Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FlashBroker spyware causing slow computer start-up and run


  • Please log in to reply
10 replies to this topic

#1 midimusicman79

midimusicman79

  • Members
  • 766 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:07:20 AM

Posted 06 November 2014 - 10:30 AM

Hi all!

 

While researching spyware for the last six months, both by reading other peoples' topics and running several anti-spyware tools both on my own and with assistance from helpers here at Bleeping Computer, I have managed to get rid of a lot of spyware.

 

However, as my computer continues to be slow on start-up and run, there still seems to be something left in my registry; namely FlashBroker spyware. I have noticed this being frequently reported in other peoples' ComboFix logs, in the LOCKED REGISTRY KEYS section.

 

So I thought I should see if I too am infected, only trouble is that I think ComboFix is too powerful for me to run, so in stead I searched with SystemLook, results are below:

 

Any help as to how to get rid of FlashBroker spyware would be greatly appreciated.

 

Could uninstalling Abobe Flash Player and maybe also Shockwave Player possibly remedy the problem and unlock the registry keys, so that FlashBroker spyware can be detected and removed with either my anti-virus (I have ESET Smart Security 7) or any anti-spyware tool?

 

Thank you very much in advance!

 

Regards,

midimusicman79

 

 

SystemLook 30.07.11 by jpshortstuff
Log created at 13:29 on 06/11/2014 by Torbjoern Martin
Administrator - Elevation successful

========== regfind ==========

Searching for "FlashBroker"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@="FlashBroker"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@="IFlashBroker6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@="IFlashBroker"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@="IFlashBroker2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"

Searching for "{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

Searching for "{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

Searching for "{299817DA-1FAC-4CE2-8F48-A108237013BD}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

Searching for "{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]

Searching for "{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]

Searching for "{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

Searching for "{D27CDB70-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FlashFactory.FlashFactory\CLSID]
@="{D27CDB70-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FlashFactory.FlashFactory.1\CLSID]
@="{D27CDB70-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB70-AE6D-11cf-96B8-444553540000}]

Searching for "{57A0E746-3863-4D20-A811-950C84F1DB9B}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{307F64C0-621D-4D56-BBC6-91EFC13CE40D}\TypeLib]
@="{57A0E746-3863-4D20-A811-950C84F1DB9B}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{57A0E747-3863-4D20-A811-950C84F1DB9B}\TypeLib]
@="{57A0E746-3863-4D20-A811-950C84F1DB9B}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{57A0E746-3863-4D20-A811-950C84F1DB9B}]

Searching for "{86230738-D762-4C50-A2DE-A753E5B1686F}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{86230738-D762-4C50-A2DE-A753E5B1686F}]

Searching for "{FAF199D2-BFA7-4394-A4DE-044A08E59B32}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}]

Searching for "{2CA4F306-B280-4ab2-B5E1-1DFA3583F046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{2CA4F306-B280-4ab2-B5E1-1DFA3583F046}]

Searching for "{D27CDB6E-AE6D-11cf-96B8-444553540000}"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MacromediaFlashPaper.MacromediaFlashPaper\CLSID]
@="{D27CDB6E-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/futuresplash]
"CLSID"="{D27CDB6E-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-shockwave-flash]
"CLSID"="{D27CDB6E-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\CLSID]
@="{D27CDB6E-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.1\CLSID]
@="{D27CDB6E-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.10\CLSID]
@="{D27CDB6E-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.11\CLSID]
@="{D27CDB6E-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.12\CLSID]
@="{D27CDB6E-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.13\CLSID]
@="{D27CDB6E-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.14\CLSID]
@="{D27CDB6E-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.15\CLSID]
@="{D27CDB6E-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.3\CLSID]
@="{D27CDB6E-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.4\CLSID]
@="{D27CDB6E-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.5\CLSID]
@="{D27CDB6E-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.6\CLSID]
@="{D27CDB6E-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.7\CLSID]
@="{D27CDB6E-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.8\CLSID]
@="{D27CDB6E-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.9\CLSID]
@="{D27CDB6E-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_USERS\S-1-5-21-1060284298-2147125267-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}]

Searching for "{307F64C0-621D-4D56-BBC6-91EFC13CE40D}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{307F64C0-621D-4D56-BBC6-91EFC13CE40D}]

-= EOF =-


Edited by midimusicman79, 07 November 2014 - 06:44 AM.

MS Win 10 Pro 64-bit, EAM Pro/EEK, MB 3 Free, WPP, SWB Free, CryptoPrevent Free, NVT OSA and Unchecky, WFW, FFQ with CanDef, uBO, Ghostery, Grammarly Free and HTTPS Ew. Acronis TI 2018, K. Sw. Upd. AM-tools: 9-lab RT BETA, AdwCleaner, Auslogics AM, aswMBR, Avira PCC, BD ART, catchme, Cezurity AV, CCE, CKS, ClamWin P., Crystal Sec., DDS, DWCI, EMCO MD, eScan MWAV, ESS/EOS, FGP, FMTB, FRST, F-SOS, FSS, FreeFixer, GMP, GMER, hP BETA, HJT, Inherit, JRT, K. avz4, KVRT, K. TDSSKiller, LSP-Fix, MB 3 Free, MBAR BETA, MA Stinger, NMC, NoBot, NPE, NSS, NVT MRF (NMRF), OTL, PCC, QD, RCS, RSIT, RKill, Rs, SC, SR, SAP, SVRT, SAS, SL, TMHC, TSA ART, UHM, Vba32 AR, VRS, WR (AiO), Xvirus PG, ZAM, ZHPC, ZHPD and Zoek. I have 23 Years of PC Experience. Bold = effective.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:20 AM

Posted 11 November 2014 - 11:25 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554992 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 midimusicman79

midimusicman79
  • Topic Starter

  • Members
  • 766 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:07:20 AM

Posted 13 November 2014 - 09:20 AM

Hi again, all.

 

Thanks for the reply.

 

My apologies for not answering sooner, but on Tuesday I was running a complete system scan on my computer with EAM, which took about nine hours, and yesterday I was busy creating and translating the logs from DDS which appear below:

 

While waiting for your response, I have performed some more research and concluded that FlashBroker is a sub-name of the spyware, and that its official name is Mal/Fareit-C, according to this article:

 

http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Mal~Fareit-C/detailed-analysis.aspx

 

This spyware causes my computer to be slow on start-up and while running. The progress bar on start-up is going approximately 30-60 times over the screen, and the computer needs somewhat 10-15 minutes to be ready for use. And additionally many programs are slow on start-up(, especially Mozilla Firefox).

 

Furthermore, both my DVD burners have stopped working, because the registry keys appear to be damaged, according to the error messages in Device Manager.

 

I have my original Windows CD available, which is a newly created edition with SP3, and which I have burned myself a couple of months ago.

 

So far I have ran these anti-spyware programs, which have helped me to get rid of 300-400 threats totally, but unfortunately, not Mal/Fareit spyware:

 

AdwCleaner, aswMBR, AVZ Antiviral Toolkit, catchme, CKScanner, DDS, Dr.Web Cure-It, EAM, FRST, Farbar Service Scanner, Farbar GrantPerms, GMER, GiveMePower, herdProtect, HiJackThis, HitmanPro, JRT, Farbar ListParts, LSP-Fix, MBAM, McAfee Stinger, Farbar MiniToolBox, Norman Malware Cleaner, OTH, Panda Cloud Anti-virus, RSIT, RKill, RogueKiller, Rooter, Runscanner, SecurityCheck, Silent Runners, Sophos Virus Removal Tool, SUPERAntiSpyware, SystemLook, TDSSKiller, Trend Micro HouseCall, Vba32 AntiRootkit, VIPRE Rescue Scanner.

 

The CLSID's that I included in my previous post are mostly malicious and belong to Mal/Fareit spyware.

 

So, therefore my specific questions are:

 

  1. Could uninstalling Abobe Flash Player and maybe also Shockwave Player possibly remedy the problem and unlock the registry keys, so that Mal/Fareit spyware can be detected and removed with either my anti-virus (I have ESET Smart Security 7) or any anti-spyware tool?
  2. Can I repair both my DVD burners not working, by running Windows Repair (All in One)?

 

Any help as to how to get rid of Mal/Fareit spyware would be greatly appreciated.

 

Thank you very much in advance!

 

Regards,

midimusicman79

 

 

(Below is a DDS log; and an Attach log is zipped:)

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.21376  BrowserJavaVersion: 10.71.2
Run by Torbjoern Martin at 15:19:32 on 2014-11-12
#Option Extended Search is enabled.
Microsoft Windows XP Professional  5.1.2600.3.1252.47.1044.18.2047.1332 [GMT 1:00]

AV: ESET Smart Security 7.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal Firewall *Disabled*

============== Running Processes ================

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\USB TV\EM28XX\BDARemote.exe
C:\Program Files\CMS Peripherals\BounceBack Professional\BBLauncher.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.no/
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: EWPBrowseObject Class: {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - c:\Program Files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\java\jre7\bin\ssv.dll
BHO: Logon Assistant for Windows Live: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\Program Files\wot\WOT.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\Program Files\java\jre7\bin\jp2ssv.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\Program Files\wot\WOT.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\Program Files\wot\WOT.dll
uRun: [RemoteControl] <no file>
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [CTHelper] CTHELPER.EXE
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [ISUSPM Startup] "c:\Program Files\Common Files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\Program Files\Common Files\installshield\updateservice\issch.exe" -start
mRun: [OpwareSE2] "c:\Program Files\scansoft\omnipagese2.0\OpwareSE2.exe"
mRun: [mspwr] c:\windows\system32\PuXpMan2.exe
mRun: [NSLauncher] c:\Program Files\nokia\nokia software launcher\NSLauncher.exe /startup
mRun: [Adobe Photo Downloader] "c:\Program Files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [AppleSyncNotifier] c:\Program Files\Common Files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [DVD- and CD-sharing] "c:\Program Files\dvd- and cd-sharing\ODSAgent.exe"
mRun: [APSDaemon] "c:\Program Files\Common Files\apple\apple application support\APSDaemon.exe"
mRun: [StartCCC] "c:\Program Files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "c:\Program Files\quicktime\QTTask.exe" -atboottime
mRun: [egui] "c:\Program Files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [IJNetworkScannerSelectorEX] c:\Program Files\canon\ij network scanner selector ex\CNMNSST.exe /FORCE
mRun: [iTunesHelper] "c:\Program Files\itunes\iTunesHelper.exe"
mRun: [EvtMgr6] c:\Program Files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [SunJavaUpdateSched] "c:\Program Files\Common Files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\start-~1\progra~1\startup\bdarem~1.lnk - c:\Program Files\usb tv\em28xx\BDARemote.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\progra~1\startup\bounce~1.lnk - c:\Program Files\cms peripherals\bounceback professional\BBLauncher.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\progra~1\startup\sonicc~1.lnk - c:\Program Files\Common Files\sonic shared\CineTray.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\progra~1\startup\window~1.lnk - c:\Program Files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15026/CTSUEng.cab
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://scan.safety.live.com/resource/download/scanner/wlscbase5059.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1373122604828
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1345026703125
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} - hxxp://www.creative.com/register/OCXs/CtORWebClientNoMFC.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://plugin.driveragent.com/files/driveragent.cab
DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} - hxxp://apps.corel.com/nos_dl_manager/plugin/IENetOpPlugin.ocx
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15026/CTPID.cab
TCP: NameServer = 130.67.15.198 193.213.112.4 10.0.0.138
TCP: Interfaces\{DF60B97F-F4BC-4CE5-BB7B-B3EFA1C40066} : DHCPNameServer = 130.67.15.198 193.213.112.4 10.0.0.138
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\Program Files\wot\WOT.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\Program Files\Common Files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\Program Files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: ccc-core-static - msiexec /fums {399150FC-EB45-1CE0-0792-1F3A23397BD4} /qb

================= FIREFOX ===================

FF - ProfilePath - c:\documents and settings\Torbjoern martin\Program Data\mozilla\firefox\profiles\1ajtphld.default\

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2013-9-17 134248]
R2 ekrn;ESET Service;c:\Program Files\eset\eset smart security\ekrn.exe [2013-9-12 1337752]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2014-9-30 10136]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\PFMODNT.SYS [2005-12-8 8192]
R2 portD;CMS PortIO Service;c:\windows\system32\drivers\portd2k.sys [2006-8-3 14976]
R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2005-7-26 347648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [2005-7-26 43392]
S3 cleanhlp;cleanhlp;\??\c:\Program Files\emsisoft anti-malware\cleanhlp32.sys --> c:\Program Files\emsisoft anti-malware\cleanhlp32.sys [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2013-5-10 23456]
S3 PortReporter;Port Reporter;c:\Program Files\portreporter\PortReporter.exe [2006-8-5 90183]
S3 RDID1032;Roland GI-20;c:\windows\system32\drivers\rdwm1032.sys [2006-9-27 43900]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]

=============== Created Last 60 ================

2014-11-11 12:42:17    25401968    ----a-w-    c:\Program Files\mozilla firefox\xul.dll
2014-11-11 12:42:16    93808    ----a-w-    c:\Program Files\mozilla firefox\webapprt-stub.exe
2014-11-11 12:42:15    91032    ----a-w-    c:\Program Files\mozilla firefox\webapp-uninstaller.exe
2014-11-11 12:42:14    273008    ----a-w-    c:\Program Files\mozilla firefox\updater.exe
2014-11-11 12:42:13    904752    ----a-w-    c:\Program Files\mozilla firefox\uninstall\helper.exe
2014-11-11 12:42:12    150128    ----a-w-    c:\Program Files\mozilla firefox\softokn3.dll
2014-11-11 12:42:11    220784    ----a-w-    c:\Program Files\mozilla firefox\sandboxbroker.dll
2014-11-11 12:40:57    3231832    ----a-w-    c:\Program Files\mozilla firefox\d3dcompiler_46.dll
2014-11-11 12:40:55    2106216    ----a-w-    c:\Program Files\mozilla firefox\D3DCompiler_43.dll
2014-11-11 12:40:52    115312    ----a-w-    c:\Program Files\mozilla firefox\crashreporter.exe
2014-11-11 12:40:47    48240    ----a-w-    c:\Program Files\mozilla firefox\browser\components\browsercomps.dll
2014-11-11 12:40:46    74864    ----a-w-    c:\Program Files\mozilla firefox\breakpadinjector.dll
2014-11-11 12:40:46    20080    ----a-w-    c:\Program Files\mozilla firefox\AccessibleMarshal.dll
2014-11-07 16:38:40    --------    d-----w-    c:\documents and settings\all users\Program Data\Emsisoft
2014-11-07 14:14:04    --------    d-----w-    c:\Program Files\Emsisoft Anti-Malware
2014-11-05 12:08:24    --------    d-----w-    c:\windows\system32\wbem\repository\FS
2014-11-05 12:08:24    --------    d-----w-    c:\windows\system32\wbem\Repository
2014-11-01 09:12:51    --------    d-----w-    c:\documents and settings\all users\Program Data\Sophos
2014-10-18 10:44:41    145408    ----a-w-    c:\windows\system32\javacpl.cpl
2014-10-18 10:44:17    96680    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-10-09 10:41:21    --------    d-----w-    C:\FRST
2014-10-08 13:00:13    85504    ------w-    C:\Inherit.exe
2014-10-04 10:54:32    --------    d-----w-    c:\windows\ERUNT
2014-09-30 13:33:31    16400    ----a-w-    c:\windows\system32\drivers\LNonPnP.sys
2014-09-30 13:32:26    10136    ------w-    c:\windows\system32\drivers\LBeepKE.sys
2014-09-30 13:17:55    --------    d-----w-    c:\documents and settings\Torbjoern martin\Program Data\Logishrd
2014-09-20 11:24:16    --------    d-----w-    c:\Program Files\Tweaking.com
2014-09-14 11:38:35    26840    ------w-    c:\windows\system32\drivers\GEARAspiWDM.sys
2014-09-14 11:36:14    --------    d-----w-    c:\Program Files\iPod
2014-09-14 11:35:36    --------    d-----w-    c:\Program Files\iTunes
2014-09-14 11:35:36    --------    d-----w-    c:\documents and settings\all users\Program Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

==================== Find6M  ====================

2014-11-12 12:38:36    701104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-11-12 12:38:35    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl

============= FINISH: 15:20:51,00 ===============
 

Attached File  attach.zip   5.79KB   0 downloads


Edited by midimusicman79, 14 November 2014 - 04:22 AM.

MS Win 10 Pro 64-bit, EAM Pro/EEK, MB 3 Free, WPP, SWB Free, CryptoPrevent Free, NVT OSA and Unchecky, WFW, FFQ with CanDef, uBO, Ghostery, Grammarly Free and HTTPS Ew. Acronis TI 2018, K. Sw. Upd. AM-tools: 9-lab RT BETA, AdwCleaner, Auslogics AM, aswMBR, Avira PCC, BD ART, catchme, Cezurity AV, CCE, CKS, ClamWin P., Crystal Sec., DDS, DWCI, EMCO MD, eScan MWAV, ESS/EOS, FGP, FMTB, FRST, F-SOS, FSS, FreeFixer, GMP, GMER, hP BETA, HJT, Inherit, JRT, K. avz4, KVRT, K. TDSSKiller, LSP-Fix, MB 3 Free, MBAR BETA, MA Stinger, NMC, NoBot, NPE, NSS, NVT MRF (NMRF), OTL, PCC, QD, RCS, RSIT, RKill, Rs, SC, SR, SAP, SVRT, SAS, SL, TMHC, TSA ART, UHM, Vba32 AR, VRS, WR (AiO), Xvirus PG, ZAM, ZHPC, ZHPD and Zoek. I have 23 Years of PC Experience. Bold = effective.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:20 AM

Posted 14 November 2014 - 10:49 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#5 midimusicman79

midimusicman79
  • Topic Starter

  • Members
  • 766 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:07:20 AM

Posted 15 November 2014 - 10:51 AM

Hi, nasdaq.

 

Thanks for replying! Nice to meet you again, sir! :hello:

 

Here are the logs you requested; FRST and Addition (zipped below):

 

Regards,

midimusicman79

 

 

FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-11-2014 01
Ran by Torbjoern Martin (administrator) on EGEN-6B8E11F08C on 15-11-2014 13:44:24
Running from C:\Documents and Settings\Torbjoern Martin\Desktop
Loaded Profile: Torbjoern Martin (Available profiles: Torbjoern Martin & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Norwegian (Book Language)
Internet Explorer Version 7
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\system32\cisvc.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CTSVCCDA.EXE
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Creative Technology Ltd) C:\WINDOWS\CTHELPER.EXE
() C:\WINDOWS\system32\TaskSwitch.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(ScanSoft, Inc.) C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
(Apple Inc.) C:\Program Files\QuickTime\QTTask.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\WINDOWS\system32\inetsrv\inetinfo.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
() C:\Program Files\USB TV\EM28XX\BDARemote.exe
() C:\Program Files\CMS Peripherals\BounceBack Professional\BBLauncher.exe
(Sonic Solutions) C:\Program Files\Common Files\Sonic Shared\CineTray.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Microsoft Corporation) C:\WINDOWS\system32\tcpsvcs.exe
(Microsoft Corporation) C:\WINDOWS\system32\snmp.exe
(Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\WINDOWS\system32\mqtgsvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\system32\cidaemon.exe
(Microsoft Corporation) C:\WINDOWS\system32\cidaemon.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MsmqIntCert] => regsvr32 /s mqrt.dll
HKLM\...\Run: [CTHelper] => C:\WINDOWS\CTHELPER.EXE [16384 2005-12-08] (Creative Technology Ltd)
HKLM\...\Run: [CoolSwitch] => C:\WINDOWS\system32\taskswitch.exe [45632 2002-03-19] ()
HKLM\...\Run: [ISUSPM Startup] => "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation)
HKLM\...\Run: [OpwareSE2] => C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [49152 2003-05-08] (ScanSoft, Inc.)
HKLM\...\Run: [mspwr] => C:\WINDOWS\system32\PuXpMan2.exe
HKLM\...\Run: [NSLauncher] => C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe [3100672 2007-09-07] ()
HKLM\...\Run: [Adobe Photo Downloader] => C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [57344 2005-06-06] (Adobe Systems Incorporated)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47392 2010-04-13] (Apple Inc.)
HKLM\...\Run: [DVD- and CD-sharing] => C:\Program Files\DVD- and CD-sharing\ODSAgent.exe [619832 2008-02-20] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5110672 2013-09-12] (ESET)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2303256 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\LBTWlgn: c:\Program Files\Common Files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1060284298-2147125267-725345543-1003\...\Run: [RemoteControl] => [X]
HKU\S-1-5-21-1060284298-2147125267-725345543-1003\...\Run: [Creative Detector] => "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R     
HKU\S-1-5-21-1060284298-2147125267-725345543-1003\...\Run: [ctfmon.exe] =>
HKU\S-1-5-21-1060284298-2147125267-725345543-1003\...\Run: [] => C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1060284298-2147125267-725345543-1003\...\Run: [StartCCC] => [X]
HKU\S-1-5-21-1060284298-2147125267-725345543-1003\...\Run: [TrendSecure Remote File Lock] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2010-02-10] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1060284298-2147125267-725345543-1003\...\Run: [WMPNSCFG] => C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe [423248 2008-03-06] (Trend Micro Inc.)
Startup: C:\Documents and Settings\All Users\Start-menu\Programmer\Startup\BDARemote.lnk
ShortcutTarget: BDARemote.lnk -> C:\Program Files\USB TV\EM28XX\BDARemote.exe ()
Startup: C:\Documents and Settings\All Users\Start-menu\Programmer\Startup\BounceBack Launcher.lnk
ShortcutTarget: BounceBack Launcher.lnk -> C:\Program Files\CMS Peripherals\BounceBack Professional\BBLauncher.exe ()
Startup: C:\Documents and Settings\All Users\Start-menu\Programmer\Startup\Sonic CinePlayer Quick Launch.lnk
ShortcutTarget: Sonic CinePlayer Quick Launch.lnk -> C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
Startup: C:\Documents and Settings\All Users\Start-menu\Programmer\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1060284298-2147125267-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: EWPBrowseObject Class -> {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} -> C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Logon Assistant for Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll ()
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/su/ocx/15026/CTSUEng.cab
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://scan.safety.live.com/resource/download/scanner/wlscbase5059.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} http://www.creative.com/register/OCXs/CtORWebClientNoMFC.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://plugin.driveragent.com/files/driveragent.cab
DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} http://apps.corel.com/nos_dl_manager/plugin/IENetOpPlugin.ocx
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/su/ocx/15026/CTPID.cab
Handler: ipp - No CLSID Value -
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 04 C:\WINDOWS\system32\pnrpnsp.dll [58880] (Microsoft Corporation)
Winsock: Catalog5 05 C:\WINDOWS\system32\pnrpnsp.dll [58880] (Microsoft Corporation)
Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 130.67.15.198 193.213.112.4 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Torbjoern Martin\Program Data\Mozilla\Firefox\Profiles\1ajtphld.default
FF Homepage: https://www.google.com/intl/en/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\book-NO.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\ddg.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yellowpages-NO.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\qxl-NO.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-NO.xml
FF Extension: WOT - C:\Documents and Settings\Torbjoern Martin\Program Data\Mozilla\Firefox\Profiles\1ajtphld.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-07-11]
FF Extension: Adblock Plus - C:\Documents and Settings\Torbjoern Martin\Program Data\Mozilla\Firefox\Profiles\1ajtphld.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-22]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-11-11]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-11-11]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-21]
FF HKLM\...\Thunderbird\Extensions: [[email protected]<script type="text/javascript"> /* */ </script>] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-03-29]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336 2014-08-28] (Apple Inc.)
R2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [602112 2010-02-11] (ATI Technologies Inc.) [File not signed]
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2010-02-10] () [File not signed]
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [390504 2011-08-30] (Apple Inc.)
R2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [44032 1999-12-13] (Creative Technology Ltd) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1337752 2013-09-12] (ESET)
S4 gupdate; C:\Program Files\Google\Update\GoogleUpdate.exe [136176 2011-05-11] (Google Inc.)
S4 gupdatem; C:\Program Files\Google\Update\GoogleUpdate.exe [136176 2011-05-11] (Google Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 IISADMIN; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] ()
R3 iPod Service; C:\Program Files\iPod\bin\iPodService.exe [553288 2014-09-01] (Apple Inc.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-18] (Oracle Corporation)
S3 LBTServ; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [293144 2014-03-24] (Logitech, Inc.)
S3 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [19456 2004-08-04] (Microsoft Corporation)
S4 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [322120 2003-06-19] (Microsoft Corporation)
S3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [114288 2014-11-11] (Mozilla Foundation)
R2 MSFtpsvc; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
R2 MSMQ; C:\WINDOWS\system32\mqsvc.exe [4608 2009-06-22] (Microsoft Corporation) [File not signed]
R2 MSMQTriggers; C:\WINDOWS\system32\mqtgsvc.exe [117248 2009-06-22] (Microsoft Corporation) [File not signed]
R3 ose; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [89136 2003-07-28] (Microsoft Corporation)
S3 p2pgasvc; C:\WINDOWS\system32\p2pgasvc.dll [105472 2008-04-14] (Microsoft Corporation)
S3 PortReporter; C:\Program Files\PortReporter\portreporter.exe [90183 2004-03-30] () [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [212480 2007-02-08] (Nokia.) [File not signed]
R2 SMTPSVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
R2 W3SVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
R2 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [914944 2006-11-15] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 A5AGU; C:\WINDOWS\System32\DRIVERS\A5AGU.sys [347648 2006-09-21] (D-Link Corporation)
R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [5685 2005-12-22] () [File not signed]
S3 ATHFMWDL; C:\WINDOWS\System32\Drivers\ATHFMWDL.sys [43392 2005-07-26] (Windows ® 2000 DDK provider) [File not signed]
R3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [3565056 2010-02-11] (ATI Technologies Inc.) [File not signed]
R3 ATIAVAIW; C:\WINDOWS\System32\DRIVERS\atinavt2.sys [170496 2009-02-04] (ATI Technologies Inc.) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [340704 2005-11-10] (Creative Technology Ltd)
S3 DrvAgent32; C:\WINDOWS\system32\Drivers\DrvAgent32.sys [23456 2013-05-10] (Phoenix Technologies) [File not signed]
R1 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [184664 2013-09-17] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [134248 2013-09-17] (ESET)
R2 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [174400 2013-09-17] (ESET)
R3 Epfwndis; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [38952 2013-09-17] (ESET)
R1 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [61600 2013-09-17] (ESET)
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R3 ha10kx2k; C:\WINDOWS\System32\drivers\ha10kx2k.sys [754176 2005-12-08] (Creative Technology Ltd)
R3 hap16v2k; C:\WINDOWS\System32\drivers\hap16v2k.sys [154112 2005-12-08] (Creative Technology Ltd)
S3 hap17v2k; C:\WINDOWS\System32\drivers\hap17v2k.sys [179712 2005-12-08] (Creative Technology Ltd)
R3 LUsbFilt; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [28312 2014-03-19] (Logitech, Inc.)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)
R3 MQAC; C:\WINDOWS\system32\drivers\mqac.sys [91776 2009-06-22] (Microsoft Corporation) [File not signed]
S3 msgame; C:\WINDOWS\System32\DRIVERS\msgame.sys [35200 2001-08-17] (Microsoft Corporation)
S3 ms_mpu401; C:\WINDOWS\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 PfDetNT; C:\WINDOWS\system32\drivers\PfModNT.sys [8192 2005-12-08] (Creative Technology Ltd.)
R2 portD; C:\WINDOWS\System32\DRIVERS\portd2k.sys [14976 2004-02-23] (CMS Peripherals, Inc.) [File not signed]
S3 RDID1032; C:\WINDOWS\System32\Drivers\rdwm1032.sys [43900 2002-12-18] (Roland Corporation) [File not signed]
R0 SI3132; C:\WINDOWS\System32\DRIVERS\SI3132.sys [80424 2007-10-03] (Silicon Image, Inc)
R0 SiFilter; C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys [19240 2007-10-03] (Silicon Image, Inc)
R0 SiRemFil; C:\WINDOWS\System32\DRIVERS\SiRemFil.sys [15400 2007-10-03] (Silicon Image, Inc)
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 TVICHW32; C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [23600 2006-06-06] (EnTech Taiwan) [File not signed]
S3 YMIDUSB; C:\WINDOWS\System32\Drivers\ymidusb.sys [16640 2006-12-21] (Yamaha Corporation) [File not signed]
S3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [245248 2006-05-23] (Marvell)
S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [X]
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [26840 2012-08-21] (GEAR Software Inc.)
S4 IntelIde; No ImagePath
U5 LHidKe; C:\Windows\System32\Drivers\LHidKe.sys [27136 2006-07-19] (Logitech Inc.) [File not signed]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

========================== Drivers MD5 =======================

C:\WINDOWS\System32\DRIVERS\A5AGU.sys 6E0A62F76886F7C0807B2DCEE0524EFF
C:\WINDOWS\System32\DRIVERS\ACPI.sys 7E3B0F07B0DCB6155FD4EAF4047F0C72
C:\WINDOWS\system32\Drivers\ACPIEC.sys EAB54EA21AB7EA92FB9975C02779080B
C:\WINDOWS\System32\drivers\aec.sys 8BED39E3C35D6A489438B8141717A557
C:\WINDOWS\System32\drivers\afd.sys 1E44BC1E83D8FD2305F8D452DB109CF9
C:\WINDOWS\System32\DRIVERS\arp1394.sys B5B8A80875C1DEDEDA8B02765642C32F
C:\WINDOWS\System32\drivers\AsIO.sys 19A1DAC5BC607C212E8A94C05886ED52
C:\WINDOWS\System32\DRIVERS\asyncmac.sys B153AFFAC761E7F5FCFA822B9C4E97BC
C:\WINDOWS\System32\DRIVERS\atapi.sys 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\System32\Drivers\ATHFMWDL.sys 8B56BAC1AF3A59D665D7A5D1BB5624F0
C:\WINDOWS\System32\DRIVERS\ati2mtag.sys C0B86ECB324E50F6BBD529F9D5C6B24B
C:\WINDOWS\System32\DRIVERS\atinavt2.sys BEFB648D5A40B816D66283B571BBE38A
C:\WINDOWS\System32\DRIVERS\atmarpc.sys 9916C1225104BA14794209CFA8012159
C:\WINDOWS\System32\DRIVERS\audstub.sys D9F724AA26C010A217C97606B160ED68
C:\WINDOWS\system32\Drivers\Beep.sys DA1F27D85E0D1525F6621372E7B685E9
C:\WINDOWS\system32\Drivers\cbidf2k.sys 90A673FC8E12A79AFBED2576F6A7AAF9
C:\WINDOWS\System32\DRIVERS\CCDECODE.sys 0BE5AEF125BE881C4F854C554F2B025C
C:\WINDOWS\system32\Drivers\Cdaudio.sys C1B486A7658353D33A10CC15211A873B
C:\WINDOWS\system32\Drivers\Cdfs.sys C885B02847F5D2FD45A24E219ED93B32
C:\WINDOWS\System32\DRIVERS\cdrom.sys 1F4260CC5B42272D71F79E570A27A4FE
C:\WINDOWS\System32\drivers\ctac32k.sys 3CFB715F2E3B0E475E984F78CDFADA57
C:\WINDOWS\System32\drivers\ctaud2k.sys B640816F7D3FFEAAEFEA831242FE5E8C
C:\WINDOWS\System32\drivers\ctdvda2k.sys C4333325D325EFA668888D0D3177C6FF
C:\WINDOWS\System32\drivers\ctprxy2k.sys A9F9A48406E99134CD3879B410E9139D
C:\WINDOWS\System32\drivers\ctsfm2k.sys FCBB8EA6FE935D2C531D3A4DEE9F985B
C:\WINDOWS\System32\DRIVERS\disk.sys 044452051F3E02E7963599FC8F4F3E25
C:\WINDOWS\System32\drivers\dmboot.sys F1F9E49B764C96902ECCABEF144E7CC7
C:\WINDOWS\System32\drivers\dmio.sys 12CA201C2B40D8A8B1687164E2DD1D9A
C:\WINDOWS\System32\drivers\dmload.sys E9317282A63CA4D188C0DF5E09C6AC5F
C:\WINDOWS\System32\drivers\DMusic.sys 8A208DFCF89792A484E76C40E5F50B45
C:\WINDOWS\System32\drivers\drmkaud.sys 8F5FCFF8E8848AFAC920905FBD9D33C8
C:\WINDOWS\system32\Drivers\DrvAgent32.sys 651554E483712B708EDE864D0CA1AA73
C:\WINDOWS\System32\DRIVERS\e1e5132.sys F239EC59B4A30266A4A7B081A5DEE0FC
C:\WINDOWS\System32\DRIVERS\eamon.sys 0C51F1D7A7501FC948D35AE0FDE764A5
C:\WINDOWS\System32\DRIVERS\ehdrv.sys C79916F203E1A2CBBE99F22D6E5D21DA
C:\WINDOWS\System32\drivers\emupia2k.sys 05377DDEDF219D9BD3102BD9FBDC3EAE
C:\WINDOWS\System32\DRIVERS\epfw.sys 4B6B2C930CD076F8BDEE683512EE05E8
C:\WINDOWS\System32\DRIVERS\Epfwndis.sys BE76566CE5E943B7529CF49025506542
C:\WINDOWS\System32\DRIVERS\epfwtdi.sys B964288A27843BDAFB5EE3A5CFC26A0A
C:\WINDOWS\system32\Drivers\Fastfat.sys 38D332A6D56AF32635675F132548343E
C:\WINDOWS\System32\DRIVERS\fdc.sys 92CDD60B6730B9F50F6A1A0C1F8CDC81
C:\WINDOWS\system32\Drivers\Fips.sys A3D6EF42350586396D613081E20D750C
C:\WINDOWS\System32\DRIVERS\flpydisk.sys 9D27E7B80BFCDF1CDD9B555862D5E7F0
C:\WINDOWS\System32\drivers\fltmgr.sys B2CF4B0786F8212CB92ED2B50C6DB6B0
C:\WINDOWS\system32\Drivers\Fs_Rec.sys 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A
C:\WINDOWS\System32\DRIVERS\ftdisk.sys F49589D9B1B3229EB3E761E569B20ACA
C:\WINDOWS\System32\DRIVERS\gameenum.sys 065639773D8B03F33577F6CDAEA21063
C:\WINDOWS\System32\giveio.sys 77EBF3E9386DAA51551AF429052D88D0
C:\WINDOWS\System32\DRIVERS\msgpc.sys 0A02C63C8B144BD8C86B103DEE7C86A2
C:\WINDOWS\System32\drivers\ha10kx2k.sys 5DA1AF9485B591E4406924803969CCF0
C:\WINDOWS\System32\drivers\hap16v2k.sys 9F7EEC8D49279052E4D70971246AC7CD
C:\WINDOWS\System32\drivers\hap17v2k.sys C34FBFCF18332927C9D7DFB44F1CC84F
C:\WINDOWS\System32\DRIVERS\hidusb.sys CCF82C5EC8A7326C3066DE870C06DAF1
C:\WINDOWS\System32\Drivers\HTTP.sys F80A415EF82CD06FFAF0D971528EAD38
C:\WINDOWS\System32\DRIVERS\i8042prt.sys 07D2C69BF1230998553EA5FC62E4DA9D
C:\WINDOWS\System32\DRIVERS\imapi.sys 083A052659F5310DD8B6A6CB05EDCF8E
C:\WINDOWS\System32\DRIVERS\intelppm.sys 694E25EFDC04BFC2803B718CD01B71AD
C:\WINDOWS\System32\drivers\ip6fw.sys 3BB22519A194418D5FEC05D800A19AD0
C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 731F22BA402EE4B62748ADAF6363C182
C:\WINDOWS\System32\DRIVERS\ipinip.sys B87AB476DCF76E72010632B5550955F5
C:\WINDOWS\System32\DRIVERS\ipnat.sys CC748EA12C6EFFDE940EE98098BF96BB
C:\WINDOWS\System32\DRIVERS\ipsec.sys 23C74D75E36E7158768DD63D92789A91
C:\WINDOWS\System32\DRIVERS\irenum.sys C93C9FF7B04D772627A3646D89F7BF89
C:\WINDOWS\System32\DRIVERS\isapnp.sys 165255B09753CD0900287C6722B53E8A
C:\WINDOWS\System32\DRIVERS\kbdclass.sys 403A9D3C56617C49EFCB5F2897F500D7
C:\WINDOWS\System32\DRIVERS\kbdhid.sys AD4760546EF72CEE55E12F91DC444847
C:\WINDOWS\System32\drivers\kmixer.sys 692BCF44383D056AED41B045A323D378
C:\WINDOWS\system32\Drivers\KSecDD.sys B467646C54CC746128904E1654C750C1
C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys D1968DEA7BAFF4A917858C384339CEC8
C:\WINDOWS\System32\Drivers\LBeepKE.sys 8ABFD7FB22CBE8D6066EEE2CF352B0BB
C:\WINDOWS\System32\DRIVERS\LHidFilt.Sys B9E077D03FCCD05A8829DC5E0653E60B
C:\WINDOWS\System32\DRIVERS\LMouFilt.Sys FBB88DD2236B263FF412AA7067BDFEE6
C:\WINDOWS\System32\Drivers\LUsbFilt.Sys EEB18645DB3CA244F09821C7D7EC8A6B
C:\WINDOWS\system32\Drivers\mnmdd.sys 4AE068242760A1FB6E1A44BF4E16AFA6
C:\WINDOWS\system32\Drivers\Modem.sys EFC09980C68BE2DD0BC3076AAA567D67
C:\WINDOWS\System32\DRIVERS\mouclass.sys F54DE35966BD4F6D7D751642DED032DB
C:\WINDOWS\System32\DRIVERS\mouhid.sys 2C8ACE099162A015D464C9A427148651
C:\WINDOWS\system32\Drivers\MountMgr.sys A80B9A0BAD1B73637DBCBBA7DF72D3FD
C:\WINDOWS\System32\DRIVERS\MPE.sys C0F8E0C2C3C0437CF37C6781896DC3EC
C:\WINDOWS\system32\drivers\mqac.sys EEE50BF24CAEEDB515A8F3B22756D3BB
C:\WINDOWS\System32\DRIVERS\mrxdav.sys 11D42BB6206F33FBB3BA0288D3EF81BD
C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 7D304A5EB4344EBEEAB53A2FE3FFB9F0
C:\WINDOWS\system32\Drivers\Msfs.sys C941EA2454BA8350021D774DAF0F1027
C:\WINDOWS\System32\DRIVERS\msgame.sys 082A950191DDE602BBEA8EF4E5900251
C:\WINDOWS\System32\drivers\MSKSSRV.sys D1575E71568F4D9E14CA56B7B0453BF1
C:\WINDOWS\System32\drivers\MSPCLOCK.sys 325BB26842FC7CCC1FCCE2C457317F3E
C:\WINDOWS\System32\drivers\MSPQM.sys BAD59648BA099DA4A17680B39730CB3D
C:\WINDOWS\System32\DRIVERS\mssmbios.sys AF5F4F3F14A8EA2C26DE30F7A1E17136
C:\WINDOWS\System32\drivers\MSTEE.sys E53736A9E30C45FA9E7B5EAC55056D1D
C:\WINDOWS\System32\drivers\msmpu401.sys CA3E22598F411199ADC2DFEE76CD0AE0
C:\WINDOWS\System32\DRIVERS\ASACPI.sys D48659BB24C48345D926ECB45C1EBDF5
C:\WINDOWS\system32\Drivers\Mup.sys DE6A75F5C270E756C5508D94B6CF68F5
C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys 5B50F1B2A2ED47D560577B221DA734DB
C:\WINDOWS\system32\Drivers\NDIS.sys 1DF7F42665C94B825322FAE71721130D
C:\WINDOWS\System32\DRIVERS\NdisIP.sys 7FF1F1FD8609C149AA432F95A8163D97
C:\WINDOWS\System32\DRIVERS\ndistapi.sys 0109C4F3850DFBAB279542515386AE22
C:\WINDOWS\System32\DRIVERS\ndisuio.sys F927A4434C5028758A842943EF1A3849
C:\WINDOWS\System32\DRIVERS\ndiswan.sys EDC1531A49C80614B2CFDA43CA8659AB
C:\WINDOWS\system32\Drivers\NDProxy.sys 2F597BB467E05B1FE3830EABD821B8E0
C:\WINDOWS\System32\DRIVERS\netbios.sys 5D81CF9A2F1A3A756B66CF684911CDF0
C:\WINDOWS\System32\DRIVERS\netbt.sys 74B2B2F5BEA5E9A3DC021D685551BD3D
C:\WINDOWS\System32\DRIVERS\nic1394.sys E9E47CFB2D461FA0FC75B7A74C6383EA
C:\WINDOWS\System32\drivers\nmwcd.sys 696B37EA78F9D9767A2F18BA0304A51A
C:\WINDOWS\System32\drivers\nmwcdc.sys BBB6010FC01D9239D88FCDF133E03FF0
C:\WINDOWS\System32\drivers\nmwcdcj.sys 4C3726467D67483F054C88F058E9C153
C:\WINDOWS\System32\drivers\nmwcdcm.sys 4C3726467D67483F054C88F058E9C153
C:\WINDOWS\system32\Drivers\Npfs.sys 3182D64AE053D6FB034F44B6DEF8034A
C:\WINDOWS\system32\Drivers\Ntfs.sys 78A08DD6A8D65E697C18E1DB01C5CDCA
C:\WINDOWS\system32\Drivers\Null.sys 73C1E1F395918BC2C6DD67AF7591A3AD
C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys B305F3FAD35083837EF46A0BBCE2FC57
C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys C99B3415198D1AAB7227F2C88FD664B9
C:\WINDOWS\System32\DRIVERS\ohci1394.sys CA33832DF41AFB202EE7AEB05145922F
C:\WINDOWS\System32\drivers\ctoss2k.sys 3649EEFA90990249267DD6C7808CBC86
C:\WINDOWS\System32\DRIVERS\parport.sys 1AA2E7C0F517B16C6D53093F6EF4D707
C:\WINDOWS\system32\Drivers\PartMgr.sys BEB3BA25197665D82EC7065B724171C6
C:\WINDOWS\system32\Drivers\ParVdm.sys 12297B25CCC4D89D9D2E794A8FD6EE3D
C:\WINDOWS\System32\DRIVERS\pci.sys 5AF0A66BBBBB8D44A308141F529EA5E0
C:\WINDOWS\System32\DRIVERS\pciide.sys C9EF84891A111F6F5EBB758A29252E54
C:\WINDOWS\system32\Drivers\Pcmcia.sys 339B6DA5D9E01E04F39A5E93612D5C5A
C:\WINDOWS\system32\drivers\PfModNT.sys DB64E50CFEA80077E47C282BCE2C1813
C:\WINDOWS\System32\DRIVERS\portd2k.sys 97152B53B88C82564CAE86FE16635BDC
C:\WINDOWS\System32\DRIVERS\raspptp.sys EFEEC01B1D3CF84F16DDD24D9D9D8F99
C:\WINDOWS\System32\DRIVERS\psched.sys 09298EC810B07E5D582CB3A3F9255424
C:\WINDOWS\System32\DRIVERS\ptilink.sys 80D317BD1C3DBC5D4FE7B1678C60CADD
C:\WINDOWS\System32\DRIVERS\rasacd.sys FE0D99D6F31E4FAD8159F690D68DED9C
C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 11B4A627BC9614B885C4969BFA5FF8A6
C:\WINDOWS\System32\DRIVERS\raspppoe.sys 5BC962F2654137C9909C3D4603587DEE
C:\WINDOWS\System32\DRIVERS\raspti.sys FDBB1D60066FCFBB7452FD8F9829B242
C:\WINDOWS\System32\DRIVERS\rdbss.sys 7AD224AD1A1437FE28D89CF22B17780A
C:\WINDOWS\System32\Drivers\rdwm1032.sys CBCCC79FD9AB75487508C59863BE702D
C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 4912D5B403614CE99C28420F75353332
C:\WINDOWS\System32\DRIVERS\rdpdr.sys 15CABD0F7C00C47C70124907916AF3F1
C:\WINDOWS\system32\Drivers\RDPWD.sys 43AF5212BD8FB5BA6EED9754358BD8F7
C:\WINDOWS\System32\DRIVERS\redbook.sys 99C7D4742BE0415D084126EC3462B454
C:\WINDOWS\system32\drivers\RMCast.sys 96F7A9A7BF0C9C0440A967440065D33C
C:\WINDOWS\System32\DRIVERS\sbp2port.sys B244960E5A1DB8E9D5D17086DE37C1E4
C:\WINDOWS\System32\DRIVERS\secdrv.sys ==> MD5 is legit
C:\WINDOWS\System32\DRIVERS\serenum.sys 0F29512CCD6BEAD730039FB4BD2C85CE
C:\WINDOWS\System32\DRIVERS\serial.sys D579FAB95D55A3459547D3EF116821D7
C:\WINDOWS\system32\Drivers\Sfloppy.sys 8E6B8C671615D126FDC553D1E2DE5562
C:\WINDOWS\System32\DRIVERS\SI3132.sys 0B9B5C6DF6226497EF4819B6E1B2EFD5
C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys AD29A80543C63E5B3588D118FB327E22
C:\WINDOWS\System32\DRIVERS\SiRemFil.sys B19EFE5E45AE31F3C3E4C4F0F9DA3C49
C:\WINDOWS\System32\DRIVERS\SLIP.sys 866D538EBE33709A5C9F5C62B73B7D14
C:\WINDOWS\System32\speedfan.sys DC8D2952FB6FFBAEC67BD1B93A34DF11
C:\WINDOWS\System32\drivers\splitter.sys AB8B92451ECB048A4D1DE7C3FFCB4A9F
C:\WINDOWS\System32\DRIVERS\sr.sys A10A8FFFBC556480027FB5AADAE4FE1A
C:\WINDOWS\System32\DRIVERS\srv.sys 47DDFC2F003F7F9F0592C6874962A2E7
C:\WINDOWS\System32\DRIVERS\StreamIP.sys 77813007BA6265C4B6098187E6ED79D2
C:\WINDOWS\System32\DRIVERS\swenum.sys 3941D127AEF12E93ADDF6FE6EE027E0F
C:\WINDOWS\System32\drivers\swmidi.sys 8CE882BCC6CF8A62F2B2323D95CB3D01
C:\WINDOWS\System32\drivers\sysaudio.sys 8B83F3ED0F1688B4958F77CD6D2BF290
C:\WINDOWS\System32\DRIVERS\tcpip.sys 9AEFA14BD6B182D61E3119FA5F436D3D
C:\WINDOWS\System32\DRIVERS\tcpip6.sys 4E53BBCC4BE37D7A4BD6EF1098C89FF7
C:\WINDOWS\system32\Drivers\TDPIPE.sys 6471A66807F5E104E4885F5B67349397
C:\WINDOWS\system32\Drivers\TDTCP.sys C56B6D0402371CF3700EB322EF3AAF61
C:\WINDOWS\System32\DRIVERS\termdd.sys 88155247177638048422893737429D9E
C:\WINDOWS\System32\DRIVERS\tunmp.sys 8F861EDA21C05857EB8197300A92501C
C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS E266683FC95ABDEC17CD378564E1B54B
C:\WINDOWS\system32\Drivers\Udfs.sys 5787B80C2E3C5E2F56C2A233D91FA2C9
C:\WINDOWS\System32\DRIVERS\update.sys 402DDC88356B1BAC0EE3DD1580C76A31
C:\WINDOWS\System32\drivers\usbaudio.sys 65898A183FBF1D1F7759D5CCB364DCD4
C:\WINDOWS\System32\DRIVERS\usbccgp.sys 1B611611C28D2DF25BC057D79C6F13FC
C:\WINDOWS\System32\DRIVERS\usbehci.sys 4BAC8DF07F1D8434FC640E677A62204E
C:\WINDOWS\System32\DRIVERS\usbhub.sys 1AB3CDDE553B6E064D2E754EFE20285C
C:\WINDOWS\System32\DRIVERS\usbprint.sys A717C8721046828520C9EDF31288FC00
C:\WINDOWS\System32\DRIVERS\usbscan.sys F8EDE2B6928970DCE3D5614C27D9E7F6
C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS A32426D9B14A089EAA1D922E0C5801A9
C:\WINDOWS\System32\DRIVERS\usbuhci.sys 26496F9DEE2D787FC3E61AD54821FFE6
C:\WINDOWS\System32\drivers\vga.sys 0D3A8FAFCEACD8B7625CD549757A7DF1
C:\WINDOWS\system32\Drivers\VolSnap.sys 9D61102F5BACD5A26FCAA0DE95E5909E
C:\WINDOWS\System32\DRIVERS\wanarp.sys E20B95BAEDB550F32DD489265C1DA1F6
C:\WINDOWS\System32\DRIVERS\Wdf01000.sys FD47474BD21794508AF449D9D91AF6E6
C:\WINDOWS\System32\drivers\wdmaud.sys 6768ACF64B18196494413695F0C3A00F
C:\WINDOWS\System32\drivers\ws2ifsl.sys 6ABE6E225ADB5A751622A9CC3BC19CE8
C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS C98B39829C2BBD34E454150633C62C78
C:\WINDOWS\System32\DRIVERS\WudfPf.sys 50EB9E21963B4F06FD010D007D54351B
C:\WINDOWS\System32\DRIVERS\wudfrd.sys 6E209664BDEA8A15B5E8E480D6C607C2
C:\WINDOWS\System32\Drivers\ymidusb.sys 48D2CA257A22481F830D9CE434E3827A
C:\WINDOWS\System32\DRIVERS\yk51x86.sys 228D0403F0210D6D67A9ACF907597EFE

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-15 13:44 - 2014-11-15 13:45 - 00036707 _____ () C:\Documents and Settings\Torbjoern Martin\Desktop\FRST.txt
2014-11-15 13:43 - 2014-11-15 13:44 - 00000000 ____D () C:\FRST
2014-11-15 13:31 - 2014-11-15 13:31 - 01108480 _____ (Farbar) C:\Documents and Settings\Torbjoern Martin\Desktop\FRST.exe
2014-11-14 15:35 - 2014-11-15 13:22 - 00012304 _____ () C:\Documents and Settings\Torbjoern Martin\Desktop\SystemLook.txt
2014-11-12 16:20 - 2014-11-12 16:20 - 00005925 _____ () C:\Documents and Settings\Torbjoern Martin\Desktop\attach.zip
2014-11-12 15:20 - 2014-11-12 16:10 - 00025707 _____ () C:\Documents and Settings\Torbjoern Martin\Desktop\attach.txt
2014-11-12 15:20 - 2014-11-12 16:02 - 00014070 _____ () C:\Documents and Settings\Torbjoern Martin\Desktop\dds.txt
2014-11-12 15:02 - 2014-11-12 15:02 - 00001805 _____ () C:\Documents and Settings\Torbjoern Martin\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-11-12 15:01 - 2014-11-12 15:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start-menu\Programmer\Tweaking.com
2014-11-11 17:40 - 2014-11-11 17:40 - 00688992 ____R (Swearware) C:\Documents and Settings\Torbjoern Martin\Desktop\dds.com
2014-11-11 13:40 - 2014-11-11 13:44 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-07 17:38 - 2014-11-07 17:38 - 00000000 ____D () C:\Documents and Settings\All Users\Program Data\Emsisoft
2014-11-07 15:14 - 2014-11-12 12:55 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-11-06 16:37 - 2014-11-15 13:14 - 00000541 _____ () C:\Documents and Settings\Torbjoern Martin\Desktop\SL-Script.txt
2014-11-06 13:29 - 2014-11-06 13:38 - 00013378 _____ () C:\Documents and Settings\Torbjoern Martin\Desktop\SystemLook_old.txt
2014-11-01 10:12 - 2014-11-04 11:55 - 00000000 ____D () C:\Documents and Settings\All Users\Program Data\Sophos
2014-10-18 11:44 - 2014-10-18 11:44 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-10-18 11:44 - 2014-10-18 11:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start-menu\Programmer\Java
2014-10-18 11:44 - 2014-10-18 11:43 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-10-18 11:44 - 2014-10-18 11:43 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-10-18 11:44 - 2014-10-18 11:43 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-10-18 11:44 - 2014-10-18 11:43 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-10-18 11:44 - 2014-10-18 11:43 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-15 13:45 - 2009-04-29 13:05 - 00000442 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{99082F30-1C10-41B8-85EC-F9979A0249DE}.job
2014-11-15 13:45 - 2006-06-05 13:19 - 00000000 ____D () C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp
2014-11-15 13:44 - 2006-06-05 13:19 - 00000000 ____D () C:\Documents and Settings\Torbjoern Martin\Desktop
2014-11-15 13:38 - 2012-03-30 10:33 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-15 13:37 - 2006-06-05 15:01 - 00206417 _____ () C:\WINDOWS\setupact.log
2014-11-15 13:36 - 2006-06-05 14:55 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2014-11-15 13:14 - 2013-11-21 15:19 - 00000000 __RHD () C:\Documents and Settings\Torbjoern Martin\Latest
2014-11-15 13:00 - 2006-06-05 13:17 - 00032162 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-15 10:06 - 2006-06-05 13:13 - 01229443 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-15 09:56 - 2004-08-04 13:00 - 00012674 _____ () C:\WINDOWS\system32\wpa.dbl
2014-11-15 09:54 - 2006-06-05 15:05 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-11-15 09:54 - 2006-06-05 15:05 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-11-15 09:53 - 2014-03-12 10:53 - 00000242 _____ () C:\WINDOWS\Tasks\Notification about End of Support for Microsoft Windows XP – logon.job
2014-11-15 09:53 - 2006-06-05 13:17 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-14 16:09 - 2007-06-23 15:13 - 00001080 _____ () C:\WINDOWS\system32\settingsbkup.sfm
2014-11-14 16:09 - 2007-06-23 15:13 - 00001080 _____ () C:\WINDOWS\system32\settings.sfm
2014-11-14 16:08 - 2006-06-05 22:02 - 00524288 _____ () C:\WINDOWS\system32\config\ACEEvent.evt
2014-11-14 16:08 - 2006-06-05 13:19 - 00000286 ___SH () C:\Documents and Settings\Torbjoern Martin\ntuser.ini
2014-11-12 15:01 - 2006-06-05 15:02 - 00000000 ___RD () C:\Documents and Settings\All Users\Start-menu\Programs
2014-11-12 14:59 - 2013-10-29 15:54 - 00000000 ____D () C:\Documents and Settings\Torbjoern Martin\My documents\Downloads
2014-11-12 13:38 - 2012-03-30 10:33 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-11-12 13:38 - 2011-05-21 11:02 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-11-12 12:51 - 2006-06-05 15:02 - 00000000 ____D () C:\Documents and Settings\All Users\Desktop
2014-11-12 12:45 - 2013-07-10 13:45 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-12 12:35 - 2006-06-05 20:24 - 100445232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-12 12:08 - 2014-06-11 12:20 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-11 22:26 - 2006-06-05 13:17 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2014-11-11 15:17 - 2006-06-05 15:02 - 00000000 ____D () C:\Program Files
2014-11-08 15:26 - 2006-06-05 15:02 - 00000000 ___RD () C:\Documents and Settings\All Users\Start-menu
2014-11-08 15:00 - 2014-03-12 10:53 - 00000236 _____ () C:\WINDOWS\Tasks\Notification about End of Support for Microsoft Windows XP – monthly.job
2014-11-07 15:04 - 2014-07-14 10:44 - 00000000 ____D () C:\WINDOWS\ERDNT
2014-11-06 15:28 - 2004-08-04 13:00 - 00001915 _____ () C:\WINDOWS\win.ini
2014-11-05 13:26 - 2006-06-10 15:35 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Program Data\Adobe
2014-11-05 13:09 - 2014-07-08 15:00 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-11-05 13:09 - 2006-06-05 13:19 - 00000000 ____D () C:\Documents and Settings\Torbjoern Martin
2014-11-05 13:09 - 2006-06-05 13:17 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-11-05 13:09 - 2006-06-05 13:17 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-11-05 13:08 - 2006-06-05 13:11 - 00000000 ____D () C:\WINDOWS\Registration
2014-11-04 11:55 - 2006-06-05 13:19 - 00000000 ___RD () C:\Documents and Settings\Torbjoern Martin\Start-menu\Programs
2014-10-30 12:54 - 2014-05-19 15:00 - 00000000 ____D () C:\Documents and Settings\All Users\Program Data\CanonIJPLM
2014-10-30 11:43 - 2006-06-10 14:22 - 00002491 _____ () C:\Documents and Settings\Torbjoern Martin\Desktop\Microsoft Office Excel 2003.lnk
2014-10-26 15:13 - 2006-06-05 15:02 - 01425876 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-26 15:13 - 2004-08-04 13:00 - 00590754 _____ () C:\WINDOWS\system32\perfh014.dat
2014-10-26 15:13 - 2004-08-04 13:00 - 00132060 _____ () C:\WINDOWS\system32\perfc014.dat
2014-10-25 14:36 - 2006-06-08 13:10 - 00002483 _____ () C:\Documents and Settings\Torbjoern Martin\Desktop\Microsoft Calculator Plus.lnk
2014-10-24 11:48 - 2014-09-30 14:33 - 00000574 _____ () C:\WINDOWS\LkmdfCoInst.log
2014-10-24 11:48 - 2009-03-12 17:14 - 00986438 _____ () C:\WINDOWS\setupapi.log
2014-10-24 11:46 - 2014-09-30 14:33 - 00016400 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2014-10-21 14:11 - 2008-04-10 16:42 - 00000000 ____D () C:\Program Files\Trend Micro
2014-10-21 12:16 - 2006-06-06 16:48 - 00000000 ____D () C:\Documents and Settings\Torbjoern Martin\My documents\My previous Emails
2014-10-21 12:06 - 2006-06-06 16:46 - 00000000 ____D () C:\Documents and Settings\Torbjoern Martin\My documents\My new Emails
2014-10-18 11:44 - 2006-06-05 15:02 - 00000000 ____D () C:\Program Files\Common Files
2014-10-18 11:16 - 2006-08-03 06:47 - 00000000 ____D () C:\WINDOWS\BounceBack
2014-10-17 10:29 - 2007-12-13 20:30 - 00000000 ____D () C:\WINDOWS\system32\Adobe
2014-10-17 10:25 - 2014-09-24 12:26 - 00000000 ____D () C:\Documents and Settings\Torbjoern Martin\Local Settings\Program Data\Adobe

Some content of TEMP:
====================
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\02TVoHLM.intnc32e.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\1000053.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\2000038.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\AdobeUpdater12345.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\atl80.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\AUMgr.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\avxdisk.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\bdc.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\bdcore.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\bdfltlib2k.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\bdnimbus32.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\bdnimbus64.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\bdupdateservice.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\DEVCON.EXE
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\DFC_Setup.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\dZ2Xs.ETCoI32e.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\encdec.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\esupdate.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\ETCoI32e.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\flashplayer6_winax.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\FmR.intnc32e.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\FSSync.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\Getvlist.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\GoogleInstall.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\gtapi.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\hBDPKAz.intnc32e.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\i4j23825.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\ikave.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\Install.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\InstHelper.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\intnc32e.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\ipc.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jBsnV4r.intnc32e.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-6u1-windows-i586-p-iftw_fa96d0d7.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-6u13-windows-i586-p-iftw.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-6u15-windows-i586-iftw.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-6u16-windows-i586-iftw.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-6u17-windows-i586-iftw-rv.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-6u19-windows-i586-iftw-rv.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-6u2-windows-i586-p-iftw_7070c3f7.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-6u3-windows-i586-p-iftw_2cd32978.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-6u33-windows-i586-iftw.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-6u35-windows-i586-iftw.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-6u37-windows-i586-iftw.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-6u5-windows-i586-p-iftw_1b121abb.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-6u7-windows-i586-p-iftw_bdb28397.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-7u21-windows-i586-iftw.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-7u40-windows-i586-iftw.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-7u55-windows-i586-iftw.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-7u65-windows-i586-iftw.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-7u67-windows-i586-iftw.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\jre-7u71-windows-i586-iftw.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\kave.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\kavvlg.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\libexpat.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\mfc80.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\mfc80u.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\mfcm80.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\mfcm80u.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\MSETUP4.EXE
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\msvclnt.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\msvcm80.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\msvcp110.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\msvcp80.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\msvcp90.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\msvcr110.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\msvcr80.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\msvcr90.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\msvl64.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\msvlclnt.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\MUOAp.ETCoI32e.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\mwavdwnl.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\MWAVL.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\mwunzip.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\NEventMessages.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\o0Tz.ETCoI32e.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\Ohbum.intnc32e.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\ose00000.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\pKIJ5PwS.ETCoI32e.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\prLoader.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\red32.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\Reload.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\scan.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\ScanningProcess.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\setpointnor.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\setpriv.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\setup_wm.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\sfamcc00001.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\sfextra.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\sp_setpoint.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\test2.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\TmDbg32.dll
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\TNO_CC30Pack.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\uninstall.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\unregx.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\Unwise.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\UPDLL10.DLL
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\viewtcp.exe
C:\Documents and Settings\Torbjoern Martin\Local Settings\Temp\xIWte3.ETCoI32e.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

Attached File  Addition.zip   13.52KB   1 downloads


MS Win 10 Pro 64-bit, EAM Pro/EEK, MB 3 Free, WPP, SWB Free, CryptoPrevent Free, NVT OSA and Unchecky, WFW, FFQ with CanDef, uBO, Ghostery, Grammarly Free and HTTPS Ew. Acronis TI 2018, K. Sw. Upd. AM-tools: 9-lab RT BETA, AdwCleaner, Auslogics AM, aswMBR, Avira PCC, BD ART, catchme, Cezurity AV, CCE, CKS, ClamWin P., Crystal Sec., DDS, DWCI, EMCO MD, eScan MWAV, ESS/EOS, FGP, FMTB, FRST, F-SOS, FSS, FreeFixer, GMP, GMER, hP BETA, HJT, Inherit, JRT, K. avz4, KVRT, K. TDSSKiller, LSP-Fix, MB 3 Free, MBAR BETA, MA Stinger, NMC, NoBot, NPE, NSS, NVT MRF (NMRF), OTL, PCC, QD, RCS, RSIT, RKill, Rs, SC, SR, SAP, SVRT, SAS, SL, TMHC, TSA ART, UHM, Vba32 AR, VRS, WR (AiO), Xvirus PG, ZAM, ZHPC, ZHPD and Zoek. I have 23 Years of PC Experience. Bold = effective.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:20 AM

Posted 15 November 2014 - 11:20 AM

Run this tool to clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.

  • ===

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
    start
    
    HKU\S-1-5-21-1060284298-2147125267-725345543-1003\...\Run: [RemoteControl] => [X]
    HKU\S-1-5-21-1060284298-2147125267-725345543-1003\...\Run: [StartCCC] => [X]
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-1060284298-2147125267-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [X]
    S4 IntelIde; No ImagePath
    
    End
    
    Save the files as fixlist.txt into the same folder as FRST

    Run FRST and click Fix only once and wait.

    Restart the computer normally to reset the registry.

    The tool will create a log Fixlog.txt please post it to your reply.
    ===

    Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    p.s.
    If the SecurityCheck program fails to run for any reason, run it as an Administrator.

    If the site is busy or not available use this mirror site:
    http://www.bleepingcomputer.com/download/securitycheck/

    How is the computer running now?


#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:20 AM

Posted 21 November 2014 - 09:23 AM

Are you still with me?



#8 midimusicman79

midimusicman79
  • Topic Starter

  • Members
  • 766 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:07:20 AM

Posted 22 November 2014 - 10:42 AM

Hi again, nasdaq.

 

Thank you for the reply and the reminder!

 

I am sorry for not responding earlier, however I was actually a bit disappointed when you asked me to run the exact same three anti-spyware programs as the previous time you were helping me. (www.bleepingcomputer.com/forums/t/548541/sudden-overall-computer-slowdown-and-eolesyserror-class-not-registered-in-otl/)

 

And just like then, you want me to clean my Temporary files/folders. But as I still have not changed my mind (and never will either), here is my quote from that topic #548541, post #7:

 

 

Thank you for the advice, but Sir, with all do respect, unfortunately I do not want to clean my Temporary files/folders, as I think it might cause "unpredictable results". Neither do they pose a security threat, nor have they ever bothered me.

 

Nextly, as for FRST, I have ran a particial fix like the previous time, quoted from that same topic #548541, post #7:

 

 

I have particially mostly used the fixlist which you created and ran FRST, as I think some of the lines were somewhat too risky to execute, namely one of these belonging to my Graphics card. I also decided to use the Reboot: option in order to force a reboot of the computer, like I have always used FRST, because I think it is "better" than just doing this in the normal fashion. Hope you do not mind this.

 

Lastly, regarding Security Check, I have ran this too; it complains about Java being out of date, however as my OS is Microsoft Windows XP Professional, this is in fact incorrect, as Java 7 update 71 is the newest. In the Java Control Panel, it says: "You already have the latest Java Platform on this system."

 

Moreover, when I verify my Java installation at www.java.com, it says: "You have the recommended Java installed (Version 7 Update 71)."

 

Additionally, according to the Java System Requirements at www.java.com/en/download/help/sysreq.xml, it says that Java 7 is compatible with Windows XP, and that Java 8 is compatible only with Windows Vista, 7 and 8.

 

So, therefore, I have a couple of questions for you; could you please answer them?

 

  1. Do you think that the reason for my computer slowness is because it is nine years old, and that I just should live with it?
  2. Could uninstalling Abobe Flash Player and maybe also Shockwave Player possibly remedy the spyware problem and unlock the registry keys, so that Mal/Fareit spyware can be detected and removed with either my anti-virus (I have ESET Smart Security 8) or any anti-spyware tool?
  3. Do you think that I should try to fix both my NEC DVD-RW ND-3550A DVD burners not working, by running Windows Repair (All in One), or should I rather try to connect and install a portable Samsung DVD burner that I have borrowed from a friend)?

Thank you very much in advance for your help!

 

Anyway, here are the logs:

 

Regards,

midimusicman79

 

 

FRST Fix log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 16-11-2014 01
Ran by Torbjoern Martin at 2014-11-16 16:24:54 Run:1
Running from C:\Documents and Settings\Torbjoern Martin\Skrivebord
Loaded Profile: Torbjørn Martin (Available profiles: Torbjoern Martin & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1060284298-2147125267-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [X]
Reboot:
*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1060284298-2147125267-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
cleanhlp => Service deleted successfully.


The system needed a reboot.

==== End of Fixlog ====

 

 

Security Check log:

 

Results of screen317's Security Check version 0.99.89  
Windows XP Service Pack 3 x86   
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````

ESET Smart Security 8.0   
Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
xp-AntiSpy 3.96-8    
VirusTotal Uploader 2.2   
Java 7 Update 71  
Java version out of Date!
Adobe Flash Player     15.0.0.223  
Adobe Reader XI  
Mozilla Firefox (33.1)
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe  
ESET NOD32 Antivirus ekrn.exe  
Trend Micro TrendSecure RemoteFileLock FLMain.exe
Trend Micro TrendSecure TSCFPlatformCOMSvr.exe  
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 3%
````````````````````End of Log``````````````````````


Edited by midimusicman79, 23 November 2014 - 02:52 AM.

MS Win 10 Pro 64-bit, EAM Pro/EEK, MB 3 Free, WPP, SWB Free, CryptoPrevent Free, NVT OSA and Unchecky, WFW, FFQ with CanDef, uBO, Ghostery, Grammarly Free and HTTPS Ew. Acronis TI 2018, K. Sw. Upd. AM-tools: 9-lab RT BETA, AdwCleaner, Auslogics AM, aswMBR, Avira PCC, BD ART, catchme, Cezurity AV, CCE, CKS, ClamWin P., Crystal Sec., DDS, DWCI, EMCO MD, eScan MWAV, ESS/EOS, FGP, FMTB, FRST, F-SOS, FSS, FreeFixer, GMP, GMER, hP BETA, HJT, Inherit, JRT, K. avz4, KVRT, K. TDSSKiller, LSP-Fix, MB 3 Free, MBAR BETA, MA Stinger, NMC, NoBot, NPE, NSS, NVT MRF (NMRF), OTL, PCC, QD, RCS, RSIT, RKill, Rs, SC, SR, SAP, SVRT, SAS, SL, TMHC, TSA ART, UHM, Vba32 AR, VRS, WR (AiO), Xvirus PG, ZAM, ZHPC, ZHPD and Zoek. I have 23 Years of PC Experience. Bold = effective.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:20 AM

Posted 22 November 2014 - 01:49 PM

Your Java version is up to date.
The new released version  of the tool will no longer report this as a wrong version.
===
 
A number of keys in the registry are considered bad by Sophos.
 
I suggest you download the removal tool suggested at the top of the article.
 
Run the tool and let me know of the remaining issues?


#10 midimusicman79

midimusicman79
  • Topic Starter

  • Members
  • 766 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:07:20 AM

Posted 25 November 2014 - 12:46 PM

Hi again, nasdaq.

 

Thank you for the reply. Glad to hear that the error is fixed & that Security Check has been updated! :thumbup2:

 

I have now ran Sophos Virus Removal Tool for 7 hours and 9 minutes, but unfortunately it did not find anything. :( It says: "Your computer is clean. Number of threats found: 0." Which is somewhat hard to believe, given Sophos comprehensive detailed analysis of Troj/Agent-AIHM. :wacko:

 

The remaining issues are still exactly the same; the computer is slow on start-up and run, Troj/Agent-AIHM is infecting my computer, and both my DVD-burners do not work.

 

I guess I am off to trying several of the online anti-virus/-malware scanners that I still have not tried already. Do you perhaps have some to recommend? Preferably the ones that do not take several hours to run, although I guess most of them are just like that...

 

Furthermore, as I recently upgraded ESET Smart Security to version 8, it might be a good idea to reconfigure this program and run a complete system scan. Maybe I will post the log when done...

 

So, some day at some time I might find an online anti-virus/-malware scanner that can catch Troj/Agent-AIHM. Maybe I will let you know when... :busy:

 

I would appreciate that you please answer the three questions in my previous post.

 

Thank you for the help, sir!

 

Regards,

midimusicman79


Edited by midimusicman79, 26 November 2014 - 09:41 AM.

MS Win 10 Pro 64-bit, EAM Pro/EEK, MB 3 Free, WPP, SWB Free, CryptoPrevent Free, NVT OSA and Unchecky, WFW, FFQ with CanDef, uBO, Ghostery, Grammarly Free and HTTPS Ew. Acronis TI 2018, K. Sw. Upd. AM-tools: 9-lab RT BETA, AdwCleaner, Auslogics AM, aswMBR, Avira PCC, BD ART, catchme, Cezurity AV, CCE, CKS, ClamWin P., Crystal Sec., DDS, DWCI, EMCO MD, eScan MWAV, ESS/EOS, FGP, FMTB, FRST, F-SOS, FSS, FreeFixer, GMP, GMER, hP BETA, HJT, Inherit, JRT, K. avz4, KVRT, K. TDSSKiller, LSP-Fix, MB 3 Free, MBAR BETA, MA Stinger, NMC, NoBot, NPE, NSS, NVT MRF (NMRF), OTL, PCC, QD, RCS, RSIT, RKill, Rs, SC, SR, SAP, SVRT, SAS, SL, TMHC, TSA ART, UHM, Vba32 AR, VRS, WR (AiO), Xvirus PG, ZAM, ZHPC, ZHPD and Zoek. I have 23 Years of PC Experience. Bold = effective.


#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:20 AM

Posted 25 November 2014 - 01:48 PM

Do you think that the reason for my computer slowness is because it is nine years old, and that I just should live with it?
Microsoft is no longer providing assistance on XP.
 
If you have all the latest Microsoft Updates then the slow computer may caused by a bad driver or some other hardware problem.
 
===
 
 The link I gave you on the Sophos comprehensive detailed analysis of Tjoj/Agent-AIHM.
reports many items added by the trojan.
If any one of them is still listed the registry then you will get the report from Sophos.
It does not mean that the key is active it's just a remant listing in the registry. Causing no harm.
 
===
 
Do you think that I should try to fix both my NEC DVD-RW ND-3550A DVD burners not working, by running Windows Repair (All in One), or should I rather try to connect and install a portable Samsung DVD burner that I have borrowed from a friend)?
I previously said that you could try the one borrowed from a friend.
You can also check the home page of the Manufacturer and see if a new driver has been issued for your model.
 
Running the Windows repair is an other option.
===





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users