
16:10:06.0642 4880 MMCSS - ok
16:10:06.0657 4880 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
16:10:06.0657 4880 Modem - ok
16:10:06.0704 4880 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:10:06.0704 4880 monitor - ok
16:10:06.0720 4880 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:10:06.0720 4880 mouclass - ok
16:10:06.0735 4880 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:10:06.0735 4880 mouhid - ok
16:10:06.0751 4880 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
16:10:06.0751 4880 MountMgr - ok
16:10:06.0798 4880 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:10:06.0798 4880 MozillaMaintenance - ok
16:10:06.0813 4880 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
16:10:06.0813 4880 mpio - ok
16:10:06.0844 4880 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:10:06.0844 4880 mpsdrv - ok
16:10:06.0876 4880 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
16:10:06.0891 4880 MpsSvc - ok
16:10:06.0938 4880 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
16:10:06.0938 4880 Mraid35x - ok
16:10:06.0969 4880 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:10:06.0969 4880 MRxDAV - ok
16:10:07.0016 4880 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:10:07.0016 4880 mrxsmb - ok
16:10:07.0047 4880 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:10:07.0078 4880 mrxsmb10 - ok
16:10:07.0094 4880 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:10:07.0094 4880 mrxsmb20 - ok
16:10:07.0125 4880 [ F70590424EEFBF5C27A40C67AFDB8383 ] msahci C:\Windows\system32\drivers\msahci.sys
16:10:07.0125 4880 msahci - ok
16:10:07.0141 4880 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:10:07.0141 4880 msdsm - ok
16:10:07.0172 4880 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
16:10:07.0172 4880 MSDTC - ok
16:10:07.0234 4880 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:10:07.0234 4880 Msfs - ok
16:10:07.0266 4880 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:10:07.0266 4880 msisadrv - ok
16:10:07.0312 4880 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:10:07.0312 4880 MSiSCSI - ok
16:10:07.0344 4880 msiserver - ok
16:10:07.0390 4880 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:10:07.0390 4880 MSKSSRV - ok
16:10:07.0406 4880 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:10:07.0406 4880 MSPCLOCK - ok
16:10:07.0437 4880 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:10:07.0437 4880 MSPQM - ok
16:10:07.0468 4880 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:10:07.0468 4880 MsRPC - ok
16:10:07.0515 4880 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:10:07.0515 4880 mssmbios - ok
16:10:07.0546 4880 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:10:07.0546 4880 MSTEE - ok
16:10:07.0593 4880 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
16:10:07.0593 4880 Mup - ok
16:10:07.0624 4880 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
16:10:07.0640 4880 napagent - ok
16:10:07.0671 4880 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:10:07.0671 4880 NativeWifiP - ok
16:10:07.0718 4880 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:10:07.0718 4880 NDIS - ok
16:10:07.0749 4880 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:10:07.0749 4880 NdisTapi - ok
16:10:07.0765 4880 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:10:07.0765 4880 Ndisuio - ok
16:10:07.0796 4880 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:10:07.0796 4880 NdisWan - ok
16:10:07.0812 4880 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:10:07.0812 4880 NDProxy - ok
16:10:07.0843 4880 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
16:10:07.0858 4880 Net Driver HPZ12 - ok
16:10:07.0858 4880 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:10:07.0874 4880 NetBIOS - ok
16:10:07.0905 4880 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
16:10:07.0905 4880 netbt - ok
16:10:07.0921 4880 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
16:10:07.0921 4880 Netlogon - ok
16:10:07.0952 4880 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
16:10:07.0952 4880 Netman - ok
16:10:07.0968 4880 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
16:10:07.0983 4880 netprofm - ok
16:10:08.0014 4880 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:10:08.0014 4880 NetTcpPortSharing - ok
16:10:08.0155 4880 [ 8DE67BD902095A13329FD82C85A1FA09 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
16:10:08.0233 4880 NETw5v32 - ok
16:10:08.0280 4880 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:10:08.0280 4880 nfrd960 - ok
16:10:08.0311 4880 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:10:08.0311 4880 NlaSvc - ok
16:10:08.0342 4880 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:10:08.0358 4880 Npfs - ok
16:10:08.0373 4880 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
16:10:08.0373 4880 nsi - ok
16:10:08.0373 4880 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:10:08.0373 4880 nsiproxy - ok
16:10:08.0451 4880 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:10:08.0467 4880 Ntfs - ok
16:10:08.0498 4880 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
16:10:08.0498 4880 ntrigdigi - ok
16:10:08.0514 4880 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
16:10:08.0514 4880 Null - ok
16:10:08.0545 4880 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:10:08.0560 4880 nvraid - ok
16:10:08.0576 4880 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:10:08.0576 4880 nvstor - ok
16:10:08.0607 4880 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:10:08.0607 4880 nv_agp - ok
16:10:08.0623 4880 NwlnkFlt - ok
16:10:08.0623 4880 NwlnkFwd - ok
16:10:08.0701 4880 [ D955D5DE998DB2476BF0892BE3A96C26 ] o2flash C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
16:10:08.0701 4880 o2flash - ok
16:10:08.0716 4880 [ 78575368974962042472F18B24D3CF28 ] O2MDRDR C:\Windows\system32\DRIVERS\o2media.sys
16:10:08.0716 4880 O2MDRDR - ok
16:10:08.0810 4880 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:10:08.0826 4880 odserv - ok
16:10:08.0888 4880 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
16:10:08.0888 4880 ohci1394 - ok
16:10:08.0935 4880 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:10:08.0950 4880 ose - ok
16:10:08.0982 4880 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
16:10:08.0997 4880 p2pimsvc - ok
16:10:09.0013 4880 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
16:10:09.0013 4880 p2psvc - ok
16:10:09.0044 4880 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
16:10:09.0044 4880 Parport - ok
16:10:09.0075 4880 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:10:09.0091 4880 partmgr - ok
16:10:09.0106 4880 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
16:10:09.0106 4880 Parvdm - ok
16:10:09.0138 4880 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
16:10:09.0153 4880 PcaSvc - ok
16:10:09.0169 4880 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
16:10:09.0169 4880 pci - ok
16:10:09.0184 4880 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\DRIVERS\pciide.sys
16:10:09.0184 4880 pciide - ok
16:10:09.0216 4880 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:10:09.0216 4880 pcmcia - ok
16:10:09.0278 4880 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:10:09.0294 4880 PEAUTH - ok
16:10:09.0356 4880 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
16:10:09.0387 4880 pla - ok
16:10:09.0418 4880 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:10:09.0434 4880 PlugPlay - ok
16:10:09.0481 4880 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
16:10:09.0481 4880 Pml Driver HPZ12 - ok
16:10:09.0512 4880 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
16:10:09.0528 4880 PNRPAutoReg - ok
16:10:09.0543 4880 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
16:10:09.0543 4880 PNRPsvc - ok
16:10:09.0574 4880 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:10:09.0574 4880 PolicyAgent - ok
16:10:09.0606 4880 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:10:09.0606 4880 PptpMiniport - ok
16:10:09.0637 4880 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
16:10:09.0637 4880 Processor - ok
16:10:09.0684 4880 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
16:10:09.0684 4880 ProfSvc - ok
16:10:09.0699 4880 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
16:10:09.0715 4880 ProtectedStorage - ok
16:10:09.0746 4880 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
16:10:09.0746 4880 PSched - ok
16:10:09.0762 4880 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
16:10:09.0762 4880 PxHelp20 - ok
16:10:09.0808 4880 [ 674EBA70A52C02696E503B0A57AE6372 ] QIOMem C:\Windows\system32\DRIVERS\QIOMem.sys
16:10:09.0808 4880 QIOMem - ok
16:10:09.0871 4880 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:10:09.0886 4880 ql2300 - ok
16:10:09.0918 4880 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:10:09.0918 4880 ql40xx - ok
16:10:09.0964 4880 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
16:10:09.0964 4880 QWAVE - ok
16:10:09.0996 4880 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:10:09.0996 4880 QWAVEdrv - ok
16:10:10.0011 4880 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:10:10.0011 4880 RasAcd - ok
16:10:10.0027 4880 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
16:10:10.0027 4880 RasAuto - ok
16:10:10.0074 4880 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:10:10.0074 4880 Rasl2tp - ok
16:10:10.0105 4880 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
16:10:10.0120 4880 RasMan - ok
16:10:10.0152 4880 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:10:10.0167 4880 RasPppoe - ok
16:10:10.0183 4880 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:10:10.0183 4880 RasSstp - ok
16:10:10.0230 4880 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:10:10.0230 4880 rdbss - ok
16:10:10.0245 4880 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:10:10.0245 4880 RDPCDD - ok
16:10:10.0292 4880 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
16:10:10.0292 4880 rdpdr - ok
16:10:10.0292 4880 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:10:10.0292 4880 RDPENCDD - ok
16:10:10.0339 4880 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:10:10.0354 4880 RDPWD - ok
16:10:10.0432 4880 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:10:10.0432 4880 RemoteAccess - ok
16:10:10.0464 4880 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:10:10.0464 4880 RemoteRegistry - ok
16:10:10.0495 4880 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
16:10:10.0495 4880 RpcLocator - ok
16:10:10.0526 4880 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
16:10:10.0526 4880 RpcSs - ok
16:10:10.0573 4880 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:10:10.0573 4880 rspndr - ok
16:10:10.0588 4880 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
16:10:10.0588 4880 SamSs - ok
16:10:10.0604 4880 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:10:10.0604 4880 sbp2port - ok
16:10:10.0651 4880 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:10:10.0651 4880 SCardSvr - ok
16:10:10.0682 4880 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
16:10:10.0698 4880 Schedule - ok
16:10:10.0729 4880 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
16:10:10.0729 4880 SCPolicySvc - ok
16:10:10.0776 4880 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
16:10:10.0791 4880 sdbus - ok
16:10:10.0822 4880 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:10:10.0838 4880 SDRSVC - ok
16:10:10.0916 4880 [ 16A252022535B680046F6E34E136D378 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
16:10:10.0916 4880 SeaPort - ok
16:10:10.0963 4880 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:10:10.0963 4880 secdrv - ok
16:10:10.0978 4880 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
16:10:10.0978 4880 seclogon - ok
16:10:11.0010 4880 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
16:10:11.0010 4880 SENS - ok
16:10:11.0025 4880 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
16:10:11.0025 4880 Serenum - ok
16:10:11.0041 4880 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
16:10:11.0041 4880 Serial - ok
16:10:11.0072 4880 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:10:11.0072 4880 sermouse - ok
16:10:11.0119 4880 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
16:10:11.0134 4880 SessionEnv - ok
16:10:11.0150 4880 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
16:10:11.0150 4880 sffdisk - ok
16:10:11.0181 4880 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:10:11.0181 4880 sffp_mmc - ok
16:10:11.0212 4880 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
16:10:11.0212 4880 sffp_sd - ok
16:10:11.0228 4880 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:10:11.0228 4880 sfloppy - ok
16:10:11.0275 4880 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:10:11.0290 4880 SharedAccess - ok
16:10:11.0322 4880 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:10:11.0337 4880 ShellHWDetection - ok
16:10:11.0368 4880 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:10:11.0368 4880 sisagp - ok
16:10:11.0415 4880 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
16:10:11.0415 4880 SiSRaid2 - ok
16:10:11.0431 4880 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:10:11.0431 4880 SiSRaid4 - ok
16:10:11.0556 4880 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
16:10:11.0618 4880 slsvc - ok
16:10:11.0649 4880 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
16:10:11.0649 4880 SLUINotify - ok
16:10:11.0712 4880 [ 3566310DF25EA5C3B2E9F50F5B50EAC1 ] SmartFaceVWatchSrv C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
16:10:11.0712 4880 SmartFaceVWatchSrv - ok
16:10:11.0743 4880 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:10:11.0743 4880 Smb - ok
16:10:11.0774 4880 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:10:11.0790 4880 SNMPTRAP - ok
16:10:11.0821 4880 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
16:10:11.0821 4880 spldr - ok
16:10:11.0868 4880 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
16:10:11.0868 4880 Spooler - ok
16:10:11.0930 4880 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\Windows\system32\Drivers\sptd.sys
16:10:11.0930 4880 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
16:10:11.0930 4880 sptd ( LockedFile.Multi.Generic ) - warning
16:10:11.0930 4880 sptd - detected LockedFile.Multi.Generic (1)
16:10:11.0977 4880 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:10:11.0977 4880 srv - ok
16:10:12.0008 4880 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:10:12.0024 4880 srv2 - ok
16:10:12.0039 4880 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:10:12.0039 4880 srvnet - ok
16:10:12.0070 4880 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:10:12.0070 4880 SSDPSRV - ok
16:10:12.0117 4880 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:10:12.0117 4880 SstpSvc - ok
16:10:12.0148 4880 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
16:10:12.0148 4880 StillCam - ok
16:10:12.0195 4880 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
16:10:12.0211 4880 stisvc - ok
16:10:12.0226 4880 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:10:12.0226 4880 swenum - ok
16:10:12.0273 4880 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
16:10:12.0289 4880 swprv - ok
16:10:12.0320 4880 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
16:10:12.0320 4880 Symc8xx - ok
16:10:12.0351 4880 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
16:10:12.0351 4880 Sym_hi - ok
16:10:12.0382 4880 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
16:10:12.0382 4880 Sym_u3 - ok
16:10:12.0445 4880 [ 91AC243740CA09A907E7CBD2DA274C96 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
16:10:12.0445 4880 SynTP - ok
16:10:12.0507 4880 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
16:10:12.0507 4880 SysMain - ok
16:10:12.0554 4880 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:10:12.0570 4880 TabletInputService - ok
16:10:12.0616 4880 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:10:12.0616 4880 TapiSrv - ok
16:10:12.0632 4880 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
16:10:12.0648 4880 TBS - ok
16:10:12.0694 4880 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:10:12.0710 4880 Tcpip - ok
16:10:12.0741 4880 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
16:10:12.0741 4880 Tcpip6 - ok
16:10:12.0772 4880 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:10:12.0772 4880 tcpipreg - ok
16:10:12.0819 4880 [ 1825BCEB47BF41C5A9F0E44DE82FC27A ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
16:10:12.0819 4880 tdcmdpst - ok
16:10:12.0866 4880 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:10:12.0866 4880 TDPIPE - ok
16:10:12.0882 4880 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:10:12.0882 4880 TDTCP - ok
16:10:12.0928 4880 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:10:12.0928 4880 tdx - ok
16:10:13.0116 4880 [ 5E53CF8AD0FD33B35000C113656AB37B ] TeamViewer7 C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
16:10:13.0256 4880 TeamViewer7 - ok
16:10:13.0303 4880 [ CE0B5D587839614A16480D7B8395FFE9 ] TempoMonitoringService C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
16:10:13.0303 4880 TempoMonitoringService - ok
16:10:13.0334 4880 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:10:13.0334 4880 TermDD - ok
16:10:13.0381 4880 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
16:10:13.0396 4880 TermService - ok
16:10:13.0412 4880 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
16:10:13.0428 4880 Themes - ok
16:10:13.0459 4880 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
16:10:13.0459 4880 THREADORDER - ok
16:10:13.0521 4880 [ 6BADBB0B16B25643075A6FFAFC489940 ] TNaviSrv C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
16:10:13.0537 4880 TNaviSrv - ok
16:10:13.0584 4880 [ C5AC715B65B01788ABC22D10749DDDD8 ] TODDSrv C:\Windows\system32\TODDSrv.exe
16:10:13.0584 4880 TODDSrv - ok
16:10:13.0693 4880 [ DA6903958CBDC091FFCBBCA70CCFF34C ] TosCoSrv C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
16:10:13.0708 4880 TosCoSrv - ok
16:10:13.0786 4880 [ 8E10E654E354CF330ED75882769A0107 ] TOSHIBA Bluetooth Service c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
16:10:13.0786 4880 TOSHIBA Bluetooth Service - ok
16:10:13.0786 4880 [ 22690DFFC7F2A18279A7A0489AA02BAC ] TOSHIBA SMART Log Service C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
16:10:13.0802 4880 TOSHIBA SMART Log Service - ok
16:10:13.0849 4880 [ 2C15B4856F929AC7DD144044D8334B54 ] tosporte C:\Windows\system32\DRIVERS\tosporte.sys
16:10:13.0849 4880 tosporte - ok
16:10:13.0880 4880 [ CD6E9C27ADC6B37B0B3DF29CC83E15A7 ] tosrfbd C:\Windows\system32\DRIVERS\tosrfbd.sys
16:10:13.0896 4880 tosrfbd - ok
16:10:13.0927 4880 [ 181E217A7A326817D97946D045B3CB46 ] tosrfbnp C:\Windows\system32\Drivers\tosrfbnp.sys
16:10:13.0927 4880 tosrfbnp - ok
16:10:13.0958 4880 [ E90ACE3B4FA7A85F992BC21EB779C407 ] Tosrfcom C:\Windows\system32\Drivers\tosrfcom.sys
16:10:13.0958 4880 Tosrfcom - ok
16:10:13.0989 4880 [ 5C4103544612E5011EF46301B93D1AA6 ] tosrfec C:\Windows\system32\DRIVERS\tosrfec.sys
16:10:13.0989 4880 tosrfec - ok
16:10:14.0020 4880 [ D3F87C46C7C9E5DB99FBD3D17121B891 ] Tosrfhid C:\Windows\system32\DRIVERS\Tosrfhid.sys
16:10:14.0020 4880 Tosrfhid - ok
16:10:14.0052 4880 [ C52FD27B9ADF3A1F22CB90E6BCF9B0CB ] tosrfnds C:\Windows\system32\DRIVERS\tosrfnds.sys
16:10:14.0052 4880 tosrfnds - ok
16:10:14.0083 4880 [ 156D63F6898E4D95F2962F2B72862868 ] TosRfSnd C:\Windows\system32\drivers\tosrfsnd.sys
16:10:14.0083 4880 TosRfSnd - ok
16:10:14.0083 4880 [ 98C04A6432CE9C2AD328F57B9384D348 ] Tosrfusb C:\Windows\system32\DRIVERS\tosrfusb.sys
16:10:14.0083 4880 Tosrfusb - ok
16:10:14.0130 4880 [ 4399A9BF7D8F49991A07FD86590A1619 ] tos_sps32 C:\Windows\system32\DRIVERS\tos_sps32.sys
16:10:14.0130 4880 tos_sps32 - ok
16:10:14.0176 4880 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
16:10:14.0176 4880 TrkWks - ok
16:10:14.0223 4880 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:10:14.0239 4880 TrustedInstaller - ok
16:10:14.0270 4880 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:10:14.0270 4880 tssecsrv - ok
16:10:14.0301 4880 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
16:10:14.0317 4880 tunmp - ok
16:10:14.0348 4880 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:10:14.0348 4880 tunnel - ok
16:10:14.0364 4880 [ 792A8B80F8188ABA4B2BE271583F3E46 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
16:10:14.0379 4880 TVALZ - ok
16:10:14.0395 4880 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:10:14.0395 4880 uagp35 - ok
16:10:14.0442 4880 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:10:14.0442 4880 udfs - ok
16:10:14.0488 4880 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:10:14.0488 4880 UI0Detect - ok
16:10:14.0566 4880 [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
16:10:14.0566 4880 UleadBurningHelper - ok
16:10:14.0598 4880 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:10:14.0598 4880 uliagpkx - ok
16:10:14.0629 4880 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
16:10:14.0629 4880 uliahci - ok
16:10:14.0660 4880 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
16:10:14.0676 4880 UlSata - ok
16:10:14.0707 4880 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
16:10:14.0707 4880 ulsata2 - ok
16:10:14.0754 4880 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:10:14.0754 4880 umbus - ok
16:10:14.0800 4880 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
16:10:14.0800 4880 upnphost - ok
16:10:14.0832 4880 upperdev - ok
16:10:14.0847 4880 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
16:10:14.0863 4880 usbaudio - ok
16:10:14.0878 4880 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:10:14.0894 4880 usbccgp - ok
16:10:14.0910 4880 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:10:14.0910 4880 usbcir - ok
16:10:14.0941 4880 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:10:14.0941 4880 usbehci - ok
16:10:14.0956 4880 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:10:14.0972 4880 usbhub - ok
16:10:14.0988 4880 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:10:14.0988 4880 usbohci - ok
16:10:15.0034 4880 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:10:15.0034 4880 usbprint - ok
16:10:15.0081 4880 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:10:15.0081 4880 USBSTOR - ok
16:10:15.0128 4880 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:10:15.0128 4880 usbuhci - ok
16:10:15.0159 4880 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
16:10:15.0159 4880 usbvideo - ok
16:10:15.0175 4880 [ 8C5094A8AB24DE7496C7C19942F2DF04 ] UVCFTR C:\Windows\system32\Drivers\UVCFTR_S.SYS
16:10:15.0175 4880 UVCFTR - ok
16:10:15.0206 4880 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
16:10:15.0206 4880 UxSms - ok
16:10:15.0253 4880 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
16:10:15.0268 4880 vds - ok
16:10:15.0284 4880 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:10:15.0284 4880 vga - ok
16:10:15.0315 4880 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
16:10:15.0315 4880 VgaSave - ok
16:10:15.0331 4880 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
16:10:15.0331 4880 viaagp - ok
16:10:15.0346 4880 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
16:10:15.0346 4880 ViaC7 - ok
16:10:15.0378 4880 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
16:10:15.0378 4880 viaide - ok
16:10:15.0409 4880 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:10:15.0424 4880 volmgr - ok
16:10:15.0471 4880 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:10:15.0471 4880 volmgrx - ok
16:10:15.0502 4880 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:10:15.0518 4880 volsnap - ok
16:10:15.0565 4880 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:10:15.0565 4880 vsmraid - ok
16:10:15.0612 4880 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
16:10:15.0643 4880 VSS - ok
16:10:15.0674 4880 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
16:10:15.0690 4880 W32Time - ok
16:10:15.0705 4880 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:10:15.0705 4880 WacomPen - ok
16:10:15.0721 4880 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
16:10:15.0721 4880 Wanarp - ok
16:10:15.0736 4880 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:10:15.0736 4880 Wanarpv6 - ok
16:10:15.0768 4880 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:10:15.0768 4880 wcncsvc - ok
16:10:15.0799 4880 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:10:15.0799 4880 WcsPlugInService - ok
16:10:15.0846 4880 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
16:10:15.0846 4880 Wd - ok
16:10:15.0908 4880 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:10:15.0924 4880 Wdf01000 - ok
16:10:15.0939 4880 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:10:15.0955 4880 WdiServiceHost - ok
16:10:15.0955 4880 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:10:15.0955 4880 WdiSystemHost - ok
16:10:16.0002 4880 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
16:10:16.0002 4880 WebClient - ok
16:10:16.0048 4880 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:10:16.0048 4880 Wecsvc - ok
16:10:16.0080 4880 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:10:16.0095 4880 wercplsupport - ok
16:10:16.0126 4880 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
16:10:16.0142 4880 WerSvc - ok
16:10:16.0189 4880 [ BB9CBAF6AC20452B245C324F1F50EE81 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
16:10:16.0189 4880 winachsf - ok
16:10:16.0251 4880 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
16:10:16.0251 4880 WinDefend - ok
16:10:16.0267 4880 WinHttpAutoProxySvc - ok
16:10:16.0329 4880 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:10:16.0329 4880 Winmgmt - ok
16:10:16.0392 4880 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
16:10:16.0407 4880 WinRM - ok
16:10:16.0470 4880 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:10:16.0485 4880 Wlansvc - ok
16:10:16.0516 4880 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:10:16.0516 4880 WmiAcpi - ok
16:10:16.0548 4880 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:10:16.0548 4880 wmiApSrv - ok
16:10:16.0610 4880 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:10:16.0626 4880 WMPNetworkSvc - ok
16:10:16.0641 4880 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:10:16.0657 4880 WPCSvc - ok
16:10:16.0704 4880 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:10:16.0704 4880 WPDBusEnum - ok
16:10:16.0750 4880 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
16:10:16.0750 4880 WpdUsb - ok
16:10:16.0875 4880 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:10:16.0891 4880 WPFFontCache_v0400 - ok
16:10:16.0906 4880 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:10:16.0906 4880 ws2ifsl - ok
16:10:16.0938 4880 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
16:10:16.0953 4880 wscsvc - ok
16:10:16.0953 4880 WSearch - ok
16:10:17.0047 4880 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
16:10:17.0062 4880 wuauserv - ok
16:10:17.0109 4880 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:10:17.0109 4880 WUDFRd - ok
16:10:17.0140 4880 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:10:17.0140 4880 wudfsvc - ok
16:10:17.0172 4880 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
16:10:17.0172 4880 XAudio - ok
16:10:17.0203 4880 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
16:10:17.0218 4880 XAudioService - ok
16:10:17.0250 4880 [ D51FEBB9F6869512EA2B636E2B30DF7B ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
16:10:17.0265 4880 yukonwlh - ok
16:10:17.0265 4880 ================ Scan global ===============================
16:10:17.0296 4880 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
16:10:17.0328 4880 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
16:10:17.0359 4880 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
16:10:17.0390 4880 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
16:10:17.0406 4880 [Global] - ok
16:10:17.0406 4880 ================ Scan MBR ==================================
16:10:17.0406 4880 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
16:10:17.0827 4880 \Device\Harddisk0\DR0 - ok
16:10:17.0827 4880 ================ Scan VBR ==================================
16:10:17.0905 4880 [ FC830EB32E51F7D14EABE954D816A6EE ] \Device\Harddisk0\DR0\Partition1
16:10:17.0905 4880 \Device\Harddisk0\DR0\Partition1 - ok
16:10:17.0936 4880 [ 6C76311DEC30EFAB8626474F36F9D8BB ] \Device\Harddisk0\DR0\Partition2
16:10:17.0936 4880 \Device\Harddisk0\DR0\Partition2 - ok
16:10:17.0936 4880 ============================================================
16:10:17.0936 4880 Scan finished
16:10:17.0936 4880 ============================================================
16:10:17.0952 1220 Detected object count: 1
16:10:17.0952 1220 Actual detected object count: 1
16:10:24.0504 1220 sptd ( LockedFile.Multi.Generic ) - skipped by user
16:10:24.0504 1220 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
ASW:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-14 16:11:17
-----------------------------
16:11:17.388 OS Version: Windows 6.0.6002 Service Pack 2
16:11:17.388 Number of processors: 2 586 0x1706
16:11:17.388 ComputerName: PC_VAN_JEFFREY UserName: Jeffrey
16:11:18.823 Initialize success
16:11:19.743 AVAST engine defs: 12101400
16:11:26.514 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:11:26.514 Disk 0 Vendor: TOSHIBA_ LV01 Size: 305245MB BusType: 3
16:11:26.545 Disk 0 MBR read successfully
16:11:26.545 Disk 0 MBR scan
16:11:26.545 Disk 0 Windows VISTA default MBR code
16:11:26.560 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
16:11:26.576 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 154273 MB offset 3074048
16:11:26.607 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 149471 MB offset 319025152
16:11:26.623 Disk 0 scanning sectors +625141760
16:11:26.716 Disk 0 scanning C:\Windows\system32\drivers
16:11:40.304 Service scanning
16:11:58.681 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
16:12:07.448 Modules scanning
16:12:17.463 Disk 0 trace - called modules:
16:12:17.479 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys spxg.sys >>UNKNOWN [0x859fe938]<<
16:12:17.479 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86c69528]
16:12:17.479 3 CLASSPNP.SYS[8a7488b3] -> nt!IofCallDriver -> [0x85ac4100]
16:12:17.479 5 acpi.sys[807bf6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85b09028]
16:12:18.228 AVAST engine scan C:\Windows
16:12:20.256 AVAST engine scan C:\Windows\system32
16:14:49.817 AVAST engine scan C:\Windows\system32\drivers
16:15:00.753 AVAST engine scan C:\Users\Jeffrey
16:16:44.968 Disk 0 MBR has been saved successfully to "C:\Users\Jeffrey\Desktop\MBR.dat"
16:16:44.968 The log file has been saved successfully to "C:\Users\Jeffrey\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:13 AM

Posted 14 October 2012 - 12:47 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\progra~1\IMESHA~1

Firefox::
FF - ProfilePath - c:\users\Jeffrey\AppData\Roaming\Mozilla\Firefox\Profiles\5u1n6dlb.default\
FF - prefs.js: browser.search.selectedEngine - InnoGames International Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2832595&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2832595&SearchSource=2&q=

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 brutus28

brutus28
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 15 October 2012 - 09:44 AM

ComboFix 12-10-14.03 - Jeffrey 15-10-2012 16:29:46.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2936.1573 [GMT 2:00]
Gestart vanuit: c:\users\Jeffrey\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Jeffrey\Desktop\CFScript.txt
AV: ESET Smart Security 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~1\IMESHA~1
c:\progra~1\IMESHA~1\iMesh\aac_parser.ax
c:\progra~1\IMESHA~1\iMesh\ac3filter.ax
c:\progra~1\IMESHA~1\iMesh\ammp3.dll
c:\progra~1\IMESHA~1\iMesh\avcodec-51.dll
c:\progra~1\IMESHA~1\iMesh\avformat-51.dll
c:\progra~1\IMESHA~1\iMesh\avutil-49.dll
c:\progra~1\IMESHA~1\iMesh\BerkeleyLoader.dll
c:\progra~1\IMESHA~1\iMesh\CDRip.dll
c:\progra~1\IMESHA~1\iMesh\Copy_Folder.bat
c:\progra~1\IMESHA~1\iMesh\DiscoveryHelper.dll
c:\progra~1\IMESHA~1\iMesh\FixAudioDriverSignature.reg
c:\progra~1\IMESHA~1\iMesh\GIFAnimator.dll
c:\progra~1\IMESHA~1\iMesh\HTML\error.html
c:\progra~1\IMESHA~1\iMesh\HTML\Images\bg-top.jpg
c:\progra~1\IMESHA~1\iMesh\HTML\Images\closeRecommend.gif
c:\progra~1\IMESHA~1\iMesh\HTML\loading.html
c:\progra~1\IMESHA~1\iMesh\HTML\noInternet.html
c:\progra~1\IMESHA~1\iMesh\HTML\offline.html
c:\progra~1\IMESHA~1\iMesh\HTML\Recommendation_Offline.html
c:\progra~1\IMESHA~1\iMesh\ImageUploader5.ocx
c:\progra~1\IMESHA~1\iMesh\iMesh.exe
c:\progra~1\IMESHA~1\iMesh\iMesh.ico
c:\progra~1\IMESHA~1\iMesh\IMTrProgress.dll
c:\progra~1\IMESHA~1\iMesh\IMWebControl.dll
c:\progra~1\IMESHA~1\iMesh\InstallHelper.dll
c:\progra~1\IMESHA~1\iMesh\lame_enc.dll
c:\progra~1\IMESHA~1\iMesh\libungif4.dll
c:\progra~1\IMESHA~1\iMesh\lic_helper.dll
c:\progra~1\IMESHA~1\iMesh\license.txt
c:\progra~1\IMESHA~1\iMesh\MP4Splitter.ax
c:\progra~1\IMESHA~1\iMesh\MpaDecFilter.ax
c:\progra~1\IMESHA~1\iMesh\Nickel.ocx
c:\progra~1\IMESHA~1\iMesh\ResourcesLoc.dll
c:\progra~1\IMESHA~1\iMesh\sciter-x.dll
c:\progra~1\IMESHA~1\iMesh\SHW32.DLL
c:\progra~1\IMESHA~1\iMesh\Skins\Default.skn
c:\progra~1\IMESHA~1\iMesh\Skins\Default.xml
c:\progra~1\IMESHA~1\iMesh\Skins\html\albumsview\albums.css
c:\progra~1\IMESHA~1\iMesh\Skins\html\albumsview\albums.html
c:\progra~1\IMESHA~1\iMesh\Skins\html\albumsview\images\defpreview.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\albumsview\images\playbtn.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\albumsview\images\playing.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\artistsview\artists.css
c:\progra~1\IMESHA~1\iMesh\Skins\html\artistsview\artists.html
c:\progra~1\IMESHA~1\iMesh\Skins\html\artistsview\header.css
c:\progra~1\IMESHA~1\iMesh\Skins\html\artistsview\header.html
c:\progra~1\IMESHA~1\iMesh\Skins\html\artistsview\images\defpreview.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\artistsview\images\play.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\artistsview\images\play_disabled.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\artistsview\images\play_down.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\artistsview\images\play_over.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\cdripview\cdrip_view.css
c:\progra~1\IMESHA~1\iMesh\Skins\html\cdripview\cdrip_view.html
c:\progra~1\IMESHA~1\iMesh\Skins\html\cdripview\cdrip_view.tis
c:\progra~1\IMESHA~1\iMesh\Skins\html\colorsbubble\images\active.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\colorsbubble\images\azure.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\colorsbubble\images\black.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\colorsbubble\images\blue.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\colorsbubble\images\bs.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\colorsbubble\images\byzantium.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\colorsbubble\images\close-hovered.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\colorsbubble\images\close-normal.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\colorsbubble\images\close-pressed.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\colorsbubble\images\close.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\colorsbubble\images\dark-blue.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\colorsbubble\images\green.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\colorsbubble\images\grey.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\colorsbubble\images\hover.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\colorsbubble\images\inactive.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\colorsbubble\images\magenta.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\colorsbubble\images\olive.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\colorsbubble\images\orange.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\colorsbubble\images\pink.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\colorsbubble\images\pro.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\colorsbubble\images\red.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\colorsbubble\pro-view.html
c:\progra~1\IMESHA~1\iMesh\Skins\html\colorsbubble\scheme.css
c:\progra~1\IMESHA~1\iMesh\Skins\html\colorsbubble\scheme.tis
c:\progra~1\IMESHA~1\iMesh\Skins\html\colorsbubble\view.html
c:\progra~1\IMESHA~1\iMesh\Skins\html\common.css
c:\progra~1\IMESHA~1\iMesh\Skins\html\common.tis
c:\progra~1\IMESHA~1\iMesh\Skins\html\guitest.html
c:\progra~1\IMESHA~1\iMesh\Skins\html\images\defalbum.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\images\defbutton.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\images\ls_btn.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\images\ls_btn_hover.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\images\ls_btn_pressed.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\images\sbv_bottom.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\images\sbv_bottom_over.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\images\sbv_bottom_pressed.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\images\sbv_fill.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\images\sbv_slider.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\images\sbv_slider_center.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\images\sbv_slider_center_over.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\images\sbv_slider_center_pressed.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\images\sbv_slider_over.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\images\sbv_slider_pressed.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\images\sbv_top.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\images\sbv_top_over.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\images\sbv_top_pressed.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\images\th_btn.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\images\th_btn_hover.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\images\th_btn_pressed.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\images\tip.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\images\tipb.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\images\white.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\videosview\images\defpreview.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\videosview\images\list_btn.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\videosview\images\playbtn.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\videosview\images\playing.png
c:\progra~1\IMESHA~1\iMesh\Skins\html\videosview\videos.css
c:\progra~1\IMESHA~1\iMesh\Skins\html\videosview\videos.html
c:\progra~1\IMESHA~1\iMesh\Skins\Images\DefArtwork.jpg
c:\progra~1\IMESHA~1\iMesh\Skins\Images\DefFemale.gif
c:\progra~1\IMESHA~1\iMesh\Skins\Images\DefMale.gif
c:\progra~1\IMESHA~1\iMesh\Skins\Images\FriendshipNotif.jpg
c:\progra~1\IMESHA~1\iMesh\Skins\Images\SendPlaylist.jpg
c:\progra~1\IMESHA~1\iMesh\Skins\Images\TAFLogo.PNG
c:\progra~1\IMESHA~1\iMesh\Skins\Images\ToGoLogo.PNG
c:\progra~1\IMESHA~1\iMesh\Skins\RemoteSkin.wmz
c:\progra~1\IMESHA~1\iMesh\Skins\Settings.xml
c:\progra~1\IMESHA~1\iMesh\UninstallUsers.exe
c:\progra~1\IMESHA~1\iMesh\UpdateInst.exe
c:\progra~1\IMESHA~1\iMesh\WMAProfiles.prx
c:\progra~1\IMESHA~1\iMesh\WMHelper.dll
c:\progra~1\IMESHA~1\iMesh\WMHelper.log
c:\progra~1\IMESHA~1\Mediabar\Datamngr\BrowserConnection.dll
c:\progra~1\IMESHA~1\Mediabar\Datamngr\ChromeExtension\config\skin\css\new-tab.css
c:\progra~1\IMESHA~1\Mediabar\Datamngr\ChromeExtension\config\skin\images\fav_amazon.png
c:\progra~1\IMESHA~1\Mediabar\Datamngr\ChromeExtension\config\skin\images\fav_ebay.png
c:\progra~1\IMESHA~1\Mediabar\Datamngr\ChromeExtension\config\skin\images\fav_facebook.png
c:\progra~1\IMESHA~1\Mediabar\Datamngr\ChromeExtension\config\skin\images\fav_fantastigames.png
c:\progra~1\IMESHA~1\Mediabar\Datamngr\ChromeExtension\config\skin\images\fav_ftalk.png
c:\progra~1\IMESHA~1\Mediabar\Datamngr\ChromeExtension\config\skin\images\fav_youtube.png
c:\progra~1\IMESHA~1\Mediabar\Datamngr\ChromeExtension\config\skin\images\IDR_WEBSTORE_ICON.png
c:\progra~1\IMESHA~1\Mediabar\Datamngr\ChromeExtension\config\skin\images\imesh_logo_128.png
c:\progra~1\IMESHA~1\Mediabar\Datamngr\ChromeExtension\config\skin\new-tab.html
c:\progra~1\IMESHA~1\Mediabar\Datamngr\ChromeExtension\lib\analytics.js
c:\progra~1\IMESHA~1\Mediabar\Datamngr\ChromeExtension\lib\constant.js
c:\progra~1\IMESHA~1\Mediabar\Datamngr\ChromeExtension\lib\default-config.js
c:\progra~1\IMESHA~1\Mediabar\Datamngr\ChromeExtension\lib\jquery.js
c:\progra~1\IMESHA~1\Mediabar\Datamngr\ChromeExtension\lib\localStorage.js
c:\progra~1\IMESHA~1\Mediabar\Datamngr\ChromeExtension\lib\new-tab.js
c:\progra~1\IMESHA~1\Mediabar\Datamngr\ChromeExtension\lib\preferences.js
c:\progra~1\IMESHA~1\Mediabar\Datamngr\ChromeExtension\manifest.json
c:\progra~1\IMESHA~1\Mediabar\Datamngr\ChromeExtension\OurLocalPage.html
c:\progra~1\IMESHA~1\Mediabar\Datamngr\datamngr.dll
c:\progra~1\IMESHA~1\Mediabar\Datamngr\datamngrUI.exe
c:\progra~1\IMESHA~1\Mediabar\Datamngr\DnsBHO.dll
c:\progra~1\IMESHA~1\Mediabar\Datamngr\IEBHO.dll
c:\progra~1\IMESHA~1\Mediabar\Datamngr\installhelper.dll
c:\progra~1\IMESHA~1\Mediabar\sysid.ini
c:\progra~1\IMESHA~1\Mediabar\uninstall.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-09-15 to 2012-10-15 ))))))))))))))))))))))))))))))
.
.
2012-10-15 14:37 . 2012-10-15 14:37 -------- d-----w- c:\users\Jeffrey\AppData\Local\temp
2012-10-15 14:37 . 2012-10-15 14:37 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-10-15 14:37 . 2012-10-15 14:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-14 15:52 . 2012-10-14 15:52 -------- d-----w- c:\programdata\McAfee Security Scan
2012-10-14 15:52 . 2012-10-14 15:52 -------- d-----w- c:\program files\McAfee Security Scan
2012-10-14 15:50 . 2012-10-14 15:51 -------- d-----w- c:\program files\Common Files\Adobe
2012-10-14 15:10 . 2012-10-14 15:10 -------- d-----w- c:\users\Jeffrey\AppData\Local\ESET
2012-10-14 15:10 . 2012-10-14 15:10 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\ESET
2012-10-14 15:09 . 2012-10-14 15:09 -------- d-----w- c:\program files\ESET
2012-10-14 14:09 . 2012-10-14 14:09 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-13 00:12 . 2012-09-18 22:59 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C0359205-803D-4B63-9C1D-3ECFE3430541}\mpengine.dll
2012-10-12 22:03 . 2012-10-14 14:38 -------- d-----w- c:\program files\theHunter
2012-10-12 17:46 . 2012-10-12 17:46 -------- d-----w- c:\program files\Windows Live SkyDrive
2012-10-12 14:33 . 2012-10-12 14:33 -------- d-----w- C:\Malwarebytes
2012-10-12 14:28 . 2012-10-12 14:28 -------- d-----w- c:\users\Jeffrey\AppData\Roaming\QFX Software
2012-10-12 14:28 . 2012-10-12 14:28 -------- d-----w- c:\programdata\QFX Software
2012-10-12 14:27 . 2012-10-12 14:27 -------- d-----w- c:\program files\KeyScrambler
2012-10-12 14:27 . 2011-12-15 00:41 173880 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2012-10-12 14:17 . 2012-10-12 14:16 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-12 14:16 . 2012-10-12 14:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-12 13:35 . 2012-10-12 13:35 -------- d-----w- c:\users\Jeffrey\AppData\Roaming\Malwarebytes
2012-10-12 13:35 . 2012-10-12 13:35 -------- d-----w- c:\programdata\Malwarebytes
2012-10-12 13:35 . 2012-10-12 13:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-12 13:35 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-12 13:24 . 2012-10-12 13:24 -------- d-----w- c:\program files\CCleaner
2012-10-12 12:25 . 2012-10-14 15:54 -------- d-----w- c:\programdata\AVAST Software
2012-10-12 12:25 . 2012-10-12 12:25 -------- d-----w- c:\program files\AVAST Software
2012-10-10 10:52 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 10:52 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 10:52 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 10:52 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 10:52 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 10:52 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-10 10:52 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-06 18:25 . 2012-10-06 18:25 -------- d-----w- c:\users\Jeffrey\AppData\Roaming\MusicNet
2012-10-06 18:25 . 2012-10-08 17:12 -------- d-----w- c:\users\Jeffrey\AppData\Local\iMesh
2012-10-06 18:24 . 2012-10-06 18:24 -------- d-----w- c:\programdata\iMesh
2012-10-06 18:23 . 2012-10-06 18:25 -------- dc-h--w- c:\programdata\{3002E08A-4925-4821-8D06-D5FC4EBFF034}
2012-10-05 08:02 . 2012-10-05 08:07 -------- d-----w- c:\users\Jeffrey\AppData\Roaming\Driver Pro
2012-10-05 08:02 . 2012-10-05 08:02 -------- d-----w- c:\program files\Driver Pro
2012-10-05 08:01 . 2012-10-05 08:01 -------- d-----w- c:\users\Jeffrey\AppData\Local\MFAData
2012-10-05 08:01 . 2012-10-05 08:01 -------- d-----w- c:\users\Jeffrey\AppData\Local\Avg2013
2012-09-30 08:54 . 2012-09-30 08:54 -------- d-----w- c:\program files\Uniblue
2012-09-26 17:16 . 2012-09-26 17:16 -------- d-----w- c:\users\Jeffrey\AppData\Roaming\EurekaLog
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-12 14:16 . 2010-06-07 16:25 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-09 18:14 . 2012-05-22 11:15 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 18:14 . 2011-12-14 08:29 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-11 01:05 . 2012-10-12 13:49 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Spotify"="c:\users\Jeffrey\AppData\Roaming\Spotify\Spotify.exe" [2012-09-14 5576408]
"Spotify Web Helper"="c:\users\Jeffrey\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-09-14 1193176]
"Driver Pro"="c:\program files\Driver Pro\DPLauncher.exe" [2012-06-14 451888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-04-26 716800]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-29 1029416]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Powersuite Monitor"="c:\program files\Uniblue\Powersuite\powersuite_monitor.exe" [2012-07-30 323936]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 3117344]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-4-14 2979144]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer8"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Jeffrey^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk]
path=c:\users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk
backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-05-28 11:40 20480 ----a-w- c:\program files\Google\Google EULA\GoogleEULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 16:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
2007-10-31 20:01 54608 ----a-w- c:\program files\Toshiba\TBS\HSON.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-06-25 07:06 150040 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]
2007-09-28 14:03 75136 ----a-w- c:\program files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPN Assistent]
2011-12-06 13:45 34823496 ----a-w- c:\program files\KPN\KPN Assistent\KPN_Assistent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-06-25 07:06 145944 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2008-01-25 11:33 509816 ----a-w- c:\program files\Toshiba\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
2008-01-11 02:07 574864 ----a-w- c:\program files\Toshiba\Registration\ToshibaRegistration.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba TEMPO]
2008-04-24 08:22 103824 ----a-w- c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2008-01-17 14:27 431456 ----a-w- c:\program files\Toshiba\Power Saver\TPwrMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" /MINIMIZED
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhoud van de 'Gedeelde Taken' map
.
2012-10-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-22 18:14]
.
2012-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-11 14:19]
.
2012-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-11 14:19]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Jeffrey\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.254
FF - ProfilePath - c:\users\Jeffrey\AppData\Roaming\Mozilla\Firefox\Profiles\5u1n6dlb.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-10-12 15:50; gadget@gadgetbox; c:\users\Jeffrey\AppData\Roaming\Mozilla\Firefox\Profiles\5u1n6dlb.default\extensions\gadget@gadgetbox
FF - ExtSQL: 2012-10-12 16:28; keyscrambler@qfx.software.corporation; c:\users\Jeffrey\AppData\Roaming\Mozilla\Firefox\Profiles\5u1n6dlb.default\extensions\keyscrambler@qfx.software.corporation
FF - ExtSQL: 2012-10-12 19:05; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Jeffrey\AppData\Roaming\Mozilla\Firefox\Profiles\5u1n6dlb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-10-13 18:38; {942cd1d4-9cc1-4d31-876a-ea8f489f7a59}; c:\users\Jeffrey\AppData\Roaming\Mozilla\Firefox\Profiles\5u1n6dlb.default\extensions\{942cd1d4-9cc1-4d31-876a-ea8f489f7a59}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-15 16:37
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Voltooingstijd: 2012-10-15 16:38:55
ComboFix-quarantined-files.txt 2012-10-15 14:38
ComboFix2.txt 2012-10-13 17:52
.
Pre-Run: 95.915.855.872 bytes beschikbaar
Post-Run: 95.963.234.304 bytes beschikbaar
.
- - End Of File - - B798523977203D81EA76CCE65902A36C
I have no other problems now, Firefox works also better now. Thank you!

#12 brutus28

brutus28
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 15 October 2012 - 10:07 AM

UPDATE: Windows Update keeps installing a update, the search in Firefox has come back, can it be deleted?

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:13 AM

Posted 15 October 2012 - 11:45 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 brutus28

brutus28
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:13 AM

Posted 15 October 2012 - 01:22 PM

Here you go:
OTL logfile created on: 15-10-2012 20:09:53 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jeffrey\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

2,87 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 51,29% Memory free
5,93 Gb Paging File | 4,44 Gb Available in Paging File | 74,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 150,66 Gb Total Space | 89,16 Gb Free Space | 59,18% Space Free | Partition Type: NTFS
Drive E: | 145,97 Gb Total Space | 141,18 Gb Free Space | 96,72% Space Free | Partition Type: NTFS

Computer Name: PC_VAN_JEFFREY | User Name: Jeffrey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jeffrey\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Jeffrey\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
PRC - C:\Users\Jeffrey\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - c:\Program Files\TeamViewer\Version7\TeamViewer_Desktop.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
PRC - C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atashost.exe (WebEx Communications, Inc.)
PRC - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
PRC - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
PRC - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe (Toshiba Europe GmbH)
PRC - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe (TOSHIBA Corporation.)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\Jeffrey\AppData\Roaming\Spotify\Data\libcef.dll ()
MOD - C:\Users\Jeffrey\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
MOD - C:\Program Files\Toshiba\FlashCards\BlackPng.dll ()
MOD - C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll ()
MOD - C:\Program Files\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll ()
MOD - C:\Program Files\Toshiba\TBS\NotifyTBS.dll ()
MOD - C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll ()
MOD - C:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll ()
MOD - C:\Windows\System32\TosCommAPI.dll ()


========== Services (SafeList) ==========

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (TeamViewer7) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (atashost) -- C:\Windows\System32\atashost.exe (WebEx Communications, Inc.)
SRV - (TNaviSrv) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (SmartFaceVWatchSrv) -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
SRV - (TempoMonitoringService) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe (Toshiba Europe GmbH)
SRV - (ConfigFree Service) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (TOSHIBA Bluetooth Service) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (o2flash) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV - (upperdev) -- system32\DRIVERS\usbser_lowerflt.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Jeffrey\AppData\Local\Temp\catchme.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (epfw) -- C:\Windows\System32\drivers\epfw.sys (ESET)
DRV - (eamonm) -- C:\Windows\System32\drivers\eamonm.sys (ESET)
DRV - (ehdrv) -- C:\Windows\System32\drivers\ehdrv.sys (ESET)
DRV - (epfwwfp) -- C:\Windows\System32\drivers\epfwwfp.sys (ESET)
DRV - (EpfwLWF) -- C:\Windows\System32\drivers\EpfwLWF.sys (ESET)
DRV - (KeyScrambler) -- C:\Windows\System32\drivers\keyscrambler.sys (QFX Software Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (IntcHdmiAddService) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (O2MDRDR) -- C:\Windows\System32\drivers\o2media.sys (O2Micro )
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (br3gmdm) -- C:\Windows\System32\drivers\br3gmdm.sys (BandRich Inc.)
DRV - (QIOMem) -- C:\Windows\System32\drivers\QIOMem.sys (TOSHIBA)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{B19D728A-6BDB-4D4E-BDCB-F73B0390CF65}: "URL" = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2116515472-2430401214-3526758077-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2116515472-2430401214-3526758077-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2116515472-2430401214-3526758077-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-2116515472-2430401214-3526758077-1000\..\SearchScopes,DefaultScope = {0FAC1924-447C-45F4-896C-A6C80AE65D36}
IE - HKU\S-1-5-21-2116515472-2430401214-3526758077-1000\..\SearchScopes\{0FAC1924-447C-45F4-896C-A6C80AE65D36}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-2116515472-2430401214-3526758077-1000\..\SearchScopes\{3E389583-DFB0-4E2C-809A-0ED417F2016F}: "URL" = http://www.zie.nl/search/videos/{searchTerms}&origin=nu_ie8
IE - HKU\S-1-5-21-2116515472-2430401214-3526758077-1000\..\SearchScopes\{4C5ADF2F-18E2-44B9-81B5-E2F9BD6423FB}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=nl_NL&apn_ptnrs=U3&apn_dtid=OSJ000YYNL&apn_uid=F7C78215-C308-4FA9-96B6-40769EDCE9B0&apn_sauid=F25FE03D-6F6D-4DD7-97A7-AE35C2E7F3C2
IE - HKU\S-1-5-21-2116515472-2430401214-3526758077-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7GGLL_nl&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2116515472-2430401214-3526758077-1000\..\SearchScopes\{88D82308-C76E-4A9F-AB6E-EB9BAF917BE2}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-2116515472-2430401214-3526758077-1000\..\SearchScopes\{B19D728A-6BDB-4D4E-BDCB-F73B0390CF65}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_nl
IE - HKU\S-1-5-21-2116515472-2430401214-3526758077-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://nl.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=736148_yserp&p={searchTerms}
IE - HKU\S-1-5-21-2116515472-2430401214-3526758077-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2116515472-2430401214-3526758077-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..CT2832595.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "GadgetBox"
FF - prefs.js..browser.search.defaultenginename,S: S", "GadgetBox"
FF - prefs.js..browser.search.order.1: "GadgetBox"
FF - prefs.js..browser.search.order.1,S: S", "GadgetBox"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedEngine,S: S", "GadgetBox"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2832595&SearchSource=13"
FF - prefs.js..extensions.enabledAddons: keyscrambler@qfx.software.corporation:2.9.3.0
FF - prefs.js..extensions.enabledAddons: {942cd1d4-9cc1-4d31-876a-ea8f489f7a59}:10.13.1.89
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2832595&SearchSource=2&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-10-12 15:49:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012-10-14 17:09:06 | 000,000,000 | ---D | M]

[2012-05-29 01:42:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeffrey\AppData\Roaming\mozilla\Extensions
[2012-05-21 20:22:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeffrey\AppData\Roaming\mozilla\Firefox\extensions
[2012-05-21 18:38:51 | 000,000,000 | ---D | M] (BittorrentBar_NL Community Toolbar) -- C:\Users\Jeffrey\AppData\Roaming\mozilla\Firefox\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}
[2012-05-21 20:22:46 | 000,000,000 | ---D | M] (uTorrentBar_NL Community Toolbar) -- C:\Users\Jeffrey\AppData\Roaming\mozilla\Firefox\extensions\{87775fdb-6972-41f9-ae51-8326e38cb206}
[2012-07-17 18:52:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeffrey\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions
[2012-07-17 18:52:01 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Jeffrey\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012-10-13 18:38:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeffrey\AppData\Roaming\mozilla\Firefox\Profiles\5u1n6dlb.default\extensions
[2012-10-13 18:38:43 | 000,000,000 | ---D | M] (InnoGames International) -- C:\Users\Jeffrey\AppData\Roaming\mozilla\Firefox\Profiles\5u1n6dlb.default\extensions\{942cd1d4-9cc1-4d31-876a-ea8f489f7a59}
[2012-07-17 18:52:01 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Jeffrey\AppData\Roaming\mozilla\Firefox\Profiles\5u1n6dlb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012-10-12 15:50:07 | 000,000,000 | ---D | M] (GadgetBox) -- C:\Users\Jeffrey\AppData\Roaming\mozilla\Firefox\Profiles\5u1n6dlb.default\extensions\gadget@gadgetbox
[2012-10-12 16:28:03 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Users\Jeffrey\AppData\Roaming\mozilla\Firefox\Profiles\5u1n6dlb.default\extensions\keyscrambler@qfx.software.corporation
[2012-05-21 18:43:42 | 000,086,818 | ---- | M] () (No name found) -- C:\Users\Jeffrey\AppData\Roaming\mozilla\firefox\profiles\0\extensions\OneClickDownloader@OneClickDownloader.com.xpi
[2012-10-12 19:05:57 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Jeffrey\AppData\Roaming\mozilla\firefox\profiles\5u1n6dlb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012-07-17 18:40:18 | 000,000,487 | ---- | M] () -- C:\Users\Jeffrey\AppData\Roaming\mozilla\firefox\profiles\5u1n6dlb.default\searchplugins\GadgetBox.xml
[2012-10-12 15:49:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-10-11 03:05:24 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012-10-11 03:37:16 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012-10-11 03:37:16 | 000,001,892 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bolcom-nl.xml
[2012-10-11 03:37:16 | 000,004,558 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\marktplaats-nl.xml
[2012-10-11 03:37:16 | 000,001,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-nl.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: (Enabled) = C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\chromeNPAPI.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0\\npsitesafety.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: ADDICT-THING = C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfbkhdpdndhaejllgoppclbkcngghcg\1.0_0\
CHR - Extension: avast! WebRep = C:\Users\Jeffrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\

O1 HOSTS File: ([2012-10-15 16:37:28 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [HDMICtrlMan] C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4 - HKLM..\Run: [Powersuite Monitor] C:\Program Files\Uniblue\Powersuite\powersuite_monitor.exe (Uniblue Systems Ltd)
O4 - HKU\S-1-5-21-2116515472-2430401214-3526758077-1000..\Run: [Driver Pro] C:\Program Files\Driver Pro\DPLauncher.exe (PC Utilities Pro)
O4 - HKU\S-1-5-21-2116515472-2430401214-3526758077-1000..\Run: [Spotify] C:\Users\Jeffrey\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-2116515472-2430401214-3526758077-1000..\Run: [Spotify Web Helper] C:\Users\Jeffrey\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2116515472-2430401214-3526758077-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2116515472-2430401214-3526758077-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-2116515472-2430401214-3526758077-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jeffrey\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?NL File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home File not found
O15 - HKU\S-1-5-21-2116515472-2430401214-3526758077-1000\..Trusted Domains: blank ([]about in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D16709CF-1C8F-44C7-B090-C36A014163CA}: DhcpNameServer = 192.168.2.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-10-15 20:08:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jeffrey\Desktop\OTL.exe
[2012-10-15 16:39:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012-10-15 16:38:57 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Local\temp
[2012-10-15 16:27:58 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012-10-14 18:00:02 | 001,001,288 | ---- | C] (Solid State Networks) -- C:\Users\Jeffrey\Desktop\install_reader10_nl_mssa_aih.exe
[2012-10-14 17:52:17 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012-10-14 17:52:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012-10-14 17:52:13 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2012-10-14 17:50:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012-10-14 17:50:48 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012-10-14 17:10:47 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Roaming\ESET
[2012-10-14 17:10:47 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Local\ESET
[2012-10-14 17:09:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012-10-14 17:09:00 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012-10-14 17:09:00 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012-10-14 16:32:30 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Roaming\WinRAR
[2012-10-14 16:31:58 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012-10-14 16:31:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012-10-14 16:31:21 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\Desktop\32 bit
[2012-10-14 16:09:35 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Jeffrey\Desktop\aswMBR.exe
[2012-10-14 16:09:14 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012-10-14 16:08:06 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jeffrey\Desktop\tdsskiller.exe
[2012-10-13 19:41:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012-10-13 19:41:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012-10-13 19:41:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012-10-13 19:41:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-10-13 19:40:51 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012-10-13 19:40:15 | 004,980,339 | R--- | C] (Swearware) -- C:\Users\Jeffrey\Desktop\ComboFix.exe
[2012-10-13 17:28:12 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\Desktop\RK_Quarantine
[2012-10-13 00:04:04 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\theHunter
[2012-10-13 00:03:43 | 000,000,000 | ---D | C] -- C:\Program Files\theHunter
[2012-10-12 20:47:17 | 053,784,984 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Jeffrey\Desktop\AdbeRdr1012_en_US.exe
[2012-10-12 19:46:59 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2012-10-12 19:46:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012-10-12 16:33:33 | 000,000,000 | ---D | C] -- C:\Malwarebytes
[2012-10-12 16:28:05 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Roaming\QFX Software
[2012-10-12 16:28:05 | 000,000,000 | ---D | C] -- C:\ProgramData\QFX Software
[2012-10-12 16:27:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
[2012-10-12 16:27:40 | 000,173,880 | ---- | C] (QFX Software Corporation) -- C:\Windows\System32\drivers\keyscrambler.sys
[2012-10-12 16:27:40 | 000,000,000 | ---D | C] -- C:\Program Files\KeyScrambler
[2012-10-12 16:17:14 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012-10-12 16:17:14 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012-10-12 16:16:59 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012-10-12 16:16:59 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012-10-12 16:16:59 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012-10-12 15:49:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012-10-12 15:40:59 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Jeffrey\Desktop\dds.com
[2012-10-12 15:35:28 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Roaming\Malwarebytes
[2012-10-12 15:35:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-10-12 15:35:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012-10-12 15:35:20 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012-10-12 15:35:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012-10-12 15:24:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012-10-12 15:24:34 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012-10-12 14:25:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012-10-12 14:25:08 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012-10-12 13:34:26 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Local\{6DF0FE0F-35C3-4D20-B63A-D61E5968C01C}
[2012-10-11 15:32:22 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Local\{89BF3EC4-25DC-45D9-A5E6-A81D2DC465FF}
[2012-10-11 03:32:00 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Local\{DCAD23EF-392E-4EBF-AC4B-DAA0072E63F6}
[2012-10-10 12:52:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012-10-10 12:52:20 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012-10-10 12:52:20 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012-10-08 19:08:33 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Local\{609ABF50-AADD-4293-AF99-1B897CC62311}
[2012-10-07 10:43:00 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Local\{FAE684BF-DA46-4834-A3B2-F6B1201F2FEA}
[2012-10-06 20:25:07 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Roaming\MusicNet
[2012-10-06 20:25:01 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\Documents\My Received Files
[2012-10-06 20:25:01 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Local\iMesh
[2012-10-06 20:24:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMesh
[2012-10-06 20:24:14 | 000,000,000 | ---D | C] -- C:\ProgramData\iMesh
[2012-10-06 20:23:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\{3002E08A-4925-4821-8D06-D5FC4EBFF034}
[2012-10-06 20:13:41 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Local\{1A9006B0-B306-4421-AFF2-5B15C3052727}
[2012-10-06 07:58:52 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Local\{85656A86-641A-4C43-89C7-CE658085F614}
[2012-10-05 19:58:50 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Local\{57B988AC-D404-432C-8B6B-34B75FE6915E}
[2012-10-05 10:02:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Pro
[2012-10-05 10:02:20 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Roaming\Driver Pro
[2012-10-05 10:02:17 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Pro
[2012-10-05 10:01:37 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Local\MFAData
[2012-10-05 10:01:37 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Local\Avg2013
[2012-10-05 03:06:05 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Local\{1CED5A6E-EE23-4DA5-8AA3-921165446641}
[2012-10-04 15:06:03 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Local\{1FB2831E-A1C5-43B1-9F9E-E3576011EA7E}
[2012-10-04 03:06:01 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Local\{2D5A1707-6273-4F9D-9C9F-6F1B036EDE26}
[2012-10-03 15:05:59 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Local\{73E7D151-A1CD-40F2-98CB-AAA27F5F7428}
[2012-10-02 22:11:44 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Local\{8D8A1B52-3E29-45D4-B62A-2B773EE61ECF}
[2012-10-02 10:11:27 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Local\{5918AFE5-44C1-4EC7-BB73-8203111D413E}
[2012-10-01 16:00:24 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Local\{C9909AB7-B039-4591-A266-B41CC2925454}
[2012-09-30 10:54:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2012-09-30 10:54:08 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2012-09-30 10:37:04 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Local\{D9E314EC-2AC7-44D9-A01D-4DDC3C76F694}
[2012-09-29 22:37:03 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Local\{60BB1B9F-6E70-4DD5-8CDD-82A9D8BD64CE}
[2012-09-29 10:37:01 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Local\{158EF389-349E-4C45-9D7B-A092892B3575}
[2012-09-26 21:41:14 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Local\{E11CE6F8-CBB3-481B-ABAE-B75E063541F0}
[2012-09-26 19:16:19 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Roaming\EurekaLog
[2012-09-26 09:41:00 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Local\{EF03708E-A8BA-4FF7-BB45-C5F8FFE449C3}
[2012-09-25 21:40:59 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Local\{E6C2C994-823D-4B72-9076-1E8C1AB34B39}
[2012-09-25 21:00:29 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012-09-25 21:00:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012-09-25 21:00:26 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012-09-25 21:00:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012-09-25 21:00:26 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012-09-25 21:00:24 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012-09-25 21:00:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012-09-25 21:00:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012-09-25 09:40:45 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Local\{8D1D42E0-1953-4C4C-BF48-D976F1507E85}
[2012-09-24 16:45:14 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Local\{8D1FEC0E-7123-435B-8258-A935BC63C34C}
[2012-09-22 12:34:13 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Local\{270BA5B0-F219-4513-930D-611BAEF0CAA3}
[2012-09-19 09:26:06 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Local\{4CA06D56-162B-4B0E-8042-4BE04A13117E}
[2012-09-16 12:36:49 | 000,000,000 | ---D | C] -- C:\Users\Jeffrey\AppData\Local\{59B3D011-D02E-446F-8EFF-F0D6C1009021}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-10-15 20:14:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-10-15 20:08:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jeffrey\Desktop\OTL.exe
[2012-10-15 19:35:00 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-10-15 19:13:54 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012-10-15 19:13:54 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012-10-15 17:20:48 | 000,680,144 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2012-10-15 17:20:48 | 000,598,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-10-15 17:20:48 | 000,131,232 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2012-10-15 17:20:48 | 000,104,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-10-15 17:15:53 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-10-15 17:13:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-10-15 17:13:50 | 3079,536,640 | -HS- | M] () -- C:\hiberfil.sys
[2012-10-15 16:37:28 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012-10-15 16:22:04 | 004,980,339 | R--- | M] (Swearware) -- C:\Users\Jeffrey\Desktop\ComboFix.exe
[2012-10-14 18:00:03 | 001,001,288 | ---- | M] (Solid State Networks) -- C:\Users\Jeffrey\Desktop\install_reader10_nl_mssa_aih.exe
[2012-10-14 17:52:14 | 000,001,952 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012-10-14 17:52:14 | 000,001,952 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012-10-14 17:51:25 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X .lnk
[2012-10-14 17:43:13 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012-10-14 16:49:04 | 000,142,637 | ---- | M] () -- C:\Users\Jeffrey\Desktop\Image.jpg
[2012-10-14 16:16:44 | 000,000,512 | ---- | M] () -- C:\Users\Jeffrey\Desktop\MBR.dat
[2012-10-14 16:09:36 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Jeffrey\Desktop\aswMBR.exe
[2012-10-14 16:08:07 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jeffrey\Desktop\tdsskiller.exe
[2012-10-13 17:27:55 | 001,422,336 | ---- | M] () -- C:\Users\Jeffrey\Desktop\RogueKiller.exe
[2012-10-13 17:10:42 | 000,538,327 | ---- | M] () -- C:\Users\Jeffrey\Desktop\adwcleaner.exe
[2012-10-13 00:06:52 | 014,950,256 | ---- | M] () -- C:\Users\Jeffrey\Desktop\theHunterLauncherSetup.exe
[2012-10-12 20:47:43 | 053,784,984 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Jeffrey\Desktop\AdbeRdr1012_en_US.exe
[2012-10-12 20:16:44 | 000,160,829 | ---- | M] () -- C:\Users\Jeffrey\Documents\Image.jpg
[2012-10-12 19:59:18 | 000,881,724 | ---- | M] () -- C:\Users\Jeffrey\Desktop\SecurityCheck.exe
[2012-10-12 16:16:42 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012-10-12 16:16:35 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012-10-12 16:16:35 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012-10-12 16:16:34 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012-10-12 16:16:32 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012-10-12 16:16:31 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012-10-12 15:49:52 | 000,000,875 | ---- | M] () -- C:\Users\Jeffrey\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012-10-12 15:49:51 | 000,000,851 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012-10-12 15:41:01 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Jeffrey\Desktop\dds.com
[2012-10-12 15:35:22 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-10-12 15:32:40 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012-10-12 15:24:36 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012-10-12 14:15:12 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012-10-11 13:21:49 | 056,611,840 | ---- | M] () -- C:\Users\Jeffrey\Desktop\ESET Smart Security 5.0_EN_x86.msi
[2012-10-11 03:38:17 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012-10-09 20:14:16 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012-10-09 20:14:16 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012-10-06 20:24:22 | 000,001,010 | ---- | M] () -- C:\Users\Jeffrey\Application Data\Microsoft\Internet Explorer\Quick Launch\iMesh.lnk
[2012-10-05 10:02:32 | 000,000,828 | ---- | M] () -- C:\Users\Jeffrey\Desktop\Driver Pro.lnk
[2012-09-30 10:54:13 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Powersuite.lnk
[2012-09-30 10:54:12 | 000,000,965 | ---- | M] () -- C:\Users\Jeffrey\Application Data\Microsoft\Internet Explorer\Quick Launch\Powersuite.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-10-14 17:52:14 | 000,001,952 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012-10-14 17:52:14 | 000,001,952 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012-10-14 17:51:25 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X .lnk
[2012-10-14 17:51:25 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X .lnk
[2012-10-14 17:19:29 | 3079,536,640 | -HS- | C] () -- C:\hiberfil.sys
[2012-10-14 17:01:56 | 056,611,840 | ---- | C] () -- C:\Users\Jeffrey\Desktop\ESET Smart Security 5.0_EN_x86.msi
[2012-10-14 16:42:23 | 000,142,637 | ---- | C] () -- C:\Users\Jeffrey\Desktop\Image.jpg
[2012-10-14 16:16:44 | 000,000,512 | ---- | C] () -- C:\Users\Jeffrey\Desktop\MBR.dat
[2012-10-13 19:41:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012-10-13 19:41:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012-10-13 19:41:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012-10-13 19:41:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012-10-13 19:41:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012-10-13 17:27:54 | 001,422,336 | ---- | C] () -- C:\Users\Jeffrey\Desktop\RogueKiller.exe
[2012-10-13 17:10:41 | 000,538,327 | ---- | C] () -- C:\Users\Jeffrey\Desktop\adwcleaner.exe
[2012-10-13 00:03:06 | 014,950,256 | ---- | C] () -- C:\Users\Jeffrey\Desktop\theHunterLauncherSetup.exe
[2012-10-12 20:16:33 | 000,160,829 | ---- | C] () -- C:\Users\Jeffrey\Documents\Image.jpg
[2012-10-12 19:59:17 | 000,881,724 | ---- | C] () -- C:\Users\Jeffrey\Desktop\SecurityCheck.exe
[2012-10-12 15:49:51 | 000,000,875 | ---- | C] () -- C:\Users\Jeffrey\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012-10-12 15:49:51 | 000,000,863 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012-10-12 15:49:51 | 000,000,851 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012-10-12 15:35:22 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-10-12 15:24:36 | 000,000,809 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012-10-12 14:15:12 | 000,000,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012-10-12 14:15:11 | 000,000,960 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012-10-06 20:24:22 | 000,001,010 | ---- | C] () -- C:\Users\Jeffrey\Application Data\Microsoft\Internet Explorer\Quick Launch\iMesh.lnk
[2012-10-05 10:02:32 | 000,000,828 | ---- | C] () -- C:\Users\Jeffrey\Desktop\Driver Pro.lnk
[2012-09-30 10:54:13 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Powersuite.lnk
[2012-09-30 10:54:12 | 000,000,965 | ---- | C] () -- C:\Users\Jeffrey\Application Data\Microsoft\Internet Explorer\Quick Launch\Powersuite.lnk
[2012-07-17 18:41:43 | 000,000,084 | ---- | C] () -- C:\Users\Jeffrey\wxDownloadFast.ini
[2012-04-22 16:58:50 | 000,000,048 | ---- | C] () -- C:\Users\Jeffrey\AppData\Roaming\TheHunterSettings_live.cfg
[2011-01-23 17:00:23 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2009-07-18 12:12:01 | 000,024,206 | ---- | C] () -- C:\Users\Jeffrey\AppData\Roaming\UserTile.png
[2009-03-14 00:28:10 | 000,001,356 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\d3d9caps.dat
[2008-09-25 00:31:33 | 000,064,000 | ---- | C] () -- C:\Users\Jeffrey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006-11-02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-04-11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-04-11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:13 AM

Posted 15 October 2012 - 04:52 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    IE - HKLM\..\URLSearchHook: - No CLSID value found
    IE - HKU\S-1-5-21-2116515472-2430401214-3526758077-1000\..\URLSearchHook: - No CLSID value found
    FF - user.js - File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jeffrey\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
    O9 - Extra Button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?NL File not found
    O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home File not found
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4  
    IE - HKU\S-1-5-21-2116515472-2430401214-3526758077-1000\..\SearchScopes\{4C5ADF2F-18E2-44B9-81B5-E2F9BD6423FB}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=nl_NL&apn_ptnrs=U3&apn_dtid=OSJ000YYNL&apn_uid=F7C78215-C308-4FA9-96B6-40769EDCE9B0&apn_sauid=F25FE03D-6F6D-4DD7-97A7-AE35C2E7F3C2
    IE - HKU\S-1-5-21-2116515472-2430401214-3526758077-1000\..\SearchScopes\{88D82308-C76E-4A9F-AB6E-EB9BAF917BE2}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
    FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2832595&SearchSource=13"
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2832595&SearchSource=2&q="
    O4 - HKU\S-1-5-21-2116515472-2430401214-3526758077-1000..\Run: [Driver Pro] C:\Program Files\Driver Pro\DPLauncher.exe (PC Utilities Pro)
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users