Jump to content

someoneinsane

Members
  • Posts

    10
  • Joined

  • Last visited

Everything posted by someoneinsane

  1. Thanks for your help, I don't have any of the problems I had previously. I can't thank you enough.
  2. esetscan.txt C:\Users\Jesper Drlicka\Downloads\ADLSoft_MultiClock.exe a variant of Win32/InstallCore.AZ application C:\Users\Jesper Drlicka\Downloads\slender_setup.exe a variant of Win32/Adware.iBryte.D application C:\Users\Jesper Drlicka\Downloads\SoftonicDownloader_for_slender-the-eight-pages.exe a variant of Win32/SoftonicDownloader.E application
  3. Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.27.09 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Jesper Drlicka :: FIXALLTHEISSUES [administrator] 1/27/2013 8:46:21 PM mbam-log-2013-01-27 (20-46-21).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 258189 Time elapsed: 4 minute(s), 6 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  4. # AdwCleaner v2.109 - Logfile created 01/27/2013 at 20:36:56 # Updated 26/01/2013 by Xplode # Operating system : Windows 7 Home Premium (64 bits) # User : Jesper Drlicka - FIXALLTHEISSUES # Boot Mode : Normal # Running from : C:\Users\Jesper Drlicka\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\END Folder Deleted : C:\Users\Jesper Drlicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{EB132DB0-A4CA-11DF-9732-0E29E0D72085}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Mozilla Firefox v18.0.1 (en-US) File : C:\Users\Jesper Drlicka\AppData\Roaming\Mozilla\Firefox\Profiles\mke1z7oj.default\prefs.js Deleted : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}"); Deleted : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}"); Deleted : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}"); Deleted : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); Deleted : user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...] Deleted : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}"); Deleted : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...] Deleted : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...] Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...] Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...] Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...] Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...] Deleted : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...] File : C:\Users\Bozena Beatrice\AppData\Roaming\Mozilla\Firefox\Profiles\9nhfpdbp.default\prefs.js [OK] File is clean. -\\ Google Chrome v24.0.1312.56 File : C:\Users\Jesper Drlicka\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.18] : homepage = "hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=491949f4-8852-[...] Deleted [l.2201] : homepage = "hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=491949f4-8852-4[...] ************************* AdwCleaner[s1].txt - [3797 octets] - [27/01/2013 20:36:56] ########## EOF - C:\AdwCleaner[s1].txt - [3857 octets] ##########
  5. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.5.2 (01.26.2013:2) OS: Windows 7 Home Premium x64 Ran by Jesper Drlicka on Sun 01/27/2013 at 20:18:54.50 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{687578b9-7132-4a7a-80e4-30ee31099e03} Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\S-1-5-21-4088980869-1917275451-116283548-1001\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\S-1-5-21-4088980869-1917275451-116283548-1001\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\search\\Default_Search_URL Successfully repaired: [Registry Value] hkey_users\S-1-5-21-4088980869-1917275451-116283548-1001\software\microsoft\internet explorer\search\\Default_Search_URL Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchurl\\Default Successfully repaired: [Registry Value] hkey_users\S-1-5-21-4088980869-1917275451-116283548-1001\software\microsoft\internet explorer\searchurl\\Default Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchurl\\Default Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\search\\SearchAssistant Successfully repaired: [Registry Value] hkey_users\S-1-5-21-4088980869-1917275451-116283548-1001\software\microsoft\internet explorer\search\\SearchAssistant ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_current_user\software\conduit Successfully deleted: [Registry Key] hkey_local_machine\software\conduit Successfully deleted: [Registry Key] hkey_current_user\software\default tab Successfully deleted: [Registry Key] hkey_local_machine\software\default tab Successfully deleted: [Registry Key] hkey_current_user\software\defaulttab Successfully deleted: [Registry Key] hkey_local_machine\software\defaulttab Successfully deleted: [Registry Key] hkey_current_user\software\softonic Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\defaulttab Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar Successfully deleted: [Registry Key-Heur] HKEY_CLASSES_ROOT\CrossriderApp0021802.BHO Successfully deleted: [Registry Key-Heur] HKEY_CLASSES_ROOT\CrossriderApp0021802.Sandbox Successfully deleted: [Registry Key-Heur] HKEY_CLASSES_ROOT\CrossriderApp0021802.Sandbox.1 Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021802.BHO Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021802.Sandbox Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021802.Sandbox.1 Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT3072253 Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT3198785 Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT3220468 Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{7f6afbf1-e065-4627-a2fd-810366367d01} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{7f6afbf1-e065-4627-a2fd-810366367d01} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ae07101b-46d4-4a98-af68-0333ea26e113} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{2fa28606-de77-4029-af96-b231e3b8f827} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{2fa28606-de77-4029-af96-b231e3b8f827} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} ~~~ Files Successfully deleted: [File] C:\eula.1028.txt Successfully deleted: [File] C:\eula.1031.txt Successfully deleted: [File] C:\eula.1033.txt Successfully deleted: [File] C:\eula.1036.txt Successfully deleted: [File] C:\eula.1040.txt Successfully deleted: [File] C:\eula.1041.txt Successfully deleted: [File] C:\eula.1042.txt Successfully deleted: [File] C:\eula.2052.txt Successfully deleted: [File] C:\install.res.1028.dll Successfully deleted: [File] C:\install.res.1031.dll Successfully deleted: [File] C:\install.res.1033.dll Successfully deleted: [File] C:\install.res.1036.dll Successfully deleted: [File] C:\install.res.1040.dll Successfully deleted: [File] C:\install.res.1041.dll Successfully deleted: [File] C:\install.res.1042.dll Successfully deleted: [File] C:\install.res.2052.dll Successfully deleted: [File] C:\install.res.3082.dll ~~~ Folders Successfully deleted: [Folder] "C:\Users\Jesper Drlicka\AppData\Roaming\defaulttab" Successfully deleted: [Folder] "C:\Users\Jesper Drlicka\appdata\local\conduit" Successfully deleted: [Folder] "C:\Users\Jesper Drlicka\appdata\locallow\conduit" Successfully deleted: [Folder] "C:\Program Files (x86)\conduit" Successfully deleted: [Folder] "C:\Program Files (x86)\defaulttab" Successfully deleted: [Folder] "C:\windows\syswow64\ai_recyclebin" ~~~ FireFox Successfully deleted: [File] C:\Users\Jesper Drlicka\AppData\Roaming\mozilla\firefox\profiles\mke1z7oj.default\user.js Successfully deleted: [File] C:\Users\Jesper Drlicka\AppData\Roaming\mozilla\firefox\profiles\mke1z7oj.default\extensions\enrwujqhtf@enrwujqhtf.org.xpi [Tracur] Successfully deleted: [File] C:\Users\Jesper Drlicka\AppData\Roaming\mozilla\firefox\profiles\mke1z7oj.default\searchplugins\search-here.xml Successfully deleted: [Folder] C:\Users\Jesper Drlicka\AppData\Roaming\mozilla\firefox\profiles\mke1z7oj.default\smartbar Successfully deleted: [Folder] C:\Users\Jesper Drlicka\AppData\Roaming\mozilla\firefox\profiles\mke1z7oj.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} Successfully deleted the following from C:\Users\Jesper Drlicka\AppData\Roaming\mozilla\firefox\profiles\mke1z7oj.default\prefs.js user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT3220468.FirstTime", "true"); user_pref("CT3220468.FirstTimeFF3", "true"); user_pref("CT3220468.LoginRevertSettingsEnabled", true); user_pref("CT3220468.RevertSettingsEnabled", true); user_pref("CT3220468.UserID", "UN04389095570160151"); user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true"); user_pref("CT3220468.autoDisableScopes", -1); user_pref("CT3220468.defaultSearch", "false"); user_pref("CT3220468.enableAlerts", "always"); user_pref("CT3220468.enableSearchFromAddressBar", "false"); user_pref("CT3220468.firstTimeDialogOpened", "true"); user_pref("CT3220468.fixPageNotFoundError", "true"); user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true"); user_pref("CT3220468.fixUrls", true); user_pref("CT3220468.installType", "xpe"); user_pref("CT3220468.isCheckedStartAsHidden", true); user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT3220468.isFirstTimeToolbarLoading", "false"); user_pref("CT3220468.isNewTabEnabled", false); user_pref("CT3220468.isPerformedSmartBarTransition", "true"); user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}"); user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); user_pref("CT3220468.migrateAppsAndComponents", true); user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://uTorrentContr user_pref("CT3220468.openThankYouPage", "true"); user_pref("CT3220468.openUninstallPage", "false"); user_pref("CT3220468.revertSettingsEnabled", "false"); user_pref("CT3220468.searchInNewTabEnabled", "false"); user_pref("CT3220468.searchInNewTabEnabledInHidden", "true"); user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}"); user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3220468\"}"); user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://uTorrentControlv2.OurToolbar.com//xpi\"}"); user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentControl_v2\"}"); user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT3220468.serviceLayer_services_login_10.13.40.15_lastUpdate", "1359323834700"); user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1359261953107"); user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1359323834124"); user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1359261955545"); user_pref("CT3220468.settingsINI", true); user_pref("CT3220468.shouldFirstTimeDialog", "false"); user_pref("CT3220468.smartbar.CTID", "CT3220468"); user_pref("CT3220468.smartbar.Uninstall", "0"); user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 "); user_pref("CT3220468.startPage", "false"); user_pref("CT3220468.toolbarBornServerTime", "26-12-2012"); user_pref("CT3220468.toolbarCurrentServerTime", "28-1-2013"); user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1359336384998,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0} user_pref("Smartbar.ConduitHomepagesList", ""); user_pref("Smartbar.ConduitSearchEngineList", ""); user_pref("Smartbar.ConduitSearchUrlList", ""); user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q="); user_pref("Smartbar.keywordURLSelectedCTID", "CT3220468"); user_pref("browser.search.defaultthis.engineName", "WhiteSmoke US Customized Web Search"); user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=3&q={searchTerms}"); user_pref("extensions.helperbar.SmartbarDisabled", false); user_pref("extensions.helperbar.SmartbarStateMinimaized", false); user_pref("extensions.wrc.SearchRules.baidu.com.style", ".WRCN {display:none} .result .f .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}"); user_pref("extensions.wrc.SearchRules.baidu.com.url", "^hxxp\\:\\/\\/www\\.baidu\\.com\\/.*"); user_pref("extensions.wrc.SearchRules.excite.com.style", ".WRCN {display:none} .searchResult .resultTitlePane .WRCN {display:inline !important; background: url(\"IMAGE\") righ user_pref("extensions.wrc.SearchRules.excite.com.url", "^hxxp\\:\\/\\/msxml\\.excite\\.com\\/search\\/.*"); user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&q=&SearchSource=2"); Emptied folder: C:\Users\Jesper Drlicka\AppData\Roaming\mozilla\firefox\profiles\mke1z7oj.default\minidumps [60 files] ~~~ Chrome Dumping contents of C:\Users\Jesper Drlicka\appdata\local\Google\Chrome\User Data\Default\Default C:\Users\Jesper Drlicka\appdata\local\Google\Chrome\User Data\Default\Default\aaibemgdkhlkejfefjpbdedkjbnmfhhd C:\Users\Jesper Drlicka\appdata\local\Google\Chrome\User Data\Default\Default\Extensions C:\Users\Jesper Drlicka\appdata\local\Google\Chrome\User Data\Default\Default\Preferences C:\Users\Jesper Drlicka\appdata\local\Google\Chrome\User Data\Default\Default\Web Data C:\Users\Jesper Drlicka\appdata\local\Google\Chrome\User Data\Default\Default\aaibemgdkhlkejfefjpbdedkjbnmfhhd\background.html C:\Users\Jesper Drlicka\appdata\local\Google\Chrome\User Data\Default\Default\aaibemgdkhlkejfefjpbdedkjbnmfhhd\ContentScript.js C:\Users\Jesper Drlicka\appdata\local\Google\Chrome\User Data\Default\Default\aaibemgdkhlkejfefjpbdedkjbnmfhhd\manifest.json C:\Users\Jesper Drlicka\appdata\local\Google\Chrome\User Data\Default\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda Successfully deleted: [Folder] C:\Users\Jesper Drlicka\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0] Successfully deleted: [Folder] C:\Users\Jesper Drlicka\appdata\local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda Successfully deleted: [Registry Key] hkey_current_user\software\google\chrome\extensions\ejpbbhjlbipncjklfjjaedaieimbmdda Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\ejpbbhjlbipncjklfjjaedaieimbmdda Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\kdidombaedgpfiiedeimiebkmbilgmlc ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sun 01/27/2013 at 20:31:34.79 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  6. RogueKiller V8.4.3 [Jan 27 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User : Jesper Drlicka [Admin rights] Mode : ProxyFix -- Date : 01/27/2013 20:17:20 | ARK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 1 ¤¤¤ [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:52263) -> DELETED ¤¤¤ Driver : [NOT LOADED] ¤¤¤ Finished : << RKreport[1]_PR_01272013_02d2017.txt >> RKreport[1]_PR_01272013_02d2017.txt
  7. Sorry. This is number one, and the second is number two. The one I posted first I think was number 3. RogueKiller V8.4.3 [Jan 27 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User : Jesper Drlicka [Admin rights] Mode : Scan -- Date : 01/27/2013 18:51:10 | ARK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:52263) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK3261GSYN +++++ --- User --- [MBR] b4430ae22c55822deb3988c615953176 [bSP] 55a2345e79c8d4ab64d9f45faba7464f : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 300 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 616448 | Size: 282514 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] d0129188fbda94214e44e7311a4017f4 [bSP] 55a2345e79c8d4ab64d9f45faba7464f : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 300 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 616448 | Size: 61440 Mo 2 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 167999488 | Size: 1001 Mo 3 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 171999232 | Size: 2000 Mo Finished : << RKreport[1]_S_01272013_02d1851.txt >> RKreport[1]_S_01272013_02d1851.txt ____________________________________________ RogueKiller V8.4.3 [Jan 27 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User : Jesper Drlicka [Admin rights] Mode : Remove -- Date : 01/27/2013 18:51:52 | ARK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:52263) -> NOT REMOVED, USE PROXYFIX [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK3261GSYN +++++ --- User --- [MBR] b4430ae22c55822deb3988c615953176 [bSP] 55a2345e79c8d4ab64d9f45faba7464f : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 300 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 616448 | Size: 282514 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] d0129188fbda94214e44e7311a4017f4 [bSP] 55a2345e79c8d4ab64d9f45faba7464f : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 300 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 616448 | Size: 61440 Mo 2 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 167999488 | Size: 1001 Mo 3 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 171999232 | Size: 2000 Mo Finished : << RKreport[2]_D_01272013_02d1851.txt >> RKreport[1]_S_01272013_02d1851.txt ; RKreport[2]_D_01272013_02d1851.txt
  8. ComboFix 13-01-27.03 - Jesper Drlicka 01/27/2013 16:45:47.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4030.1429 [GMT -5:00] Running from: c:\users\Jesper Drlicka\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\users\Jesper Drlicka\AppData\Local\assembly\tmp c:\users\Jesper Drlicka\AppData\Local\Temp\1.tmp\F_IN_BOX.dll c:\users\Jesper Drlicka\AppData\Roaming\DefaultTab\DefaultTab c:\users\Jesper Drlicka\AppData\Roaming\DefaultTab\DefaultTab\addon.ico c:\users\Jesper Drlicka\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg c:\users\Jesper Drlicka\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll c:\users\Jesper Drlicka\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe c:\users\Jesper Drlicka\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe c:\users\Jesper Drlicka\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabUninstaller.exe c:\users\Jesper Drlicka\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll c:\users\Jesper Drlicka\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll c:\users\Jesper Drlicka\AppData\Roaming\DefaultTab\DefaultTab\DT.ico c:\users\Jesper Drlicka\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe c:\users\Jesper Drlicka\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico c:\users\Jesper Drlicka\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe c:\users\Jesper Drlicka\AppData\Roaming\Love c:\users\Jesper Drlicka\AppData\Roaming\Love\mari0\mappacks\custom_mappack_1\settings.txt c:\users\Jesper Drlicka\AppData\Roaming\Love\mari0\options.txt c:\users\Jesper Drlicka\AppData\Roaming\Love\ortho_robot\save.txt c:\users\Jesper Drlicka\AppData\Roaming\Love\Rimshot\saves\kool.txt c:\users\JESPER~1\AppData\Local\Temp\1.tmp\F_IN_BOX.dll c:\windows\SysWow64\URTTemp c:\windows\SysWow64\URTTemp\regtlib.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_DefaultTabSearch -------\Service_DefaultTabUpdate -------\Service_DefaultTabUpdate . . ((((((((((((((((((((((((( Files Created from 2012-12-27 to 2013-01-27 ))))))))))))))))))))))))))))))) . . 2013-01-27 19:41 . 2013-01-27 19:42 -------- d-----w- c:\program files\Construct 2 2013-01-26 16:11 . 2013-01-26 16:11 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{889CA1F7-C28E-4AD7-8290-0A0FE7A93EC8}\offreg.dll 2013-01-26 02:02 . 2013-01-26 02:02 175928 ----a-w- c:\windows\system32\drivers\jmcr.sys 2013-01-26 01:35 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{889CA1F7-C28E-4AD7-8290-0A0FE7A93EC8}\mpengine.dll 2013-01-22 14:02 . 2013-01-22 14:02 -------- d-----w- c:\users\Jesper Drlicka\AppData\Local\Programs 2013-01-22 13:34 . 2013-01-27 18:41 -------- d-----w- c:\program files (x86)\ERUNT 2013-01-17 00:02 . 2013-01-17 00:01 74344 ----a-w- c:\windows\system32\RtNicProp64.dll 2013-01-17 00:02 . 2013-01-17 00:01 708200 ----a-w- c:\windows\system32\drivers\Rt64win7.sys 2013-01-09 06:33 . 2012-11-09 05:34 751104 ----a-w- c:\windows\system32\win32spl.dll 2013-01-09 06:33 . 2012-11-09 04:49 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-01-09 06:31 . 2012-11-30 05:43 424960 ----a-w- c:\windows\system32\KernelBase.dll 2013-01-05 16:11 . 2013-01-05 16:11 -------- d-----w- c:\windows\Sun 2013-01-05 14:32 . 2013-01-05 14:32 -------- d-----w- c:\users\Jesper Drlicka\AppData\Roaming\MultiClockPackages 2013-01-05 14:32 . 2013-01-05 14:32 -------- d-----w- c:\program files (x86)\ADLSoft 2013-01-01 22:46 . 2013-01-01 22:46 -------- d-----w- c:\program files (x86)\DefaultTab 2013-01-01 22:46 . 2013-01-27 22:00 -------- d-----w- c:\users\Jesper Drlicka\AppData\Roaming\DefaultTab 2013-01-01 14:23 . 2010-06-02 09:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll 2013-01-01 14:23 . 2010-06-02 09:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll 2013-01-01 14:23 . 2010-06-02 09:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll 2013-01-01 14:23 . 2010-06-02 09:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll 2013-01-01 14:23 . 2010-05-26 16:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll 2013-01-01 14:23 . 2010-05-26 16:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll 2013-01-01 14:23 . 2010-05-26 16:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll 2013-01-01 14:23 . 2010-05-26 16:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll 2013-01-01 14:23 . 2010-05-26 16:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll 2013-01-01 14:23 . 2010-05-26 16:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll 2013-01-01 14:23 . 2010-02-04 15:01 24920 ----a-w- c:\windows\system32\X3DAudio1_7.dll 2013-01-01 14:23 . 2010-02-04 15:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll 2013-01-01 14:22 . 2007-04-04 23:54 107368 ----a-w- c:\windows\system32\xinput1_3.dll 2013-01-01 14:22 . 2007-04-04 23:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll 2013-01-01 14:21 . 2013-01-01 14:21 -------- d-----w- C:\UDK 2012-12-31 00:38 . 2012-12-31 00:38 -------- d-----w- c:\program files (x86)\QuickTime 2012-12-31 00:38 . 2012-12-31 00:38 -------- d-----w- c:\program files (x86)\Common Files\TechSmith Shared 2012-12-30 20:58 . 2012-12-31 00:04 -------- d-----w- c:\users\Jesper Drlicka\AppData\Local\Screencast-O-Matic 2012-12-30 03:57 . 2012-12-30 03:57 -------- d-----w- c:\users\Jesper Drlicka\AppData\Roaming\Image-Line 2012-12-30 03:22 . 2012-12-30 03:22 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-12-30 03:22 . 2012-12-30 03:22 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll 2012-12-30 03:22 . 2012-12-30 03:22 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll 2012-12-30 03:12 . 2012-12-30 03:12 -------- d-----w- c:\program files (x86)\ASIO4ALL v2 2012-12-30 03:10 . 2006-06-20 08:56 225280 ----a-w- c:\windows\SysWow64\rewire.dll 2012-12-30 03:10 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\SysWow64\vorbis.acm 2012-12-30 03:10 . 2012-12-30 03:10 -------- d-----w- c:\program files (x86)\Outsim 2012-12-30 03:06 . 2013-01-01 22:54 -------- d-----w- c:\program files (x86)\Image-Line . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-17 00:01 . 2011-05-05 01:18 107552 ----a-w- c:\windows\system32\RTNUninst64.dll 2013-01-09 02:26 . 2012-04-06 13:16 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-01-09 02:26 . 2011-10-11 00:01 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-27 03:42 . 2012-12-27 03:42 40960 ----a-r- c:\users\Jesper Drlicka\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe 2012-12-27 03:42 . 2012-12-27 03:42 40960 ----a-r- c:\users\Jesper Drlicka\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe 2012-12-16 16:52 . 2012-12-22 15:02 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:40 . 2012-12-22 15:01 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:25 . 2012-12-22 15:01 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:25 . 2012-12-22 15:02 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-14 21:49 . 2011-10-11 00:04 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-02 09:23 . 2012-12-02 09:23 0 ----a-w- c:\windows\SysWow64\sho8067.tmp 2012-11-30 04:56 . 2013-01-09 06:31 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-14 07:06 . 2012-12-15 08:00 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-14 06:32 . 2012-12-15 08:00 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-14 06:11 . 2012-12-15 08:01 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 06:04 . 2012-12-15 08:01 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-11-14 06:04 . 2012-12-15 08:01 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 06:02 . 2012-12-15 08:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 06:02 . 2012-12-15 08:01 237056 ----a-w- c:\windows\system32\url.dll 2012-11-14 05:59 . 2012-12-15 08:01 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-11-14 05:58 . 2012-12-15 08:01 816640 ----a-w- c:\windows\system32\jscript.dll 2012-11-14 05:57 . 2012-12-15 08:01 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 05:57 . 2012-12-15 08:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 05:55 . 2012-12-15 08:01 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-11-14 05:55 . 2012-12-15 08:01 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-11-14 05:53 . 2012-12-15 08:01 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-11-14 05:52 . 2012-12-15 08:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-14 05:46 . 2012-12-15 08:01 248320 ----a-w- c:\windows\system32\ieui.dll 2012-11-14 02:09 . 2012-12-15 08:01 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-11-14 01:58 . 2012-12-15 08:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57 . 2012-12-15 08:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-11-14 01:49 . 2012-12-15 08:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48 . 2012-12-15 08:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-11-14 01:44 . 2012-12-15 08:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-11-09 05:34 . 2012-12-15 00:14 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-09 04:49 . 2012-12-15 00:14 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-11-02 05:27 . 2012-12-15 00:13 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-11-02 04:48 . 2012-12-15 00:13 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-10-30 23:51 . 2012-07-16 18:46 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-10-30 23:51 . 2012-07-16 18:46 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-10-30 23:51 . 2012-07-16 18:46 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-10-30 23:51 . 2012-07-16 18:46 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-10-30 23:51 . 2012-07-16 18:46 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-10-30 23:51 . 2012-07-16 18:46 41224 ----a-w- c:\windows\avastSS.scr 2012-10-30 23:50 . 2012-07-16 18:46 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-10-30 23:50 . 2011-10-11 00:46 285328 ----a-w- c:\windows\system32\aswBoot.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="c:\users\Jesper Drlicka\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-11-13 1199576] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-12-15 1354736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-02-01 656920] "File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2011-02-07 12274688] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-26 283160] "HP HD Webcam [Fixed]_Monitor"="c:\program files (x86)\HP HD Webcam [Fixed]\monitor.exe" [2010-11-26 11:31 267128] "HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-04-05 94264] "HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-02-11 76344] "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456] "InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-04-29 1770400] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] . c:\users\Jesper Drlicka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP] 2011-02-03 22:09 75360 ----a-w- c:\windows\System32\DeviceNP.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ DPPassFilter scecli . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-01-27 131128] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528] R2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] R2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe [2011-03-07 62184] R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-01-07 36000] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-01-07 298144] R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-01-07 201376] R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-01-07 55456] R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-01-07 154272] R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-01-07 279200] R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x] R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [2011-02-07 63336] R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\EA Sports\Fifa Online 2\GameGuard\dump_wmimmc.sys [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2011-02-03 464480] R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-04-05 1094712] R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2013-01-26 175928] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-15 1255736] R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x] S0 MfeEpeOpal;MfeEpeOpal; [x] S0 MfeEpePc;MfeEpePc; [x] S1 aswKbd;aswKbd; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-03-29 89600] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600] S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-01-07 138400] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-01-07 53920] S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2010-02-17 181760] S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2010-02-09 55296] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [2011-01-28 133688] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-09-06 197536] S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2011-02-07 320000] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2012-02-28 31000] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-26 13336] S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896] S2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2012-02-08 1323008] S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-02-01 1127448] S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-01-18 113264] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [2009-06-22 291352] S2 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [2010-11-11 502464] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-01-17 2656280] S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2011-08-23 3175728] S2 WINZIPSSDiskOptimizer;WINZIPSSDiskOptimizer;c:\program files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe [2011-11-10 628040] S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2010-11-11 32192] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-01-07 28832] S3 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2011-01-12 36864] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-04-19 317440] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2013-01-17 708200] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv_x64.sys [2011-01-12 2611704] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-01-25 23:54 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-01-27 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 02:26] . 2013-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-11 00:46] . 2013-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-11 00:46] . 2013-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4088980869-1917275451-116283548-1004Core.job - c:\users\Bozena Beatrice\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-27 21:57] . 2013-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4088980869-1917275451-116283548-1004UA.job - c:\users\Bozena Beatrice\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-27 21:57] . 2013-01-13 c:\windows\Tasks\HPCeeScheduleForFIXALLTHEISSUES$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . 2013-01-27 c:\windows\Tasks\HPCeeScheduleForJesper Drlicka.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 23:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-01-27 13880] "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-01-07 615584] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-01-07 379040] "MfeEpePcMonitor"="c:\program files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe" [2012-02-08 200704] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-03-29 1424896] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-19 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-19 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-19 416024] . ------- Supplementary Scan ------- . uStart Page = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=491949f4-8852-4123-8b0e-d5edc6411797&searchtype=hp uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyServer = http=127.0.0.1:52263 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=491949f4-8852-4123-8b0e-d5edc6411797&searchtype=ds&q={searchTerms} Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Jesper Drlicka\AppData\Roaming\Mozilla\Firefox\Profiles\mke1z7oj.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&q=&SearchSource=2 FF - ExtSQL: 2012-12-27 13:51; {7473b6bd-4691-4744-a82b-7854eb3d70b6}; c:\users\Jesper Drlicka\AppData\Roaming\Mozilla\Firefox\Profiles\mke1z7oj.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} FF - ExtSQL: 2013-01-27 15:56; amznUWL2@amazon.com; c:\users\Jesper Drlicka\AppData\Roaming\Mozilla\Firefox\Profiles\mke1z7oj.default\extensions\amznUWL2@amazon.com.xpi FF - user.js: general.useragent.extra.brc - user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0); . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file) BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\Jesper Drlicka\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe Wow6432Node-HKLM-Run-DTRun - c:\program files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe Wow6432Node-HKLM-Run-<NO NAME> - (no file) WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-DefaultTab - c:\users\Jesper Drlicka\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher] "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-4088980869-1917275451-116283548-1001\Software\SecuROM\License information*] "datasecu"=hex:0c,a9,18,fd,da,67,67,83,76,35,5a,12,71,c4,3d,c6,86,05,cd,29,16, 5a,ab,a2,b9,f3,ba,73,22,64,a8,36,7e,f7,a3,e4,b2,89,ff,98,e4,36,47,9b,13,6b,\ "rkeysecu"=hex:64,3d,e3,4b,36,81,31,5e,4d,8b,5d,36,f0,5c,fa,6b . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe c:\program files (x86)\OpenOffice.org 3\program\soffice.exe c:\program files (x86)\OpenOffice.org 3\program\soffice.bin c:\program files (x86)\HP HD Webcam [Fixed]\Monitor.exe c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2013-01-27 18:41:52 - machine was rebooted ComboFix-quarantined-files.txt 2013-01-27 23:41 . Pre-Run: 81,397,157,888 bytes free Post-Run: 105,905,782,784 bytes free . - - End Of File - - C8433FDA48DA2234F3A905DD3CAE86B2 RogueKiller V8.4.3 [Jan 27 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User : Jesper Drlicka [Admin rights] Mode : Shortcuts HJfix -- Date : 01/27/2013 18:55:01 | ARK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ File attributes restored: ¤¤¤ Desktop: Success 1 / Fail 0 Quick launch: Success 1 / Fail 0 Programs: Success 278 / Fail 0 Start menu: Success 1 / Fail 0 User folder: Success 543 / Fail 0 My documents: Success 0 / Fail 0 My favorites: Success 0 / Fail 0 My pictures: Success 0 / Fail 0 My music: Success 4 / Fail 0 My videos: Success 0 / Fail 0 Local drives: Success 74 / Fail 0 Backup: [NOT FOUND] Drives: [C:] \Device\HarddiskVolume2 -- 0x3 --> Restored [D:] \Device\CdRom1 -- 0x5 --> Skipped [G:] \Device\CdRom0 -- 0x5 --> Skipped [Q:] \Device\SftVol -- 0x3 --> Restored Finished : << RKreport[3]_SC_01272013_02d1855.txt >> RKreport[1]_S_01272013_02d1851.txt ; RKreport[2]_D_01272013_02d1851.txt ; RKreport[3]_SC_01272013_02d1855.txt
  9. I got a blue screen, and my computer restarted. Then I scanned again after starting my computer and got this. aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2013-01-27 14:52:17 ----------------------------- 14:52:17.441 OS Version: Windows x64 6.1.7600 14:52:17.442 Number of processors: 4 586 0x2A07 14:52:17.444 ComputerName: FIXALLTHEISSUES UserName: Jesper Drlicka 14:52:19.939 Initialize success 14:52:20.480 AVAST engine defs: 13012700 14:52:29.446 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 14:52:29.452 Disk 0 Vendor: TOSHIBA_ MH00 Size: 305245MB BusType: 3 14:52:29.470 Disk 0 MBR read successfully 14:52:29.476 Disk 0 MBR scan 14:52:29.483 Disk 0 Windows 7 default MBR code 14:52:29.492 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 2048 14:52:29.508 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 282514 MB offset 616448 14:52:29.592 Disk 0 scanning C:\windows\system32\drivers 14:52:48.192 Service scanning 14:53:16.350 Modules scanning 14:53:16.368 Disk 0 trace - called modules: 14:53:16.391 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys iaStor.sys hal.dll 14:53:16.403 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800669d060] 14:53:16.417 3 CLASSPNP.SYS[fffff88001ab743f] -> nt!IofCallDriver -> [0xfffffa80048a0b10] 14:53:16.430 5 hpdskflt.sys[fffff88001440189] -> nt!IofCallDriver -> [0xfffffa800477fc80] 14:53:16.444 7 ACPI.sys[fffff88000f7e781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80047a3050] 14:53:17.416 AVAST engine scan C:\windows 14:53:21.553 AVAST engine scan C:\windows\system32 14:57:27.096 AVAST engine scan C:\windows\system32\drivers 14:57:43.137 AVAST engine scan C:\Users\Jesper Drlicka 15:01:36.878 File: C:\Users\Jesper Drlicka\AppData\Local\Temp\is1373634743\volonetBrowseForChangeInstaller.exe **INFECTED** Win32:Dropper-gen [Drp] 15:04:35.389 Disk 0 MBR has been saved successfully to "C:\Users\Jesper Drlicka\Desktop\MBR.dat" 15:04:35.411 The log file has been saved successfully to "C:\Users\Jesper Drlicka\Desktop\aswMBR.txt" MBR.zip
  10. Hello everyone, I believe I have had the snap.do malware for quite some time now. It's only gotten worse in the last few days as when I view Youtube videos an annoying advertisement begins to play all the way at the bottom of the page. I successfully uninstalled the physical points of the malware however it is not completely removed. I read the stickied topic and I believe this is what I am supposed to post. ATTACH.TXT . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 10/10/2011 6:56:36 PM System Uptime: 1/26/2013 9:19:06 PM (16 hours ago) . Motherboard: Hewlett-Packard | | 167E Processor: Intel® Core i3-2310M CPU @ 2.10GHz | CPU 1 | 2100/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 276 GiB total, 76.759 GiB free. D: is CDROM () G: is CDROM (UDF) . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP274: 1/22/2013 7:31:49 AM - Windows Update RP275: 1/22/2013 8:31:36 AM - Removed Java 6 Update 33 RP276: 1/25/2013 8:34:53 PM - Windows Update RP277: 1/25/2013 8:51:31 PM - HPSF Applying updates RP278: 1/25/2013 8:51:31 PM - HPSF Applying updates RP279: 1/27/2013 1:34:39 PM - Removed SPORE™ Galactic Adventures RP280: 1/27/2013 1:37:58 PM - Removed SPORE™ RP281: 1/27/2013 1:39:14 PM - Removed Snagit 11 RP282: 1/27/2013 1:43:04 PM - Removed Rosetta Stone Version 3 . ==== Installed Programs ====================== . 7-Zip 9.20 Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.2 Adobe Shockwave Player 11.6 Agatha Christie - Peril at End House Age of Empires Online AirMech Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft Webcam Sharing Manager ASIO4ALL Audacity 1.3.13 (Unicode) avast! Free Antivirus Bejeweled 2 Deluxe Belkin Setup and Router Monitor Belkin USB Print and Storage Center Blasterball 3 Bluetooth Win7 Suite (64) Bonjour Bounce Symphony Build-a-Lot - The Elizabethan Era Cake Mania CamStudio OSS Desktop Recorder Camtasia Studio 8 Chuzzle Deluxe Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module D3DX10 DefaultTab Device Access Manager for HP ProtectTools Diner Dash 2 Restaurant Rescue Dream of the Blood Moon Drive Encryption For HP ProtectTools Energy Star Digital Logo Evernote v. 4.2.2 Face Recognition for HP ProtectTools Farm Frenzy FATE File Sanitizer For HP ProtectTools FL Studio 10 Galeria fotogràfica del Windows Live Galerie de photos Windows Live Galería fotográfica de Windows Live Google Chrome Google Talk Plugin Google Update Helper Hewlett-Packard ACLM.NET v1.2.1.1 HP 3D DriveGuard HP Auto HP Connection Manager HP Customer Experience Enhancements HP DayStarter HP Documentation HP ESU for Microsoft Windows 7 HP Game Console HP Games HP HD Webcam [Fixed] HP Power Assistant HP ProtectTools Security Manager HP QuickWeb HP Setup HP SoftPaq Download Manager HP Software Framework HP Software Setup HP Support Assistant HP System Default Settings HP Wallpaper IDT Audio Insaniquarium Deluxe Intel® Identity Protection Technology 1.0.71.0 Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Storage Technology Jahshaka Jewel Quest II Jewel Quest Solitaire JMicron Flash Media Controller Driver John Deere Drive Green jZip Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft .NET Framework 1.1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft PowerPoint Viewer Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft WSE 3.0 Runtime Microsoft_VC90_CRT_x86 Moon Breakers Mozilla Firefox 18.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MultiClock 1.0 MultiClock Packages Nexon Game Manager Now Boarding OpenAL OpenLibraries OpenOffice.org 3.1 Pando Media Booster PDF Complete Special Edition Penguins! Plants vs. Zombies Polar Bowler Privacy Manager for HP ProtectTools Project64 1.6 Qualcomm Atheros Driver Installation Program Realm of the Mad God Realtek Ethernet Controller All-In-One Windows Driver Screencast-O-Matic SDK Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Skype™ 6.0 Slingo Deluxe Spiral Knights Spotify Steam swMSM Synaptics Pointing Device Driver System Requirements Lab CYRI Team Fortress 2 Theft Recovery for HP ProtectTools Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Validity Fingerprint Sensor Driver VC80CRTRedist - 8.0.50727.6195 VIP Access SDK x64(1.0.0.50) Virtual Villagers - The Secret City VirtualCloneDrive VLC media player 2.0.5 Web 3D Player Wedding Dash Windows Live Windows Live Argazki Galeria Windows Live Communications Platform Windows Live Essentials Windows Live Galeria de Fotos Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack WinZip 14.5 WinZip System Utilities Suite World of Tanks Xobni Xobni Core Yahoo! Detect Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 1/27/2013 11:50:19 AM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. 1/22/2013 9:13:11 AM, Error: Service Control Manager [7022] - The Authentication Service service hung on starting. 1/22/2013 10:58:41 AM, Error: Service Control Manager [7034] - The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s). 1/22/2013 10:58:17 AM, Error: Service Control Manager [7000] - The hpHotkeyMonitor service failed to start due to the following error: The system cannot find the file specified. 1/22/2013 10:56:44 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPDayStarterService service. . ==== End Of File =========================== DDS.TXT DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 Run by Jesper Drlicka at 13:54:11 on 2013-01-27 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4030.1548 [GMT -5:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\windows\system32\svchost.exe -k GPSvcGroup C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\Hpservice.exe C:\windows\system32\vcsFPService.exe C:\windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\windows\System32\spoolsv.exe c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe C:\Program Files (x86)\Bluetooth Suite\adminservice.exe C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Users\Jesper Drlicka\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe C:\Program Files (x86)\PDF Complete\pdfsvc.exe C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\system32\wbem\wmiprvse.exe C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\system32\SearchIndexer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Users\Jesper Drlicka\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\windows\system32\wuauclt.exe C:\windows\system32\igfxext.exe C:\windows\system32\igfxsrvc.exe C:\windows\system32\taskhost.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\msiexec.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=491949f4-8852-4123-8b0e-d5edc6411797&searchtype=hp uSearch Bar = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=491949f4-8852-4123-8b0e-d5edc6411797&searchtype=ds&q={searchTerms} uSearch Page = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=491949f4-8852-4123-8b0e-d5edc6411797&searchtype=ds&q={searchTerms} uProxyServer = hxxp=127.0.0.1:52263 uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=491949f4-8852-4123-8b0e-d5edc6411797&searchtype=ds&q={searchTerms} uURLSearchHooks: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - <orphaned> mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: File Sanitizer for HP ProtectTools: {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned> BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Jesper Drlicka\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file> uRun: [spotify Web Helper] "C:\Users\Jesper Drlicka\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe mRun: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [HP HD Webcam [Fixed]_Monitor] C:\Program Files (x86)\HP HD Webcam [Fixed]\monitor.exe mRun: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe mRun: [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe mRun: [HPQuickWebProxy] "c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s mRun: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui StartupFolder: C:\Users\JESPER~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: NameServer = 192.168.2.1 TCP: Interfaces\{CE5B463C-FE02-4413-823F-F23F679072B9} : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{CE5B463C-FE02-4413-823F-F23F679072B9}\2656C6B696E6E2631336 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{CE5B463C-FE02-4413-823F-F23F679072B9}\A4570796475627 : DHCPNameServer = 192.168.1.1 75.75.75.75 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll Notify: DeviceNP - DeviceNP.dll SSODL: WebCheck - <orphaned> LSA: Notification Packages = EpePcNp64 DPPassFilter scecli mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-mWinlogon: Userinit = C:\windows\System32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe, x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file> x64-Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" x64-Run: [MfeEpePcMonitor] "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe" x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe x64-Run: [Persistence] C:\windows\System32\igfxpers.exe x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Jesper Drlicka\AppData\Roaming\Mozilla\Firefox\Profiles\mke1z7oj.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&q=&SearchSource=2 FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Web 3D Player\npgamecore.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll FF - plugin: C:\Users\Jesper Drlicka\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Users\Jesper Drlicka\AppData\Roaming\Mozilla\Firefox\Profiles\mke1z7oj.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\plugins\np-mswmp.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll FF - plugin: C:\windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2012-12-27 13:51; {7473b6bd-4691-4744-a82b-7854eb3d70b6}; C:\Users\Jesper Drlicka\AppData\Roaming\Mozilla\Firefox\Profiles\mke1z7oj.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} . ---- FIREFOX POLICIES ---- FF - user.js: general.useragent.extra.brc - user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0); ============= SERVICES / DRIVERS =============== . R0 MfeEpeOpal;MfeEpeOpal;C:\windows\System32\drivers\MfeEpeOpal.sys [2012-2-8 100808] R0 MfeEpePc;MfeEpePc;C:\windows\System32\drivers\MfeEpePc.sys [2012-2-8 158920] R1 aswKbd;aswKbd;C:\windows\System32\drivers\aswKbd.sys [2012-8-10 19600] R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2012-7-16 984144] R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2012-7-16 370288] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-3-29 89600] R2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2012-7-16 25232] R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2012-7-16 71600] R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-1-6 138400] R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-1-6 53920] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-12-14 44808] R2 Belkin Local Backup Service;Belkin Local Backup Service;C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2011-12-24 181760] R2 Belkin Network USB Helper;Belkin Network USB Helper;C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2011-12-24 55296] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\Jesper Drlicka\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2013-1-1 107520] R2 HP Power Assistant Service;HP Power Assistant Service;C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-1-26 131128] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528] R2 HPDayStarterService;HP DayStarter Service;C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [2011-1-28 133688] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-9-6 197536] R2 HPFSService;File Sanitizer for HP ProtectTools;C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2011-2-7 320000] R2 hpsrv;HP Service;C:\windows\System32\hpservice.exe [2012-2-28 31000] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-9 13336] R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896] R2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2012-2-8 1323008] R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-5-4 1127448] R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-5-4 113264] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 sxuptp;SXUPTP Driver;C:\windows\System32\drivers\sxuptp.sys [2011-12-24 291352] R2 uArcCapture;ArcCapture;C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe [2011-8-9 502464] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-9 2656280] R2 vcsFPService;Validity VCS Fingerprint Service;C:\windows\System32\vcsFPService.exe [2011-8-23 3175728] R2 WINZIPSSDiskOptimizer;WINZIPSSDiskOptimizer;C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe [2012-6-15 628040] R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;C:\windows\System32\drivers\ArcSoftVCapture.sys [2011-8-9 32192] R3 BTATH_BUS;Atheros Bluetooth Bus;C:\windows\System32\drivers\btath_bus.sys [2011-1-6 28832] R3 HP ProtectTools Service;HP ProtectTools Service;C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2011-1-12 36864] R3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-4-5 1094712] R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-4-18 317440] R3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2013-1-25 175928] R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2013-1-16 708200] R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 SPUVCbv;SPUVCb Driver Service;C:\windows\System32\drivers\SPUVCBv_x64.sys [2011-8-9 2611704] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 DefaultTabSearch;DefaultTabSearch;C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [2012-11-14 568832] S2 hpHotkeyMonitor;hpHotkeyMonitor;C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe --> C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [?] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944] S2 XobniService;XobniService;C:\Program Files (x86)\Xobni\XobniService.exe [2011-3-7 62184] S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\windows\System32\drivers\btath_flt.sys [2011-1-6 36000] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\drivers\btath_a2dp.sys [2011-1-6 298144] S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\drivers\btath_hcrp.sys [2011-1-6 201376] S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\drivers\btath_lwflt.sys [2011-1-6 55456] S3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\drivers\btath_rcp.sys [2011-1-6 154272] S3 BtFilter;BtFilter;C:\windows\System32\drivers\btfilter.sys [2011-1-6 279200] S3 DAMDrv;DAMDrv;C:\windows\System32\drivers\DAMDrv64.sys [2011-2-7 63336] S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;C:\Windows\SysWOW64\flcdlock.exe [2011-2-3 464480] S3 npggsvc;nProtect GameGuard Service;C:\windows\System32\GameMon.des -service --> C:\windows\System32\GameMon.des -service [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-2-15 52736] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-10-15 1255736] . =============== File Associations =============== . ShellExec: DigitalTheatre.exe: open="c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTStart.exe" "%1" . =============== Created Last 30 ================ . 2013-01-26 16:11:19 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{889CA1F7-C28E-4AD7-8290-0A0FE7A93EC8}\offreg.dll 2013-01-26 02:02:13 175928 ----a-w- C:\windows\System32\drivers\jmcr.sys 2013-01-26 01:35:50 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{889CA1F7-C28E-4AD7-8290-0A0FE7A93EC8}\mpengine.dll 2013-01-22 14:02:26 -------- d-----w- C:\Users\Jesper Drlicka\AppData\Local\Programs 2013-01-17 00:02:23 74344 ----a-w- C:\windows\System32\RtNicProp64.dll 2013-01-17 00:02:23 708200 ----a-w- C:\windows\System32\drivers\Rt64win7.sys 2013-01-09 06:33:14 751104 ----a-w- C:\windows\System32\win32spl.dll 2013-01-09 06:33:12 492032 ----a-w- C:\windows\SysWow64\win32spl.dll 2013-01-09 06:31:54 424960 ----a-w- C:\windows\System32\KernelBase.dll 2013-01-05 14:32:59 -------- d-----w- C:\Users\Jesper Drlicka\AppData\Roaming\MultiClockPackages 2013-01-05 14:32:49 -------- d-----w- C:\Program Files (x86)\ADLSoft 2013-01-01 22:46:10 -------- d-----w- C:\Program Files (x86)\DefaultTab 2013-01-01 22:46:04 -------- d-----w- C:\Users\Jesper Drlicka\AppData\Roaming\DefaultTab 2013-01-01 14:23:20 77656 ----a-w- C:\windows\System32\XAPOFX1_5.dll 2013-01-01 14:23:20 74072 ----a-w- C:\windows\SysWow64\XAPOFX1_5.dll 2013-01-01 14:23:19 527192 ----a-w- C:\windows\SysWow64\XAudio2_7.dll 2013-01-01 14:23:19 518488 ----a-w- C:\windows\System32\XAudio2_7.dll 2013-01-01 14:23:15 2526056 ----a-w- C:\windows\System32\D3DCompiler_43.dll 2013-01-01 14:23:15 2106216 ----a-w- C:\windows\SysWow64\D3DCompiler_43.dll 2013-01-01 14:23:13 276832 ----a-w- C:\windows\System32\d3dx11_43.dll 2013-01-01 14:23:13 248672 ----a-w- C:\windows\SysWow64\d3dx11_43.dll 2013-01-01 14:23:07 2401112 ----a-w- C:\windows\System32\D3DX9_43.dll 2013-01-01 14:23:07 1998168 ----a-w- C:\windows\SysWow64\D3DX9_43.dll 2013-01-01 14:23:02 24920 ----a-w- C:\windows\System32\X3DAudio1_7.dll 2013-01-01 14:23:02 22360 ----a-w- C:\windows\SysWow64\X3DAudio1_7.dll 2013-01-01 14:22:59 81768 ----a-w- C:\windows\SysWow64\xinput1_3.dll 2013-01-01 14:22:59 107368 ----a-w- C:\windows\System32\xinput1_3.dll 2013-01-01 14:21:35 -------- d-----w- C:\UDK 2012-12-31 00:38:26 -------- d-----w- C:\Program Files (x86)\Common Files\TechSmith Shared 2012-12-30 20:58:47 -------- d-----w- C:\Users\Jesper Drlicka\AppData\Local\Screencast-O-Matic 2012-12-30 03:57:51 -------- d-----w- C:\Users\Jesper Drlicka\AppData\Roaming\Image-Line 2012-12-30 03:22:55 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll 2012-12-30 03:22:55 1700352 ----a-w- C:\windows\SysWow64\gdiplus.dll 2012-12-30 03:22:55 1060864 ----a-w- C:\windows\SysWow64\mfc71.dll 2012-12-30 03:12:42 -------- d-----w- C:\Program Files (x86)\ASIO4ALL v2 2012-12-30 03:10:36 225280 ----a-w- C:\windows\SysWow64\rewire.dll 2012-12-30 03:10:25 1554944 ----a-w- C:\windows\SysWow64\vorbis.acm 2012-12-30 03:10:21 -------- d-----w- C:\Program Files (x86)\Outsim 2012-12-30 03:06:54 -------- d-----w- C:\Program Files (x86)\Image-Line 2012-12-28 21:07:03 -------- d-----r- C:\Program Files (x86)\Skype 2012-12-28 20:35:57 -------- d-----w- C:\Users\Jesper Drlicka\AppData\Roaming\GameCore 2012-12-28 20:33:44 -------- d-----w- C:\Program Files (x86)\Web 3D Player . ==================== Find3M ==================== . 2013-01-17 00:01:29 107552 ----a-w- C:\windows\System32\RTNUninst64.dll 2013-01-09 02:26:30 74248 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-09 02:26:30 697864 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2012-12-16 16:52:02 46080 ----a-w- C:\windows\System32\atmlib.dll 2012-12-16 14:40:45 367616 ----a-w- C:\windows\System32\atmfd.dll 2012-12-16 14:25:27 295424 ----a-w- C:\windows\SysWow64\atmfd.dll 2012-12-16 14:25:19 34304 ----a-w- C:\windows\SysWow64\atmlib.dll 2012-12-14 21:49:28 24176 ----a-w- C:\windows\System32\drivers\mbam.sys 2012-12-07 05:41:16 441856 ----a-w- C:\windows\System32\Wpc.dll 2012-12-07 05:35:34 2745856 ----a-w- C:\windows\System32\gameux.dll 2012-12-07 05:04:20 308736 ----a-w- C:\windows\SysWow64\Wpc.dll 2012-12-07 04:57:38 2576384 ----a-w- C:\windows\SysWow64\gameux.dll 2012-12-07 03:21:08 45568 ----a-w- C:\windows\SysWow64\oflc-nz.rs 2012-12-02 09:23:22 0 ----a-w- C:\windows\SysWow64\sho8067.tmp 2012-11-30 05:50:00 362496 ----a-w- C:\windows\System32\wow64win.dll 2012-11-30 05:50:00 243200 ----a-w- C:\windows\System32\wow64.dll 2012-11-30 05:50:00 13312 ----a-w- C:\windows\System32\wow64cpu.dll 2012-11-30 05:49:28 215040 ----a-w- C:\windows\System32\winsrv.dll 2012-11-30 05:46:35 16384 ----a-w- C:\windows\System32\ntvdm64.dll 2012-11-30 05:06:50 5120 ----a-w- C:\windows\SysWow64\wow32.dll 2012-11-30 05:06:49 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll 2012-11-30 03:33:03 338432 ----a-w- C:\windows\System32\conhost.exe 2012-11-30 02:56:36 25600 ----a-w- C:\windows\SysWow64\setup16.exe 2012-11-30 02:56:35 7680 ----a-w- C:\windows\SysWow64\instnm.exe 2012-11-30 02:56:34 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll 2012-11-30 02:56:33 2048 ----a-w- C:\windows\SysWow64\user.exe 2012-11-30 02:51:41 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-11-30 02:51:41 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 02:51:41 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 02:51:41 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-11-23 03:45:35 3147264 ----a-w- C:\windows\System32\win32k.sys 2012-11-22 10:32:45 801280 ----a-w- C:\windows\System32\usp10.dll 2012-11-22 09:33:26 627712 ----a-w- C:\windows\SysWow64\usp10.dll 2012-11-20 05:55:59 307200 ----a-w- C:\windows\System32\ncrypt.dll 2012-11-20 05:10:07 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll 2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-11-09 05:34:27 2048 ----a-w- C:\windows\System32\tzres.dll 2012-11-09 04:49:37 2048 ----a-w- C:\windows\SysWow64\tzres.dll 2012-11-02 05:30:41 2001408 ----a-w- C:\windows\System32\msxml6.dll 2012-11-02 05:30:40 1880064 ----a-w- C:\windows\System32\msxml3.dll 2012-11-02 05:27:51 478208 ----a-w- C:\windows\System32\dpnet.dll 2012-11-02 04:50:33 1388544 ----a-w- C:\windows\SysWow64\msxml6.dll 2012-11-02 04:50:33 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll 2012-11-02 04:48:28 376832 ----a-w- C:\windows\SysWow64\dpnet.dll 2012-10-30 23:51:55 984144 ----a-w- C:\windows\System32\drivers\aswSnx.sys 2012-10-30 23:51:55 71600 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys 2012-10-30 23:51:07 41224 ----a-w- C:\windows\avastSS.scr . ============= FINISH: 13:54:36.19 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.