Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Trojan and dropper-gen infection


  • Please log in to reply
8 replies to this topic

#1 MsImAQuickStudy

MsImAQuickStudy

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:35 AM

Posted 25 March 2014 - 05:38 PM

After complaining about unwanted pop-ups that have been appearing for months, I ran a scan on my brothers computer and was not exactly happy with what I found:  two Trojans (4 files), malware toolbars and after running a scan with Avast found something called a dropper-gen?. Using SAS, I have tried to get rid of the Trojans that showed up, but to no avail, the pop-ups stayed! Two files were put in quarantine and one pop-up is now gone, but I don't know how to permanently get rid of it.

 

The pop-ups he's talking about are an Optimizer pro speed guard pop up virus and a strange blue arrow that, using a right-click, pops up a little menu talking about downloads (I can't find any specific program info about it other than that).

 

He's using Windows 7 on a Toshiba laptop.

 

I have run scans using SAS, Avast, TDSSKiller (and also installed Zone Alarm and Mbam). He did not have any anti-virus/malware programs installed before this.

 

I attached de DDS logs, and will post the Rkill log too since I did that scan anyway. Hopefully you can help (: Thank you in advance!

 

The Rkill log:

 

Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 03/25/2014 09:39:48 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Active Proxy Server Detected
 
 * Proxy Disabled.
 * ProxyOverride value deleted.
 * ProxyServer value deleted.
 * AutoConfigURL value deleted.
 * Proxy settings were backed up to Registry file.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Backup Registry file created at:
 C:\Users\Thijs\Desktop\rkill\rkill-03-25-2014-09-39-51.reg
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 03/25/2014 09:41:44 PM
Execution time: 0 hours(s), 1 minute(s), and 56 seconds(s)

Attached Files


Edited by MsImAQuickStudy, 25 March 2014 - 05:51 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 AM

Posted 30 March 2014 - 05:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/528772 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 MsImAQuickStudy

MsImAQuickStudy
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:35 AM

Posted 30 March 2014 - 06:28 PM

I will post the DDS log tomorrow, as soon as possible, when I have access to my brother's laptop! I still need help! No changes have been made to the virus statuses or existing programs.

 

A list of the problems and things I have tried:

- Pop ups on the desktop upon starting up the laptop (Optimizer speed pro guard pop up and strange blue arrow pop up, the first pop up disappeared after quarantining the virus in Avast, the second didn't disappear)

- Avast mentions a 'dropped-gen' virus, which I quarantined but haven't permanently removed yet because (after doing a quick search on it), Avast supposedly can't remove it by itself + one pop up still appears

- I have tried removing multiple Trojans and a bunch of PUP's using SAS, but am unsure if this was succesful.

- I manually uninstalled any unknown programs on his laptop that might've been a result/cause of problems, except for Ask.com, which refuses to be uninstalled!!!

 

I will try to upload a screenshot of the arrow pop up and it's 'functions' (when right clicking, it can be removed from the desktop and it mentions downloading files).

 

OS: Windows 7 ( the 'normal' version, I suppose), 64-bit

Original CD/DVD is not in immediate reach


Edited by MsImAQuickStudy, 30 March 2014 - 06:31 PM.


#4 MsImAQuickStudy

MsImAQuickStudy
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:35 AM

Posted 01 April 2014 - 04:07 AM

The DDS logs:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.25.2
Run by Thijs at 11:02:24 on 2014-04-01
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\OpenDownloaderManager\ODM.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe
C:\Users\Thijs\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thijs\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thijs\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thijs\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thijs\AppData\Local\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uDefault_Page_URL = hxxp://toshiba.msn.com
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: {2d8d9acc-f6d7-4362-8876-a275ca929591} - <orphaned>
uURLSearchHooks: {ba14329e-9550-4989-b3f2-9732e92d17cc} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - 
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - 
BHO: Bcool Class: {89B18BE8-0A99-471B-BEA5-059E39ACD966} - 
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll
uRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe /STARTUP
uRun: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe"  /MINIMIZED
uRun: [Google Update] "C:\Users\Thijs\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
uRun: [Open Download Manager] C:\Program Files (x86)\OpenDownloaderManager\odm.exe -autorun
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [HP Photosmart 6520 series (NET)] "C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2BG3514705XP:NW" -scfn "HP Photosmart 6520 series (NET)" -AutoStart 1
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [NBAgent] "c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRunOnce: [20131224] C:\Program Files\AVAST Software\Avast\setup\emupdate\1c7568b3-230a-449a-b4c6-149af3b04121.exe /check
dRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download all with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlall.htm
IE: Download selected with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlselected.htm
IE: Download video with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlfvideo.htm
IE: Download with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dllink.htm
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: Toevoegen aan TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - <orphaned>
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254 195.241.77.55 195.241.77.58
TCP: Interfaces\{60145913-678D-4521-8D84-5BC9052EF864} : DHCPNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
TCP: Interfaces\{60145913-678D-4521-8D84-5BC9052EF864}\145727F627160214962707F62747 : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{60145913-678D-4521-8D84-5BC9052EF864}\3596475636F6D6644333633343 : DHCPNameServer = 192.168.0.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - 
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - 
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - 
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - <orphaned>
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R? BBSvc;BingBar Service
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? GamesAppService;GamesAppService
R? IEEtwCollectorService;Internet Explorer ETW Collector Service
R? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader
R? SkypeUpdate;Skype Updater
R? TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO)
R? TMachInfo;TMachInfo
R? TsUsbFlt;TsUsbFlt
R? TsUsbGD;Remote Desktop Generic USB Device
R? USBAAPL64;Apple Mobile USB Driver
R? WatAdminSvc;Windows Activation Technologies-service
R? wlcrasvc;Windows Live Mesh remote connections service
S? !SASCORE;SAS Core Service
S? aswMonFlt;aswMonFlt
S? aswRvrt;avast! Revert
S? aswSnx;aswSnx
S? aswSP;aswSP
S? aswStm;aswStm
S? aswVmm;avast! VM Monitor
S? avast! Antivirus;avast! Antivirus
S? BBUpdate;BBUpdate
S? CeKbFilter;CeKbFilter
S? cfWiMAXService;ConfigFree WiMAX Service
S? ClickToRunSvc;Microsoft Office ClickToRun Service
S? ConfigFree Service;ConfigFree Service
S? cvhsvc;Client Virtualization Handler
S? dtsoftbus01;DAEMON Tools Virtual Bus Driver
S? IconMan_R;IconMan_R
S? NAUpdate;Nero Update
S? PGEffect;Pangu effect driver
S? RTL8167;Realtek 8167 NT Driver
S? RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? Sftfs;Sftfs
S? sftlist;Application Virtualization Client
S? Sftplay;Sftplay
S? Sftredir;Sftredir
S? Sftvol;Sftvol
S? sftvsa;Application Virtualization Service Agent
S? tos_sps64;TOSHIBA tos_sps64 Service
S? TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service
S? UNS;Intel® Management and Security Application User Notification Service
S? ZAPrivacyService;ZoneAlarm Privacy Service
.
=============== Created Last 30 ================
.
2014-03-29 10:46:43 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{520714B7-284A-4C3F-98D3-8E47A56ECE63}\mpengine.dll
2014-03-26 19:36:31 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-03-25 22:43:31 -------- d-----w- C:\Program Files (x86)\Check Point Software Technologies LTD
2014-03-25 22:43:29 -------- d-----w- C:\Users\Thijs\AppData\Roaming\Check Point Software Technologies LTD
2014-03-25 22:43:25 -------- d-----w- C:\Program Files (x86)\CheckPoint
2014-03-25 22:42:55 -------- d-----w- C:\ProgramData\CheckPoint
2014-03-25 21:22:22 -------- d-----w- C:\Users\Thijs\AppData\Roaming\DropboxMaster
2014-03-25 21:21:42 -------- d-----w- C:\Users\Thijs\AppData\Roaming\Dropbox
2014-03-25 21:21:39 -------- d-----w- C:\Users\Thijs\AppData\Roaming\AVAST Software
2014-03-25 21:17:50 84816 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-03-25 21:17:49 208928 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-03-25 21:17:49 1039096 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-03-25 21:17:48 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-03-25 21:17:47 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-03-25 21:17:47 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-03-25 21:17:38 43152 ----a-w- C:\Windows\avastSS.scr
2014-03-25 20:24:36 -------- d-----w- C:\Users\Thijs\AppData\Roaming\SUPERAntiSpyware.com
2014-03-25 20:24:06 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2014-03-25 20:24:06 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2014-03-25 20:22:17 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-03-25 20:22:06 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-03-25 20:22:06 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-03-25 20:22:06 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-03-25 20:22:06 -------- d-----w- C:\ProgramData\Malwarebytes
2014-03-25 20:22:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-25 20:20:49 -------- d-----w- C:\Users\Thijs\AppData\Local\Programs
2014-03-18 01:24:02 451480 ----a-w- C:\Windows\System32\drivers\vsdatant.sys
2014-03-15 15:22:02 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-15 15:22:02 184320 ----a-w- C:\Program Files (x86)\Internet Explorer\F12Tools.dll
2014-03-15 15:22:01 806104 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-03-15 15:22:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-15 15:22:00 999936 ----a-w- C:\Program Files (x86)\Internet Explorer\networkinspection.dll
2014-03-13 19:19:14 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-03-13 19:19:13 484864 ----a-w- C:\Windows\System32\wer.dll
2014-03-13 19:19:13 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-03-13 19:19:11 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-03-13 19:14:24 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-03-13 19:14:24 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-03-13 19:14:23 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-03-13 19:14:23 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-04 10:17:56 20128 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\1043\VSTOLoaderUI.dll
2014-03-04 10:17:56 11424 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\1043\VSTOInstallerUI.dll
.
==================== Find3M  ====================
.
2014-03-12 16:29:15 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 16:29:15 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
.
============= FINISH: 11:03:05,56 ===============
 
 
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Reader X MUI
Adobe Shockwave Player 12.0
Amazon.co.uk
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Ask Toolbar Updater
avast! Free Antivirus
Bejeweled 2 Deluxe
Bejeweled 3
Bing Bar
Bing Rewards Client Installer
Bonjour
Chicken Invaders 3 - Revenge of the Yolk
Chuzzle Deluxe
Complément Messenger
Contrôle ActiveX Windows Live Mesh pour connexions à distance
D3DX10
DAEMON Tools Pro
De Sims™ 3
De Sims™ 3 Beestenbende
De Sims™ 3 Diesel Accessoires
De Sims™ 3 Luxe Accessoires
De Sims™ 3 Na Middernacht
Delta toolbar  
Diner Dash 2 Restaurant Rescue
Dropbox
EA SPORTS Game Face Browser Plugin 1.8.0.0
eBay
FATE
Façade
Final Drive: Nitro
Galerie de photos Windows Live
Google Chrome
High-Definition Video Playback
HP Photo Creations
HP Photosmart 6520 series Basissoftware van het apparaat
HP Photosmart 6520 series Help
HP Photosmart 6520 series Productverbeteringsonderzoek
HP Update
Insaniquarium Deluxe
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
iTunes
Java 7 Update 10 (64-bit)
Java 7 Update 25
Java Auto Updater
Java™ 6 Update 29
Junk Mail filter update
Mahjongg Artifacts
Malwarebytes Anti-Malware version 2.00.0.1000
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 365 voor Thuisgebruik Premium - nl-nl
Microsoft Office Klik-en-Klaar 2010
Microsoft Office Starter 2010 - Nederlands
Microsoft PowerPoint Viewer
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 Movie ThemePack Basic
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
Open Downloader Manager
Optimizer Pro v3.0
Origin
Penguins!
Photo Service - powered by myphotobook
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
Polar Bowler
Raccolta foto di Windows Live
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
RelevantKnowledge
RollerCoaster Tycoon 2
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Shared C Run-time for x64
Skype™ 6.11
Slingo Deluxe
SpinTires Tech Demo (June 040613)
SUPERAntiSpyware
swMSM
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Manuals
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA Online Product Information
TOSHIBA Recovery Media Creator
TOSHIBA Recovery Media Creator Reminder
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA TEMPRO
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBA Wireless LAN Indicator
TRORMCLauncher
Unity Web Player
Update Installer for WildTangent Games App
Utility Common Driver
VC80CRTRedist - 8.0.50727.6195
Wedding Dash 2 - Rings Around the World
WildTangent Games
WildTangent Games App (Toshiba Games)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
ZoneAlarm Firewall
ZoneAlarm Free Firewall
ZoneAlarm Security
ZoneAlarm Security Toolbar 
Zuma Deluxe
.
==== End Of File ===========================


#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:35 AM

Posted 01 April 2014 - 07:36 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Your DDS log is clean. Lets continue.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#6 MsImAQuickStudy

MsImAQuickStudy
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:35 AM

Posted 01 April 2014 - 08:10 AM

# AdwCleaner v3.023 - Report created 01/04/2014 at 14:52:43
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Thijs - LAPTOPVANTHIJS
# Running from : C:\Users\Thijs\Downloads\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Bcool
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Delta
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Program Files (x86)\RelevantKnowledge
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Users\Thijs\AppData\Local\apn
Folder Deleted : C:\Users\Thijs\AppData\Local\Conduit
Folder Deleted : C:\Users\Thijs\AppData\Local\Temp\BabylonToolbar
Folder Deleted : C:\Users\Thijs\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Thijs\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Thijs\AppData\LocalLow\Delta
Folder Deleted : C:\Users\Thijs\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Thijs\AppData\LocalLow\Bcool
Folder Deleted : C:\Users\Thijs\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Thijs\AppData\Roaming\Delta
Folder Deleted : C:\Users\Thijs\AppData\Roaming\file scout
Folder Deleted : C:\Users\Thijs\AppData\Roaming\Optimizer Pro
Folder Deleted : C:\Users\Thijs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
File Deleted : C:\END
File Deleted : C:\Users\Thijs\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\Thijs\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Users\Thijs\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
File Deleted : C:\Users\Thijs\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_images.search.conduit.com_0.localstorage
File Deleted : C:\Users\Thijs\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_images.search.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Thijs\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage
File Deleted : C:\Users\Thijs\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal
File Deleted : C:\Users\Thijs\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Thijs\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Thijs\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage
File Deleted : C:\Users\Thijs\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\BitGuard
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ajhcekcffkpnaednoeoegnmnjdlnjjmg
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho
Key Deleted : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0
Key Deleted : HKLM\SOFTWARE\Classes\d
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Key Deleted : HKCU\Software\5c53ddddb235e813
Key Deleted : HKLM\SOFTWARE\5c53ddddb235e813
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2849859
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{89B18BE8-0A99-471B-BEA5-059E39ACD966}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{89B18BE8-0A99-471B-BEA5-059E39ACD966}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{89B18BE8-0A99-471B-BEA5-059E39ACD966}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{89B18BE8-0A99-471B-BEA5-059E39ACD966}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D08D9F98-1C78-4704-87E6-368B0023D831}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16521
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Thijs\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [17714 octets] - [01/04/2014 14:41:09]
AdwCleaner[R1].txt - [17775 octets] - [01/04/2014 14:49:25]
AdwCleaner[S0].txt - [17348 octets] - [01/04/2014 14:52:43]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17409 octets] ##########
 
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Thijs (administrator) on LAPTOPVANTHIJS on 01-04-2014 15:01:24
Running from C:\Users\Thijs\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Dutch Standard
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(OpenDownloadManager.com) C:\Program Files (x86)\OpenDownloaderManager\ODM.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(Google Inc.) C:\Users\Thijs\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thijs\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thijs\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thijs\AppData\Local\Google\Chrome\Application\chrome.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) c:\Program Files (x86)\Nero\Update\NASvc.exe
(Google Inc.) C:\Users\Thijs\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2010-12-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11776104 2011-02-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] - C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2011-03-28] (Toshiba Europe GmbH)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NBAgent] - c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1406248 2011-01-07] (Nero AG)
HKLM-x32\...\Run: [SVPWUTIL] - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA)
HKLM-x32\...\Run: [HWSetup] - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [151952 2012-11-29] (Apple Inc.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-03-25] (AVAST Software)
HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-03-18] (Check Point Software Technologies Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Run: [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [845176 2011-02-18] (TOSHIBA)
HKU\S-1-5-19\...\Run: [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [845176 2011-02-18] (TOSHIBA)
HKU\S-1-5-20\...\Run: [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [845176 2011-02-18] (TOSHIBA)
HKU\S-1-5-21-3505620472-2345776173-1192928423-1001\...\Run: [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe [845176 2011-02-18] (TOSHIBA)
HKU\S-1-5-21-3505620472-2345776173-1192928423-1001\...\Run: [BitTorrent] - "C:\Program Files (x86)\BitTorrent\BitTorrent.exe"  /MINIMIZED
HKU\S-1-5-21-3505620472-2345776173-1192928423-1001\...\Run: [Google Update] - C:\Users\Thijs\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-13] (Google Inc.)
HKU\S-1-5-21-3505620472-2345776173-1192928423-1001\...\Run: [DAEMON Tools Pro Agent] - C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3111744 2012-04-26] (DT Soft Ltd)
HKU\S-1-5-21-3505620472-2345776173-1192928423-1001\...\Run: [Open Download Manager] - C:\Program Files (x86)\OpenDownloaderManager\odm.exe [6369280 2013-02-20] (OpenDownloadManager.com)
HKU\S-1-5-21-3505620472-2345776173-1192928423-1001\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-3505620472-2345776173-1192928423-1001\...\Run: [EADM] - C:\Program Files (x86)\Origin\Origin.exe [28201096 2012-01-12] (Electronic Arts)
HKU\S-1-5-21-3505620472-2345776173-1192928423-1001\...\Run: [HP Photosmart 6520 series (NET)] - C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe [2552168 2012-05-08] (Hewlett-Packard Co.)
HKU\S-1-5-21-3505620472-2345776173-1192928423-1001\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware)
HKU\S-1-5-21-3505620472-2345776173-1192928423-1001\...\MountPoints2: {01a4140d-1a9a-11e2-8709-b870f464bfef} - F:\Autorun.exe
HKU\S-1-5-21-3505620472-2345776173-1192928423-1001\...\MountPoints2: {6d5c5d44-8af1-11e0-9281-806e6f6e6963} - E:\Autorun.exe
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
URLSearchHook: HKCU - (No Name) - {2d8d9acc-f6d7-4362-8876-a275ca929591} - No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {6B367220-62C5-49CF-A3EA-32085A3199E1} URL = 
SearchScopes: HKCU - {76744243-F64F-4DCB-B386-7F2F3C1F38F6} URL = http://www.google.nl/search?hl=nl&q={searchTerms}
SearchScopes: HKCU - {CE3C74E0-7179-4B18-983B-18376FB608A0} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=nl_NL&apn_ptnrs=U3&apn_dtid=OSJ000YYNL&apn_uid=46851279-3C9D-4F59-9B3D-A02E4028E28A&apn_sauid=B9D3A61B-B31F-4F57-A006-8EF8333BDDDB
BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120912192916.dll No File
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120912192916.dll No File
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {2D8D9ACC-F6D7-4362-8876-A275CA929591} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 195.241.77.55 195.241.77.58
 
Chrome: 
=======
CHR HomePage: hxxp://search.zonealarm.com/?src=hp&tbid=HFA5&Lan=en&gu=8d5d56be3a5e4c95b364c3790b8086de&tu=10G9y00D82D03M0&sku=&tstsId=&ver=&
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Thijs\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Thijs\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Thijs\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Thijs\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Thijs\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (YouTube) - C:\Users\Thijs\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-13]
CHR Extension: (Google Zoeken) - C:\Users\Thijs\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-13]
CHR Extension: (Grand Theft Auto V Theme) - C:\Users\Thijs\AppData\Local\Google\Chrome\User Data\Default\Extensions\fifpefgiomhnkmkkcldjopjcfadhmhhn [2013-09-26]
CHR Extension: (AdBlock) - C:\Users\Thijs\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-04-26]
CHR Extension: (avast! Online Security) - C:\Users\Thijs\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-26]
CHR Extension: (Google Wallet) - C:\Users\Thijs\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Thijs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-13]
CHR HKCU\...\Chrome\Extension: [eghepdicbhhbhegihkllkmgjggcjpkma] - C:\Users\Thijs\AppData\Local\CRE\eghepdicbhhbhegihkllkmgjggcjpkma.crx [2012-12-01]
CHR HKCU\...\Chrome\Extension: [kgdcapepedmpopjkmdbjnmmmfgllnfek] - C:\Users\Thijs\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarm.crx [2014-02-12]
CHR HKLM-x32\...\Chrome\Extension: [eghepdicbhhbhegihkllkmgjggcjpkma] - C:\Users\Thijs\AppData\Local\CRE\eghepdicbhhbhegihkllkmgjggcjpkma.crx [2012-12-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-03-25]
CHR HKLM-x32\...\Chrome\Extension: [ndgonipadfipmlmdfofnjnhhlgojnjdn] - C:\Users\Thijs\AppData\Local\Temp\ccex.crx [2012-03-08]
CHR StartMenuInternet: Google Chrome - C:\Users\Thijs\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-11] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-25] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1809920 2010-08-04] (Realsil Microelectronics Inc.)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3558112 2014-03-18] (Check Point Software Technologies Ltd.)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [81752 2014-02-23] (Check Point Software Technologies, Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-03-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-03-25] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-25] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-03-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-03-25] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-03-25] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-03-25] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-10-21] (DT Soft Ltd)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [451480 2014-03-18] (Check Point Software Technologies Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-01 15:01 - 2014-04-01 15:01 - 00022557 _____ () C:\Users\Thijs\Downloads\FRST.txt
2014-04-01 14:59 - 2014-04-01 15:01 - 00000000 ____D () C:\FRST
2014-04-01 14:41 - 2014-04-01 14:42 - 02157056 _____ (Farbar) C:\Users\Thijs\Downloads\FRST64 (1).exe
2014-04-01 14:40 - 2014-04-01 14:53 - 00000000 ____D () C:\AdwCleaner
2014-04-01 14:39 - 2014-04-01 14:39 - 01426178 _____ () C:\Users\Thijs\Downloads\adwcleaner.exe
2014-04-01 11:03 - 2014-04-01 11:03 - 00020008 _____ () C:\Users\Thijs\Desktop\dds.txt
2014-04-01 11:03 - 2014-04-01 11:03 - 00005547 _____ () C:\Users\Thijs\Desktop\attach.txt
2014-03-26 00:46 - 2014-03-26 00:46 - 00431135 _____ () C:\Windows\system32\Drivers\vsconfig.xml
2014-03-26 00:45 - 2014-03-26 00:45 - 00000762 _____ () C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2014-03-26 00:43 - 2014-03-26 00:45 - 00000000 ____D () C:\Program Files (x86)\CheckPoint
2014-03-26 00:43 - 2014-03-26 00:43 - 00000000 ____D () C:\Users\Thijs\AppData\Roaming\Check Point Software Technologies LTD
2014-03-26 00:43 - 2014-03-26 00:43 - 00000000 ____D () C:\Program Files (x86)\Check Point Software Technologies LTD
2014-03-26 00:42 - 2014-03-26 00:42 - 00000000 ____D () C:\ProgramData\CheckPoint
2014-03-26 00:33 - 2014-03-26 00:34 - 02157056 _____ (Farbar) C:\Users\Thijs\Downloads\FRST64.exe
2014-03-26 00:13 - 2014-03-26 00:14 - 00688992 ____R (Swearware) C:\Users\Thijs\Downloads\dds.com
2014-03-26 00:13 - 2014-03-26 00:13 - 03355808 _____ (Check Point Software Technologies Ltd.) C:\Users\Thijs\Downloads\zafwSetupWeb_130_208_000.exe
2014-03-25 23:22 - 2014-03-25 23:22 - 00000000 ____D () C:\Users\Thijs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-03-25 23:22 - 2014-03-25 23:22 - 00000000 ____D () C:\Users\Thijs\AppData\Roaming\DropboxMaster
2014-03-25 23:21 - 2014-03-25 23:22 - 00000000 ____D () C:\Users\Thijs\AppData\Roaming\Dropbox
2014-03-25 23:21 - 2014-03-25 23:21 - 00001973 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-03-25 23:21 - 2014-03-25 23:21 - 00000000 ____D () C:\Users\Thijs\AppData\Roaming\AVAST Software
2014-03-25 23:17 - 2014-03-25 23:17 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-25 23:17 - 2014-03-25 23:17 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-25 23:17 - 2014-03-25 23:17 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-25 23:17 - 2014-03-25 23:17 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-25 23:17 - 2014-03-25 23:17 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-25 23:17 - 2014-03-25 23:17 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-03-25 23:17 - 2014-03-25 23:17 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-25 23:17 - 2014-03-25 23:17 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-25 23:17 - 2014-03-25 23:17 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-25 23:03 - 2014-03-25 23:04 - 04732664 _____ (AVAST Software) C:\Users\Thijs\Downloads\avast_free_antivirus_setup_online (1).exe
2014-03-25 22:42 - 2014-03-25 22:43 - 04134240 _____ (Kaspersky Lab ZAO) C:\Users\Thijs\Downloads\tdsskiller.exe
2014-03-25 22:38 - 2014-03-25 22:39 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Thijs\Downloads\rkill.com
2014-03-25 22:27 - 2014-04-01 14:51 - 00000000 ____D () C:\Users\Thijs\Desktop\AV
2014-03-25 22:24 - 2014-03-25 22:24 - 00000000 ____D () C:\Users\Thijs\AppData\Roaming\SUPERAntiSpyware.com
2014-03-25 22:24 - 2014-03-25 22:24 - 00000000 ____D () C:\Users\Thijs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-03-25 22:24 - 2014-03-25 22:24 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-03-25 22:24 - 2014-03-25 22:24 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-03-25 22:22 - 2014-03-25 22:23 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-25 22:22 - 2014-03-25 22:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-25 22:22 - 2014-03-25 22:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-25 22:22 - 2014-03-05 10:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-25 22:22 - 2014-03-05 10:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-25 22:22 - 2014-03-05 10:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-25 22:17 - 2014-03-25 22:18 - 18460840 _____ (SUPERAntiSpyware) C:\Users\Thijs\Downloads\SUPERAntiSpyware.exe
2014-03-25 22:15 - 2014-03-25 22:17 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Thijs\Downloads\mb3-setup-1878.1878-3.5.1.2522.exe
2014-03-18 03:24 - 2014-03-18 03:24 - 00451480 _____ (Check Point Software Technologies Ltd.) C:\Windows\system32\Drivers\vsdatant.sys
2014-03-15 17:22 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-15 17:22 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-15 17:22 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-15 17:22 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-15 17:22 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-15 17:22 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-15 17:22 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-15 17:22 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-15 17:21 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-15 17:21 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-15 17:21 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-15 17:21 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-15 17:21 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-15 17:21 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-15 17:21 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-15 17:21 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-15 17:21 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-15 17:21 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-15 17:21 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-15 17:21 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-15 17:21 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-15 17:21 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-15 17:21 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-15 17:21 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-15 17:21 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-15 17:21 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-15 17:21 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-15 17:21 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-15 17:21 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-15 17:21 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-15 17:21 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-15 17:21 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-15 17:21 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-15 17:21 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-15 17:21 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-15 17:21 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-15 17:21 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-15 17:21 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-15 17:21 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-15 17:21 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 21:19 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 21:19 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 21:19 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 21:19 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 21:14 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 21:14 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 21:14 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 21:14 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
 
==================== One Month Modified Files and Folders =======
 
2014-04-01 15:01 - 2014-04-01 15:01 - 00022557 _____ () C:\Users\Thijs\Downloads\FRST.txt
2014-04-01 15:01 - 2014-04-01 14:59 - 00000000 ____D () C:\FRST
2014-04-01 15:01 - 2013-06-21 16:29 - 00000000 ____D () C:\Users\Thijs\AppData\Roaming\Open Download Manager
2014-04-01 14:59 - 2011-02-11 10:50 - 00746458 _____ () C:\Windows\system32\perfh013.dat
2014-04-01 14:59 - 2011-02-11 10:50 - 00154120 _____ () C:\Windows\system32\perfc013.dat
2014-04-01 14:59 - 2009-07-14 07:13 - 01672472 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-01 14:57 - 2011-05-30 21:19 - 01526694 _____ () C:\Windows\WindowsUpdate.log
2014-04-01 14:54 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-01 14:54 - 2009-07-14 06:51 - 00086340 _____ () C:\Windows\setupact.log
2014-04-01 14:53 - 2014-04-01 14:40 - 00000000 ____D () C:\AdwCleaner
2014-04-01 14:51 - 2014-03-25 22:27 - 00000000 ____D () C:\Users\Thijs\Desktop\AV
2014-04-01 14:42 - 2014-04-01 14:41 - 02157056 _____ (Farbar) C:\Users\Thijs\Downloads\FRST64 (1).exe
2014-04-01 14:39 - 2014-04-01 14:39 - 01426178 _____ () C:\Users\Thijs\Downloads\adwcleaner.exe
2014-04-01 14:38 - 2012-12-09 13:10 - 00000940 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-01 14:38 - 2012-06-13 16:24 - 00001066 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3505620472-2345776173-1192928423-1001UA.job
2014-04-01 11:03 - 2014-04-01 11:03 - 00020008 _____ () C:\Users\Thijs\Desktop\dds.txt
2014-04-01 11:03 - 2014-04-01 11:03 - 00005547 _____ () C:\Users\Thijs\Desktop\attach.txt
2014-03-30 17:31 - 2012-06-13 16:24 - 00001014 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3505620472-2345776173-1192928423-1001Core.job
2014-03-26 21:37 - 2009-07-14 06:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-26 21:37 - 2009-07-14 06:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-26 21:28 - 2010-11-21 05:47 - 00075618 _____ () C:\Windows\PFRO.log
2014-03-26 00:46 - 2014-03-26 00:46 - 00431135 _____ () C:\Windows\system32\Drivers\vsconfig.xml
2014-03-26 00:45 - 2014-03-26 00:45 - 00000762 _____ () C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2014-03-26 00:45 - 2014-03-26 00:43 - 00000000 ____D () C:\Program Files (x86)\CheckPoint
2014-03-26 00:43 - 2014-03-26 00:43 - 00000000 ____D () C:\Users\Thijs\AppData\Roaming\Check Point Software Technologies LTD
2014-03-26 00:43 - 2014-03-26 00:43 - 00000000 ____D () C:\Program Files (x86)\Check Point Software Technologies LTD
2014-03-26 00:42 - 2014-03-26 00:42 - 00000000 ____D () C:\ProgramData\CheckPoint
2014-03-26 00:34 - 2014-03-26 00:33 - 02157056 _____ (Farbar) C:\Users\Thijs\Downloads\FRST64.exe
2014-03-26 00:14 - 2014-03-26 00:13 - 00688992 ____R (Swearware) C:\Users\Thijs\Downloads\dds.com
2014-03-26 00:13 - 2014-03-26 00:13 - 03355808 _____ (Check Point Software Technologies Ltd.) C:\Users\Thijs\Downloads\zafwSetupWeb_130_208_000.exe
2014-03-25 23:22 - 2014-03-25 23:22 - 00000000 ____D () C:\Users\Thijs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-03-25 23:22 - 2014-03-25 23:22 - 00000000 ____D () C:\Users\Thijs\AppData\Roaming\DropboxMaster
2014-03-25 23:22 - 2014-03-25 23:21 - 00000000 ____D () C:\Users\Thijs\AppData\Roaming\Dropbox
2014-03-25 23:21 - 2014-03-25 23:21 - 00001973 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-03-25 23:21 - 2014-03-25 23:21 - 00000000 ____D () C:\Users\Thijs\AppData\Roaming\AVAST Software
2014-03-25 23:21 - 2013-07-02 17:51 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-25 23:17 - 2014-03-25 23:17 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-25 23:17 - 2014-03-25 23:17 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-25 23:17 - 2014-03-25 23:17 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-25 23:17 - 2014-03-25 23:17 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-25 23:17 - 2014-03-25 23:17 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-25 23:17 - 2014-03-25 23:17 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-03-25 23:17 - 2014-03-25 23:17 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-25 23:17 - 2014-03-25 23:17 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-25 23:17 - 2014-03-25 23:17 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-25 23:05 - 2013-07-02 17:50 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-25 23:04 - 2014-03-25 23:03 - 04732664 _____ (AVAST Software) C:\Users\Thijs\Downloads\avast_free_antivirus_setup_online (1).exe
2014-03-25 23:04 - 2013-07-02 17:49 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-25 22:55 - 2012-10-03 17:28 - 00000000 ____D () C:\ProgramData\DivX
2014-03-25 22:52 - 2012-04-09 16:02 - 00000000 ___RD () C:\Users\Thijs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-25 22:43 - 2014-03-25 22:42 - 04134240 _____ (Kaspersky Lab ZAO) C:\Users\Thijs\Downloads\tdsskiller.exe
2014-03-25 22:39 - 2014-03-25 22:38 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Thijs\Downloads\rkill.com
2014-03-25 22:26 - 2011-03-28 17:27 - 00000000 ____D () C:\ProgramData\McAfee
2014-03-25 22:24 - 2014-03-25 22:24 - 00000000 ____D () C:\Users\Thijs\AppData\Roaming\SUPERAntiSpyware.com
2014-03-25 22:24 - 2014-03-25 22:24 - 00000000 ____D () C:\Users\Thijs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-03-25 22:24 - 2014-03-25 22:24 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-03-25 22:24 - 2014-03-25 22:24 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-03-25 22:23 - 2014-03-25 22:22 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-25 22:22 - 2014-03-25 22:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-25 22:22 - 2014-03-25 22:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-25 22:20 - 2010-11-21 04:50 - 00000000 ____D () C:\Users\Administrator
2014-03-25 22:18 - 2014-03-25 22:17 - 18460840 _____ (SUPERAntiSpyware) C:\Users\Thijs\Downloads\SUPERAntiSpyware.exe
2014-03-25 22:17 - 2014-03-25 22:15 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Thijs\Downloads\mb3-setup-1878.1878-3.5.1.2522.exe
2014-03-19 20:18 - 2013-10-12 14:10 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-03-19 18:45 - 2013-07-13 00:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 18:42 - 2012-04-09 16:52 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 03:24 - 2014-03-18 03:24 - 00451480 _____ (Check Point Software Technologies Ltd.) C:\Windows\system32\Drivers\vsdatant.sys
2014-03-17 19:00 - 2009-07-14 06:45 - 00436648 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-17 18:59 - 2013-03-16 00:46 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-17 18:59 - 2013-03-16 00:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-12 18:29 - 2012-12-09 13:10 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 18:29 - 2012-12-09 13:10 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 18:29 - 2012-12-09 13:10 - 00003878 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-08 13:59 - 2011-03-28 17:22 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-08 13:59 - 2011-03-28 17:22 - 00000000 ____D () C:\ProgramData\Skype
2014-03-05 10:26 - 2014-03-25 22:22 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 10:26 - 2014-03-25 22:22 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 10:26 - 2014-03-25 22:22 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-02 18:46 - 2012-09-18 21:30 - 01647140 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
 
Some content of TEMP:
====================
C:\Users\Thijs\AppData\Local\Temp\APNStub.exe
C:\Users\Thijs\AppData\Local\Temp\c5mzsve0.dll
C:\Users\Thijs\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmph80ej6.dll
C:\Users\Thijs\AppData\Local\Temp\EADB95F.exe
C:\Users\Thijs\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Thijs\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Thijs\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Thijs\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Thijs\AppData\Local\Temp\Quarantine.exe
C:\Users\Thijs\AppData\Local\Temp\SIntf16.dll
C:\Users\Thijs\AppData\Local\Temp\SIntf32.dll
C:\Users\Thijs\AppData\Local\Temp\SIntfNT.dll
C:\Users\Thijs\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Thijs\AppData\Local\Temp\tbBitt.dll
C:\Users\Thijs\AppData\Local\Temp\tbVuze.dll
C:\Users\Thijs\AppData\Local\Temp\uninst1.exe
C:\Users\Thijs\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Thijs\AppData\Local\Temp\VidSaver_1.exe
C:\Users\Thijs\AppData\Local\Temp\Vuze_Installer.exe
C:\Users\Thijs\AppData\Local\Temp\wajam_install.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-08 09:12
 
==================== End Of Log ============================
 
 
These are the scans, I found out what program causes the one persistent pop-up, which is something called Open Download Manager (ODM), I suppose I should just find that file and delete it? One virus is still in Avast's quarantine chest, should I just delete it?

Attached Files



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:35 AM

Posted 01 April 2014 - 08:45 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

(OpenDownloadManager.com) C:\Program Files (x86)\OpenDownloaderManager\ODM.exe
HKU\S-1-5-21-3505620472-2345776173-1192928423-1001\...\Run: [Open Download Manager] - C:\Program Files (x86)\OpenDownloaderManager\odm.exe [6369280 2013-02-20] (OpenDownloadManager.com)
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found
URLSearchHook: HKCU - (No Name) - {2d8d9acc-f6d7-4362-8876-a275ca929591} - No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6B367220-62C5-49CF-A3EA-32085A3199E1} URL =
SearchScopes: HKCU - {CE3C74E0-7179-4B18-983B-18376FB608A0} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=nl_NL&apn_ptnrs=U3&apn_dtid=OSJ000YYNL&apn_uid=46851279-3C9D-4F59-9B3D-A02E4028E28A&apn_sauid=B9D3A61B-B31F-4F57-A006-8EF8333BDDDB
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120912192916.dll No File
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120912192916.dll No File
Toolbar: HKCU - No Name - {2D8D9ACC-F6D7-4362-8876-A275CA929591} -  No File
CHR HomePage: hxxp://search.zonealarm.com/?src=hp&tbid=HFA5&Lan=en&gu=8d5d56be3a5e4c95b364c3790b8086de&tu=10G9y00D82D03M0&sku=&tstsId=&ver=&
CHR Plugin: (Shockwave Flash) - C:\Users\Thijs\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Thijs\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Google Update) - C:\Users\Thijs\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR HKCU\...\Chrome\Extension: [eghepdicbhhbhegihkllkmgjggcjpkma] - C:\Users\Thijs\AppData\Local\CRE\eghepdicbhhbhegihkllkmgjggcjpkma.crx [2012-12-01]
CHR HKLM-x32\...\Chrome\Extension: [eghepdicbhhbhegihkllkmgjggcjpkma] - C:\Users\Thijs\AppData\Local\CRE\eghepdicbhhbhegihkllkmgjggcjpkma.crx [2012-12-01]
CHR HKLM-x32\...\Chrome\Extension: [ndgonipadfipmlmdfofnjnhhlgojnjdn] - C:\Users\Thijs\AppData\Local\Temp\ccex.crx [2012-03-08]
C:\Users\Thijs\AppData\Local\Temp\APNStub.exe
C:\Users\Thijs\AppData\Local\Temp\c5mzsve0.dll
C:\Users\Thijs\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmph80ej6.dll
C:\Users\Thijs\AppData\Local\Temp\EADB95F.exe
C:\Users\Thijs\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Thijs\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Thijs\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Thijs\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Thijs\AppData\Local\Temp\SIntf16.dll
C:\Users\Thijs\AppData\Local\Temp\SIntf32.dll
C:\Users\Thijs\AppData\Local\Temp\SIntfNT.dll
C:\Users\Thijs\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Thijs\AppData\Local\Temp\tbBitt.dll
C:\Users\Thijs\AppData\Local\Temp\tbVuze.dll
C:\Users\Thijs\AppData\Local\Temp\uninst1.exe
C:\Users\Thijs\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Thijs\AppData\Local\Temp\VidSaver_1.exe
C:\Users\Thijs\AppData\Local\Temp\Vuze_Installer.exe
C:\Users\Thijs\AppData\Local\Temp\wajam_install.exe

end

Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) please post it to your reply.
===


Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please let me know of any problems.

#8 MsImAQuickStudy

MsImAQuickStudy
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:35 AM

Posted 01 April 2014 - 09:00 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Thijs at 2014-04-01 15:52:28 Run:1
Running from C:\Users\Thijs\Desktop\FRST
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
(OpenDownloadManager.com) C:\Program Files (x86)\OpenDownloaderManager\ODM.exe
HKU\S-1-5-21-3505620472-2345776173-1192928423-1001\...\Run: [Open Download Manager] - C:\Program Files (x86)\OpenDownloaderManager\odm.exe [6369280 2013-02-20] (OpenDownloadManager.com)
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found
URLSearchHook: HKCU - (No Name) - {2d8d9acc-f6d7-4362-8876-a275ca929591} - No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6B367220-62C5-49CF-A3EA-32085A3199E1} URL =
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120912192916.dll No File
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120912192916.dll No File
Toolbar: HKCU - No Name - {2D8D9ACC-F6D7-4362-8876-A275CA929591} -  No File
CHR HomePage: hxxp://search.zonealarm.com/?src=hp&tbid=HFA5&Lan=en&gu=8d5d56be3a5e4c95b364c3790b8086de&tu=10G9y00D82D03M0&sku=&tstsId=&ver=&
CHR Plugin: (Shockwave Flash) - C:\Users\Thijs\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Thijs\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Google Update) - C:\Users\Thijs\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR HKCU\...\Chrome\Extension: [eghepdicbhhbhegihkllkmgjggcjpkma] - C:\Users\Thijs\AppData\Local\CRE\eghepdicbhhbhegihkllkmgjggcjpkma.crx [2012-12-01]
CHR HKLM-x32\...\Chrome\Extension: [eghepdicbhhbhegihkllkmgjggcjpkma] - C:\Users\Thijs\AppData\Local\CRE\eghepdicbhhbhegihkllkmgjggcjpkma.crx [2012-12-01]
CHR HKLM-x32\...\Chrome\Extension: [ndgonipadfipmlmdfofnjnhhlgojnjdn] - C:\Users\Thijs\AppData\Local\Temp\ccex.crx [2012-03-08]
C:\Users\Thijs\AppData\Local\Temp\APNStub.exe
C:\Users\Thijs\AppData\Local\Temp\c5mzsve0.dll
C:\Users\Thijs\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmph80ej6.dll
C:\Users\Thijs\AppData\Local\Temp\EADB95F.exe
C:\Users\Thijs\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Thijs\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Thijs\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Thijs\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Thijs\AppData\Local\Temp\SIntf16.dll
C:\Users\Thijs\AppData\Local\Temp\SIntf32.dll
C:\Users\Thijs\AppData\Local\Temp\SIntfNT.dll
C:\Users\Thijs\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Thijs\AppData\Local\Temp\tbBitt.dll
C:\Users\Thijs\AppData\Local\Temp\tbVuze.dll
C:\Users\Thijs\AppData\Local\Temp\uninst1.exe
C:\Users\Thijs\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Thijs\AppData\Local\Temp\VidSaver_1.exe
C:\Users\Thijs\AppData\Local\Temp\Vuze_Installer.exe
C:\Users\Thijs\AppData\Local\Temp\wajam_install.exe
 
end
*****************
 
[5560] C:\Program Files (x86)\OpenDownloaderManager\ODM.exe => Process closed successfully.
HKU\S-1-5-21-3505620472-2345776173-1192928423-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Open Download Manager => Value deleted successfully.
"c:\\progra~3\\bitguard\\271769~1.27\\{c16c1~1\\loader.dll" => Value Data removed successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{2d8d9acc-f6d7-4362-8876-a275ca929591} => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6B367220-62C5-49CF-A3EA-32085A3199E1} => Key deleted successfully.
HKCR\CLSID\{6B367220-62C5-49CF-A3EA-32085A3199E1} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CE3C74E0-7179-4B18-983B-18376FB608A0} => Key deleted successfully.
HKCR\CLSID\{CE3C74E0-7179-4B18-983B-18376FB608A0} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB} => Key deleted successfully.
HKCR\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} => Key deleted successfully.
HKCR\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2D8D9ACC-F6D7-4362-8876-A275CA929591} => Value deleted successfully.
HKCR\CLSID\{2D8D9ACC-F6D7-4362-8876-A275CA929591} => Key not found.
CHR HomePage: hxxp://search.zonealarm.com/?src=hp&tbid=HFA5&Lan=en&gu=8d5d56be3a5e4c95b364c3790b8086de&tu=10G9y00D82D03M0&sku=&tstsId=&ver=& ==> The Chrome "Settings" can be used to fix the entry.
C:\Users\Thijs\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll not found.
C:\Users\Thijs\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll not found.
C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll not found.
C:\Users\Thijs\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll not found.
c:\progra~2\mcafee\msc\npmcsn~1.dll not found.
HKCU\SOFTWARE\Google\Chrome\Extensions\eghepdicbhhbhegihkllkmgjggcjpkma => Key deleted successfully.
C:\Users\Thijs\AppData\Local\CRE\eghepdicbhhbhegihkllkmgjggcjpkma.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eghepdicbhhbhegihkllkmgjggcjpkma => Key deleted successfully.
"C:\Users\Thijs\AppData\Local\CRE\eghepdicbhhbhegihkllkmgjggcjpkma.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn => Key deleted successfully.
C:\Users\Thijs\AppData\Local\Temp\ccex.crx => Moved successfully.
C:\Users\Thijs\AppData\Local\Temp\APNStub.exe => Moved successfully.
C:\Users\Thijs\AppData\Local\Temp\c5mzsve0.dll => Moved successfully.
C:\Users\Thijs\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmph80ej6.dll => Moved successfully.
C:\Users\Thijs\AppData\Local\Temp\EADB95F.exe => Moved successfully.
C:\Users\Thijs\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe => Moved successfully.
C:\Users\Thijs\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe => Moved successfully.
C:\Users\Thijs\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\Thijs\AppData\Local\Temp\OfficeSetup.exe => Moved successfully.
C:\Users\Thijs\AppData\Local\Temp\SIntf16.dll => Moved successfully.
C:\Users\Thijs\AppData\Local\Temp\SIntf32.dll => Moved successfully.
C:\Users\Thijs\AppData\Local\Temp\SIntfNT.dll => Moved successfully.
C:\Users\Thijs\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Thijs\AppData\Local\Temp\tbBitt.dll => Moved successfully.
C:\Users\Thijs\AppData\Local\Temp\tbVuze.dll => Moved successfully.
C:\Users\Thijs\AppData\Local\Temp\uninst1.exe => Moved successfully.
C:\Users\Thijs\AppData\Local\Temp\UninstallEADM.dll => Moved successfully.
C:\Users\Thijs\AppData\Local\Temp\VidSaver_1.exe => Moved successfully.
C:\Users\Thijs\AppData\Local\Temp\Vuze_Installer.exe => Moved successfully.
C:\Users\Thijs\AppData\Local\Temp\wajam_install.exe => Moved successfully.
 
==== End of Fixlog ====
 

 Results of screen317's Security Check version 0.99.81  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java™ 6 Update 29  
 Java 7 Update 25  
 Java version out of Date! 
 Google Chrome 33.0.1750.146  
 Google Chrome 33.0.1750.154  
````````Process Check: objlist.exe by Laurent````````  
 TOSHIBA TOSHIBA Online Product Information TOPI.exe  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
 CheckPoint ZoneAlarm vsmon.exe  
 CheckPoint ZoneAlarm ZAPrivacyService.exe  
 CheckPoint ZoneAlarm zatray.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 6% 
````````````````````End of Log`````````````````````` 
 


#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:35 AM

Posted 01 April 2014 - 10:10 AM

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u51.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java™ 6 Update 29
Java 7 Update 25


===

How is the computer running now?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users