Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser re-directing, opening unwanted websites


  • This topic is locked This topic is locked
51 replies to this topic

#1 JaySharp90

JaySharp90

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 07 January 2014 - 08:01 AM

Hi,

I am using firefox and have contracted malware which I have thusfar been unable to remove. The malware causes some of my open tabs to be directed to unwanted websites and also creates new tabs that load these websites. This isn't a constant occurence, just every so often. I can just have a couple of tabs open and then after a while one of them may start loading the unwanted websites without me doing anything. The sorts of websites are adverts and others asking me to "update" java or adobe (and others).

 

I have tried in vain to remove this malware by uninstalling firefox completely as well as simply resetting it, although since it didn't work I may be doing it wrong. I have also run multiple scans with Malwarebytes Anti-Malware, avast, JRT, rkill, Kaspersky TDSSKiller and other products on the advice of a friend and have yet to be able to clear it up. Hopefully that won't cause issues. Any help would be greatly appreciated.

Regards,

Jay

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6001.18639  BrowserJavaVersion: 10.45.2
Run by Other at 23:41:14 on 2014-01-07
Microsoft® Windows Vista™ Ultimate   6.0.6001.1.1252.61.1033.18.3070.1342 [GMT 11:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\alg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFJP.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Users\Other\Downloads\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\RacAgent.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.asus.com
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
mDefault_Page_URL = hxxp://www.asus.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: FGCatchUrl: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - c:\program files\flashget\jccatch.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: FlashGet GetFlash Class: {F156768E-81EF-470C-9057-481BA8380DBA} - c:\program files\flashget\getflash.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [EPSON TX610FW Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifjp.exe /fu "c:\windows\temp\E_SC2A9.tmp" /EF "HKCU"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Aimersoft Helper Compact.exe] c:\program files\common files\aimersoft\aimersoft helper compact\ASHelper.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.1.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.20.1
TCP: Interfaces\{1A884C8F-7974-4458-91C5-795FD1CB4F9E} : DHCPNameServer = 7.254.254.254
TCP: Interfaces\{D2A6AD2D-1226-4179-AF21-A4E2F0DFA629} : DHCPNameServer = 192.168.20.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
AppInit_DLLs= c:\progra~1\google\google~1\goec62~1.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\other\appdata\roaming\mozilla\firefox\profiles\hw4u3vbb.default-1388901588580\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\nitro\reader 3\npdf.dll
FF - plugin: c:\program files\nitro\reader 3\npnitroie.dll
FF - plugin: c:\program files\nitro\reader 3\npnitromozilla.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\other\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1207148.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\npOGPPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-5-27 21576]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-5-27 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-5-27 180248]
R0 lullaby;lullaby;c:\windows\system32\drivers\lullaby.sys [2010-2-4 15416]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-5-10 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-5-10 410528]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-21 21504]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-5-10 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-5-10 50344]
R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\nitro\reader 3\NitroPDFReaderDriverService3.exe [2013-1-14 196624]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-10-16 369256]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-3-19 2666880]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l160x86.sys [2007-10-31 46592]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2012-12-6 27136]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2012-9-19 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2012-9-19 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2012-9-19 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2012-9-19 25704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-3 162408]
S2 wampserver;wampserver;c:\wamp\apache\Apache.exe [2003-10-29 20545]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-10-3 30192]
S3 Ltn_hyd7700pc;TV tuner device ;c:\windows\system32\drivers\Ltn_hyd7700pc.sys [2007-5-19 374144]
S3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [2010-2-6 12096]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-3-6 16456]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-3-6 11088]
S3 TunngleService;TunngleService;c:\program files\tunngle\TnglCtrl.exe [2012-12-6 758224]
S3 USBTINSP;TI-Nspire™ Handheld or TI Network Bridge Device Driver;c:\windows\system32\drivers\tinspusb.sys [2010-3-29 122752]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2008-1-21 19968]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-23 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="c:\program files\adobe\adobe dreamweaver cs5.5\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs5.5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-01-07 11:31:16    --------    d-----w-    c:\windows\ERUNT
2014-01-07 11:18:42    --------    d-----w-    C:\AdwCleaner
2014-01-07 11:11:42    12872    ----a-w-    c:\windows\system32\bootdelete.exe
2014-01-07 10:33:15    --------    d-----w-    c:\programdata\HitmanPro
2014-01-05 06:27:07    --------    d-----w-    c:\users\other\appdata\roaming\AVAST Software
2014-01-05 06:13:43    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-01-05 03:39:15    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2014-01-05 02:58:22    --------    d-----w-    c:\program files\Lavasoft
2014-01-05 02:55:32    --------    d-----w-    c:\program files\common files\Lavasoft
2014-01-04 05:49:53    7760024    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{ac5b134e-8f6f-4426-8738-ec1fe9f236b1}\mpengine.dll
2013-12-20 04:54:46    1496912    ----a-w-    c:\program files\microsoft games\holdem\HoldEm.exe
2013-12-20 04:46:51    --------    d-----w-    c:\windows\system32\MRT
2013-12-14 09:18:13    --------    d-----w-    c:\programdata\Tunngle
.
==================== Find3M  ====================
.
2014-01-07 11:14:59    64512    ----a-w-    c:\windows\system32\drivers\IPMIDrv.sys.bak
2014-01-06 03:38:02    45056    ----a-w-    c:\windows\system32\acovcnt.exe
2014-01-05 06:08:52    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-05 06:08:52    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-01-05 05:32:34    775952    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2014-01-05 05:32:34    67824    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-01-05 05:32:34    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-01-05 05:32:34    180248    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-01-05 05:32:31    43152    ----a-w-    c:\windows\avastSS.scr
2013-11-18 16:33:38    230048    ------w-    c:\windows\system32\MpSigStub.exe
.
============= FINISH: 23:42:40.11 ===============
 

Thanks in advance

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 AM

Posted 12 January 2014 - 08:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/519968 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 JaySharp90

JaySharp90
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 12 January 2014 - 07:03 PM

1. Please see original post for description. Additional info: I took note of some of the websites that my firefox is being re-directed to or that randomly pop up.

http://www.java-2014down.com/AU/?s1=HmXxDIqbRAAW03MBAAAAAJ1NcAAAAAAAAgAAAAQAAAAAAP8AAAAECsMRYwAAAAAAGKSGAAAAAACJ.IkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvrBcAAAAAAAIAAwAAgD8AWDvmbkMBAAAAAAAAADE0ZTI4NGNhLTc3ZWUtMTFlMy1iZDczLTQzNGRkNWJmYjQ3NQAAAAAAAAA=&s2=5924&s3=AU&s4=12604354&s5=24367894
http://shuang11temai.com/au/152/lp.php
http://www.reduxmedia.com/
http://www.supermarket-voucher.com/?aid=avaz&subid=3291324037
http://download.adoodeo.com/FlashPlayer/Viral/AU/Update.php?installer=Flash_Player_11_for_Other_Browsers&browser_type=KHTML&dualoffer=false

 

2. New DDS

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6001.18639  BrowserJavaVersion: 10.45.2
Run by Other at 10:49:44 on 2014-01-13
Microsoft® Windows Vista™ Ultimate   6.0.6001.1.1252.61.1033.18.3070.1635 [GMT 11:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFJP.EXE
C:\Windows\ehome\ehsched.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.asus.com
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
mDefault_Page_URL = hxxp://www.asus.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: FGCatchUrl: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - c:\program files\flashget\jccatch.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: FlashGet GetFlash Class: {F156768E-81EF-470C-9057-481BA8380DBA} - c:\program files\flashget\getflash.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [EPSON TX610FW Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifjp.exe /fu "c:\windows\temp\E_SC2A9.tmp" /EF "HKCU"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Aimersoft Helper Compact.exe] c:\program files\common files\aimersoft\aimersoft helper compact\ASHelper.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.1.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.20.1
TCP: Interfaces\{1A884C8F-7974-4458-91C5-795FD1CB4F9E} : DHCPNameServer = 7.254.254.254
TCP: Interfaces\{D2A6AD2D-1226-4179-AF21-A4E2F0DFA629} : DHCPNameServer = 192.168.20.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
AppInit_DLLs= c:\progra~1\google\google~1\goec62~1.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.72\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\other\appdata\roaming\mozilla\firefox\profiles\hw4u3vbb.default-1388901588580\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\nitro\reader 3\npdf.dll
FF - plugin: c:\program files\nitro\reader 3\npnitroie.dll
FF - plugin: c:\program files\nitro\reader 3\npnitromozilla.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\other\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1207148.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\npOGPPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-5-27 21576]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-5-27 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-5-27 180248]
R0 lullaby;lullaby;c:\windows\system32\drivers\lullaby.sys [2010-2-4 15416]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-5-10 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-5-10 410528]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-21 21504]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-5-10 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-5-10 50344]
R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\nitro\reader 3\NitroPDFReaderDriverService3.exe [2013-1-14 196624]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-10-16 369256]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-3-19 2666880]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l160x86.sys [2007-10-31 46592]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2012-12-6 27136]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2012-9-19 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2012-9-19 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2012-9-19 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2012-9-19 25704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-3 162408]
S2 wampserver;wampserver;c:\wamp\apache\Apache.exe [2003-10-29 20545]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-10-3 30192]
S3 Ltn_hyd7700pc;TV tuner device ;c:\windows\system32\drivers\Ltn_hyd7700pc.sys [2007-5-19 374144]
S3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [2010-2-6 12096]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-3-6 16456]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-3-6 11088]
S3 TunngleService;TunngleService;c:\program files\tunngle\TnglCtrl.exe [2012-12-6 758224]
S3 USBTINSP;TI-Nspire™ Handheld or TI Network Bridge Device Driver;c:\windows\system32\drivers\tinspusb.sys [2010-3-29 122752]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2008-1-21 19968]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-23 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="c:\program files\adobe\adobe dreamweaver cs5.5\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs5.5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-01-11 23:33:43    62576    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{192aa4d4-39a2-418b-8dc2-e0497da0ae5f}\offreg.dll
2014-01-10 23:17:09    7760024    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{192aa4d4-39a2-418b-8dc2-e0497da0ae5f}\mpengine.dll
2014-01-09 02:32:54    --------    d-----w-    c:\users\other\appdata\local\Black_Tree_Gaming
2014-01-08 09:18:20    396800    ----a-w-    c:\program files\common files\microsoft shared\dao\w\a\l\m\a\r\t\dll\ISSkinExW.dll
2014-01-07 11:31:16    --------    d-----w-    c:\windows\ERUNT
2014-01-07 11:18:42    --------    d-----w-    C:\AdwCleaner
2014-01-07 11:11:42    12872    ----a-w-    c:\windows\system32\bootdelete.exe
2014-01-07 10:33:15    --------    d-----w-    c:\programdata\HitmanPro
2014-01-05 06:27:07    --------    d-----w-    c:\users\other\appdata\roaming\AVAST Software
2014-01-05 06:13:43    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-01-05 03:39:15    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2014-01-05 02:58:22    --------    d-----w-    c:\program files\Lavasoft
2014-01-05 02:55:32    --------    d-----w-    c:\program files\common files\Lavasoft
2013-12-20 04:54:46    1496912    ----a-w-    c:\program files\microsoft games\holdem\HoldEm.exe
2013-12-20 04:46:51    --------    d-----w-    c:\windows\system32\MRT
2013-12-14 09:18:13    --------    d-----w-    c:\programdata\Tunngle
.
==================== Find3M  ====================
.
2014-01-08 10:29:53    45056    ----a-w-    c:\windows\system32\acovcnt.exe
2014-01-07 11:14:59    64512    ----a-w-    c:\windows\system32\drivers\IPMIDrv.sys.bak
2014-01-05 06:08:52    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-05 06:08:52    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-01-05 05:32:34    775952    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2014-01-05 05:32:34    67824    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-01-05 05:32:34    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-01-05 05:32:34    180248    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-01-05 05:32:31    43152    ----a-w-    c:\windows\avastSS.scr
2013-11-18 16:33:38    230048    ------w-    c:\windows\system32\MpSigStub.exe
.
============= FINISH: 10:51:21.23 ===============
 

3. I'm fairly sure I have it somewhere.

 

Thanks,

Jay

Attached Files



#4 Mako

Mako

  • Malware Response Team
  • 238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:25 AM

Posted 18 January 2014 - 04:05 AM

Hi Jay,

Welcome to the BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum. :welcome:
My name is Mako and I will be helping you with your computer problems.

First of all, I'm truly sorry for the delay. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.

Before we begin, please note the following:

  • Please stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • The instructions given are for your system only!
  • Please do not run any tools until requested! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • If you don't understand something don't hesitate to ask before running the tools.

Now let's get started...

:step1: ====Security Check====

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

:step2: ======Zoek.exe======

Take action to disable your antivirus and antispyware programs, as they may conflict with Zoek.exe
>> Info on how to disable your security applications > http://www.bleepingcomputer.com/forums/topic114351.html

Download 51a612a8b27e2-Zoek.pngzoek.exe to your desktop

  • If Internet Explorer, any other browser, or a security program issues a warning indicating the file is unsafe, please ignore, since it is a false warning.

Using Zoek.exe

  • On the Desktop, double-click Zoek.exe to start the tool.
    Windows Vista, 7 and 8 users right-click the file and select: Run as Administrator.
    Give the program a few seconds to appear.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this system only, do not use it on any other computer even if the problems are similar.
    filesrcm;
    startupall;
    chromelook;
    firefoxlook;
    
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive.
  • Please post the logfile for further review in your next comment.

Regards,

Mako

 

Member of UNITE Unified Network of Instructors and Trained Eliminators

Noticed any spelling or grammar errors in my reply? Please feel free to point them out to me, I'm always eager to learn. 


#5 JaySharp90

JaySharp90
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 18 January 2014 - 06:31 AM

Hi Mako,

Thanks for your help :) much appreciated.

 

Security Check

 Results of screen317's Security Check version 0.99.79  
 Windows Vista Service Pack 1 x86 (UAC is enabled)  
 Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Ad-Aware
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java™ 6 Update 45  
 Java 7 Update 45  
 Java version out of Date!
 Adobe Flash Player     11.9.900.170  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Firefox (26.0)
 Google Chrome 32.0.1700.72  
 Google Chrome 32.0.1700.76  
````````Process Check: objlist.exe by Laurent````````  
 Ad-Aware AAWService.exe is disabled!
 Ad-Aware AAWTray.exe is disabled!
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 6 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

Zoek

Zoek.exe v5.0.0.0 Updated 18-Januari-2014
Tool run by Other on Sat 18/01/2014 at 22:19:04.22.
Microsoft® Windows Vista™ Ultimate  6.0.6001 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Other\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

18/01/2014 10:21:21 PM Zoek.exe System Restore Point Created Succesfully.

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2014-01-05 05:56:50    73FE8285D075FE7F0CD980870A09AF3D    79    ----a-w-    C:\Windows\wininit.ini
====== C:\Users\Other\AppData\Local\Temp ====
2014-01-07 13:21:56    13A09BECABCE7CE7DE02D42D9C00A250    38456    ----a-w-    C:\Users\Other\AppData\Local\Temp\bitool.dll
2014-01-07 11:29:47    2E0323A94915FAAB10A25F3BABF82584    157696    ----a-w-    C:\Users\Other\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2014-01-07 11:14:37    89D0E06D6165C98E47065722CE703FAD    1205080    ----a-w-    C:\Users\Other\AppData\Local\Temp\ntdll_dump.dll
====== Java Cache =====
2014-01-05 06:16:09    C1BBA7F1278F193AB584FFF460DB5E2A    17878    ----a-w-    C:\Users\Other\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\eef218c-4f5b634f
2014-01-05 06:16:05    415FC9732A3F4D89A0E01251CD66E136    646    ----a-w-    C:\Users\Other\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-223ff73e
2014-01-05 06:16:05    FAD6F325411EF9951C384E1C1964389D    99    ----a-w-    C:\Users\Other\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-6.0.lap
2014-01-05 06:16:03    415FC9732A3F4D89A0E01251CD66E136    646    ----a-w-    C:\Users\Other\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\3d7894d3-696f045d
2014-01-05 06:16:05    34FA8033B50A3F99D3AB8209C72C0ABA    6860    ----a-w-    C:\Users\Other\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\1ca2666b-41ef7c72
====== C:\Windows\system32 =====
2014-01-07 11:11:42    5614386D4CFDF9E56F355C45BEEBC976    12872    ----a-w-    C:\Windows\System32\bootdelete.exe
2014-01-05 06:13:52    9223A2810B73069F4A03A636052EF14A    264616    ----a-w-    C:\Windows\System32\javaws.exe
2014-01-05 06:13:43    DC1342498BEE7EF1646E9D63138B69CC    175016    ----a-w-    C:\Windows\System32\javaw.exe
2014-01-05 06:13:43    9BF46C7F21E75FA0BB03AA93368CC66C    94632    ----a-w-    C:\Windows\System32\WindowsAccessBridge.dll
2014-01-05 06:13:43    658633D255FEF154EA1CB8705B4468C5    174504    ----a-w-    C:\Windows\System32\java.exe
====== C:\Windows\system32\drivers =====
2014-01-07 11:15:48    AC13CB789D93412106B0FB6C7EB2BCB6    83328    ----a-w-    C:\Windows\System32\drivers\WUDFRd.sys.bak
2014-01-07 11:15:48    9F6FA85E84D0A42D86A9DBB79D76B0ED    19968    ----a-w-    C:\Windows\System32\drivers\WSDScan.sys.bak
2014-01-07 11:15:48    7D1F3B131D503EF43EE594B5A2B9B427    194048    ----a-w-    C:\Windows\System32\drivers\yk60x86.sys.bak
2014-01-07 11:15:48    4422AC5ED8D4C2F0DB63E71D4C069DD7    16896    ----a-w-    C:\Windows\System32\drivers\WSDPrint.sys.bak
2014-01-07 11:15:48    13B5F255E90624A5BA0441D39CFB6BE2    51200    ----a-w-    C:\Windows\System32\drivers\WUDFPf.sys.bak
2014-01-07 11:15:48    09E5340BD9B2CB730BF4DC6BE7721291    62424    ----a-w-    C:\Windows\System32\drivers\xusb21.sys.bak
2014-01-07 11:15:47    E3A3CB253C0EC2494D4A61F5E43A389C    15872    ----a-w-    C:\Windows\System32\drivers\ws2ifsl.sys.bak
2014-01-07 11:15:47    C546864EED786304762D030FEBF6B411    17976    ----a-w-    C:\Windows\System32\drivers\wmilib.sys.bak
2014-01-07 11:15:47    4160CBE59D9B5BE22E4C3897E8DB9D56    25704    ----a-w-    C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys.bak
2014-01-07 11:15:47    4160CBE59D9B5BE22E4C3897E8DB9D56    25704    ----a-w-    C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys.bak
2014-01-07 11:15:47    4160CBE59D9B5BE22E4C3897E8DB9D56    25704    ----a-w-    C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys.bak
2014-01-07 11:15:47    4160CBE59D9B5BE22E4C3897E8DB9D56    25704    ----a-w-    C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys.bak
2014-01-07 11:15:47    0CEC23084B51B8288099EB710224E955    39936    ----a-w-    C:\Windows\System32\drivers\WpdUsb.sys.bak
2014-01-07 11:15:46    FE7A7675C26FE936226641EF32AE9BB5    38480    ----a-w-    C:\Windows\System32\drivers\WdfLdr.sys.bak
2014-01-07 11:15:46    9950E3D0F08141C7E89E64456AE7DC73    445008    ----a-w-    C:\Windows\System32\drivers\Wdf01000.sys.bak
2014-01-07 11:15:46    78FE9542363F297B18C027B2D7E7C07F    22072    ----a-w-    C:\Windows\System32\drivers\wd.sys.bak
2014-01-07 11:15:46    2E7255D172DF0B8283CDFB7B433B864E    11264    ----a-w-    C:\Windows\System32\drivers\wmiacpi.sys.bak
2014-01-07 11:15:45    D8B4A53DD2769F226B3EB374374987C9    227896    ----a-w-    C:\Windows\System32\drivers\volsnap.sys.bak
2014-01-07 11:15:45    6C8B7DF75ECF4A7DD668BEC58E268329    32768    ----a-w-    C:\Windows\System32\drivers\watchdog.sys.bak
2014-01-07 11:15:45    587253E09325E6BF226B299774B728A9    130616    ----a-w-    C:\Windows\System32\drivers\vsmraid.sys.bak
2014-01-07 11:15:45    55201897378CCA7AF8B5EFD874374A26    62464    ----a-w-    C:\Windows\System32\drivers\wanarp.sys.bak
2014-01-07 11:15:45    48DFEE8F1AF7C8235D4E626F0C4FE031    20608    ----a-w-    C:\Windows\System32\drivers\wacompen.sys.bak
2014-01-07 11:15:44    C4F3A691B5BAD343E6249BD8C2D45DEE    41472    ----a-w-    C:\Windows\System32\drivers\viac7.sys.bak
2014-01-07 11:15:44    C048D2C33D27441A0CDCAAE2651EB03D    110080    ----a-w-    C:\Windows\System32\drivers\videoprt.sys.bak
2014-01-07 11:15:44    AADF5587A4063F52C2C3FED7887426FC    20024    ----a-w-    C:\Windows\System32\drivers\viaide.sys.bak
2014-01-07 11:15:44    98F5FFE6316BD74E9E2C97206C190196    294456    ----a-w-    C:\Windows\System32\drivers\volmgrx.sys.bak
2014-01-07 11:15:44    69503668AC66C77C6CD7AF86FBDF8C43    52792    ----a-w-    C:\Windows\System32\drivers\volmgr.sys.bak
2014-01-07 11:15:44    5D7159DEF58A800D5781BA3A879627BC    56888    ----a-w-    C:\Windows\System32\drivers\VIAAGP.SYS.bak
2014-01-07 11:15:43    E67998E8F14CB0627A769F6530BCB352    134016    ----a-w-    C:\Windows\System32\drivers\usbvideo.sys.bak
2014-01-07 11:15:43    87BA6B83C5D19B69160968D07D6E2982    55296    ----a-w-    C:\Windows\System32\drivers\USBSTOR.SYS.bak
2014-01-07 11:15:43    87B06E1F30B749A114F74622D013F8D4    26112    ----a-w-    C:\Windows\System32\drivers\vgapnp.sys.bak
2014-01-07 11:15:43    814D653EFC4D48BE3B04A307ECEFF56F    23552    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys.bak
2014-01-07 11:15:43    2E93AC0A1D8C79D019DB6C51F036636C    25088    ----a-w-    C:\Windows\System32\drivers\vga.sys.bak
2014-01-07 11:15:42    E75C4B5269091D15A2E7DC0B6D35F2F5    18944    ----a-w-    C:\Windows\System32\drivers\usbprint.sys.bak
2014-01-07 11:15:42    CC6B28E4CE39951357963119CE47B143    194560    ----a-w-    C:\Windows\System32\drivers\usbhub.sys.bak
2014-01-07 11:15:42    A508C9BD8724980512136B039BBA65E9    35328    ----a-w-    C:\Windows\System32\drivers\usbscan.sys.bak
2014-01-07 11:15:42    7BDB7B0E7D45AC0402D78B90789EF47C    19456    ----a-w-    C:\Windows\System32\drivers\usbohci.sys.bak
2014-01-07 11:15:42    65AD9C60DBFA2F0EA582E691CBA03F0C    226304    ----a-w-    C:\Windows\System32\drivers\usbport.sys.bak
2014-01-07 11:15:41    CEBE90821810E76320155BEBA722FCF9    39424    ----a-w-    C:\Windows\System32\drivers\usbehci.sys.bak
2014-01-07 11:15:41    CAF811AE4C147FFCD5B51750C7F09142    73216    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys.bak
2014-01-07 11:15:41    BF85EAAB7B889E4B621111E0372CB147    25728    ----a-w-    C:\Windows\System32\drivers\USBCAMD.sys.bak
2014-01-07 11:15:41    B0B0C4970BD60E6E2B0FD33B2960490D    25728    ----a-w-    C:\Windows\System32\drivers\USBCAMD2.sys.bak
2014-01-07 11:15:41    790FDAC6D0C762DF9047C3C625A6FF6C    5888    ----a-w-    C:\Windows\System32\drivers\usbd.sys.bak
2014-01-07 11:15:41    47B9770EA21436DE4AD5AEA7926E0900    68608    ----a-w-    C:\Windows\System32\drivers\usbcir.sys.bak
2014-01-07 11:15:40    EAFE1E00739AFE6C51487A050E772E17    43520    ----a-w-    C:\Windows\System32\drivers\usbaapl.sys.bak
2014-01-07 11:15:40    D173F7B936C8F579BCC4F78DA861929C    15872    ----a-w-    C:\Windows\System32\drivers\usb8023.sys.bak
2014-01-07 11:15:40    88BD96A1BAEED33EE8BDF9499C07A841    7680    ----a-w-    C:\Windows\System32\drivers\umpass.sys.bak
2014-01-07 11:15:40    32CFF9F809AE9AED85464492BF3E32D2    34816    ----a-w-    C:\Windows\System32\drivers\umbus.sys.bak
2014-01-07 11:15:40    292A25BB75A568AE2C67169BA2C6365A    73088    ----a-w-    C:\Windows\System32\drivers\USBAUDIO.sys.bak
2014-01-07 11:15:39    B0ACFDC9E4AF279E9116C03E014B2B27    60984    ----a-w-    C:\Windows\System32\drivers\ULIAGPKX.SYS.bak
2014-01-07 11:15:39    9224BB254F591DE4CA8D572A5F0D635C    238648    ----a-w-    C:\Windows\System32\drivers\uliahci.sys.bak
2014-01-07 11:15:39    8B5088058FA1D1CD897A2113CCFF6C58    226816    ----a-w-    C:\Windows\System32\drivers\udfs.sys.bak
2014-01-07 11:15:39    8514D0E5CD0534467C5FC61BE94A569F    98408    ----a-w-    C:\Windows\System32\drivers\ulsata.sys.bak
2014-01-07 11:15:39    38C3C6E62B157A6BC46594FADA45C62B    115816    ----a-w-    C:\Windows\System32\drivers\ulsata2.sys.bak
2014-01-07 11:15:38    DCF0F056A2E4F52287264F5AB29CF206    23552    ----a-w-    C:\Windows\System32\drivers\tssecsrv.sys.bak
2014-01-07 11:15:38    CB258C2F726F1BE73C507022BE33EBB3    45624    ----a-w-    C:\Windows\System32\drivers\tpm.sys.bak
2014-01-07 11:15:38    CAECC0120AC49E3D2F758B9169872D38    15360    ----a-w-    C:\Windows\System32\drivers\TUNMP.SYS.bak
2014-01-07 11:15:38    B7C681175E3F8DE967CEFE90E46440B5    340624    ----a-w-    C:\Windows\System32\drivers\Trufos.sys.bak
2014-01-07 11:15:38    7D33C4DB2CE363C8518D2DFCF533941F    59448    ----a-w-    C:\Windows\System32\drivers\UAGP35.SYS.bak
2014-01-07 11:15:38    6042505FF6FA9AC1EF7684D0E03B6940    25088    ----a-w-    C:\Windows\System32\drivers\tunnel.sys.bak
2014-01-07 11:15:37    F9288B919EA3065AD65F33D971604696    122752    ----a-w-    C:\Windows\System32\drivers\tinspusb.sys.bak
2014-01-07 11:15:37    D09276B1FAB033CE1D40DCBDF303D10F    71680    ----a-w-    C:\Windows\System32\drivers\tdx.sys.bak
2014-01-07 11:15:37    A048056F5E1A96A9BF3071B91741A5AA    54328    ----a-w-    C:\Windows\System32\drivers\termdd.sys.bak
2014-01-07 11:15:37    5DCF5E267BE67A1AE926F2DF77FBCC56    17920    ----a-w-    C:\Windows\System32\drivers\tdpipe.sys.bak
2014-01-07 11:15:37    389C63E32B3CEFED425B61ED92D3F021    29184    ----a-w-    C:\Windows\System32\drivers\tdtcp.sys.bak
2014-01-07 11:15:36    D4A2E4A4B011F3A883AF77315A5AE76B    30208    ----a-w-    C:\Windows\System32\drivers\tcpipreg.sys.bak
2014-01-07 11:15:36    782568AB6A43160A159B6215B70BCCE9    898952    ----a-w-    C:\Windows\System32\drivers\tcpip.sys.bak
2014-01-07 11:15:36    77937EFF009AC696B90E09F671F9D0A4    20992    ----a-w-    C:\Windows\System32\drivers\tdi.sys.bak
2014-01-07 11:15:36    1239FD18895040D97B7CDBC19BC2075E    24576    ----a-w-    C:\Windows\System32\drivers\tape.sys.bak
2014-01-07 11:15:35    B7AEE68D2E867CBF69B649B18FCEDBBB    27136    ----a-w-    C:\Windows\System32\drivers\tap0901t.sys.bak
2014-01-07 11:15:35    8C8EB8C76736EBAF3B13B633B2E64125    31848    ----a-w-    C:\Windows\System32\drivers\sym_hi.sys.bak
2014-01-07 11:15:35    8072AF52B5FD103BBBA387A1E49F62CB    34920    ----a-w-    C:\Windows\System32\drivers\sym_u3.sys.bak
2014-01-07 11:15:35    7BA58ECF0C0A9A69D44B3DCA62BECF56    15288    ----a-w-    C:\Windows\System32\drivers\swenum.sys.bak
2014-01-07 11:15:35    760E4F5A1E754BBE4A1BD2A0B54F6AA6    182456    ----a-w-    C:\Windows\System32\drivers\SynTP.sys.bak
2014-01-07 11:15:35    264232EF4283F123438C60D49E52D596    52992    ----a-w-    C:\Windows\System32\drivers\stream.sys.bak
2014-01-07 11:15:35    192AA3AC01DF071B541094F251DEED10    35944    ----a-w-    C:\Windows\System32\drivers\symc8xx.sys.bak
2014-01-07 11:15:34    39AD2C7B9C05C1CCD12480890DBA4EB5    123960    ----a-w-    C:\Windows\System32\drivers\Storport.sys.bak
2014-01-07 11:15:34    2ACCC9B12AF02030F531E6CCA6F8B76E    102400    ----a-w-    C:\Windows\System32\drivers\srvnet.sys.bak
2014-01-07 11:15:33    CDDDEC541BC3C96F91ECB48759673505    691696    ----a-w-    C:\Windows\System32\drivers\sptd.sys.bak
2014-01-07 11:15:33    B7FF59408034119476B00A81BB53D5D1    146432    ----a-w-    C:\Windows\System32\drivers\srv2.sys.bak
2014-01-07 11:15:33    2252AEF839B1093D16761189F45AF885    304640    ----a-w-    C:\Windows\System32\drivers\srv.sys.bak
2014-01-07 11:15:32    F713E67C329CE82FF1E1EBB497887427    681984    ----a-w-    C:\Windows\System32\drivers\spsys.sys.bak
2014-01-07 11:15:32    7AEBDEEF071FE28B0EEF2CDD69102BFF    21048    ----a-w-    C:\Windows\System32\drivers\spldr.sys.bak
2014-01-07 11:15:32    0302BC619D4A723317E7F8EB0C362BD3    1769984    ----a-w-    C:\Windows\System32\drivers\snp2uvc.sys.bak
2014-01-07 11:15:31    D9BFD2298F5CF116D8EAAE3B02DCEE2E    982272    ----a-w-    C:\Windows\System32\drivers\smserial.sys.bak
2014-01-07 11:15:31    A7D7EA1771D2ED6F39A8063E79B6C3E8    17408    ----a-w-    C:\Windows\System32\drivers\smclib.sys.bak
2014-01-07 11:15:31    031E6BCD53C9B2B9ACE111EAFEC347B6    66560    ----a-w-    C:\Windows\System32\drivers\smb.sys.bak
2014-01-07 11:15:31    0057F29323C393A35903B4C5DAF9A144    28160    ----a-w-    C:\Windows\System32\drivers\sncduvc.sys.bak
2014-01-07 11:15:30    E95D451F7EA3E583AEC75F3B3EE42DC5    12288    ----a-w-    C:\Windows\System32\drivers\sffp_mmc.sys.bak
2014-01-07 11:15:30    A99C6C8B0BAA970D8AA59DDC50B57F94    74808    ----a-w-    C:\Windows\System32\drivers\sisraid4.sys.bak
2014-01-07 11:15:30    46ED8E91793B2E6F848015445A0AC188    13312    ----a-w-    C:\Windows\System32\drivers\sfloppy.sys.bak
2014-01-07 11:15:30    43CB7AA756C7DB280D01DA9B676CFDE2    41016    ----a-w-    C:\Windows\System32\drivers\sisraid2.sys.bak
2014-01-07 11:15:30    3EFA810BDCA87F6ECC24F9832243FE86    13312    ----a-w-    C:\Windows\System32\drivers\sffdisk.sys.bak
2014-01-07 11:15:30    3D0EA348784B7AC9EA9BD9F317980979    11776    ----a-w-    C:\Windows\System32\drivers\sffp_sd.sys.bak
2014-01-07 11:15:30    1D76624A09A054F682D746B924E2DBC3    55864    ----a-w-    C:\Windows\System32\drivers\SISAGP.SYS.bak
2014-01-07 11:15:29    C70D69A918B178D3C3B06339B40C2E1B    83456    ----a-w-    C:\Windows\System32\drivers\serial.sys.bak
2014-01-07 11:15:29    90A3935D05B494A5A39D37E71F09A677    20480    ----a-w-    C:\Windows\System32\drivers\secdrv.sys.bak
2014-01-07 11:15:29    8AF3D28A879BF75DB53A0EE7A4289624    19968    ----a-w-    C:\Windows\System32\drivers\sermouse.sys.bak
2014-01-07 11:15:29    68E44E331D46F0FB38F0863A84CD1A31    17920    ----a-w-    C:\Windows\System32\drivers\serenum.sys.bak
2014-01-07 11:15:28    6F5CA34AE885645ACF8A20D564DB976C    142904    ----a-w-    C:\Windows\System32\drivers\scsiport.sys.bak
2014-01-07 11:15:28    3CE8F073A557E172B330109436984E30    76392    ----a-w-    C:\Windows\System32\drivers\sbp2port.sys.bak
2014-01-07 11:15:28    126EA89BCC413EE45E3004FB0764888F    88576    ----a-w-    C:\Windows\System32\drivers\sdbus.sys.bak
2014-01-07 11:15:27    9C508F4074A39E8B4B31D27198146FAD    60416    ----a-w-    C:\Windows\System32\drivers\rspndr.sys.bak
2014-01-07 11:15:27    251E85A3BAC210FFF6BAD3D1F33113E8    1951000    ----a-w-    C:\Windows\System32\drivers\RTKVHDA.sys.bak
2014-01-07 11:15:26    FD692C6FFADE58F7C4C3C3C9A0EC35BD    239336    ----a-w-    C:\Windows\System32\drivers\RsFx0103.sys.bak
2014-01-07 11:15:26    BAAAE86BB4DDC7F71B0C6769BB488C5C    239464    ----a-w-    C:\Windows\System32\drivers\RsFx0102.sys.bak
2014-01-07 11:15:26    6C5393956FC1DC0C7EF94684D02FBF03    235864    ----a-w-    C:\Windows\System32\drivers\RsFx0101.sys.bak
2014-01-07 11:15:25    FDEB76BED9C0A75329CA426623297158    113664    ----a-w-    C:\Windows\System32\drivers\rmcast.sys.bak
2014-01-07 11:15:25    D231B577024AA324AF13A42F3A807D10    37376    ----a-w-    C:\Windows\System32\drivers\rixdptsk.sys.bak
2014-01-07 11:15:25    A4216C71DD4F60B26418CCFD99CD0815    42496    ----a-w-    C:\Windows\System32\drivers\rimsptsk.sys.bak
2014-01-07 11:15:25    8F5DB387FF2F57AD9107B7EB78A6D34B    33280    ----a-w-    C:\Windows\System32\drivers\RNDISMP.sys.bak
2014-01-07 11:15:25    75E8A6BFA7374ABA833AE92BF41AE4E6    8192    ----a-w-    C:\Windows\System32\drivers\rootmdm.sys.bak
2014-01-07 11:15:25    42BAC9C14D310190D3B7DECAB9BBCD11    232168    ----a-w-    C:\Windows\System32\drivers\RsFx0100.sys.bak
2014-01-07 11:15:24    FBC0BACD9C3D7F6956853F64A66E252D    248832    ----a-w-    C:\Windows\System32\drivers\rdpdr.sys.bak
2014-01-07 11:15:24    E1C18F4097A5ABCEC941DC4B2F99DB7E    181248    ----a-w-    C:\Windows\System32\drivers\rdpwd.sys.bak
2014-01-07 11:15:24    9D91FE5286F748862ECFFA05F8A0710C    6144    ----a-w-    C:\Windows\System32\drivers\RDPENCDD.sys.bak
2014-01-07 11:15:24    89E59BE9A564262A3FB6C4F4F1CD9899    6144    ----a-w-    C:\Windows\System32\drivers\RDPCDD.sys.bak
2014-01-07 11:15:24    355AAC141B214BEF1DBC1483AFD9BD50    39936    ----a-w-    C:\Windows\System32\drivers\rimmptsk.sys.bak
2014-01-07 11:15:24    34CC78C06587718C2AD6D3AA83B1F072    49664    ----a-w-    C:\Windows\System32\drivers\rfcomm.sys.bak
2014-01-07 11:15:23    A7D141684E9500AC928A772ED8E6B671    69120    ----a-w-    C:\Windows\System32\drivers\rassstp.sys.bak
2014-01-07 11:15:23    6E1C5D0457622F9EE35F683110E93D14    224768    ----a-w-    C:\Windows\System32\drivers\rdbss.sys.bak
2014-01-07 11:15:22    ECFFFAEC0C1ECD8DBC77F39070EA1DB1    62976    ----a-w-    C:\Windows\System32\drivers\raspptp.sys.bak
2014-01-07 11:15:22    A214ADBAF4CB47DD2728859EF31F26B0    76288    ----a-w-    C:\Windows\System32\drivers\rasl2tp.sys.bak
2014-01-07 11:15:22    3E9D9B048107B40D87B97DF2E48E0744    41472    ----a-w-    C:\Windows\System32\drivers\raspppoe.sys.bak
2014-01-07 11:15:22    147D7F9C556D259924351FEB0DE606C3    11776    ----a-w-    C:\Windows\System32\drivers\rasacd.sys.bak
2014-01-07 11:15:21    9F5E0E1926014D17486901C88ECA2DB7    31232    ----a-w-    C:\Windows\System32\drivers\qwavedrv.sys.bak
2014-01-07 11:15:21    81A7E5C076E59995D54BC1ED3A16E60B    106088    ----a-w-    C:\Windows\System32\drivers\ql40xx.sys.bak
2014-01-07 11:15:21    0A6DB55AFB7820C99AA1F3A1D270F4F6    1122360    ----a-w-    C:\Windows\System32\drivers\ql2300.sys.bak
2014-01-07 11:15:20    75DAD0E7F4CD3CB9455A76123AC16BF3    167936    ----a-w-    C:\Windows\System32\drivers\portcls.sys.bak
2014-01-07 11:15:20    49452BFCEC22F36A7A9B9C2181BC3042    43872    ----a-w-    C:\Windows\System32\drivers\pxhelp20.sys.bak
2014-01-07 11:15:20    2027293619DD0F047C584CF2E7DF4FFD    40960    ----a-w-    C:\Windows\System32\drivers\processr.sys.bak
2014-01-07 11:15:19    FC175F5DDAB666D7F4D17449A547626F    16440    ----a-w-    C:\Windows\System32\drivers\pciide.sys.bak
2014-01-07 11:15:19    E6F3FB1B86AA519E7698AD05E58B04E5    167528    ----a-w-    C:\Windows\System32\drivers\pcmcia.sys.bak
2014-01-07 11:15:19    6349F6ED9C623B44B52EA3C63C831A92    878080    ----a-w-    C:\Windows\System32\drivers\PEAuth.sys.bak
2014-01-07 11:15:19    4F9A6A8A31413180D0FCB279AD5D8112    8704    ----a-w-    C:\Windows\System32\drivers\parvdm.sys.bak
2014-01-07 11:15:19    46ED71AFE2C872931E87AB958BE133FA    45112    ----a-w-    C:\Windows\System32\drivers\pciidex.sys.bak
2014-01-07 11:15:19    01B94418DEB235DFF777CC80076354B4    151096    ----a-w-    C:\Windows\System32\drivers\pci.sys.bak
2014-01-07 11:15:18    BFEF604508A0ED1EAE2A73E872555FFB    72192    ----a-w-    C:\Windows\System32\drivers\pacer.sys.bak
2014-01-07 11:15:18    790E27C3DB53410B40FF9EF2FD10A1D9    61952    ----a-w-    C:\Windows\System32\drivers\ohci1394.sys.bak
2014-01-07 11:15:18    3C21CE48FF529BB73DADB98770B54025    148480    ----a-w-    C:\Windows\System32\drivers\nwifi.sys.bak
2014-01-07 11:15:18    3B38467E7C3DAED009DFE359E17F139F    56376    ----a-w-    C:\Windows\System32\drivers\partmgr.sys.bak
2014-01-07 11:15:18    0FA9B5055484649D63C303FE404E5F4D    79360    ----a-w-    C:\Windows\System32\drivers\parport.sys.bak
2014-01-07 11:15:17    ABED0C09758D1D97DB0042DBB2688177    45112    ----a-w-    C:\Windows\System32\drivers\nvstor.sys.bak
2014-01-07 11:15:17    18BBDF913916B71BD54575BDB6EEAC0B    109112    ----a-w-    C:\Windows\System32\drivers\NV_AGP.SYS.bak
2014-01-07 11:15:15    2EDF9E7751554B42CBB60116DE727101    102968    ----a-w-    C:\Windows\System32\drivers\nvraid.sys.bak
2014-01-07 11:15:14    BD409DE5681C74C1DE51D72427DC202D    10084360    ----a-w-    C:\Windows\System32\drivers\nvlddmkm.sys.bak
2014-01-07 11:15:13    E875C093AEC0C978A90F30C9E0DFBB72    20608    ----a-w-    C:\Windows\System32\drivers\ntrigdigi.sys.bak
2014-01-07 11:15:13    C5DBBCDA07D780BDA9B685DF333BB41E    4608    ----a-w-    C:\Windows\System32\drivers\null.sys.bak
2014-01-07 11:15:13    B4EFFE29EB4F15538FD8A9681108492D    1081912    ----a-w-    C:\Windows\System32\drivers\ntfs.sys.bak
2014-01-07 11:15:13    609773E344A97410CE4EBF74A8914FCF    16384    ----a-w-    C:\Windows\System32\drivers\nsiproxy.sys.bak
2014-01-07 11:15:12    ECB5003F484F9ED6C608D6D6C7886CBB    34816    ----a-w-    C:\Windows\System32\drivers\npfs.sys.bak
2014-01-07 11:15:12    CB57FEB3288CF6D5CADC6EF0E50718D9    223288    ----a-w-    C:\Windows\System32\drivers\netio.sys.bak
2014-01-07 11:15:12    2E7FB731D4790A1BC6270ACCEFACB36E    45160    ----a-w-    C:\Windows\System32\drivers\nfrd960.sys.bak
2014-01-07 11:15:12    25ACCCFC33DD448B9D3037C5E439E830    2222080    ----a-w-    C:\Windows\System32\drivers\NETw4v32.sys.bak
2014-01-07 11:15:11    BCD093A5A6777CF626434568DC7DBA78    35840    ----a-w-    C:\Windows\System32\drivers\netbios.sys.bak
2014-01-07 11:15:11    7C5FEE5B1C5728507CD96FB4A13E7A02    184320    ----a-w-    C:\Windows\System32\drivers\netbt.sys.bak
2014-01-07 11:15:11    71DAB552B41936358F3B541AE5997FB3    49664    ----a-w-    C:\Windows\System32\drivers\ndproxy.sys.bak
2014-01-07 11:15:10    D6973AA34C4D5D76C0430B181C3CD389    16896    ----a-w-    C:\Windows\System32\drivers\ndisuio.sys.bak
2014-01-07 11:15:10    9BDC71790FA08F0A0B5F10462B1BD0B1    529464    ----a-w-    C:\Windows\System32\drivers\ndis.sys.bak
2014-01-07 11:15:10    4CB5D3A5902A92606408A36865A04D53    12096    ----a-w-    C:\Windows\System32\drivers\mv2.sys.bak
2014-01-07 11:15:10    3D14C3B3496F88890D431E8AA022A411    121344    ----a-w-    C:\Windows\System32\drivers\ndiswan.sys.bak
2014-01-07 11:15:10    0E186E90404980569FB449BA7519AE61    20992    ----a-w-    C:\Windows\System32\drivers\ndistapi.sys.bak
2014-01-07 11:15:09    E384487CB84BE41D09711C30CA79646C    31288    ----a-w-    C:\Windows\System32\drivers\mssmbios.sys.bak
2014-01-07 11:15:09    B572DA05BF4E098D4BBA3A4734FB505B    5504    ----a-w-    C:\Windows\System32\drivers\mspqm.sys.bak
2014-01-07 11:15:09    B5614AECB05A9340AA0FB55BF561CC63    163384    ----a-w-    C:\Windows\System32\drivers\msrpc.sys.bak
2014-01-07 11:15:09    7199C1EEC1E4993CAF96B8C0A26BD58A    6016    ----a-w-    C:\Windows\System32\drivers\mstee.sys.bak
2014-01-07 11:15:09    6DFD1D322DE55B0B7DB7D21B90BEC49C    49720    ----a-w-    C:\Windows\System32\drivers\mup.sys.bak
2014-01-07 11:15:09    1D373C90D62DDB641D50E55B9E78D65E    5888    ----a-w-    C:\Windows\System32\drivers\mspclock.sys.bak
2014-01-07 11:15:08    F247EEC28317F6C739C16DE420097301    181304    ----a-w-    C:\Windows\System32\drivers\msiscsi.sys.bak
2014-01-07 11:15:08    D8C63D34D9C9E56C059E24EC7185CC07    8192    ----a-w-    C:\Windows\System32\drivers\mskssrv.sys.bak
2014-01-07 11:15:08    A9927F4A46B816C92F461ACB90CF8515    22528    ----a-w-    C:\Windows\System32\drivers\msfs.sys.bak
2014-01-07 11:15:08    5C80D8159181C7ABF1B14BA703B01E0B    79360    ----a-w-    C:\Windows\System32\drivers\mrxsmb20.sys.bak
2014-01-07 11:15:08    4468B0F385A86ECDDAF8D3CA662EC0E7    94776    ----a-w-    C:\Windows\System32\drivers\msdsm.sys.bak
2014-01-07 11:15:08    28023E86F17001F7CD9B15A5BC9AE07D    28728    ----a-w-    C:\Windows\System32\drivers\msahci.sys.bak
2014-01-07 11:15:08    0F400E306F385C56317357D6DEA56F62    16440    ----a-w-    C:\Windows\System32\drivers\msisadrv.sys.bak
2014-01-07 11:15:07    AE3DE84536B6799D2267443CEC8EDBB9    110080    ----a-w-    C:\Windows\System32\drivers\mrxdav.sys.bak
2014-01-07 11:15:07    6B5FA5ADFACAC9DBBE0991F4566D7D55    213504    ----a-w-    C:\Windows\System32\drivers\mrxsmb10.sys.bak
2014-01-07 11:15:07    5734A0F2BE7E495F7D3ED6EFD4B9F5A1    105984    ----a-w-    C:\Windows\System32\drivers\mrxsmb.sys.bak
2014-01-07 11:15:07    511D011289755DD9F9A7579FB0B064E6    105016    ----a-w-    C:\Windows\System32\drivers\mpio.sys.bak
2014-01-07 11:15:07    4FBBB70D30FD20EC51F80061703B001E    33384    ----a-w-    C:\Windows\System32\drivers\Mraid35x.sys.bak
2014-01-07 11:15:07    22241FEBA9B2DEFA669C8CB0A8DD7D2E    64000    ----a-w-    C:\Windows\System32\drivers\mpsdrv.sys.bak
2014-01-07 11:15:06    BDAFC88AA6B92F7842416EA6A48E1600    57400    ----a-w-    C:\Windows\System32\drivers\mountmgr.sys.bak
2014-01-07 11:15:06    93B8D4869E12CFBE663915502900876F    15872    ----a-w-    C:\Windows\System32\drivers\mouhid.sys.bak
2014-01-07 11:15:06    5BF6A1326A335C5298477754A506D263    34360    ----a-w-    C:\Windows\System32\drivers\mouclass.sys.bak
2014-01-07 11:15:05    CBB59C41F19EFEA1A000793E08070A62    18432    ----a-w-    C:\Windows\System32\drivers\MODEMCSA.sys.bak
2014-01-07 11:15:05    0A9BB33B56E294F686ABB7C1E4E2D8A8    41984    ----a-w-    C:\Windows\System32\drivers\monitor.sys.bak
2014-01-07 11:15:04    E13B5EA0F51BA5B1512EC671393D09BA    31744    ----a-w-    C:\Windows\System32\drivers\modem.sys.bak
2014-01-07 11:15:04    C252F32CD9A49DBFC25ECF26EBD51A99    386616    ----a-w-    C:\Windows\System32\drivers\MegaSR.sys.bak
2014-01-07 11:15:04    B271EC02E71271A2DA28B3B7BC4E4F15    18944    ----a-w-    C:\Windows\System32\drivers\mcd.sys.bak
2014-01-07 11:15:04    4470E3C1E0C3378E4CAB137893C12C3A    22856    ----a-w-    C:\Windows\System32\drivers\mbam.sys.bak
2014-01-07 11:15:04    0A8BAF658DC7D4399971E995F3CA500C    15416    ----a-w-    C:\Windows\System32\drivers\lullaby.sys.bak
2014-01-07 11:15:04    0001CE609D66632FA17B84705F658879    31288    ----a-w-    C:\Windows\System32\drivers\megasas.sys.bak
2014-01-07 11:15:03    EE01EBAE8C9BF0FA072E0FF68718920A    89656    ----a-w-    C:\Windows\System32\drivers\lsi_sas.sys.bak
2014-01-07 11:15:03    C7827861DE5D67B214E3896D24F807AE    374144    ----a-w-    C:\Windows\System32\drivers\Ltn_hyd7700pc.sys.bak
2014-01-07 11:15:03    912A04696E9CA30146A62AFA1463DD5C    96312    ----a-w-    C:\Windows\System32\drivers\lsi_scsi.sys.bak
2014-01-07 11:15:03    8F5C7426567798E62A3B3614965D62CC    84480    ----a-w-    C:\Windows\System32\drivers\luafv.sys.bak
2014-01-07 11:15:02    F8A7212D0864EF5E9185FB95E6623F4D    25888    ----a-w-    C:\Windows\System32\drivers\lirsgt.sys.bak
2014-01-07 11:15:02    D1C5883087A0C3F1344D9D55A44901F6    47104    ----a-w-    C:\Windows\System32\drivers\lltdio.sys.bak
2014-01-07 11:15:02    C7E15E82879BF3235B559563D4185365    96312    ----a-w-    C:\Windows\System32\drivers\lsi_fc.sys.bak
2014-01-07 11:15:02    B536BE46C769C97CCB736ED8FDD4393C    46592    ----a-w-    C:\Windows\System32\drivers\l160x86.sys.bak
2014-01-07 11:15:01    CC2A86D7BBF14977340DCA61BBCBA771    5632    ----a-w-    C:\Windows\System32\drivers\kbfiltr.sys.bak
2014-01-07 11:15:01    7A0CF7908B6824D6A2A1D313E5AE3DCA    439896    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys.bak
2014-01-07 11:15:01    47CB1CBB1D80517D7909D0860128E860    148992    ----a-w-    C:\Windows\System32\drivers\ks.sys.bak
2014-01-07 11:15:01    18247836959BA67E3511B62846B9C2E0    15872    ----a-w-    C:\Windows\System32\drivers\kbdhid.sys.bak
2014-01-07 11:15:00    BCED60D16156E428F8DF8CF27B0DF150    35944    ----a-w-    C:\Windows\System32\drivers\iteatapi.sys.bak
2014-01-07 11:15:00    6C70698A3E5C4376C6AB5C7C17FB0614    49720    ----a-w-    C:\Windows\System32\drivers\isapnp.sys.bak
2014-01-07 11:15:00    688ED8395AFE5ED7BB881A6134609DD9    23232    ----a-w-    C:\Windows\System32\drivers\itsdisk.sys.bak
2014-01-07 11:15:00    37605E0A8CF00CBBA538E753E4344C6E    35384    ----a-w-    C:\Windows\System32\drivers\kbdclass.sys.bak
2014-01-07 11:15:00    109C0DFB82C3632FBD11949B73AEEAC9    13312    ----a-w-    C:\Windows\System32\drivers\irenum.sys.bak
2014-01-07 11:15:00    06FA654504A498C30ADCA8BEC4E87E7E    35944    ----a-w-    C:\Windows\System32\drivers\iteraid.sys.bak
2014-01-07 11:14:59    E50A95179211B12946F7E035D60AF560    95744    ----a-w-    C:\Windows\System32\drivers\irda.sys.bak
2014-01-07 11:14:59    B25AAF203552B7B3491139D582B39AD1    64512    ----a-w-    C:\Windows\System32\drivers\IPMIDrv.sys.bak
2014-01-07 11:14:59    8793643A67B42CEC66490B2A0CF92D68    100864    ----a-w-    C:\Windows\System32\drivers\ipnat.sys.bak
2014-01-07 11:14:58    83AA759F3189E6370C30DE5DC5590718    17976    ----a-w-    C:\Windows\System32\drivers\intelide.sys.bak
2014-01-07 11:14:58    62C265C38769B864CB25B4BCF62DF6C3    47616    ----a-w-    C:\Windows\System32\drivers\ipfltdrv.sys.bak
2014-01-07 11:14:58    54155EA1B0DF185878E0FC9EC3AC3A14    235064    ----a-w-    C:\Windows\System32\drivers\iaStorV.sys.bak
2014-01-07 11:14:58    2D077BF86E843F901D8DB709C95B49A5    41576    ----a-w-    C:\Windows\System32\drivers\iirsp.sys.bak
2014-01-07 11:14:58    224191001E78C89DFA78924C3EA595FF    41472    ----a-w-    C:\Windows\System32\drivers\intelppm.sys.bak
2014-01-07 11:14:57    E5A0034847537EAEE3C00349D5C34C5F    308248    ----a-w-    C:\Windows\System32\drivers\iaStor.sys.bak
2014-01-07 11:14:57    C6B032D69650985468160FC9937CF5B4    30264    ----a-w-    C:\Windows\System32\drivers\i2omp.sys.bak
2014-01-07 11:14:57    95BD3EA81EBE6B8CACAFDB6CDAB3586C    19000    ----a-w-    C:\Windows\System32\drivers\i2omgmt.sys.bak
2014-01-07 11:14:57    22D56C8184586B7A1F6FA60BE5F5A2BD    54784    ----a-w-    C:\Windows\System32\drivers\i8042prt.sys.bak
2014-01-07 11:14:56    D8DF3722D5E961BAA1292AA2F12827E2    21504    ----a-w-    C:\Windows\System32\drivers\hidir.sys.bak
2014-01-07 11:14:56    96E241624C71211A79C84F50A8E71CAB    411136    ----a-w-    C:\Windows\System32\drivers\http.sys.bak
2014-01-07 11:14:56    854CA287AB7FAF949617A788306D967E    12288    ----a-w-    C:\Windows\System32\drivers\hidusb.sys.bak
2014-01-07 11:14:56    175444D3A01CA45D0E1C5DC5F48DF7CD    25472    ----a-w-    C:\Windows\System32\drivers\hidparse.sys.bak
2014-01-07 11:14:56    16EE7B23A009E00D835CDB79574A91A6    40504    ----a-w-    C:\Windows\System32\drivers\HpCISSs.sys.bak
2014-01-07 11:14:55    CB04C744BE0A61B1D648FAED182C3B59    235520    ----a-w-    C:\Windows\System32\drivers\HdAudio.sys.bak
2014-01-07 11:14:55    C87B1EE051C0464491C1A7B03FA0BC99    53760    ----a-w-    C:\Windows\System32\drivers\hdaudbus.sys.bak
2014-01-07 11:14:55    833051C6C6C42117191935F734CFBD97    26176    ----a-w-    C:\Windows\System32\drivers\hamachi.sys.bak
2014-01-07 11:14:55    8182FF89C65E4D38B2DE4BB0FB18564E    26600    ----a-w-    C:\Windows\System32\drivers\GEARAspiWDM.sys.bak
2014-01-07 11:14:55    204C3B1846E9CBAAEF88B8E1F86782F8    29184    ----a-w-    C:\Windows\System32\drivers\hidbth.sys.bak
2014-01-07 11:14:55    04F49DDD00A26C6CA984A9B480FDAA33    38912    ----a-w-    C:\Windows\System32\drivers\hidclass.sys.bak
2014-01-07 11:14:54    65EA8B77B5851854F0C55C43FA51A198    12800    ----a-w-    C:\Windows\System32\drivers\fs_rec.sys.bak
2014-01-07 11:14:54    495FA4351A96F228B4301D1E616DEFA0    101432    ----a-w-    C:\Windows\System32\drivers\FWPKCLNT.SYS.bak
2014-01-07 11:14:54    34582A6E6573D54A07ECE5FE24A126B5    61496    ----a-w-    C:\Windows\System32\drivers\GAGP30KX.SYS.bak
2014-01-07 11:14:54    1400C747E2B73966B100FDCE5426B7B2    145464    ----a-w-    C:\Windows\System32\drivers\fvevol.sys.bak
2014-01-07 11:14:53    85B7CF99D532820495D68D747FDA9EBD    20480    ----a-w-    C:\Windows\System32\drivers\flpydisk.sys.bak
2014-01-07 11:14:53    0AE429A696AECBC5970E3CF2C62635AE    27648    ----a-w-    C:\Windows\System32\drivers\filetrace.sys.bak
2014-01-07 11:14:53    05EA53AFE985443011E36DAB07343B46    192056    ----a-w-    C:\Windows\System32\drivers\fltMgr.sys.bak
2014-01-07 11:14:52    AFE1E8B9782A0DD7FB46BBD88E43F89A    25088    ----a-w-    C:\Windows\System32\drivers\fdc.sys.bak
2014-01-07 11:14:52    A8C0139A884861E3AAE9CFE73B208A9F    58936    ----a-w-    C:\Windows\System32\drivers\fileinfo.sys.bak
2014-01-07 11:14:52    3DB974F3935483555D7148663F726C61    6656    ----a-w-    C:\Windows\System32\drivers\errdev.sys.bak
2014-01-07 11:14:52    3C489390C2E2064563727752AF8EAB9E    143360    ----a-w-    C:\Windows\System32\drivers\fastfat.sys.bak
2014-01-07 11:14:52    0D858EB20589A34EFB25695ACAA6AA2D    136192    ----a-w-    C:\Windows\System32\drivers\exfat.sys.bak
2014-01-07 11:14:51    DD2CD259D83D8B72C02C5F2331FF9D68    143416    ----a-w-    C:\Windows\System32\drivers\ecache.sys.bak
2014-01-07 11:14:51    85F33880B8CFB554BD3D9CCDB486845A    625152    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys.bak
2014-01-07 11:14:51    5425F74AC0C1DBD96A1E04F17D63F94C    118784    ----a-w-    C:\Windows\System32\drivers\E1G60I32.sys.bak
2014-01-07 11:14:51    23B62471681A124889978F6295B3F4C6    342584    ----a-w-    C:\Windows\System32\drivers\elxstor.sys.bak
2014-01-07 11:14:50    F9417370FE9E0B2014226D062EDE29FB    483840    ----a-w-    C:\Windows\System32\drivers\dvb7700all.sys.bak
2014-01-07 11:14:50    EAAAFEF04FBB45665C9576E525D45A12    13312    ----a-w-    C:\Windows\System32\drivers\dxapi.sys.bak
2014-01-07 11:14:50    C078D2B163F090601200FA5A6FF3CE0A    29240    ----a-w-    C:\Windows\System32\drivers\Dumpata.sys.bak
2014-01-07 11:14:50    7680C2C92271A3E156A816C9FE9AE01C    56376    ----a-w-    C:\Windows\System32\drivers\dumpfve.sys.bak
2014-01-07 11:14:50    6D16255C9EB5683F83A472E1679ED2E4    76288    ----a-w-    C:\Windows\System32\drivers\dxg.sys.bak
2014-01-07 11:14:49    AE1FDF7BF7BB6C6A70F67699D880592A    71272    ----a-w-    C:\Windows\System32\drivers\djsvs.sys.bak
2014-01-07 11:14:49    97FEF831AB90BEE128C9AF390E243F80    5632    ----a-w-    C:\Windows\System32\drivers\drmkaud.sys.bak
2014-01-07 11:14:49    7BE5A3C671A2CB56E94403BFC2020A0D    130048    ----a-w-    C:\Windows\System32\drivers\drmk.sys.bak
2014-01-07 11:14:49    64109E623ABD6955C8FB110B592E68B7    55352    ----a-w-    C:\Windows\System32\drivers\disk.sys.bak
2014-01-07 11:14:49    0183496303B4F8A5878D99A667F33170    19968    ----a-w-    C:\Windows\System32\drivers\Diskdump.sys.bak
2014-01-07 11:14:48    E9ACAE97F17C99CB735A1E08859BF806    36408    ----a-w-    C:\Windows\System32\drivers\crashdmp.sys.bak
2014-01-07 11:14:48    A3E9FA213F443AC77C7746119D13FEEC    75264    ----a-w-    C:\Windows\System32\drivers\dfsc.sys.bak
2014-01-07 11:14:48    9A5434125C3DFE42393DE4BBB791BD19    350720    ----a-w-    C:\Windows\System32\drivers\csc.sys.bak
2014-01-07 11:14:48    741E9DFF4F42D2D8477D0FC1DC0DF871    24632    ----a-w-    C:\Windows\System32\drivers\crcdisk.sys.bak
2014-01-07 11:14:48    6AFEF0B60FA25DE07C0968983EE4F60A    20792    ----a-w-    C:\Windows\System32\drivers\compbatt.sys.bak
2014-01-07 11:14:48    1F07BECDCA750766A96CDA811BA86410    40960    ----a-w-    C:\Windows\System32\drivers\crusoe.sys.bak
2014-01-07 11:14:47    E5D4133F37219DBCFE102BC61072589D    35328    ----a-w-    C:\Windows\System32\drivers\circlass.sys.bak
2014-01-07 11:14:47    99AFC3795B58CC478FBBBCDC658FCB56    14208    ----a-w-    C:\Windows\System32\drivers\CmBatt.sys.bak
2014-01-07 11:14:47    4388CEBB2C6A7F484AC409A90A3C9FAE    127544    ----a-w-    C:\Windows\System32\drivers\Classpnp.sys.bak
2014-01-07 11:14:47    2C41CD49D82D5FD85C72D57B6CA25471    2560    ----a-w-    C:\Windows\System32\drivers\cdralw2k.sys.bak
2014-01-07 11:14:47    1EC25CEA0DE6AC4718BF89F9E1778B57    67072    ----a-w-    C:\Windows\System32\drivers\cdrom.sys.bak
2014-01-07 11:14:47    0CA25E686A4928484E9FDABD168AB629    19000    ----a-w-    C:\Windows\System32\drivers\cmdide.sys.bak
2014-01-07 11:14:46    BF79E659C506674C0497CC9C61F1A165    2432    ----a-w-    C:\Windows\System32\drivers\cdr4_xp.sys.bak
2014-01-07 11:14:46    B0A67DE1A128389AEA4D42C5A56215FD    18176    ----a-w-    C:\Windows\System32\drivers\ccdcmb.sys.bak
2014-01-07 11:14:46    93D7007E2C660DFCCA6AE72622740B14    29184    ----a-w-    C:\Windows\System32\drivers\BTHUSB.SYS.bak
2014-01-07 11:14:46    7ADD03E75BEB9E6DD102C3081D29840A    70144    ----a-w-    C:\Windows\System32\drivers\cdfs.sys.bak
2014-01-07 11:14:46    671134053D59E23704F08DB19F11E10B    219648    ----a-w-    C:\Windows\System32\drivers\bthport.sys.bak
2014-01-07 11:14:46    5904EFA25F829BF84EA6FB045134A1D8    92160    ----a-w-    C:\Windows\System32\drivers\bthpan.sys.bak
2014-01-07 11:14:45    DA7B195275BDA7F8FCF79B40E0F45DDE    19456    ----a-w-    C:\Windows\System32\drivers\bthenum.sys.bak
2014-01-07 11:14:45    BD456606156BA17E60A04E18016AE54B    12160    ----a-w-    C:\Windows\System32\drivers\BrUsbMdm.sys.bak
2014-01-07 11:14:45    B304E75CFF293029EDDF094246747113    71808    ----a-w-    C:\Windows\System32\drivers\BrSerId.sys.bak
2014-01-07 11:14:45    AF72ED54503F717A43268B3CC5FAEC2E    11904    ----a-w-    C:\Windows\System32\drivers\BrUsbSer.sys.bak
2014-01-07 11:14:45    AD07C1EC6665B8B35741AB91200C6B68    39936    ----a-w-    C:\Windows\System32\drivers\bthmodem.sys.bak
2014-01-07 11:14:45    203F0B1E73ADADBBB7B7B1FABD901F6B    62336    ----a-w-    C:\Windows\System32\drivers\BrSerWdm.sys.bak
2014-01-07 11:14:44    D4DF28447741FD3D953526E33A617397    45568    ----a-w-    C:\Windows\System32\drivers\blbdrive.sys.bak
2014-01-07 11:14:44    9F9ACC7F7CCDE8A15C282D3F88B43309    13568    ----a-w-    C:\Windows\System32\drivers\BrFiltLo.sys.bak
2014-01-07 11:14:44    9F5F8F2318DFA3974A6F6A5602733929    12288    ----a-w-    C:\Windows\System32\drivers\bdasup.sys.bak
2014-01-07 11:14:44    8153396D5551276227FA146900F734E6    69632    ----a-w-    C:\Windows\System32\drivers\bowser.sys.bak
2014-01-07 11:14:44    72DF06D26AE4CED2E08F428B96302B0E    93696    ----a-w-    C:\Windows\System32\drivers\bridge.sys.bak
2014-01-07 11:14:44    67E506B75BD5326A3EC7B70BD014DFB6    6144    ----a-w-    C:\Windows\System32\drivers\beep.sys.bak
2014-01-07 11:14:44    56801AD62213A41F6497F96DEE83755A    5248    ----a-w-    C:\Windows\System32\drivers\BrFiltUp.sys.bak
2014-01-07 11:14:43    F70D2392158CB68E775F8C4CD3D12FBB    146824    ----a-w-    C:\Windows\System32\drivers\atswpdrv.sys.bak
2014-01-07 11:14:43    F0D933B42CD0594048E4D5200AE9E417    281760    ----a-w-    C:\Windows\System32\drivers\atksgt.sys.bak
2014-01-07 11:14:43    D1C03AE69C29E239FC8000C5C0DEA709    110136    ----a-w-    C:\Windows\System32\drivers\ataport.sys.bak
2014-01-07 11:14:43    97AFFA9D95FFE20EEE6229BC6BE166CF    7680    ----a-w-    C:\Windows\System32\drivers\ATKACPI.sys.bak
2014-01-07 11:14:43    2B8A5A8879238C3BA9A89A8E3AC4E45D    28216    ----a-w-    C:\Windows\System32\drivers\battc.sys.bak
2014-01-07 11:14:42    53B202ABEE6455406254444303E87BE1    17408    ----a-w-    C:\Windows\System32\drivers\asyncmac.sys.bak
2014-01-07 11:14:42    2D9C903DC76A66813D350A562DE40ED9    21560    ----a-w-    C:\Windows\System32\drivers\atapi.sys.bak
2014-01-07 11:14:41    9B78A39A4C173FDBC1321E0DD659B34C    17976    ----a-w-    C:\Windows\System32\drivers\amdide.sys.bak
2014-01-07 11:14:41    93AE7F7DD54AB986A6F1A1B37BE7442D    44032    ----a-w-    C:\Windows\System32\drivers\amdk8.sys.bak
2014-01-07 11:14:41    5E2A321BD7C8B3624E41FDEC3E244945    79928    ----a-w-    C:\Windows\System32\drivers\arcsas.sys.bak
2014-01-07 11:14:41    5D2888182FB46632511ACEE92FDAD522    79416    ----a-w-    C:\Windows\System32\drivers\arc.sys.bak
2014-01-07 11:14:41    18F29B49AD23ECEE3D2A826C725C8D48    41472    ----a-w-    C:\Windows\System32\drivers\amdk7.sys.bak
2014-01-07 11:14:40    C47344BC706E5F0B9DCE369516661578    57400    ----a-w-    C:\Windows\System32\drivers\AMDAGP.SYS.bak
2014-01-07 11:14:40    9EAEF5FC9B8E351AFA7E78A6FAE91F91    17464    ----a-w-    C:\Windows\System32\drivers\aliide.sys.bak
2014-01-07 11:14:40    48EB99503533C27AC6135648E5474457    273408    ----a-w-    C:\Windows\System32\drivers\afd.sys.bak
2014-01-07 11:14:40    13F9E33747E6B41A3FF305C37DB0D360    56376    ----a-w-    C:\Windows\System32\drivers\AGP440.sys.bak
2014-01-07 11:14:39    FCB8C7210F0135E24C6580F7F649C73C    266808    ----a-w-    C:\Windows\System32\drivers\acpi.sys.bak
2014-01-07 11:14:39    8A42779B02AEC986EAB64ECFC98F8BD7    101432    ----a-w-    C:\Windows\System32\drivers\adpu160m.sys.bak
2014-01-07 11:14:39    60505E0041F7751BDBB80F88BF45C2CE    300600    ----a-w-    C:\Windows\System32\drivers\adpahci.sys.bak
2014-01-07 11:14:39    241C9E37F8CE45EF51C3DE27515CA4E5    149560    ----a-w-    C:\Windows\System32\drivers\adpu320.sys.bak
2014-01-07 11:14:39    04F0FCAC69C7C71A3AC4EB97FAFC8303    422968    ----a-w-    C:\Windows\System32\drivers\adp94xx.sys.bak
2014-01-07 11:14:37    0349BE02F329F4F48F1D48097FD65974    53376    ----a-w-    C:\Windows\System32\drivers\1394bus.sys.bak
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-01-05 02:58:22    --------    d-----w-    C:\Program Files\Lavasoft
2014-01-05 02:55:32    --------    d-----w-    C:\Program Files\Common Files\Lavasoft
2014-01-05 01:37:36    --------    d-----w-    C:\Program Files\Mozilla Maintenance Service
======= C: =====
====== C:\Users\Other\AppData\Roaming ======
2014-01-09 02:32:54    --------    d-----w-    C:\Users\Other\AppData\Local\Black_Tree_Gaming
2014-01-05 05:10:49    --------    d-----w-    C:\Users\Other\AppData\Roaming\Lavasoft
2014-01-05 01:37:57    --------    d-----w-    C:\Users\Other\AppData\Roaming\Mozilla
====== C:\Users\Other ======
2014-01-12 23:49:09    8B968045D75783A09592C3105F2865DA    688992    ------r-    C:\Users\Other\Downloads\dds(1).com
2014-01-09 02:21:17    E459F423CCF4B09E0F89AAA5B8FA12DC    4136616    ----a-w-    C:\Users\Other\Downloads\Nexus Mod Manager-0.46.0 (1).exe
2014-01-09 02:16:43    E459F423CCF4B09E0F89AAA5B8FA12DC    4136616    ----a-w-    C:\Users\Other\Downloads\Nexus Mod Manager-0.46.0(2).exe
2014-01-09 02:11:26    E459F423CCF4B09E0F89AAA5B8FA12DC    4136616    ----a-w-    C:\Users\Other\Downloads\Nexus Mod Manager-0.46.0(1).exe
2014-01-09 02:10:05    E459F423CCF4B09E0F89AAA5B8FA12DC    4136616    ----a-w-    C:\Users\Other\Downloads\iexplore (2).exe
2014-01-07 13:21:30    33408F35623DC5BB4A3BDE09FA45F86B    402911    ----a-w-    C:\Users\Other\Downloads\Unlocker1.9.2.exe
2014-01-07 12:40:25    8B968045D75783A09592C3105F2865DA    688992    ------r-    C:\Users\Other\Downloads\dds.com
2014-01-07 11:01:15    5C2217C2FCA1F87DDD4FAB6C65BC7142    1036305    ----a-w-    C:\Users\Other\Downloads\JRT.exe
2014-01-07 11:00:25    AF5C84446657B48C9B9B870C46438261    1233962    ----a-w-    C:\Users\Other\Downloads\adwcleaner.exe
2014-01-07 10:48:59    066578C0ABF37BA7852727685476C37B    3810304    ----a-w-    C:\Users\Other\Downloads\RogueKiller.exe
2014-01-07 10:39:37    6A7BCC99EA74142247E03466E5302BC2    1937144    ----a-w-    C:\Users\Other\Downloads\rkill.com
2014-01-07 10:33:15    --------    d-----w-    C:\ProgramData\HitmanPro
2014-01-07 10:31:35    27016D36B811E97BDADABF46204FDF92    9452704    ----a-w-    C:\Users\Other\Downloads\HitmanPro.exe
2014-01-07 10:28:19    6A7BCC99EA74142247E03466E5302BC2    1937144    ----a-w-    C:\Users\Other\Downloads\iExplore.exe
2014-01-07 10:16:42    178A34E5554DCE485E1262DDF027960C    2237968    ----a-w-    C:\Users\Other\Downloads\ieexplorer.exe
2014-01-05 06:38:19    B91FE1536AB4D680DDD77469EA3FD4BF    24097311    ----a-w-    C:\Users\Other\Downloads\vlc-2.1.2-win32.exe
2014-01-05 06:16:40    D41D8CD98F00B204E9800998ECF8427E    0    ----a-w-    C:\Users\Other\Downloads\QuickTimeInstaller.exe
2014-01-05 06:10:53    244ED0E8BA77CFA7CA28BE69B8F14447    915368    ----a-w-    C:\Users\Other\Downloads\jre-7u45-windows-i586-iftw.exe
2014-01-05 05:33:57    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-01-05 02:53:03    --------    d-----w-    C:\ProgramData\Lavasoft
2014-01-05 02:51:14    37809BC5943630EC0109C60D7DF3E144    1725064    ----a-w-    C:\Users\Other\Downloads\Adaware_Installer.exe
2014-01-05 01:36:42    9457065792A91CE63EF8662AE7A395B8    282992    ----a-w-    C:\Users\Other\Downloads\Firefox Setup Stub 26.0 (1).exe

====== C: exe-files ==
2014-01-17 04:30:32    6B11E9E8B6C4DDC773875D508A685253    904872    ----a-w-    C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\32.0.1700.76\32.0.1700.76_32.0.1700.72_chrome_updater.exe
=== C: other files ==
2014-01-12 23:49:09    8B968045D75783A09592C3105F2865DA    688992    ------r-    C:\Users\Other\Downloads\dds(1).com

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

[HKEY_USERS\S-1-5-21-426177869-1149184608-1594328787-1002\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe"
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"
"EPSON TX610FW Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFJP.EXE /FU C:\Windows\TEMP\E_SC2A9.tmp /EF HKCU"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE"
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe /runcleanupscript"
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"Aimersoft Helper Compact.exe"="C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime"
"AdobeAAMUpdater-1.0"="C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"AdobeCS5.5ServiceManager"="C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe -launchedbylogin"
"DivXMediaServer"="C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe"
"DivXUpdate"="C:\Program Files\DivX\DivX Update\DivXUpdate.exe /CHECKNOW"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe"
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"
"EPSON TX610FW Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFJP.EXE /FU C:\Windows\TEMP\E_SC2A9.tmp /EF HKCU"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\\progra~1\\google\\google~1\\goec62~1.dll"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe Reader Speed Launcher"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Akamai NetSession Interface]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Akamai NetSession Interface"
"hkey"="HKCU"
"command"="\"C:\\Users\\Other\\AppData\\Local\\Akamai\\netsession_win.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS Camera ScreenSaver]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ASUS Camera ScreenSaver"
"hkey"="HKLM"
"command"="C:\\Windows\\ASScrProlog.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS Screen Saver Protector]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ASUS Screen Saver Protector"
"hkey"="HKLM"
"command"="C:\\Windows\\ASScrPro.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DivXUpdate"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\DivX\\DivX Update\\DivXUpdate.exe\" /CHECKNOW"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EEventManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EEventManager"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\EPSONS~1\\EVENTM~1\\EEventManager.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPSON TX610FW Series (Copy 1)]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EPSON TX610FW Series (Copy 1)"
"hkey"="HKCU"
"command"="C:\\Windows\\system32\\spool\\DRIVERS\\W32X86\\3\\E_FATIFJP.EXE /FU \"C:\\Windows\\TEMP\\E_SB37.tmp\" /EF \"HKCU\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPSON TX610FW Series (Copy 2)]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EPSON TX610FW Series (Copy 2)"
"hkey"="HKCU"
"command"="C:\\Windows\\system32\\spool\\DRIVERS\\W32X86\\3\\E_FATIFJP.EXE /FU \"C:\\Windows\\TEMP\\E_SB3CB.tmp\" /EF \"HKCU\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPSON TX610FW Series (Copy 3)]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EPSON TX610FW Series (Copy 3)"
"hkey"="HKCU"
"command"="C:\\Windows\\system32\\spool\\DRIVERS\\W32X86\\3\\E_FATIFJP.EXE /FU \"C:\\Windows\\TEMP\\E_S1963.tmp\" /EF \"HKCU\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FUFAXSTM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FUFAXSTM"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Epson Software\\FAX Utility\\FUFAXSTM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Desktop Search]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Google Desktop Search"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LightScribe Control Panel]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LightScribe Control Panel"
"hkey"="HKCU"
"command"="C:\\Program Files\\Common Files\\LightScribe\\LightScribeControlPanel.exe -hidden"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogMeIn Hamachi Ui]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogMeIn Hamachi Ui"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\LogMeIn Hamachi\\hamachi-2-ui.exe\" --auto-start"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Malwarebytes Anti-Malware (reboot)]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Malwarebytes Anti-Malware (reboot)"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe\" /runcleanupscript"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroFilterCheck"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Pando Media Booster]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Pando Media Booster"
"hkey"="HKCU"
"command"="C:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PowerForPhone]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PowerForPhone"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\P4P\\P4P.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RtHDVCpl"
"hkey"="HKLM"
"command"="RtHDVCpl.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skytel]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skytel"
"hkey"="HKLM"
"command"="Skytel.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SMSERIAL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SMSERIAL"
"hkey"="HKLM"
"command"="C:\\Program Files\\Motorola\\SMSERIAL\\sm56hlpr.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="swg"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TkBellExe"
"hkey"="HKLM"
"command"="\"c:\\program files\\real\\realplayer\\Update\\realsched.exe\" -osboot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Windows Defender"
"hkey"="HKLM"
"command"="%ProgramFiles%\\Windows Defender\\MSASCui.exe -hide"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\XboxStat]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="XboxStat"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Microsoft Xbox 360 Accessories\\XboxStat.exe\" silentrun"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Kyle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
"path"="C:\\Users\\Kyle\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\LimeWire On Startup.lnk"
"backup"="C:\\Windows\\pss\\LimeWire On Startup.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~1\\LimeWire\\LimeWire.exe -startup"
"item"="LimeWire On Startup"


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Epson Printer Software Downloader.job --a------ C:\Program Files\EPSON\EPAPDL\E_SAPDL2.exe [26/05/2009 11:43 AM]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [05/02/2010 05:23 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [05/02/2010 05:23 PM]
C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Kyle.job --a------ C:\Program Files\Norton Internet Security\Engine\17.9.0.12\navw32.exe []
C:\Windows\tasks\User_Feed_Synchronization-{73D202D7-D392-4D5B-B55B-9E6A33301246}.job --ah----- C:\Windows\system32\msfeedssync.exe [21/01/2008 01:23 PM]
C:\Windows\tasks\User_Feed_Synchronization-{F4AA0108-88AD-4CF1-8148-6F8F0C425ED1}.job --ah----- C:\Windows\system32\msfeedssync.exe [21/01/2008 01:23 PM]

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\ASUS Live Update" [C:\Program Files\ASUS\ASUS Live Update\ALU.exe]
"C:\Windows\system32\tasks\ASUS SmartLogon Console Sensor" [C:\Program Files\ASUS\SmartLogon\sensorsrv.exe]
"C:\Windows\system32\tasks\Epson Printer Software Downloader" [C:\Program Files\EPSON\EPAPDL\E_SAPDL2.EXE]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\Norton Internet Security - Run Full System Scan - Kyle" [C:\Program Files\Norton Internet Security\Engine\17.9.0.12\navw32.exe]
"C:\Windows\system32\tasks\RealUpgradeLogonTaskS-1-5-21-426177869-1149184608-1594328787-1002" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\system32\tasks\RealUpgradeScheduledTaskS-1-5-21-426177869-1149184608-1594328787-1002" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\system32\tasks\RunOW" [C:\Program Files\Overwolf\OverwolfLauncher.exe]
"C:\Windows\system32\tasks\User_Feed_Synchronization-{73D202D7-D392-4D5B-B55B-9E6A33301246}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\system32\tasks\User_Feed_Synchronization-{F4AA0108-88AD-4CF1-8148-6F8F0C425ED1}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\system32\tasks\{5ECF6AF4-A416-4F83-8FFB-938889B7918A}" [C:\Program Files\Skype\\Phone\Skype.exe]
"C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"="C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5" [20/06/2013 07:56 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\40drqgrj.default
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext
- Undetermined - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\IPSFFPlgn
- Undetermined - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\coFFPlgn
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

ProfilePath: C:\Users\Other\AppData\Roaming\Mozilla\Firefox\Profiles\hw4u3vbb.default-1388901588580
- Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Other\AppData\Roaming\Mozilla\Firefox\Profiles\hw4u3vbb.default-1388901588580
F891089A6AB9E12FEDEBCC5EC0F40D66    - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll -    Shockwave Flash
3220B1254AEF7A191187EC03F51B3D61    - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll -    Adobe Acrobat
B2576571746839180833E048AC2CCA5C    - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll -    Adobe Acrobat
CBFE3156904AB2D1A097F5E74A6C62F3    - C:\Program Files\VideoLAN\VLC\npvlc.dll -    VLC Web Plugin
F3B0E300AFC94E1A775A2D935A7D384F    - C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll -    Shockwave for Director / Shockwave for Director
C36444D7301A8C881FC7296B092609C7    - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll -    Google Update
6768C724599214E4F9ADD9F8FF5097EB    - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll -    Java™ Platform SE 7 U45
F1CD6E22E5AE5CEEB7712E546A5FC853    - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll -    Java Deployment Toolkit 7.0.450.18
5B92CB0A3EEE50F6B9AE036B4F9B0F0C    - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll -    Google Earth Plugin
BE501CBC29B2025A263D80D399F1797A    - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll -    Silverlight Plug-In
55F213A61B82B6174B02881562FE20A0    - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll -    DivX Plus Web Player
D493C8FC0D0FD015BB9765658D77346E    - C:\Users\Other\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll -    Unity Player
11EF47BE3D8A4A943E10A63870C1F2C6    - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll -    QuickTime Plug-in 7.7.3
BB7F5F4966E76578A3EC0D11C444C545    - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll -    QuickTime Plug-in 7.7.3
16112E74A62381C69456566D35F9E51E    - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll -    QuickTime Plug-in 7.7.3
BB28A86CDFFFBB041C72AD9EFEAA00D0    - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll -    QuickTime Plug-in 7.7.3
2DA7883A884BE60F9EB2810F67E0E361    - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll -    QuickTime Plug-in 7.7.3
DE5507DBA44CC5B6869205871B64A587    - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll -    QuickTime Plug-in 7.7.3
419680FCE774976FD752EB425D91AEDF    - C:\Program Files\QuickTime\Plugins\npqtplugin.dll -    QuickTime Plug-in 7.7.3
22E99FC8CC1E9DB023446A0FF6E8D437    - C:\Program Files\Nitro\Reader 3\npnitromozilla.dll -    Nitro PDF plugin for Firefox and Chrome
6D657ABADF217DBB17CF0A0AF44A7E29    - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll -    Nexon Game Controller
36FBE76F4F51396B0F70FC95CD7481D2    - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll -    Pando Web Plugin
D28AD1CB902AC6D228532812D3850C7D    - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll -    iTunes Application Detector
B938C1AE3ADCE166190895685B0BEB0D    - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll -    DivX VOD Helper Plug-in
20B8C020A3C70323B2130BD3AC057B0A    - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll -    NVIDIA 3D VISION
E7D03AEA45B6EBA677C20A6DB9E63A2E    - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll -    NVIDIA 3D Vision
1C8124B6A03A620EB0CBCA615666D2AE    - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll -    Windows Live® Photo Gallery
517021D1BCA1962ABF09099014A7D87D    - C:\Windows\system32\npOGPPlugin.dll -    OGPlanet Game Plugin
3E31FF7F2EA6E7BB507605C2B9081FA3    - C:\Program Files\Virtools\3D Life Player\npvirtools.dll -    3DVIA player
09B99959736F4F0BFAC608D01F206BE8    - C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll -    Unity Player
AB87EEFFD18F2BAAFC274E7075EA6C67    - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll -    Windows Presentation Foundation / Windows Presentation Foundation
DFCAB29E8FD38F95650CC1E203E8D318    - C:\Windows\system32\npmproxy.dll -    Microsoft® Windows® Operating System
EFF299750916AC0911144AFE7636697D    - C:\Program Files\Nitro\Reader 3\npnitroie.dll -    Nitro PDF plugin for Internet Explorer
B8778635FF0B519C94CE2AA37DC37133    - C:\Program Files\Nitro\Reader 3\npdf.dll -    Nitro PDF Library
B27CCB1168B1960AEC6E9D3E0E0F0D2A    - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrlui.dll -    Microsoft® Silverlight


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
aaaappmhgaaggeoepicjahnbofmjacog - C:\Users\Other\AppData\Local\APN\GoogleCRXs\aaaappmhgaaggeoepicjahnbofmjacog_7.14.1.0.crx[]
jfmjfhklogoienhpfnppmbcbjfjnkonk - No path found[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[14/05/2013 02:27 PM]
nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[06/05/2013 07:12 PM]

YouTube - Other\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Other\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Skype for Chromium - Other\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Google Wallet - Other\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
DivX Plus Web Player HTML5 \u003Cvideo\u003E - Other\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm
Gmail - Other\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on Sat 18/01/2014 at 22:28:14.05 ======================
 

Regards,

Jay



#6 Mako

Mako

  • Malware Response Team
  • 238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:25 AM

Posted 18 January 2014 - 10:08 AM

Hello Jay,

There are some outdated programs and plugins on your computer that I would like to handle first :).

:step1:  Service pack warning!
Is there a reason you haven't updated to Windows Vista Service pack 2? It is highly recommended that you install Service pack 2 since older versions contain security leaks and are vulnerable to malware.
Make sure your Windows Update is set to automatic to obtain the latest updates from Microsoft and keep your computer well protected.
Go to this website and download Get SP2 32-bit to your desktop. Complete the installation.

:step2:  Removing old version of Java

  • Go to Start > Control Panel > Software and remove all versions older than Java 7 from the software list.
  • Include old programs with Java Runtime Environment (JRE of J2SE) in the name.
  • Reboot your computer <-- Important!

:step3:  Update Adobe Reader

  • Go to the official website of Adobe to download and install the latest version of Adobe.
  • Make sure to uncheck the option to install McAfee.

:step4:  ====Farbar Service Scanner (FSS)====
Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Regards,

Mako


Regards,

Mako

 

Member of UNITE Unified Network of Instructors and Trained Eliminators

Noticed any spelling or grammar errors in my reply? Please feel free to point them out to me, I'm always eager to learn. 


#7 JaySharp90

JaySharp90
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 18 January 2014 - 07:57 PM

Thanks, I have now updated to SP2, as well as the latest java.

 

Farbar Service Scanner Version: 08-01-2014
Ran by Other (administrator) on 19-01-2014 at 11:56:01
Running from "C:\Users\Other\Desktop"
Microsoft® Windows Vista™ Ultimate  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

 

Regards,

Jay



#8 Mako

Mako

  • Malware Response Team
  • 238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:25 AM

Posted 19 January 2014 - 03:29 AM

Hello again,
 
:step1: ====Zoek.exe====

Start Zoek.exe 51a612a8b27e2-Zoek.png again.

Take action to disable your antivirus and antispyware programs, as they may conflict with Zoek.exe
>> Info on how to disable your security applications > http://www.bleepingcomputer.com/forums/topic114351.html

Using Zoek.exe
  • On the Desktop, double-click Zoek.exe to start the tool.
    Windows Vista, 7 and 8 users right-click the file and select: Run as Administrator.
    Give the program a few seconds to appear.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this system only, do not use it on any other computer even if the problems are similar.
    C:\Users\Other\AppData\LocalLow\Sun\Java\Deployment\cache\6.0;fs
    {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA};c
    aaaappmhgaaggeoepicjahnbofmjacog;chr
    jfmjfhklogoienhpfnppmbcbjfjnkonk;chr
    autoclean;
    
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive.
  • Please post the logfile for further review in your next comment.

Edited by Mako, 19 January 2014 - 03:30 AM.

Regards,

Mako

 

Member of UNITE Unified Network of Instructors and Trained Eliminators

Noticed any spelling or grammar errors in my reply? Please feel free to point them out to me, I'm always eager to learn. 


#9 JaySharp90

JaySharp90
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 19 January 2014 - 04:18 AM

I'm not sure if I ran this before or after you editted the post. Sorry.

 

Zoek.exe v5.0.0.0 Updated 18-Januari-2014
Tool run by Other on Sun 19/01/2014 at 19:52:17.44.
Microsoft® Windows Vista™ Ultimate  6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Other\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-01-18-112814.log    61960 bytes

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-426177869-1149184608-1594328787-1002\Software\Microsoft\Internet Explorer\SearchScopes\{2F899492-3AAC-4F5F-AC73-CB798CC183E6} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\40drqgrj.default

user.js not found
---- Lines {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} modified from prefs.js ----

user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20,{20a82645-c095-46ed-80e3-08825760534b}:1.2.1,{e4a8a97b-f2ed-450b-b
---- FireFox user.js and prefs.js backups ----

prefs_20141901_0805_.backup

ProfilePath: C:\Users\Other\AppData\Roaming\Mozilla\Firefox\Profiles\hw4u3vbb.default-1388901588580

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20141901_0805_.backup

==== Deleting Files \ Folders ======================

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} not found
C:\Users\Other\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 deleted
C:\found.000 deleted
C:\Users\Kyle\AppData\Roaming\GetRightToGo deleted
C:\Users\Other\AppData\Roaming\RSBot_Accounts.ini deleted
C:\Users\Kyle\AppData\Local\GLF3EFC.tmp deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\AskToolbar deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\Windows\DUMP49cb.tmp deleted
C:\Windows\wininit.ini deleted
C:\Users\Public\Desktop\YTD Video Downloader.lnk deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"="C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5" [20/06/2013 07:56 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\40drqgrj.default
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext
- Undetermined - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\IPSFFPlgn
- Undetermined - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\coFFPlgn
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

ProfilePath: C:\Users\Other\AppData\Roaming\Mozilla\Firefox\Profiles\hw4u3vbb.default-1388901588580
- Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Other\AppData\Roaming\Mozilla\Firefox\Profiles\hw4u3vbb.default-1388901588580
A9191AE22A8F1287B5E2DF33E3A57253    - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll -    Java™ Platform SE 7 U51
9B10927CFD0F7AD39E40C0E34005B1AD    - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll -    Java Deployment Toolkit 7.0.510.13
F891089A6AB9E12FEDEBCC5EC0F40D66    - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll -    Shockwave Flash
3220B1254AEF7A191187EC03F51B3D61    - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll -    Adobe Acrobat
B2576571746839180833E048AC2CCA5C    - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll -    Adobe Acrobat
CBFE3156904AB2D1A097F5E74A6C62F3    - C:\Program Files\VideoLAN\VLC\npvlc.dll -    VLC Web Plugin
F3B0E300AFC94E1A775A2D935A7D384F    - C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll -    Shockwave for Director / Shockwave for Director
C36444D7301A8C881FC7296B092609C7    - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll -    Google Update
5B92CB0A3EEE50F6B9AE036B4F9B0F0C    - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll -    Google Earth Plugin
BE501CBC29B2025A263D80D399F1797A    - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll -    Silverlight Plug-In
55F213A61B82B6174B02881562FE20A0    - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll -    DivX Plus Web Player
D493C8FC0D0FD015BB9765658D77346E    - C:\Users\Other\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll -    Unity Player
11EF47BE3D8A4A943E10A63870C1F2C6    - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll -    QuickTime Plug-in 7.7.3
BB7F5F4966E76578A3EC0D11C444C545    - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll -    QuickTime Plug-in 7.7.3
16112E74A62381C69456566D35F9E51E    - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll -    QuickTime Plug-in 7.7.3
BB28A86CDFFFBB041C72AD9EFEAA00D0    - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll -    QuickTime Plug-in 7.7.3
2DA7883A884BE60F9EB2810F67E0E361    - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll -    QuickTime Plug-in 7.7.3
DE5507DBA44CC5B6869205871B64A587    - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll -    QuickTime Plug-in 7.7.3
419680FCE774976FD752EB425D91AEDF    - C:\Program Files\QuickTime\Plugins\npqtplugin.dll -    QuickTime Plug-in 7.7.3
22E99FC8CC1E9DB023446A0FF6E8D437    - C:\Program Files\Nitro\Reader 3\npnitromozilla.dll -    Nitro PDF plugin for Firefox and Chrome
6D657ABADF217DBB17CF0A0AF44A7E29    - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll -    Nexon Game Controller
36FBE76F4F51396B0F70FC95CD7481D2    - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll -    Pando Web Plugin
D28AD1CB902AC6D228532812D3850C7D    - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll -    iTunes Application Detector
B938C1AE3ADCE166190895685B0BEB0D    - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll -    DivX VOD Helper Plug-in
20B8C020A3C70323B2130BD3AC057B0A    - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll -    NVIDIA 3D VISION
E7D03AEA45B6EBA677C20A6DB9E63A2E    - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll -    NVIDIA 3D Vision
1C8124B6A03A620EB0CBCA615666D2AE    - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll -    Windows Live® Photo Gallery
517021D1BCA1962ABF09099014A7D87D    - C:\Windows\system32\npOGPPlugin.dll -    OGPlanet Game Plugin
3E31FF7F2EA6E7BB507605C2B9081FA3    - C:\Program Files\Virtools\3D Life Player\npvirtools.dll -    3DVIA player
09B99959736F4F0BFAC608D01F206BE8    - C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll -    Unity Player
AB87EEFFD18F2BAAFC274E7075EA6C67    - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll -    Windows Presentation Foundation / Windows Presentation Foundation
DFCAB29E8FD38F95650CC1E203E8D318    - C:\Windows\system32\npmproxy.dll -    Microsoft® Windows® Operating System
EFF299750916AC0911144AFE7636697D    - C:\Program Files\Nitro\Reader 3\npnitroie.dll -    Nitro PDF plugin for Internet Explorer
B8778635FF0B519C94CE2AA37DC37133    - C:\Program Files\Nitro\Reader 3\npdf.dll -    Nitro PDF Library
B27CCB1168B1960AEC6E9D3E0E0F0D2A    - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrlui.dll -    Microsoft® Silverlight


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
aaaappmhgaaggeoepicjahnbofmjacog - C:\Users\Other\AppData\Local\APN\GoogleCRXs\aaaappmhgaaggeoepicjahnbofmjacog_7.14.1.0.crx[]
jfmjfhklogoienhpfnppmbcbjfjnkonk - No path found[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[14/05/2013 02:27 PM]
nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[06/05/2013 07:12 PM]

YouTube - Other\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Other\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Skype for Chromium - Other\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Google Wallet - Other\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
DivX Plus Web Player HTML5 \u003Cvideo\u003E - Other\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm
Gmail - Other\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.au/"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.asus.com"
"Search Bar"="http://www.google.com/ie"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS"
"Default_Page_URL"="http://www.asus.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com.au/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search"
{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google  Url="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUS_en"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\aaaappmhgaaggeoepicjahnbofmjacog deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe deleted successfully

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Kyle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Kyle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Other\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Other\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Other\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Other\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Other\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Kyle\AppData\Local\Mozilla\Firefox\Profiles\40drqgrj.default\Cache emptied successfully
C:\Users\Other\AppData\Local\Mozilla\Firefox\Profiles\hw4u3vbb.default-1388901588580\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Other\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=46 folders=74 167351882 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Kyle\AppData\Local\Temp emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\Other\AppData\Local\Temp  will be emptied at reboot
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Other\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Other\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\ehmsdri.log" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\ehRecvr.log" not found

==== EOF on Sun 19/01/2014 at 20:14:42.07 ======================
 


Edited by JaySharp90, 19 January 2014 - 04:20 AM.


#10 Mako

Mako

  • Malware Response Team
  • 238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:25 AM

Posted 19 January 2014 - 04:36 AM

Hello Jay,
 
Doesn't matter, the script hasn't changed. I just had a hard time getting it inside the code-box.  :blush:
 
:step1:  ====AdwCleaner====
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When finished click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

:step2: ====aswMBR====
Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Regards,

Mako

 

Member of UNITE Unified Network of Instructors and Trained Eliminators

Noticed any spelling or grammar errors in my reply? Please feel free to point them out to me, I'm always eager to learn. 


#11 JaySharp90

JaySharp90
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 19 January 2014 - 08:30 PM

AdwCleaner

# AdwCleaner v3.017 - Report created 20/01/2014 at 10:30:09
# Updated 12/01/2014 by Xplode
# Operating System : Windows Vista ™ Ultimate Service Pack 2 (32 bits)
# Username : Other - ASUS-M51SN
# Running from : C:\Users\Other\Desktop\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6002.18005


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\40drqgrj.default\prefs.js ]


[ File : C:\Users\Other\AppData\Roaming\Mozilla\Firefox\Profiles\hw4u3vbb.default-1388901588580\prefs.js ]


-\\ Google Chrome v32.0.1700.76

[ File : C:\Users\Other\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [11683 octets] - [07/01/2014 22:18:44]
AdwCleaner[R1].txt - [1138 octets] - [20/01/2014 10:25:26]
AdwCleaner[S0].txt - [12155 octets] - [07/01/2014 22:22:50]
AdwCleaner[S1].txt - [1060 octets] - [20/01/2014 10:30:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1120 octets] ##########
 

aswMBR ...this generated MBR.dat as well as the log, do you need that too?

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-01-20 10:42:21
-----------------------------
10:42:21.549    OS Version: Windows 6.0.6002 Service Pack 2
10:42:21.550    Number of processors: 2 586 0x1706
10:42:21.550    ComputerName: ASUS-M51SN  UserName: Other
10:42:49.718    Initialize success
10:42:52.606    AVAST engine defs: 14011900
10:43:04.479    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
10:43:04.482    Disk 0 Vendor: ST9250827AS 3.AAA Size: 238475MB BusType: 3
10:43:04.521    Disk 0 MBR read successfully
10:43:04.523    Disk 0 MBR scan
10:43:04.526    Disk 0 Windows VISTA default MBR code
10:43:04.545    Disk 0 Partition 1 00     1C Hidd FAT32 LBA MSDOS5.0     5000 MB offset 2048
10:43:04.581    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       140085 MB offset 10242048
10:43:04.584    Disk 0 Partition - 00     0F Extended LBA             93388 MB offset 297136128
10:43:04.663    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        93387 MB offset 297138176
10:43:04.681    Disk 0 scanning sectors +488394752
10:43:04.837    Disk 0 scanning C:\Windows\system32\drivers
10:44:46.721    Service scanning
10:45:57.035    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
10:46:15.143    Modules scanning
10:47:32.557    Disk 0 trace - called modules:
10:47:32.574    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8632d1f8]<<
10:47:32.578    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86be2708]
10:47:32.582    3 CLASSPNP.SYS[8b5c38b3] -> nt!IofCallDriver -> [0x86406538]
10:47:32.586    5 acpi.sys[807b56bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x86406660]
10:47:32.590    \Driver\atapi[0x863f5238] -> IRP_MJ_CREATE -> 0x8632d1f8
10:47:35.443    AVAST engine scan C:\Windows
10:47:55.923    AVAST engine scan C:\Windows\system32
10:56:12.399    AVAST engine scan C:\Windows\system32\drivers
10:57:31.946    AVAST engine scan C:\Users\Other
12:05:57.362    AVAST engine scan C:\ProgramData
12:10:48.604    Scan finished successfully
12:27:50.262    Disk 0 MBR has been saved successfully to "C:\Users\Other\Desktop\MBR.dat"
12:27:50.266    The log file has been saved successfully to "C:\Users\Other\Desktop\aswMBR.txt"

 



#12 Mako

Mako

  • Malware Response Team
  • 238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:25 AM

Posted 20 January 2014 - 05:46 AM

Hi,
 
Can you post a new DDS log to check on some things please.
Have you noticed any changes since you've started this topic? Are there still annoying re-directs etc.?
 
Regards,
Mako

Regards,

Mako

 

Member of UNITE Unified Network of Instructors and Trained Eliminators

Noticed any spelling or grammar errors in my reply? Please feel free to point them out to me, I'm always eager to learn. 


#13 JaySharp90

JaySharp90
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 20 January 2014 - 07:12 AM

Hey Mako,

It seems to have cleared up. I haven't noticed any redirects in the past couple of hours which is great. They were pretty sporadic to being with so I'm not 100% sure, but I think it's fine for now. Thank you so much for your help, I really appreciate it. Not sure why the tools I ran to begin with coudln't get rid of it, so thanks =). Does the new DDS show that it's fixed?

 

New DDS

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6002.18005  BrowserJavaVersion: 10.51.2
Run by Other at 23:00:53 on 2014-01-20
Microsoft® Windows Vista™ Ultimate   6.0.6002.2.1252.61.1033.18.3070.952 [GMT 11:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Other\AppData\Roaming\uTorrent\uTorrent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
BHO: FGCatchUrl: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - c:\program files\flashget\jccatch.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: FlashGet GetFlash Class: {F156768E-81EF-470C-9057-481BA8380DBA} - c:\program files\flashget\getflash.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [EPSON TX610FW Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifjp.exe /fu "c:\windows\temp\E_SC2A9.tmp" /EF "HKCU"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Aimersoft Helper Compact.exe] c:\program files\common files\aimersoft\aimersoft helper compact\ASHelper.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [NoIE4StubProcessing] c:\windows\system32\reg.exe delete "hklm\software\microsoft\active setup\Installed Components" /v "NoIE4StubProcessing" /f
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.1.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.20.1
TCP: Interfaces\{1A884C8F-7974-4458-91C5-795FD1CB4F9E} : DHCPNameServer = 7.254.254.254
TCP: Interfaces\{D2A6AD2D-1226-4179-AF21-A4E2F0DFA629} : DHCPNameServer = 192.168.20.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
AppInit_DLLs= c:\progra~1\google\google~1\goec62~1.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.76\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\other\appdata\roaming\mozilla\firefox\profiles\hw4u3vbb.default-1388901588580\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\nitro\reader 3\npdf.dll
FF - plugin: c:\program files\nitro\reader 3\npnitroie.dll
FF - plugin: c:\program files\nitro\reader 3\npnitromozilla.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\other\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1207148.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\npOGPPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-5-27 21576]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-5-27 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-5-27 180248]
R0 lullaby;lullaby;c:\windows\system32\drivers\lullaby.sys [2010-2-4 15416]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-5-10 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-5-10 410528]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-5-10 67824]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l160x86.sys [2007-10-31 46592]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2012-12-6 27136]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2012-9-19 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2012-9-19 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2012-9-19 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2012-9-19 25704]
S3 Ltn_hyd7700pc;TV tuner device ;c:\windows\system32\drivers\Ltn_hyd7700pc.sys [2007-5-19 374144]
S3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [2010-2-6 12096]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-3-6 16456]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-3-6 11088]
S3 USBTINSP;TI-Nspire™ Handheld or TI Network Bridge Device Driver;c:\windows\system32\drivers\tinspusb.sys [2010-3-29 122752]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2012-8-4 19968]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="c:\program files\adobe\adobe dreamweaver cs5.5\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs5.5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-01-20 00:10:07    1218048    ----a-w-    c:\program files\windows journal\NBDoc.DLL
2014-01-20 00:10:06    964608    ----a-w-    c:\program files\windows journal\JNWDRV.dll
2014-01-20 00:10:06    1404928    ----a-w-    c:\program files\common files\microsoft shared\ink\InkObj.dll
2014-01-20 00:10:05    983552    ----a-w-    c:\program files\windows journal\JNTFiltr.dll
2014-01-20 00:10:05    936960    ----a-w-    c:\program files\common files\microsoft shared\ink\journal.dll
2014-01-20 00:10:04    47104    ----a-w-    c:\program files\windows journal\PDIALOG.exe
2014-01-19 23:16:32    2422272    ----a-w-    c:\windows\system32\wucltux.dll
2014-01-19 23:15:46    88576    ----a-w-    c:\windows\system32\wudriver.dll
2014-01-19 23:15:38    33792    ----a-w-    c:\windows\system32\wuapp.exe
2014-01-19 23:15:38    171904    ----a-w-    c:\windows\system32\wuwebv.dll
2014-01-19 09:14:50    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-01-19 09:08:24    24064    ----a-w-    c:\windows\zoek-delete.exe
2014-01-19 09:08:17    --------    d-----w-    c:\users\other\appdata\local\Temp
2014-01-19 00:49:27    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-01-19 00:28:20    --------    d-----w-    c:\windows\system32\vi-VN
2014-01-19 00:28:20    --------    d-----w-    c:\windows\system32\eu-ES
2014-01-19 00:28:20    --------    d-----w-    c:\windows\system32\ca-ES
2014-01-18 23:51:42    --------    d-----w-    c:\windows\system32\EventProviders
2014-01-18 11:14:41    --------    d-----w-    C:\zoek_backup
2014-01-18 00:51:25    7760024    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{f61253d8-4870-42a8-8bfc-e246deeae6f2}\mpengine.dll
2014-01-09 02:32:54    --------    d-----w-    c:\users\other\appdata\local\Black_Tree_Gaming
2014-01-07 11:31:16    --------    d-----w-    c:\windows\ERUNT
2014-01-07 11:18:42    --------    d-----w-    C:\AdwCleaner
2014-01-07 11:11:42    12872    ----a-w-    c:\windows\system32\bootdelete.exe
2014-01-07 10:33:15    --------    d-----w-    c:\programdata\HitmanPro
2014-01-05 06:27:07    --------    d-----w-    c:\users\other\appdata\roaming\AVAST Software
2014-01-05 03:39:15    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2014-01-05 02:58:22    --------    d-----w-    c:\program files\Lavasoft
2014-01-05 02:55:32    --------    d-----w-    c:\program files\common files\Lavasoft
.
==================== Find3M  ====================
.
2014-01-19 09:11:05    45056    ----a-w-    c:\windows\system32\acovcnt.exe
2014-01-07 11:14:59    64512    ----a-w-    c:\windows\system32\drivers\IPMIDrv.sys.bak
2014-01-05 06:08:52    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-05 06:08:52    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-01-05 05:32:34    775952    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2014-01-05 05:32:34    67824    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-01-05 05:32:34    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-01-05 05:32:34    180248    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-01-05 05:32:31    43152    ----a-w-    c:\windows\avastSS.scr
2013-11-18 16:33:38    230048    ------w-    c:\windows\system32\MpSigStub.exe
.
============= FINISH: 23:05:29.93 ===============

 

Regards,

Jay

Attached Files



#14 Mako

Mako

  • Malware Response Team
  • 238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:25 AM

Posted 20 January 2014 - 12:17 PM

Hello Jay,
 
I've found some old software remnants:

====Zoek.exe====

Start Zoek.exe 51a612a8b27e2-Zoek.png again.

Take action to disable your antivirus and antispyware programs, as they may conflict with Zoek.exe
>> Info on how to disable your security applications > http://www.bleepingcomputer.com/forums/topic114351.html

Using Zoek.exe

  • On the Desktop, double-click Zoek.exe to start the tool.
    Windows Vista, 7 and 8 users right-click the file and select: Run as Administrator.
    Give the program a few seconds to appear.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this system only, do not use it on any other computer even if the problems are similar.
    {8AD9C840-044E-11D1-B3E9-00805F499D93};c
    {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA};c
    {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA};c
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA};c
    emptyclsid;
    emptyalltemp;
    
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive.
  • Please post the logfile for further review in your next comment.

 

When you're done running Zoek.exe I suggest we see which way the wind blows and you give me a sit rep after about 3 days?

Should you find yourself still having problems we will take a deeper look, otherwise we can start cleaning up the tools we've used.

 

Regards,

Mako


Regards,

Mako

 

Member of UNITE Unified Network of Instructors and Trained Eliminators

Noticed any spelling or grammar errors in my reply? Please feel free to point them out to me, I'm always eager to learn. 


#15 JaySharp90

JaySharp90
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 20 January 2014 - 06:46 PM

Hey Mako,

Sounds good, I'll see it how it is for the next few days and let you know. Thanks again.

 

Zoek
Zoek.exe v5.0.0.0 Updated 20-Januari-2014
Tool run by Other on Tue 21/01/2014 at 10:15:57.17.
Microsoft® Windows Vista™ Ultimate  6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Other\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-01-18-112814.log    61960 bytes
C:\zoek-results2014-01-19-091442.log    14962 bytes

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-426177869-1149184608-1594328787-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully
HKEY_USERS\S-1-5-21-426177869-1149184608-1594328787-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8AD9C840-044E-11D1-B3E9-00805F499D93} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-426177869-1149184608-1594328787-1002\Software\Microsoft\Internet Explorer\Approved Extensions\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully
HKEY_USERS\S-1-5-21-426177869-1149184608-1594328787-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Kyle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Kyle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Other\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Other\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Other\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Kyle\AppData\Local\Mozilla\Firefox\Profiles\40drqgrj.default\Cache emptied successfully
C:\Users\Other\AppData\Local\Mozilla\Firefox\Profiles\hw4u3vbb.default-1388901588580\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Other\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=46 folders=74 167351882 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Kyle\AppData\Local\Temp emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\Other\AppData\Local\Temp  will be emptied at reboot
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Other\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Other\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\ehmsdri.log" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\ehRecvr.log" not found

==== EOF on Tue 21/01/2014 at 10:38:55.13 ======================
 

Regards,

Jay






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users