Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Babylon search instead of remembered Chrome tabs


  • This topic is locked This topic is locked
21 replies to this topic

#1 Sebe

Sebe

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 17 July 2014 - 08:37 AM

Hello.

 

First of all, thank you for looking into this topic.

When I booted my laptop today and launched Chrome, instead of my remembered tabs, there was only one with Babylon Search opened. I didn't install anything like that. In my browser's history there's an entry (I x-ed out the http protocol):

hxxp://isearch.babylon.com/?affID=116198&tt=4412_4&babsrc=HP_ss&mntrId=643b7edd000000000000c01885046f60&sd=8

I use Win 7 Home Premium with Service Pack 1, 64-bit and Bitdefender Internet Security as a protection. Now when I start Chrome, Babylon Search doesn't show up, but problems which solve by themselves like to come back by themselves, so I would be obliged if someone took a look at this.

 

Thank you for your time.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17207  BrowserJavaVersion: 10.55.2
Run by Sebek at 15:09:57 on 2014-07-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1250.48.1033.18.8044.4521 [GMT 2:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
SP: Bitdefender Antispyware *Enabled/Updated* {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall *Enabled* {A23392FD-84B9-F933-2C71-81E751F6EF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\OO Software\Defrag\oodag.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Users\Sebek\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
D:\Program Files\PeerBlock\peerblock.exe
C:\Users\Sebek\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Sebek\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Dolby PCEE4\pcee4.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Users\Sebek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Users\Sebek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Users\Sebek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sebek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sebek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sebek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Sebek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sebek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\Sebek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sebek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sebek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sebek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sebek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sebek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: QUICKfind BHO Object: {C08DF07A-3E49-4E25-9AB0-D3882835F153} - D:\Program Files (x86)\IDM\QUICKfind\PlugIns\IEHelp.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Google Update] "C:\Users\Sebek\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun
uRun: [Spotify Web Helper] "C:\Users\Sebek\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
uRun: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
uRun: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
uRun: [PeerBlock] D:\Program Files\PeerBlock\peerblock.exe
uRun: [GoogleChromeAutoLaunch_776988D1BCB05F1CA8483D5A2D92A733] "C:\Users\Sebek\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [uTorrent] "C:\Users\Sebek\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Bonus.SSR.FR11] "C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [UsbAudBsDeck] C:\Program Files (x86)\VIA\VIAudUsb\BSDeck\BSDeck.exe -r
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRun: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
dRun: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
dRun: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
StartupFolder: C:\Users\Sebek\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Sebek\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Sebek\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Sebek\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\O&ODEF~1.LNK - C:\Windows\Installer\{981509D0-F8BF-4810-A75A-8FC90FA0581C}\DefragIcon.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\Office15\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{5F00D231-D2B4-4B49-B82A-9C097D0C6D61} : DHCPNameServer = 7.254.254.254
TCP: Interfaces\{626DF1B4-8665-473D-ABE9-498F28096335} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{626DF1B4-8665-473D-ABE9-498F28096335}\55053403033393631303 : DHCPNameServer = 62.179.1.63 62.179.1.62
TCP: Interfaces\{626DF1B4-8665-473D-ABE9-498F28096335}\67E65647D2543413445414 : DHCPNameServer = 82.139.8.40 95.160.170.92 88.156.222.92
TCP: Interfaces\{626DF1B4-8665-473D-ABE9-498F28096335}\94E66696E6964797 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A736CB50-4191-41AF-99A0-F2C1C64A2EE2} : DHCPNameServer = 62.179.1.63 62.179.1.62
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = about:blank
x64-BHO: Bitdefender Wallet : {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [Bdagent] "C:\Program Files\Bitdefender\Bitdefender\bdagent.exe"
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sebek\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Sebek\
FF - plugin: C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Users\Sebek\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Users\Sebek\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Sebek\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Sebek\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
FF - ExtSQL: !HIDDEN! 2012-10-10 22:28; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2013-9-9 893440]
R0 gzflt;gzflt;C:\Windows\System32\drivers\gzflt.sys [2013-9-9 150256]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-9-5 30496]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [2014-5-22 93600]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2013-9-9 103504]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2012-8-2 872552]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-8-1 13336]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2012-8-2 255376]
R2 OODefragAgent;O&O Defrag;C:\Program Files\OO Software\Defrag\oodag.exe [2013-10-23 2572072]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-8-1 2656280]
R2 UPDATESRV;Bitdefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [2013-10-16 67320]
R3 avchv;avchv Function Driver;C:\Windows\System32\drivers\avchv.sys [2013-9-9 261056]
R3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2013-9-9 635392]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\drivers\b57xdbd.sys [2011-11-4 68648]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\drivers\b57xdmp.sys [2011-11-4 19496]
R3 bScsiMSa;bScsiMSa;C:\Windows\System32\drivers\bScsiMSa.sys [2011-9-2 51752]
R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2012-2-9 78888]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2012-8-1 138024]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-8-1 317440]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-5-9 425000]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760]
R3 pbfilter;pbfilter;D:\Program Files\PeerBlock\pbfilter.sys [2013-6-10 22600]
R3 rzdaendpt;Razer DeathAdder end point;C:\Windows\System32\drivers\rzdaendpt.sys [2014-5-19 33448]
R3 rzudd;Razer Keyboard Driver;C:\Windows\System32\drivers\rzudd.sys [2014-5-19 155816]
R3 rzvkeyboard;Razer Virtual Keyboard Driver;C:\Windows\System32\drivers\rzvkeyboard.sys [2014-5-19 31400]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2013-8-30 31232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 bdfwfpf_pc;bdfwfpf_pc;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [2013-9-9 121928]
S3 BDSandBox;BDSandBox;C:\Windows\System32\drivers\bdsandbox.sys [2013-9-9 82824]
S3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2012-8-1 349736]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2014-4-18 14448]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-9 111616]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-23 178760]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2012-8-23 19032]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2012-8-23 12384]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-7-11 19456]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2014-7-10 155824]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-7-11 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-7-11 30208]
S3 TunngleService;TunngleService;D:\Program Files (x86)\Tunngle\TnglCtrl.exe [2013-8-30 757144]
S3 UsbAudio10;VIA USB AUDIO(AVSTREAM);C:\Windows\System32\drivers\ViaUsbAudio.sys [2014-2-5 106128]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-3 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;D:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2013-8-12 14544]
S4 BdDesktopParental;Bitdefender Desktop Parental Control;C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [2013-11-26 77632]
.
=============== Created Last 30 ================
.
2014-07-12 19:14:51 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-12 19:14:51 -------- d-----w- C:\Program Files\iTunes
2014-07-12 19:14:51 -------- d-----w- C:\Program Files\iPod
2014-07-11 15:09:43 -------- d-----w- C:\Flashtool
2014-07-11 00:50:27 -------- d-----w- C:\Program Files (x86)\Sony Mobile
2014-07-11 00:47:57 3178496 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-07-11 00:47:57 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-07-11 00:47:47 6574592 ----a-w- C:\Windows\System32\mstscax.dll
2014-07-11 00:47:47 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-07-10 23:21:39 -------- d-----w- C:\Windows\SysWow64\NV
2014-07-10 23:21:39 -------- d-----w- C:\Windows\System32\NV
2014-07-10 23:12:21 30208 ----a-w- C:\Windows\System32\drivers\TsUsbGD.sys
2014-07-10 23:12:21 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2014-07-10 23:12:16 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2014-07-10 23:12:16 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll
2014-07-10 23:12:16 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll
2014-07-10 23:11:30 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-07-10 23:11:30 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-07-10 23:04:53 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-07-10 23:04:53 366592 ----a-w- C:\Windows\System32\qdvd.dll
2014-07-10 22:53:49 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-07-10 21:30:15 -------- d-----w- C:\Program Files (x86)\Sony
2014-07-10 20:27:04 -------- d-----w- C:\Users\Sebek\.swt
2014-07-09 11:35:28 1719296 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2014-07-09 11:35:28 1380864 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2014-07-09 11:35:27 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 11:35:27 1389568 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2014-07-09 11:35:27 1354240 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 11:32:10 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-07-09 11:31:59 722432 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll
2014-07-09 11:30:04 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-07-09 11:30:04 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-07-09 11:30:04 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-06-23 22:30:28 -------- d-----w- C:\Program Files (x86)\Acer
2014-06-17 19:35:41 -------- d-----w- C:\ProgramData\APN
.
==================== Find3M  ====================
.
2014-07-09 12:10:16 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 12:10:16 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-06-19 01:06:55 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-06-19 01:06:24 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-06-19 00:42:57 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-06-19 00:42:49 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-06-19 00:41:52 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-06-19 00:41:16 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-06-19 00:24:30 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-06-19 00:24:12 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-06-19 00:23:53 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-06-19 00:14:28 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-06-18 23:59:04 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-06-18 23:56:37 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-06-18 23:51:38 5721088 ----a-w- C:\Windows\System32\jscript9.dll
2014-06-18 23:38:40 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-06-18 23:37:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-06-18 23:36:35 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35:55 62464 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-06-18 23:27:45 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-06-18 23:27:07 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-06-18 23:23:27 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-06-18 23:22:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-06-18 23:06:10 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58:27 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-06-18 22:52:18 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-06-18 22:46:23 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45:59 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-06-18 22:13:59 1791488 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-18 01:10:36 3157504 ----a-w- C:\Windows\System32\win32k.sys
2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-05-29 05:32:14 80384 ----a-w- C:\Windows\System32\RazerCoinstaller.dll
2014-05-24 02:33:58 864256 ----a-w- C:\Windows\SysWow64\rzdevicedll.dll
2014-05-24 02:33:56 325120 ----a-w- C:\Windows\SysWow64\rzaudiodll.dll
2014-05-19 06:47:40 33448 ----a-w- C:\Windows\System32\drivers\rzdaendpt.sys
2014-05-19 06:47:38 31400 ----a-w- C:\Windows\System32\drivers\rzvkeyboard.sys
2014-05-19 06:47:28 155816 ----a-w- C:\Windows\System32\drivers\rzudd.sys
2014-05-19 06:26:50 89088 ----a-w- C:\Windows\SysWow64\rzdevinfo.dll
2014-05-19 06:26:50 155136 ----a-w- C:\Windows\SysWow64\rztouchdll.dll
2014-05-19 06:26:46 117248 ----a-w- C:\Windows\SysWow64\rzdisplaydll.dll
2014-05-09 06:14:03 477184 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-09 06:11:23 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2009-09-27 07:39:26 415744 --sh--w- C:\Windows\SysWOW64\avisynth.dll
2004-02-22 08:11:08 764416 --sh--w- C:\Windows\SysWOW64\devil.dll
2011-06-15 22:00:00 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 11:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 13:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll
2011-02-11 09:26:20 112128 --sha-r- C:\Windows\SysWOW64\OptimFROG.dll
2010-01-06 22:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll
2012-10-05 18:54:00 188416 --sha-r- C:\Windows\SysWOW64\winDCE32.dll
.
============= FINISH: 15:10:56,01 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:01:34 PM

Posted 19 July 2014 - 01:37 PM

Hi, Sebe. I'm checking your log now and will reply with instructions soon.



#3 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:01:34 PM

Posted 19 July 2014 - 03:57 PM

First off, I want you to know that I'm still in training for malware removal and my responses have to be approved before I can post them to you, therefore there will be a little delay between each post.

 

Now, please follow these steps:

1.- Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on Scan
  • Once the scan is done, click on the Clean button.
  • You will get a prompt asking to close all programs. Click OK.
  • Click OK again to reboot your computer.
  • A text file will open after the restart. Please post the content of that logfile in your reply.
  • You can also find the logfile at C:\AdwCleaner[Sn].txt.

2.- Download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Run the tool by double-clicking it.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt in your next message.

3.- Please download RogueKiller and Save to the desktop.

  • Close all windows and browsers
  • Double click on RogueKiller.exe to run the tool.
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please post it in your next reply.

 



#4 Sebe

Sebe
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 19 July 2014 - 06:53 PM

Thank you, Rootk.

 

I did as instructed, but I encountered one problem. I couldn't scan with RogueKiller, because every time I ran the program I got blue screen after few seconds and I had too reboot. I tried four times, after the second time I noticed Chrome working in tray, so I thought it might've been the issue, but closing it didn't help.

 

The first time I ran JRT I remembered after few seconds that I'd forgot to turn off the antivirus, so then I closed JRT, turned off the antivirus and reran JRT. I hope that's not a problem.

 

Here are notices which popped up when I rebooted after bluescreens and below them AdwCleaner and JRT logs:

 

Bluescreen #1

Problem signature:
  Problem Event Name:	BlueScreen
  OS Version:	6.1.7601.2.1.0.768.3
  Locale ID:	1045

Additional information about the problem:
  BCCode:	a
  BCP1:	FFFFF88000961008
  BCP2:	0000000000000002
  BCP3:	0000000000000001
  BCP4:	FFFFF8000327DB11
  OS Version:	6_1_7601
  Service Pack:	1_0
  Product:	768_1

Files that help describe the problem:
  C:\Windows\Minidump\072014-19266-01.dmp
  C:\Users\Sebek\AppData\Local\Temp\WER-131165-0.sysdata.xml

Read our privacy statement online:
  http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
  C:\Windows\system32\en-US\erofflps.txt

#2

Problem signature:
  Problem Event Name:	BlueScreen
  OS Version:	6.1.7601.2.1.0.768.3
  Locale ID:	1045

Additional information about the problem:
  BCCode:	a
  BCP1:	FFFFF88000961008
  BCP2:	0000000000000002
  BCP3:	0000000000000001
  BCP4:	FFFFF80003230B11
  OS Version:	6_1_7601
  Service Pack:	1_0
  Product:	768_1

Files that help describe the problem:
  C:\Windows\Minidump\072014-18876-01.dmp
  C:\Users\Sebek\AppData\Local\Temp\WER-114988-0.sysdata.xml

Read our privacy statement online:
  http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
  C:\Windows\system32\en-US\erofflps.txt

#3

Problem signature:
  Problem Event Name:	BlueScreen
  OS Version:	6.1.7601.2.1.0.768.3
  Locale ID:	1045

Additional information about the problem:
  BCCode:	a
  BCP1:	FFFFF88000961008
  BCP2:	0000000000000002
  BCP3:	0000000000000001
  BCP4:	FFFFF8000323EB11
  OS Version:	6_1_7601
  Service Pack:	1_0
  Product:	768_1

Files that help describe the problem:
  C:\Windows\Minidump\072014-17690-01.dmp
  C:\Users\Sebek\AppData\Local\Temp\WER-73570-0.sysdata.xml

Read our privacy statement online:
  http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
  C:\Windows\system32\en-US\erofflps.txt

#4

Problem signature:
  Problem Event Name:	BlueScreen
  OS Version:	6.1.7601.2.1.0.768.3
  Locale ID:	1045

Additional information about the problem:
  BCCode:	a
  BCP1:	FFFFF88000961008
  BCP2:	0000000000000002
  BCP3:	0000000000000001
  BCP4:	FFFFF80003272B11
  OS Version:	6_1_7601
  Service Pack:	1_0
  Product:	768_1

Files that help describe the problem:
  C:\Windows\Minidump\072014-15522-01.dmp
  C:\Users\Sebek\AppData\Local\Temp\WER-73882-0.sysdata.xml

Read our privacy statement online:
  http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
  C:\Windows\system32\en-US\erofflps.txt

 

# AdwCleaner v3.216 - Report created 20/07/2014 at 00:28:38
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Sebek - SEBEK-PC
# Running from : C:\Users\Sebek\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Conduit
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17207
 
 
-\\ Mozilla Firefox v27.0.1 (pl)
 
[ File : C:\Users\Sebek\AppData\Roaming\Mozilla\Firefox\Profiles\6lve24bp.default\prefs.js ]
 
 
[ File : C:\Users\Sebek\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Sebek\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Sebek\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-4&o=APN10267&locale=en_PL&apn_uid=d0bfd5ea-32cc-4486-ac9a-ccdd3a5b3597&apn_ptnrs=%5EAGY&apn_sauid=4ADCCCB3-F7FF-4B52-8BD6-FF4F8CEB5996&apn_dtid=%5EYYYYYY%5EYY%5EPL&q={searchTerms}
Deleted [Search Provider] : hxxp://www.claro-search.com/?q={searchTerms}&affID=116198&tt=4412_4&babsrc=SP_ss&mntrId=643b7edd000000000000c01885046f60
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Startup_urls] : hxxp://www.claro-search.com/?affID=116198&tt=4412_4&babsrc=HP_ss&mntrId=643b7edd000000000000c01885046f60
Deleted [Homepage] : hxxp://www.claro-search.com/?affID=116198&tt=4412_4&babsrc=HP_ss&mntrId=643b7edd000000000000c01885046f60
 
*************************
 
AdwCleaner[R0].txt - [1539 octets] - [20/07/2014 00:26:27]
AdwCleaner[S0].txt - [1876 octets] - [20/07/2014 00:28:38]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1936 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Sebek on 2014-07-20 at  0:47:47,69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Users\Sebek\AppData\Roaming\thinstall"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2014-07-20 at  0:55:50,01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Edited by Sebe, 19 July 2014 - 07:09 PM.


#5 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:01:34 PM

Posted 20 July 2014 - 10:41 PM

Please follow these steps:

1.- Download BlueScreenView.zip and save it to your desktop.
  • Extract its contents to your desktop.
  • Once extracted, open BlueScreenView.exe to run the program.
  • When the scanning is done, click Edit> Select All.
  • Then click File> Save Selected Items.
  • Save the report as BSOD.txt
  • Open BSOD.txt, copy the content of the file and paste it into your next reply.
2.- Please download Malwarebytes Anti-Malware FREE Version from here: https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
  • Save it to your Desktop. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click to execute the installation. Accept the terms, and allow MBAM to install to the default location in your Program Files.
  • Please update the database by clicking on the Update Now button as shown below.
    Capture1_zps47821576.jpg
  • Following the update, click on the large green Scan Now button to begin the Threat Scan.
    Note: Optionally, you could have simply clicked Fix Now if it is displayed. That will automatically download updates and run a Threat Scan.
    If Malware or Potentially Unwanted Programs are found you will receive a Prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.
  • A window with an option to view the detailed log will appear. Click on View Detailed Log.
    MBAMThreatScan_zpsc6c6daeb.jpg
    • After viewing the results, please click on the Copy to Clipboard button > OK.
      MBAMScanLog_zps21b494ad.jpg
    • Return to our forum. Paste your log into your next reply.
  • Note: If you lose the Clipboard copy and need to retrieve the log again it can be found by opening Malwarebytes and clicking on History> Application Logs with the date of the scan. Simply double-click on that in order to see the options for Copying to Clipboard or to Export to a .txt file (Notepad). etc.. The .txt file can be saved and posted when you are ready.
3.- Download Malwarebytes Anti-Rootkit from this link http://www.malwarebytes.org/products/mbar/
  • Unzip the File to a convenient location. (Recommend the Desktop)
  • You may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:
mbarwm.png
  • If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen.
  • The following image opens, select Next.
Image2.png
  •  The following image opens, select Update
Image3.png
  •  When the Update completes, select Next
Image4.png
  •  In the following window ensure "Targets" are ticked. Then select "Scan"
Image5.png
  •  If an infection/s is found the "Cleanup Button" to remove threats will be available. A list of infected files will be listed like the following example:
MBAntiRKclean.png
  •  Do not select the "Clean up Button" select the "Exit" button, there will be a warning as follows:
MBAntiRKclean1.png
  •  Select "Yes" to close down the program. If NO infections were found you will see the following image:
Image6.png
  • Select "Exit" to close down.
  • Copy and paste the two following logs from the mbar folder:
System - log
Mbar - log Date and time of scan will also be shown

Post those two logs in your reply.

#6 Sebe

Sebe
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 21 July 2014 - 05:14 AM

Thank you. In Malwarebytes Anti-Malware I put two items in quarantine. When I opened Malwarebytes Anti-Rootkit, following window appeared:
US6xmri.png
 
I clicked No. Scan was completed without problems.
 
==================================================
Dump File         : 072014-15522-01.dmp
Crash Time        : 2014-07-20 01:25:14
Bug Check String  : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x0000000a
Parameter 1       : fffff880`00961008
Parameter 2       : 00000000`00000002
Parameter 3       : 00000000`00000001
Parameter 4       : fffff800`03272b11
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75bc0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18409 (win7sp1_gdr.140303-2144)
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\072014-15522-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 262 144
Dump File Time    : 2014-07-20 01:26:29
==================================================
 
==================================================
Dump File         : 072014-17690-01.dmp
Crash Time        : 2014-07-20 01:18:55
Bug Check String  : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x0000000a
Parameter 1       : fffff880`00961008
Parameter 2       : 00000000`00000002
Parameter 3       : 00000000`00000001
Parameter 4       : fffff800`0323eb11
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75bc0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18409 (win7sp1_gdr.140303-2144)
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\072014-17690-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 262 144
Dump File Time    : 2014-07-20 01:20:19
==================================================
 
==================================================
Dump File         : 072014-18876-01.dmp
Crash Time        : 2014-07-20 01:08:47
Bug Check String  : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x0000000a
Parameter 1       : fffff880`00961008
Parameter 2       : 00000000`00000002
Parameter 3       : 00000000`00000001
Parameter 4       : fffff800`03230b11
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75bc0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18409 (win7sp1_gdr.140303-2144)
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\072014-18876-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 262 144
Dump File Time    : 2014-07-20 01:10:05
==================================================
 
==================================================
Dump File         : 072014-19266-01.dmp
Crash Time        : 2014-07-20 00:58:19
Bug Check String  : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x0000000a
Parameter 1       : fffff880`00961008
Parameter 2       : 00000000`00000002
Parameter 3       : 00000000`00000001
Parameter 4       : fffff800`0327db11
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75bc0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18409 (win7sp1_gdr.140303-2144)
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\072014-19266-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 262 144
Dump File Time    : 2014-07-20 01:01:10
==================================================
 
==================================================
Dump File         : 100613-29967-01.dmp
Crash Time        : 2013-10-06 22:12:35
Bug Check String  : IRQL_GT_ZERO_AT_SYSTEM_SERVICE
Bug Check Code    : 0x0000004a
Parameter 1       : 00000000`77bb132a
Parameter 2       : 00000000`00000002
Parameter 3       : 00000000`00000000
Parameter 4       : fffff880`04987b60
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75b80
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18409 (win7sp1_gdr.140303-2144)
Processor         : x64
Crash Address     : ntoskrnl.exe+75b80
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\100613-29967-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 262 144
Dump File Time    : 2013-10-06 22:16:58
==================================================
 
==================================================
Dump File         : 020213-21840-01.dmp
Crash Time        : 2013-02-02 00:59:45
Bug Check String  : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x0000000a
Parameter 1       : 00000000`00000000
Parameter 2       : 00000000`00000002
Parameter 3       : 00000000`00000000
Parameter 4       : fffff800`02e9a242
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7efc0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18409 (win7sp1_gdr.140303-2144)
Processor         : x64
Crash Address     : ntoskrnl.exe+7efc0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\020213-21840-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 262 144
Dump File Time    : 2013-02-02 01:02:00
==================================================
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2014-07-21
Scan Time: 11:26:43
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.20.07
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Sebek
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 385334
Time Elapsed: 12 min, 5 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 1
PUP.Optional.Conduit.A, C:\Users\Sebek\AppData\Local\Temp\CT1750559, , [96311988552646f079e19b0909f908f8], 
 
Files: 1
PUP.Optional.Conduit.A, C:\Users\Sebek\AppData\Local\Temp\CT1750559\ddt.csf, , [96311988552646f079e19b0909f908f8], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.17207
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.494000 GHz
Memory total: 8434597888, free: 4803837952
 
Downloaded database version: v2014.07.20.07
Downloaded database version: v2014.07.17.01
=======================================
Initializing...
------------ Kernel report ------------
     07/21/2014 11:49:52
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\trufos.sys
\SystemRoot\system32\DRIVERS\FLTMGR.SYS
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\avc3.sys
\SystemRoot\system32\DRIVERS\gzflt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\??\c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys
\??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\system32\DRIVERS\bScsiSDa.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\bScsiMSa.sys
\SystemRoot\system32\DRIVERS\b57xdbd.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\tap0901t.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\avchv.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\b57xdmp.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\drivers\ViaUsbAudio.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\rzdaendpt.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\rzudd.sys
\SystemRoot\system32\DRIVERS\rzvkeyboard.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avckf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\D:\Program Files\PeerBlock\pbfilter.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\shell32.dll
\Windows\System32\gdi32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\usp10.dll
\Windows\System32\imm32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\normaliz.dll
\Windows\System32\oleaut32.dll
\Windows\System32\ole32.dll
\Windows\System32\iertutil.dll
\Windows\System32\sechost.dll
\Windows\System32\ws2_32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\lpk.dll
\Windows\System32\setupapi.dll
\Windows\System32\nsi.dll
\Windows\System32\wininet.dll
\Windows\System32\msctf.dll
\Windows\System32\urlmon.dll
\Windows\System32\Wldap32.dll
\Windows\System32\advapi32.dll
\Windows\System32\user32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\kernel32.dll
\Windows\System32\psapi.dll
\Windows\System32\difxapi.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\comctl32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\userenv.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\profapi.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8009ce9060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8007e48050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8009ce9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8009ce9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8009ce9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007e48050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 447F70FA
 
Partition information:
 
    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 31457280
 
    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 31459328  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 31664128  Numsec = 188538880
 
    Partition 3 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 220203008  Numsec = 1244942336
 
Disk Size: 750156374016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-31459328-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org
 
Database version: v2014.07.20.07
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17207
Sebek :: SEBEK-PC [administrator]
 
2014-07-21 11:50:04
mbar-log-2014-07-21 (11-50-04).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 386848
Time elapsed: 16 minute(s), 2 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 


#7 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:01:34 PM

Posted 21 July 2014 - 01:42 PM

Please follow these steps:

1.- Download TFC.exe - Temp File Cleaner by OldTimer:
Alternate link: http://www.itxassociates.com/OT-Tools/TFC.exe

  • Save it to your Desktop.
  • Close any open windows, save your work.
  • Double click the TFC icon to run the program. ] (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process,
  • ]Allow TFC to run uninterrupted,
  • The program should not take long to finish its job.
  • Once it's finished, click OK to reboot

2.- Go to Eset web page and run an online scanner from ESET. (You will need to use Internet explorer for this scan).

Turn off the real time scanner of any existing antivirus program while performing the online scan
click on Run ESET Online Scanner button.
Tick the box next to YES, I accept the Terms of Use.
Click Start.
When asked, allow the ActiveX control to install.
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options below are ticked.

  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

Click Start.
Wait for the scan to finish.
Use Notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
and copy and paste the results here in this topic.



#8 Sebe

Sebe
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 22 July 2014 - 08:07 AM

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=4d262eaf185c7e409fdc280e0e20e29d
# engine=19277
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-07-22 12:23:45
# local_time=2014-07-22 02:23:45 (+0100, Central European Daylight Time)
# country="Poland"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Bitdefender Antivirus'
# compatibility_mode=2063 16777213 66 100 62805 109877134 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 27284216 157661675 0 0
# scanned=388440
# found=34
# cleaned=0
# scan_time=61867
sh=FAECAF5ED22E5435B9D177C34EB9A649CD868AE7 ft=1 fh=f94ce5b1d9f02a3f vn="a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application" ac=I fn="C:\Users\Sebek\AppData\Local\Temp\uttF71B.tmp.exe"
sh=65D9AF795636D72151FF337E2D1EFB8D7DEED7DB ft=1 fh=306f6f9ba438560e vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\Users\Sebek\AppData\Local\Temp\c7b709d4-1dee-4fd0-beec-2664b230d6da\bsplayer.exe"
sh=74F98950113C9013CA108AFF90D22CAA3343C6B7 ft=1 fh=e90aab207bab755d vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="D:\chromedl\bsplayer263-1071.exe"
sh=46152E8B96EC309AECCD04299883E3205C07C5D8 ft=1 fh=996a4477da497580 vn="Win32/Toolbar.Conduit.M potentially unwanted application" ac=I fn="D:\chromedl\bsplayer264.1073.exe"
sh=9A76769B0126D3A178AA86C473F4F2C5F61026CD ft=1 fh=8f053d67efaefc45 vn="Win32/Toolbar.Conduit.M potentially unwanted application" ac=I fn="D:\chromedl\bsplayer265.1074.exe"
sh=2132ABDFB96CA780F910CD46D6D456C09C7D608E ft=1 fh=5108147532b928ba vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="D:\chromedl\bsplayer266-1075.exe"
sh=6CDFE387B54A6E88B405167F2075373744616574 ft=1 fh=4ae36e6c65f7cef7 vn="Win32/Toolbar.Conduit.AE potentially unwanted application" ac=I fn="D:\chromedl\bsplayer266_1075.exe"
sh=E00D7B53C5285DE6E45EEFE59E88468460552081 ft=1 fh=ce36a11b6c9c491f vn="a variant of Win32/OpenInstall potentially unwanted application" ac=I fn="D:\chromedl\CWK.exe"
sh=5861896AB5408B11D5FC53B111A6BFC45EFD161D ft=1 fh=025db34a8da5cfd4 vn="a variant of Win32/DobreProgramy potentially unwanted application" ac=I fn="D:\chromedl\Free-Alarm-Clock(24929).exe"
sh=57B39EDF53486A9654EFE41DC95046FCE338B238 ft=1 fh=0c20e58af1de4efe vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="D:\chromedl\LF2_v20a_Install.exe"
sh=41B39297F7E406B4F5301572C0401F9F8EF8CA35 ft=1 fh=f2a8797b5b449bb7 vn="a variant of Win32/SoftonicDownloader.F potentially unwanted application" ac=I fn="D:\chromedl\SoftonicDownloader_for_pdfdu-rotate-pdf.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/HackTool.Crack.BB potentially unsafe application" ac=I fn="D:\Downloads\NBA.2K13-RELOADED.iso"
sh=27E4BFD3004346B1DA4A7FD5BA7A503D3717D0ED ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Crack.BQ potentially unsafe application" ac=I fn="D:\Downloads\Sid.Meiers.Civilization.V.Brave.New.World-RELOADED\rld-civ5bnw.iso"
sh=1767EC6D9A3622D113B935987FCBAE559BE644FC ft=1 fh=30448f7e1b3967ef vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="D:\ffdl\avira_free_antivirus_en(1).exe"
sh=843BD6D0E37AF230CC3FCA1C8CB0CE19DA855A85 ft=1 fh=271916743c9674d1 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="D:\ffdl\avira_free_antivirus_en.exe"
sh=667F9F533D45F9FB28A12314055362A17C6AB903 ft=1 fh=dc2331c6f13d2218 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="D:\ffdl\bsplayer262.1068.exe"
sh=1BF3475345E6003C06C9330575F45E2CE4CA9860 ft=1 fh=0b6cdf15c941b6d9 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="D:\ffdl\DTLite4454-0315.exe"
sh=2C7A088FDF06B8DF9C49A21CE2A3F3F45383E7C1 ft=1 fh=7b1df9bbd39c684b vn="Win32/DownWare.W potentially unwanted application" ac=I fn="D:\ffdl\SUPERsetup_v2012-build-53.exe"
sh=F7EA4C1534990D8DB26496CFF9A4006264A84DB8 ft=1 fh=df6d1106df9b0f04 vn="Win32/HackTool.Crack.BB potentially unsafe application" ac=I fn="D:\nba2k13\rld.dll"
sh=9590088AB47BAADF5F41EA26635236E8521271E8 ft=1 fh=000320d40bc4cf3e vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="D:\Stacjo\Stacjo1\avira_free_antivirus_en.exe"
sh=C8B869E24E27D3EB4EE34840E5F920F54879CDB3 ft=1 fh=a3eb6f5670512021 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="D:\Stacjo\Stacjo1\bsplayer261.1065.exe"
sh=667F9F533D45F9FB28A12314055362A17C6AB903 ft=1 fh=dc2331c6f13d2218 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="D:\Stacjo\Stacjo1\bsplayer262.1068.exe"
sh=EF77C1325FCA76E9DA9D7DE2A14E3B0A0E604C05 ft=1 fh=fd3bf3b0720b0ca3 vn="a variant of Win32/CNETInstaller.A potentially unwanted application" ac=I fn="D:\Stacjo\Stacjo1\cbsidlm-cbsi3_2_5_41-Alarm_Clock-10064069.exe"
sh=D3BA80098B559851B56A733C5C540A6302443AA2 ft=1 fh=0d6f89e5f675b5f5 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="D:\Stacjo\Stacjo1\LF2_v20a_Install.exe"
sh=EE87AB756D2EE1AC353EBE42FD01EF4817AE0A1A ft=1 fh=45ed39a9af02be67 vn="Win32/Malavida.A potentially unwanted application" ac=I fn="D:\Stacjo\Stacjo1\neoragex-windows-malavida.exe"
sh=EEBFC04D6B8FDE9B014214CC83DFBEFBF545D437 ft=1 fh=386346820fc68a16 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="D:\Stacjo\Stacjo1\PDFCreator-1_3_2_setup.exe"
sh=74892DEC37923D7A31595C60B2BD5D12651B6D92 ft=1 fh=1bdace94feeb436c vn="Win32/OpenCandy potentially unsafe application" ac=I fn="D:\Stacjo\Stacjo1\winamp5622_full_emusic-7plus_pl-pl.exe"
sh=1D4DD4523492EDC59753D2F328BF3564A9390EA4 ft=1 fh=ec458d8c372fafe5 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="D:\Stacjo\Stacjo4\chromedl\ashampoo_burning_studio_6_free_6.80_4312.exe"
sh=DE7767E0C52753A9395168FB8F88275522203451 ft=1 fh=2957105ba068805f vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="D:\Stacjo\Stacjo4\chromedl\cpu-z_1.58-setup-en.exe"
sh=B001F7D0F1F9A7E61C5499E5C8350F497B5A3E18 ft=1 fh=2a21627c0d99789c vn="Win32/OpenCandy potentially unsafe application" ac=I fn="D:\Stacjo\Stacjo4\chromedl\DTLite4413-0173_(programs.pl).exe"
sh=D3BA80098B559851B56A733C5C540A6302443AA2 ft=1 fh=0d6f89e5f675b5f5 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="D:\Stacjo\Stacjo4\chromedl\LF2_v20a_Install.exe"
sh=D343B3E2C0144988424C536F0BCF22E4CC5BADA3 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="D:\Stacjo\Stacjo5\Downloads\Ashampoo Burning Studio 10.10.0.1 +Key (32-64bit) -TrT\Ashampoo Burning Studio 10.10.0.1 +Key (32-64bit) -TrT.rar"
sh=03479A054A253149E08E1CD0F34D0C0E1F0867C3 ft=1 fh=e36611e3151c0b0e vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="D:\Stacjo\Stacjo5\Downloads\Ashampoo Burning Studio 10.10.0.1 +Key (32-64bit) -TrT\Ashampoo Burning Studio 10.10.0.1 +Key (32-64bit) -TrT\ashampoo_burning_studio_10_10.0.1_sm.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/HackTool.WinActivator.J potentially unsafe application" ac=I fn="D:\Stacjo\Stacjo5\Downloads\Windows 7.ULTIMATE.SP1.ALL.EDITIONS.32-64.bit-MAFIAA\Windows.7.SP1.ENG.x86-x64.MAFIAA.iso"
 


#9 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:01:34 PM

Posted 22 July 2014 - 05:43 PM

Are you using cracked software? There is evidence of cracks/activators on your computer.



#10 Sebe

Sebe
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 22 July 2014 - 06:26 PM

No, I don't. Some folders are a backup from another computer, which content I didn't know, and I'll be glad to delete it.

 

o8H2ZiE.png



#11 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:01:34 PM

Posted 23 July 2014 - 12:23 AM

Please do the following:

 

Download and run Belarc Advisor. When it is done running its scan, it will open a browser window. When that window is open you can close it. Then go to C:\Program Files\Belarc\BelarcAdvisor\System\tmp, there will be four files there. One is the name of your computer. I am sending you a private message on what to do with that file. DO NOT ATTACH OR POST IT HERE.



#12 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:01:34 PM

Posted 18 August 2014 - 10:41 PM

Since it has been several days since your last post, we will need a new set of logs to check on the current status of your computer. Please follow these steps:

1.- Run Adwcleaner.

  • Click on Scan
  • Once the scan is done, click on the Clean button.
  • You will get a prompt asking to close all programs. Click OK.
  • Click OK again to reboot your computer.
  • A text file will open after the restart. Please post the content of that logfile in your reply.
  • You can also find the logfile at C:\AdwCleaner[Sn].txt.

2.- Run RogueKiller.

  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please post it in your next reply.

3.- Run Malwarebytes Anti-Malware and do the following:

Click on Scan now.
If an update is available, click Update Now.
A Threat Scan will start.
After scan, if potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.

A window with an option to view the detailed log will appear. Click on View Detailed Log.
After viewing the results, please click on the Copy to Clipboard button > OK.
Paste your log into your next reply.

Note: If you lose the Clipboard copy and need to retrieve the log again it can be found by opening Malwarebytes and clicking on History> Application Logs with the date of the scan. Simply double-click on that in order to see the options for Copying to Clipboard or to Export to a .txt file (Notepad). etc.. The .txt file can be saved and posted when you are ready.

4.- Run BlueScreenView.exe again.
When the scanning is done, select Edit> Select All.
Then click File> Save Selected Items.
Save the report as BSOD.txt
Open BSOD.txt, copy the content of the file and paste it into your next reply.

 



#13 Sebe

Sebe
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 19 August 2014 - 06:23 AM

BSPlayer is my video player.
 
# AdwCleaner v3.307 - Report created 19/08/2014 at 12:22:59
# Updated 17/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Sebek - SEBEK-PC
# Running from : C:\Users\Sebek\Desktop\adwcleaner_3.307.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Sebek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
File Deleted : C:\Users\Sebek\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Sebek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\Sebek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
 
-\\ Mozilla Firefox v27.0.1 (pl)
 
[ File : C:\Users\Sebek\AppData\Roaming\Mozilla\Firefox\Profiles\6lve24bp.default\prefs.js ]
 
 
[ File : C:\Users\Sebek\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Sebek\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Sebek\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Search Provider] : hxxp://www.claro-search.com/?q={searchTerms}&affID=116198&tt=4412_4&babsrc=SP_ss&mntrId=643b7edd000000000000c01885046f60
Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-4&o=APN10267&locale=en_PL&apn_uid=d0bfd5ea-32cc-4486-ac9a-ccdd3a5b3597&apn_ptnrs=%5EAGY&apn_sauid=4ADCCCB3-F7FF-4B52-8BD6-FF4F8CEB5996&apn_dtid=%5EYYYYYY%5EYY%5EPL&q={searchTerms}
Deleted [Startup_urls] : hxxp://www.claro-search.com/?affID=116198&tt=4412_4&babsrc=HP_ss&mntrId=643b7edd000000000000c01885046f60
Deleted [Homepage] : hxxp://www.claro-search.com/?affID=116198&tt=4412_4&babsrc=HP_ss&mntrId=643b7edd000000000000c01885046f60
Deleted [Extension] : gkojfkhlekighikafcpjkiklfbnlmeio
 
*************************
 
AdwCleaner[R0].txt - [1539 octets] - [20/07/2014 00:26:27]
AdwCleaner[R1].txt - [2197 octets] - [19/08/2014 12:19:52]
AdwCleaner[S0].txt - [2016 octets] - [20/07/2014 00:28:38]
AdwCleaner[S1].txt - [2582 octets] - [19/08/2014 12:22:59]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2642 octets] ##########
 
RogueKiller V9.2.8.0 (x64) [Jul 11 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Sebek [Admin rights]
Mode : Scan -- Date : 08/19/2014  12:46:12
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 26 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 62.179.1.63 62.179.1.62  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 62.179.1.63 62.179.1.62  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 62.179.1.63 62.179.1.62  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5F00D231-D2B4-4B49-B82A-9C097D0C6D61} | DhcpNameServer : 7.254.254.254  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{626DF1B4-8665-473D-ABE9-498F28096335} | DhcpNameServer : 62.179.1.63 62.179.1.62  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A736CB50-4191-41AF-99A0-F2C1C64A2EE2} | DhcpNameServer : 62.179.1.63 62.179.1.62  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5F00D231-D2B4-4B49-B82A-9C097D0C6D61} | DhcpNameServer : 7.254.254.254  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{626DF1B4-8665-473D-ABE9-498F28096335} | DhcpNameServer : 62.179.1.63 62.179.1.62  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A736CB50-4191-41AF-99A0-F2C1C64A2EE2} | DhcpNameServer : 62.179.1.63 62.179.1.62  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5F00D231-D2B4-4B49-B82A-9C097D0C6D61} | DhcpNameServer : 7.254.254.254  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{626DF1B4-8665-473D-ABE9-498F28096335} | DhcpNameServer : 62.179.1.63 62.179.1.62  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A736CB50-4191-41AF-99A0-F2C1C64A2EE2} | DhcpNameServer : 62.179.1.63 62.179.1.62  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-2282369039-938024050-2821666700-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-2282369039-938024050-2821666700-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-2282369039-938024050-2821666700-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-2282369039-938024050-2821666700-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2282369039-938024050-2821666700-1000\Software\Microsoft\Internet Explorer\Main | Start Page : about:blank  -> FOUND
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2282369039-938024050-2821666700-1000\Software\Microsoft\Internet Explorer\Main | Start Page : about:blank  -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] f2f66be2b6e6a7a8cd784a659036de6d
[BSP] 0ccaceb7bc876cdf74bc4cc5a6d91a03 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 31459328 | Size: 100 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 31664128 | Size: 92060 MB
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 220203008 | Size: 607882 MB
User = LL1 ... OK
User = LL2 ... OK
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2014-08-19
Scan Time: 12:50:15
Logfile: mal.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.08.19.04
Rootkit Database: v2014.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Sebek
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 396305
Time Elapsed: 12 min, 37 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.ClientConnect, C:\Users\Sebek\AppData\Local\Temp\c7b709d4-1dee-4fd0-beec-2664b230d6da\bsplayer.exe, Quarantined, [bcb478505625be78d7fe7f2b649ddf21], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
==================================================
Dump File         : 081614-18766-01.dmp
Crash Time        : 2014-08-16 00:05:40
Bug Check String  : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code    : 0x00000050
Parameter 1       : fffff901`c05d157c
Parameter 2       : 00000000`00000000
Parameter 3       : fffff960`0010cca3
Parameter 4       : 00000000`00000005
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75bc0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18409 (win7sp1_gdr.140303-2144)
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\081614-18766-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 271 744
Dump File Time    : 2014-08-16 00:38:03
==================================================
 
==================================================
Dump File         : 072014-15522-01.dmp
Crash Time        : 2014-07-20 01:25:14
Bug Check String  : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x0000000a
Parameter 1       : fffff880`00961008
Parameter 2       : 00000000`00000002
Parameter 3       : 00000000`00000001
Parameter 4       : fffff800`03272b11
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75bc0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18409 (win7sp1_gdr.140303-2144)
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\072014-15522-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 262 144
Dump File Time    : 2014-07-20 01:26:29
==================================================
 
==================================================
Dump File         : 072014-17690-01.dmp
Crash Time        : 2014-07-20 01:18:55
Bug Check String  : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x0000000a
Parameter 1       : fffff880`00961008
Parameter 2       : 00000000`00000002
Parameter 3       : 00000000`00000001
Parameter 4       : fffff800`0323eb11
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75bc0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18409 (win7sp1_gdr.140303-2144)
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\072014-17690-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 262 144
Dump File Time    : 2014-07-20 01:20:19
==================================================
 
==================================================
Dump File         : 072014-18876-01.dmp
Crash Time        : 2014-07-20 01:08:47
Bug Check String  : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x0000000a
Parameter 1       : fffff880`00961008
Parameter 2       : 00000000`00000002
Parameter 3       : 00000000`00000001
Parameter 4       : fffff800`03230b11
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75bc0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18409 (win7sp1_gdr.140303-2144)
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\072014-18876-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 262 144
Dump File Time    : 2014-07-20 01:10:05
==================================================
 
==================================================
Dump File         : 072014-19266-01.dmp
Crash Time        : 2014-07-20 00:58:19
Bug Check String  : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x0000000a
Parameter 1       : fffff880`00961008
Parameter 2       : 00000000`00000002
Parameter 3       : 00000000`00000001
Parameter 4       : fffff800`0327db11
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75bc0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18409 (win7sp1_gdr.140303-2144)
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\072014-19266-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 262 144
Dump File Time    : 2014-07-20 01:01:10
==================================================
 
==================================================
Dump File         : 100613-29967-01.dmp
Crash Time        : 2013-10-06 22:12:35
Bug Check String  : IRQL_GT_ZERO_AT_SYSTEM_SERVICE
Bug Check Code    : 0x0000004a
Parameter 1       : 00000000`77bb132a
Parameter 2       : 00000000`00000002
Parameter 3       : 00000000`00000000
Parameter 4       : fffff880`04987b60
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75b80
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18409 (win7sp1_gdr.140303-2144)
Processor         : x64
Crash Address     : ntoskrnl.exe+75b80
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\100613-29967-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 262 144
Dump File Time    : 2013-10-06 22:16:58
==================================================
 
==================================================
Dump File         : 020213-21840-01.dmp
Crash Time        : 2013-02-02 00:59:45
Bug Check String  : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x0000000a
Parameter 1       : 00000000`00000000
Parameter 2       : 00000000`00000002
Parameter 3       : 00000000`00000000
Parameter 4       : fffff800`02e9a242
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7efc0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18409 (win7sp1_gdr.140303-2144)
Processor         : x64
Crash Address     : ntoskrnl.exe+7efc0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\020213-21840-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 262 144
Dump File Time    : 2013-02-02 01:02:00
==================================================
 

 



#14 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:01:34 PM

Posted 19 August 2014 - 10:05 PM

Please do the following:

Go to Eset web page and run an online scanner from ESET. (You will need to use Internet explorer for this scan).

Turn off the real time scanner of any existing antivirus program while performing the online scan
click on Run ESET Online Scanner button.
Tick the box next to YES, I accept the Terms of Use.
Click Start.
When asked, allow the ActiveX control to install.
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options below are ticked.
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
Click Start.
Wait for the scan to finish.
Use Notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
and copy and paste the results here in this topic.

#15 Sebe

Sebe
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 21 August 2014 - 05:35 AM

Here are all the contents of the file (with the previous scan as well):
 
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=4d262eaf185c7e409fdc280e0e20e29d
# engine=19277
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-07-22 12:23:45
# local_time=2014-07-22 02:23:45 (+0100, Central European Daylight Time)
# country="Poland"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Bitdefender Antivirus'
# compatibility_mode=2063 16777213 66 100 62805 109877134 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 27284216 157661675 0 0
# scanned=388440
# found=34
# cleaned=0
# scan_time=61867
sh=FAECAF5ED22E5435B9D177C34EB9A649CD868AE7 ft=1 fh=f94ce5b1d9f02a3f vn="a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application" ac=I fn="C:\Users\Sebek\AppData\Local\Temp\uttF71B.tmp.exe"
sh=65D9AF795636D72151FF337E2D1EFB8D7DEED7DB ft=1 fh=306f6f9ba438560e vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\Users\Sebek\AppData\Local\Temp\c7b709d4-1dee-4fd0-beec-2664b230d6da\bsplayer.exe"
sh=74F98950113C9013CA108AFF90D22CAA3343C6B7 ft=1 fh=e90aab207bab755d vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="D:\chromedl\bsplayer263-1071.exe"
sh=46152E8B96EC309AECCD04299883E3205C07C5D8 ft=1 fh=996a4477da497580 vn="Win32/Toolbar.Conduit.M potentially unwanted application" ac=I fn="D:\chromedl\bsplayer264.1073.exe"
sh=9A76769B0126D3A178AA86C473F4F2C5F61026CD ft=1 fh=8f053d67efaefc45 vn="Win32/Toolbar.Conduit.M potentially unwanted application" ac=I fn="D:\chromedl\bsplayer265.1074.exe"
sh=2132ABDFB96CA780F910CD46D6D456C09C7D608E ft=1 fh=5108147532b928ba vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="D:\chromedl\bsplayer266-1075.exe"
sh=6CDFE387B54A6E88B405167F2075373744616574 ft=1 fh=4ae36e6c65f7cef7 vn="Win32/Toolbar.Conduit.AE potentially unwanted application" ac=I fn="D:\chromedl\bsplayer266_1075.exe"
sh=E00D7B53C5285DE6E45EEFE59E88468460552081 ft=1 fh=ce36a11b6c9c491f vn="a variant of Win32/OpenInstall potentially unwanted application" ac=I fn="D:\chromedl\CWK.exe"
sh=5861896AB5408B11D5FC53B111A6BFC45EFD161D ft=1 fh=025db34a8da5cfd4 vn="a variant of Win32/DobreProgramy potentially unwanted application" ac=I fn="D:\chromedl\Free-Alarm-Clock(24929).exe"
sh=57B39EDF53486A9654EFE41DC95046FCE338B238 ft=1 fh=0c20e58af1de4efe vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="D:\chromedl\LF2_v20a_Install.exe"
sh=41B39297F7E406B4F5301572C0401F9F8EF8CA35 ft=1 fh=f2a8797b5b449bb7 vn="a variant of Win32/SoftonicDownloader.F potentially unwanted application" ac=I fn="D:\chromedl\SoftonicDownloader_for_pdfdu-rotate-pdf.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/HackTool.Crack.BB potentially unsafe application" ac=I fn="D:\Downloads\NBA.2K13-RELOADED.iso"
sh=27E4BFD3004346B1DA4A7FD5BA7A503D3717D0ED ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Crack.BQ potentially unsafe application" ac=I fn="D:\Downloads\Sid.Meiers.Civilization.V.Brave.New.World-RELOADED\rld-civ5bnw.iso"
sh=1767EC6D9A3622D113B935987FCBAE559BE644FC ft=1 fh=30448f7e1b3967ef vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="D:\ffdl\avira_free_antivirus_en(1).exe"
sh=843BD6D0E37AF230CC3FCA1C8CB0CE19DA855A85 ft=1 fh=271916743c9674d1 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="D:\ffdl\avira_free_antivirus_en.exe"
sh=667F9F533D45F9FB28A12314055362A17C6AB903 ft=1 fh=dc2331c6f13d2218 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="D:\ffdl\bsplayer262.1068.exe"
sh=1BF3475345E6003C06C9330575F45E2CE4CA9860 ft=1 fh=0b6cdf15c941b6d9 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="D:\ffdl\DTLite4454-0315.exe"
sh=2C7A088FDF06B8DF9C49A21CE2A3F3F45383E7C1 ft=1 fh=7b1df9bbd39c684b vn="Win32/DownWare.W potentially unwanted application" ac=I fn="D:\ffdl\SUPERsetup_v2012-build-53.exe"
sh=F7EA4C1534990D8DB26496CFF9A4006264A84DB8 ft=1 fh=df6d1106df9b0f04 vn="Win32/HackTool.Crack.BB potentially unsafe application" ac=I fn="D:\nba2k13\rld.dll"
sh=9590088AB47BAADF5F41EA26635236E8521271E8 ft=1 fh=000320d40bc4cf3e vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="D:\Stacjo\Stacjo1\avira_free_antivirus_en.exe"
sh=C8B869E24E27D3EB4EE34840E5F920F54879CDB3 ft=1 fh=a3eb6f5670512021 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="D:\Stacjo\Stacjo1\bsplayer261.1065.exe"
sh=667F9F533D45F9FB28A12314055362A17C6AB903 ft=1 fh=dc2331c6f13d2218 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="D:\Stacjo\Stacjo1\bsplayer262.1068.exe"
sh=EF77C1325FCA76E9DA9D7DE2A14E3B0A0E604C05 ft=1 fh=fd3bf3b0720b0ca3 vn="a variant of Win32/CNETInstaller.A potentially unwanted application" ac=I fn="D:\Stacjo\Stacjo1\cbsidlm-cbsi3_2_5_41-Alarm_Clock-10064069.exe"
sh=D3BA80098B559851B56A733C5C540A6302443AA2 ft=1 fh=0d6f89e5f675b5f5 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="D:\Stacjo\Stacjo1\LF2_v20a_Install.exe"
sh=EE87AB756D2EE1AC353EBE42FD01EF4817AE0A1A ft=1 fh=45ed39a9af02be67 vn="Win32/Malavida.A potentially unwanted application" ac=I fn="D:\Stacjo\Stacjo1\neoragex-windows-malavida.exe"
sh=EEBFC04D6B8FDE9B014214CC83DFBEFBF545D437 ft=1 fh=386346820fc68a16 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="D:\Stacjo\Stacjo1\PDFCreator-1_3_2_setup.exe"
sh=74892DEC37923D7A31595C60B2BD5D12651B6D92 ft=1 fh=1bdace94feeb436c vn="Win32/OpenCandy potentially unsafe application" ac=I fn="D:\Stacjo\Stacjo1\winamp5622_full_emusic-7plus_pl-pl.exe"
sh=1D4DD4523492EDC59753D2F328BF3564A9390EA4 ft=1 fh=ec458d8c372fafe5 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="D:\Stacjo\Stacjo4\chromedl\ashampoo_burning_studio_6_free_6.80_4312.exe"
sh=DE7767E0C52753A9395168FB8F88275522203451 ft=1 fh=2957105ba068805f vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="D:\Stacjo\Stacjo4\chromedl\cpu-z_1.58-setup-en.exe"
sh=B001F7D0F1F9A7E61C5499E5C8350F497B5A3E18 ft=1 fh=2a21627c0d99789c vn="Win32/OpenCandy potentially unsafe application" ac=I fn="D:\Stacjo\Stacjo4\chromedl\DTLite4413-0173_(programs.pl).exe"
sh=D3BA80098B559851B56A733C5C540A6302443AA2 ft=1 fh=0d6f89e5f675b5f5 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="D:\Stacjo\Stacjo4\chromedl\LF2_v20a_Install.exe"
sh=D343B3E2C0144988424C536F0BCF22E4CC5BADA3 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="D:\Stacjo\Stacjo5\Downloads\Ashampoo Burning Studio 10.10.0.1 +Key (32-64bit) -TrT\Ashampoo Burning Studio 10.10.0.1 +Key (32-64bit) -TrT.rar"
sh=03479A054A253149E08E1CD0F34D0C0E1F0867C3 ft=1 fh=e36611e3151c0b0e vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="D:\Stacjo\Stacjo5\Downloads\Ashampoo Burning Studio 10.10.0.1 +Key (32-64bit) -TrT\Ashampoo Burning Studio 10.10.0.1 +Key (32-64bit) -TrT\ashampoo_burning_studio_10_10.0.1_sm.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/HackTool.WinActivator.J potentially unsafe application" ac=I fn="D:\Stacjo\Stacjo5\Downloads\Windows 7.ULTIMATE.SP1.ALL.EDITIONS.32-64.bit-MAFIAA\Windows.7.SP1.ENG.x86-x64.MAFIAA.iso"
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=4d262eaf185c7e409fdc280e0e20e29d
# engine=19745
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-21 03:13:47
# local_time=2014-08-21 05:13:47 (+0100, Central European Daylight Time)
# country="Poland"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Bitdefender Antivirus'
# compatibility_mode=2063 16777213 66 100 58854 87299787 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 29843218 160220677 0 0
# scanned=377017
# found=27
# cleaned=0
# scan_time=58684
sh=FAECAF5ED22E5435B9D177C34EB9A649CD868AE7 ft=1 fh=f94ce5b1d9f02a3f vn="a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application" ac=I fn="C:\Users\Sebek\AppData\Local\Temp\uttF71B.tmp.exe"
sh=74F98950113C9013CA108AFF90D22CAA3343C6B7 ft=1 fh=e90aab207bab755d vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="D:\chromedl\bsplayer263-1071.exe"
sh=46152E8B96EC309AECCD04299883E3205C07C5D8 ft=1 fh=996a4477da497580 vn="Win32/Toolbar.Conduit.M potentially unwanted application" ac=I fn="D:\chromedl\bsplayer264.1073.exe"
sh=9A76769B0126D3A178AA86C473F4F2C5F61026CD ft=1 fh=8f053d67efaefc45 vn="Win32/Toolbar.Conduit.M potentially unwanted application" ac=I fn="D:\chromedl\bsplayer265.1074.exe"
sh=2132ABDFB96CA780F910CD46D6D456C09C7D608E ft=1 fh=5108147532b928ba vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="D:\chromedl\bsplayer266-1075.exe"
sh=6CDFE387B54A6E88B405167F2075373744616574 ft=1 fh=4ae36e6c65f7cef7 vn="Win32/Toolbar.Conduit.AE potentially unwanted application" ac=I fn="D:\chromedl\bsplayer266_1075.exe"
sh=E00D7B53C5285DE6E45EEFE59E88468460552081 ft=1 fh=ce36a11b6c9c491f vn="a variant of Win32/OpenInstall potentially unwanted application" ac=I fn="D:\chromedl\CWK.exe"
sh=5861896AB5408B11D5FC53B111A6BFC45EFD161D ft=1 fh=025db34a8da5cfd4 vn="a variant of Win32/DobreProgramy potentially unwanted application" ac=I fn="D:\chromedl\Free-Alarm-Clock(24929).exe"
sh=57B39EDF53486A9654EFE41DC95046FCE338B238 ft=1 fh=0c20e58af1de4efe vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="D:\chromedl\LF2_v20a_Install.exe"
sh=41B39297F7E406B4F5301572C0401F9F8EF8CA35 ft=1 fh=f2a8797b5b449bb7 vn="a variant of Win32/SoftonicDownloader.F potentially unwanted application" ac=I fn="D:\chromedl\SoftonicDownloader_for_pdfdu-rotate-pdf.exe"
sh=1767EC6D9A3622D113B935987FCBAE559BE644FC ft=1 fh=30448f7e1b3967ef vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="D:\ffdl\avira_free_antivirus_en(1).exe"
sh=843BD6D0E37AF230CC3FCA1C8CB0CE19DA855A85 ft=1 fh=271916743c9674d1 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="D:\ffdl\avira_free_antivirus_en.exe"
sh=667F9F533D45F9FB28A12314055362A17C6AB903 ft=1 fh=dc2331c6f13d2218 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="D:\ffdl\bsplayer262.1068.exe"
sh=1BF3475345E6003C06C9330575F45E2CE4CA9860 ft=1 fh=0b6cdf15c941b6d9 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="D:\ffdl\DTLite4454-0315.exe"
sh=2C7A088FDF06B8DF9C49A21CE2A3F3F45383E7C1 ft=1 fh=7b1df9bbd39c684b vn="Win32/DownWare.W potentially unwanted application" ac=I fn="D:\ffdl\SUPERsetup_v2012-build-53.exe"
sh=9590088AB47BAADF5F41EA26635236E8521271E8 ft=1 fh=000320d40bc4cf3e vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="D:\Stacjo\Stacjo1\avira_free_antivirus_en.exe"
sh=C8B869E24E27D3EB4EE34840E5F920F54879CDB3 ft=1 fh=a3eb6f5670512021 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="D:\Stacjo\Stacjo1\bsplayer261.1065.exe"
sh=667F9F533D45F9FB28A12314055362A17C6AB903 ft=1 fh=dc2331c6f13d2218 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="D:\Stacjo\Stacjo1\bsplayer262.1068.exe"
sh=EF77C1325FCA76E9DA9D7DE2A14E3B0A0E604C05 ft=1 fh=fd3bf3b0720b0ca3 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="D:\Stacjo\Stacjo1\cbsidlm-cbsi3_2_5_41-Alarm_Clock-10064069.exe"
sh=D3BA80098B559851B56A733C5C540A6302443AA2 ft=1 fh=0d6f89e5f675b5f5 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="D:\Stacjo\Stacjo1\LF2_v20a_Install.exe"
sh=EE87AB756D2EE1AC353EBE42FD01EF4817AE0A1A ft=1 fh=45ed39a9af02be67 vn="Win32/Malavida.A potentially unwanted application" ac=I fn="D:\Stacjo\Stacjo1\neoragex-windows-malavida.exe"
sh=EEBFC04D6B8FDE9B014214CC83DFBEFBF545D437 ft=1 fh=386346820fc68a16 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="D:\Stacjo\Stacjo1\PDFCreator-1_3_2_setup.exe"
sh=74892DEC37923D7A31595C60B2BD5D12651B6D92 ft=1 fh=1bdace94feeb436c vn="Win32/OpenCandy potentially unsafe application" ac=I fn="D:\Stacjo\Stacjo1\winamp5622_full_emusic-7plus_pl-pl.exe"
sh=1D4DD4523492EDC59753D2F328BF3564A9390EA4 ft=1 fh=ec458d8c372fafe5 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="D:\Stacjo\Stacjo4\chromedl\ashampoo_burning_studio_6_free_6.80_4312.exe"
sh=DE7767E0C52753A9395168FB8F88275522203451 ft=1 fh=2957105ba068805f vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="D:\Stacjo\Stacjo4\chromedl\cpu-z_1.58-setup-en.exe"
sh=B001F7D0F1F9A7E61C5499E5C8350F497B5A3E18 ft=1 fh=2a21627c0d99789c vn="Win32/OpenCandy potentially unsafe application" ac=I fn="D:\Stacjo\Stacjo4\chromedl\DTLite4413-0173_(programs.pl).exe"
sh=D3BA80098B559851B56A733C5C540A6302443AA2 ft=1 fh=0d6f89e5f675b5f5 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="D:\Stacjo\Stacjo4\chromedl\LF2_v20a_Install.exe"
 

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users