IgnatiusJReilly

Members

View Profile See their activity

Posts
5
Joined
July 10, 2013
Last visited
July 11, 2013

Reputation

0 Neutral

Removal of win32.downloader.gen

IgnatiusJReilly replied to IgnatiusJReilly's topic in Resolved Malware Removal Logs

Here you go. Results of screen317's Security Check version 0.99.68 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy CCleaner Java 7 Update 25 Adobe Flash Player 11.7.700.224 Adobe Reader XI Mozilla Firefox (22.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe Alwil Software Avast5 AvastSvc.exe Alwil Software Avast5 AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````
- July 11, 2013
- 10 replies
Removal of win32.downloader.gen

IgnatiusJReilly replied to IgnatiusJReilly's topic in Resolved Malware Removal Logs

Spybot doesn't find anything anymore. When I perform a search from the address bar in Firefox I no longer see any Conduit or Ask nonsense. So far so good. CheckResults.txt
- July 11, 2013
- 10 replies
Removal of win32.downloader.gen

IgnatiusJReilly replied to IgnatiusJReilly's topic in Resolved Malware Removal Logs

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-07-2013 03 Ran by andy (administrator) on 11-07-2013 01:28:34 Running from D:\unzipped Windows 7 Home Premium Service Pack 1 (X64) OS Language: Dutch Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe () C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe () C:\Program Files\CDBurnerXP\NMSAccessU.exe (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe () C:\Users\andy\AppData\Roaming\TorrentStream\engine\tsengine.exe () C:\Program Files (x86)\MagicTune Premium\GammaTray.exe () C:\Program Files\Rainmeter\Rainmeter.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe () C:\Users\andy\AppData\Roaming\TorrentStream\updater\tsupdate.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe (Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [sunJavaUpdateSched] - "C:\Program Files\Java\jre6\bin\jusched.exe" [171520 2009-09-09] (Sun Microsystems, Inc.) HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1612880 2010-01-27] (Logitech, Inc.) HKLM\...\Run: [Windows Mobile Device Center] - %windir%\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKCU\...\Run: [spybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKCU\...\Run: [AdobeBridge] - [x] HKCU\...\Run: [ccleaner] - "C:\Program Files (x86)\CCleaner\ccleaner.exe" /AUTO [1771320 2010-02-24] (Piriform Ltd) HKCU\...\Run: [TorrentStream] - C:\Users\andy\AppData\Roaming\TorrentStream\engine\tsengine.exe [27256 2013-07-05] () HKCU\...\Policies\system: [DisableRegistryTools] 0 HKCU\...\Policies\system: [DisableTaskMgr] 0 MountPoints2: {93629181-39ad-11df-979c-90e6bad56782} - F:\Setup.exe HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [2171904 2009-06-05] (VIA) HKLM-x32\...\Run: [startCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-02-03] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [ATICustomerCare] - "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [307200 2009-06-15] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [avast5] - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software) HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.) HKLM-x32\...\Run: [brStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN [2621440 2010-02-09] (Brother Industries, Ltd.) HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [926896 2012-09-23] (Adobe Systems Incorporated) HKLM-x32\...\Run: [sunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation) HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation) Startup: C:\ProgramData\Start Menu\Programs\Startup\GammaTray.lnk ShortcutTarget: GammaTray.lnk -> C:\Program Files (x86)\MagicTune Premium\GammaTray.exe () Startup: C:\Users\andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://be.msn.com/default.aspx BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.) Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 195.130.130.5 195.130.131.5 FireFox: ======== FF ProfilePath: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\3coegp3n.default FF SelectedSearchEngine: Google FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Windows\system32\TVUAx\npTVUAx.dll No File FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @torrentstream.net/tsplugin,version=2.0.7.2 - C:\Users\andy\AppData\Roaming\TorrentStream\player\npts_plugin.dll (Innovative Digital Technologies) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\andy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\3coegp3n.default\searchplugins\dogpile.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\3coegp3n.default\searchplugins\firefox-add-ons.xml FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\3coegp3n.default\searchplugins\lycos.xml FF Extension: No Name - C:\Users\andy\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: Custom Buttons - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\3coegp3n.default\Extensions\custombuttons@xsms.org FF Extension: IE Tab Plus - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\3coegp3n.default\Extensions\ietab@ip.cn FF Extension: samfind Bookmarks Bar - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\3coegp3n.default\Extensions\sam@samfind.com FF Extension: artur.dubovoy - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\3coegp3n.default\Extensions\artur.dubovoy@gmail.com.xpi FF Extension: firegestures - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\3coegp3n.default\Extensions\firegestures@xuldev.org.xpi FF Extension: researchword - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\3coegp3n.default\Extensions\researchword@scott.xpi FF Extension: No Name - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\3coegp3n.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi FF Extension: No Name - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\3coegp3n.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi FF Extension: No Name - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\3coegp3n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\Alwil Software\Avast5\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF ==================== Services (Whitelisted) ================= S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated) R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-05-09] (AVAST Software) R2 MagicTuneEngine; C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe [45056 2007-08-23] () R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 NMSAccess64; C:\Program Files\CDBurnerXP\NMSAccessU.exe [82872 2009-01-12] () R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] () R0 mv61xx; C:\Windows\System32\DRIVERS\mv61xx.sys [178728 2009-05-12] (Marvell Semiconductor, Inc.) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-03-27] () S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2009-11-12] () U3 aok1cjr8; C:\Windows\System32\Drivers\aok1cjr8.sys [0 ] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-11 01:28 - 2013-07-11 01:28 - 00000000 ____D C:\FRST 2013-07-11 01:02 - 2013-07-11 01:02 - 00000168 ____A C:\Users\andy\Desktop\ESET.txt 2013-07-10 23:45 - 2013-07-10 23:45 - 00002267 ____A C:\Users\andy\Desktop\AdwCleaner[s1].txt 2013-07-10 23:41 - 2013-07-10 23:41 - 00002267 ____A C:\AdwCleaner[s1].txt 2013-07-10 23:34 - 2013-07-10 23:34 - 00014956 ____A C:\Users\andy\Desktop\JRT.txt 2013-07-10 23:29 - 2013-07-10 23:29 - 00000000 ____D C:\Windows\ERUNT 2013-07-10 23:14 - 2013-07-10 23:23 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-07-10 23:11 - 2013-07-10 23:11 - 00000000 ____D C:\Windows\ERDNT 2013-07-10 23:10 - 2013-07-10 23:10 - 00000935 ____A C:\Users\andy\Desktop\NTREGOPT.lnk 2013-07-10 23:10 - 2013-07-10 23:10 - 00000916 ____A C:\Users\andy\Desktop\ERUNT.lnk 2013-07-10 23:04 - 2013-07-10 23:04 - 00791393 ____A (Lars Hederer ) C:\Users\andy\Downloads\erunt-setup.exe 2013-07-10 22:37 - 2013-07-10 22:37 - 00017121 ____A C:\Users\andy\Desktop\dds.txt 2013-07-10 22:37 - 2013-07-10 22:37 - 00007316 ____A C:\Users\andy\Desktop\attach.txt 2013-07-10 22:24 - 2013-07-10 23:44 - 00000448 ____A C:\Windows\setupact.log 2013-07-10 22:24 - 2013-07-10 22:24 - 00000000 ____A C:\Windows\setuperr.log 2013-07-08 21:37 - 2013-07-08 21:37 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-07-08 21:31 - 2013-07-10 23:46 - 00112069 ____A C:\Windows\WindowsUpdate.log 2013-07-07 21:54 - 2013-07-07 21:54 - 00001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-06-27 21:53 - 2013-06-27 21:53 - 00000175 ____A C:\Windows\system32\Drivers\aswVmm.sys.sum 2013-06-26 20:44 - 2013-06-27 21:53 - 00000175 ____A C:\Windows\system32\Drivers\aswSP.sys.sum 2013-06-26 20:44 - 2013-06-27 21:53 - 00000175 ____A C:\Windows\system32\Drivers\aswSnx.sys.sum 2013-06-23 18:51 - 2013-06-23 18:51 - 00027188 ____A C:\Users\andy\AppData\Local\soulseek-client.dat.1372006317838 2013-06-23 18:45 - 2013-06-23 18:45 - 00027188 ____A C:\Users\andy\AppData\Local\soulseek-client.dat.1372005942557 2013-06-23 17:45 - 2013-06-23 17:45 - 00027188 ____A C:\Users\andy\AppData\Local\soulseek-client.dat.1372002342555 2013-06-19 17:57 - 2013-06-19 17:57 - 00000000 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log 2013-06-15 20:35 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-06-15 20:35 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-06-15 20:35 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-06-15 20:35 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-06-15 20:35 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-06-15 20:35 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-06-15 20:35 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-15 20:35 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-15 20:35 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-15 20:35 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-15 20:35 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-15 20:35 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-11 23:34 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-11 23:34 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-11 23:34 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-11 23:34 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-11 23:34 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-11 23:34 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-11 23:34 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-11 23:34 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-11 23:34 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-06-11 23:34 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-06-11 23:34 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-06-11 23:34 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-06-11 23:34 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-06-11 23:34 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-06-11 23:34 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-06-11 23:34 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-06-11 23:34 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-06-11 23:34 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-06-11 23:34 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-06-11 23:31 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll 2013-06-11 23:31 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-11 23:31 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-06-11 23:31 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2013-06-11 23:31 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-11 23:31 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-06-11 23:31 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2013-06-11 23:30 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-06-11 23:30 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-06-11 23:30 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-06-11 23:30 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\system32\certenc.dll 2013-06-11 23:30 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-11 23:30 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-11 23:30 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-11 23:30 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\system32\certutil.exe 2013-06-11 23:30 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-11 23:30 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-11 23:30 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-06-11 23:30 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\system32\d3d11.dll ==================== One Month Modified Files and Folders ======= 2013-07-11 01:28 - 2013-07-11 01:28 - 00000000 ____D C:\FRST 2013-07-11 01:02 - 2013-07-11 01:02 - 00000168 ____A C:\Users\andy\Desktop\ESET.txt 2013-07-10 23:50 - 2009-07-14 06:45 - 00018560 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-10 23:50 - 2009-07-14 06:45 - 00018560 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-10 23:46 - 2013-07-08 21:31 - 00112069 ____A C:\Windows\WindowsUpdate.log 2013-07-10 23:45 - 2013-07-10 23:45 - 00002267 ____A C:\Users\andy\Desktop\AdwCleaner[s1].txt 2013-07-10 23:44 - 2013-07-10 22:24 - 00000448 ____A C:\Windows\setupact.log 2013-07-10 23:43 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-07-10 23:41 - 2013-07-10 23:41 - 00002267 ____A C:\AdwCleaner[s1].txt 2013-07-10 23:34 - 2013-07-10 23:34 - 00014956 ____A C:\Users\andy\Desktop\JRT.txt 2013-07-10 23:29 - 2013-07-10 23:29 - 00000000 ____D C:\Windows\ERUNT 2013-07-10 23:23 - 2013-07-10 23:14 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-07-10 23:11 - 2013-07-10 23:11 - 00000000 ____D C:\Windows\ERDNT 2013-07-10 23:10 - 2013-07-10 23:10 - 00000935 ____A C:\Users\andy\Desktop\NTREGOPT.lnk 2013-07-10 23:10 - 2013-07-10 23:10 - 00000916 ____A C:\Users\andy\Desktop\ERUNT.lnk 2013-07-10 23:04 - 2013-07-10 23:04 - 00791393 ____A (Lars Hederer ) C:\Users\andy\Downloads\erunt-setup.exe 2013-07-10 23:03 - 2010-03-26 21:24 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-07-10 22:42 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2013-07-10 22:37 - 2013-07-10 22:37 - 00017121 ____A C:\Users\andy\Desktop\dds.txt 2013-07-10 22:37 - 2013-07-10 22:37 - 00007316 ____A C:\Users\andy\Desktop\attach.txt 2013-07-10 22:24 - 2013-07-10 22:24 - 00000000 ____A C:\Windows\setuperr.log 2013-07-10 20:36 - 2012-07-10 22:50 - 00004184 ____A C:\Windows\System32\Tasks\avast! Emergency Update 2013-07-10 10:10 - 2011-01-19 20:09 - 00000000 ____D C:\Users\andy\AppData\Local\Last.fm 2013-07-08 21:37 - 2013-07-08 21:37 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-07-08 21:37 - 2012-05-08 21:41 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll 2013-07-08 21:37 - 2011-03-11 15:07 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-07-08 21:37 - 2011-03-11 15:07 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-07-08 21:37 - 2011-03-11 15:07 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-07-08 21:37 - 2010-05-02 23:11 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-07-07 21:54 - 2013-07-07 21:54 - 00001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-07-07 10:13 - 2009-07-14 07:08 - 00032592 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-07-02 17:14 - 2010-03-25 20:12 - 00000000 ____D C:\Users\andy\AppData\Roaming\Azureus 2013-06-27 21:53 - 2013-06-27 21:53 - 00000175 ____A C:\Windows\system32\Drivers\aswVmm.sys.sum 2013-06-27 21:53 - 2013-06-26 20:44 - 00000175 ____A C:\Windows\system32\Drivers\aswSP.sys.sum 2013-06-27 21:53 - 2013-06-26 20:44 - 00000175 ____A C:\Windows\system32\Drivers\aswSnx.sys.sum 2013-06-27 21:53 - 2013-03-19 21:48 - 00189936 ____A C:\Windows\system32\Drivers\aswVmm.sys 2013-06-27 21:53 - 2011-02-26 15:03 - 01030952 ____A (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2013-06-27 21:53 - 2010-03-20 14:19 - 00378944 ____A (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2013-06-23 18:51 - 2013-06-23 18:51 - 00027188 ____A C:\Users\andy\AppData\Local\soulseek-client.dat.1372006317838 2013-06-23 18:45 - 2013-06-23 18:45 - 00027188 ____A C:\Users\andy\AppData\Local\soulseek-client.dat.1372005942557 2013-06-23 17:45 - 2013-06-23 17:45 - 00027188 ____A C:\Users\andy\AppData\Local\soulseek-client.dat.1372002342555 2013-06-19 17:57 - 2013-06-19 17:57 - 00000000 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log 2013-06-18 18:09 - 2009-09-09 12:03 - 00701548 ____A C:\Windows\system32\perfh013.dat 2013-06-18 18:09 - 2009-09-09 12:03 - 00133580 ____A C:\Windows\system32\perfc013.dat 2013-06-18 18:09 - 2009-07-14 07:13 - 01571202 ____A C:\Windows\system32\PerfStringBackup.INI 2013-06-17 16:44 - 2012-03-31 21:53 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-17 16:44 - 2011-05-14 18:20 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-15 17:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-06-11 23:34 - 2010-03-21 10:29 - 75825640 ____A (Microsoft Corporation) C:\Windows\system32\MRT.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-03 17:32 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-07-2013 03 Ran by andy at 2013-07-11 01:29:27 Running from D:\unzipped Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Acrobat.com (x32 Version: 0.0.0) Acrobat.com (x32 Version: 1.2.443) Adobe Acrobat 9 Pro - English, Français, Deutsch (x32 Version: 9.0.0) Adobe After Effects CS4 (x32 Version: 9) Adobe After Effects CS4 Presets (x32 Version: 9) Adobe AIR (x32 Version: 1.1.0.5790) Adobe Anchor Service CS4 (x32 Version: 2.0) Adobe Anchor Service x64 CS4 (Version: 2.0) Adobe Asset Services CS4 (x32 Version: 4) Adobe Bridge CS4 (x32 Version: 3) Adobe CMaps CS4 (x32 Version: 2.0) Adobe CMaps x64 CS4 (Version: 2.0) Adobe Color - Photoshop Specific CS4 (x32 Version: 2.0) Adobe Color EU Extra Settings CS4 (x32 Version: 2.0) Adobe Color JA Extra Settings CS4 (x32 Version: 2.0) Adobe Color NA Recommended Settings CS4 (x32 Version: 2.0) Adobe Color Video Profiles AE CS4 (x32 Version: 2.0) Adobe Color Video Profiles CS CS4 (x32 Version: 2.0) Adobe Contribute CS4 (x32 Version: 5.0) Adobe Creative Suite 4 Master Collection (x32 Version: 4.0) Adobe CS4 American English Speech Analysis Models (x32 Version: 1) Adobe CSI CS4 (x32 Version: 1) Adobe CSI CS4 x64 (Version: 1) Adobe Default Language CS4 (x32 Version: 2.0) Adobe Device Central CS4 (x32 Version: 2) Adobe Dreamweaver CS4 (x32 Version: 10.0) Adobe Drive CS4 (x32 Version: 1) Adobe Drive CS4 x64 (Version: 1) Adobe Dynamiclink Support (x32 Version: 1) Adobe Encore CS4 (x32 Version: 4) Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0) Adobe Extension Manager CS4 (x32 Version: 2.0) Adobe Fireworks CS4 (x32 Version: 10.0) Adobe Flash CS4 (x32 Version: 10.0) Adobe Flash CS4 Extension - Flash Lite STI en (x32 Version: 3.0) Adobe Flash CS4 STI-en (x32 Version: 10.0) Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.202) Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224) Adobe Fonts All (x32 Version: 2.0) Adobe Fonts All x64 (Version: 2.0) Adobe Illustrator CS4 (x32 Version: 14.0) Adobe InDesign CS4 (x32 Version: 6.0) Adobe InDesign CS4 Application Feature Set Files (Roman) (x32 Version: 6.0) Adobe InDesign CS4 Common Base Files (x32 Version: 6.0) Adobe InDesign CS4 Icon Handler (x32 Version: 6.0) Adobe InDesign CS4 Icon Handler x64 (Version: 6.0) Adobe Linguistics CS4 (x32 Version: 4.0.0) Adobe Linguistics CS4 x64 (Version: 4.0.0) Adobe Media Encoder CS4 (x32 Version: 1.0) Adobe Media Encoder CS4 Additional Exporter (x32 Version: 1.0) Adobe Media Encoder CS4 Dolby (x32 Version: 1.0) Adobe Media Player (x32 Version: 0.0.0) Adobe Media Player (x32 Version: 1.1) Adobe MotionPicture Color Files CS4 (x32 Version: 2.0) Adobe OnLocation CS4 (x32 Version: 4) Adobe Output Module (x32 Version: 2.0) Adobe PDF Library Files CS4 (x32 Version: 9.0) Adobe PDF Library Files x64 CS4 (Version: 9.0) Adobe Photoshop CS4 (64 Bit) (Version: 11.0) Adobe Photoshop CS4 (x32 Version: 11.0) Adobe Photoshop CS4 Support (x32 Version: 11.0) Adobe Premiere Pro CS4 (x32 Version: 4) Adobe Premiere Pro CS4 Functional Content (x32 Version: 4) Adobe Reader XI - Nederlands (x32 Version: 11.0.00) Adobe Search for Help (x32 Version: 1.0) Adobe Service Manager Extension (x32 Version: 1.0) Adobe Setup (x32 Version: 2.0) Adobe SGM CS4 (x32 Version: 3.0) Adobe SING CS4 (x32 Version: 2.0) Adobe Soundbooth CS4 (x32 Version: 2) Adobe Type Support CS4 (x32 Version: 9.0) Adobe Type Support x64 CS4 (Version: 9.0) Adobe Update Manager CS4 (x32 Version: 6.0.0) Adobe Version Cue CS4 Server (x32 Version: 4.0) Adobe WinSoft Linguistics Plugin (x32 Version: 1.1) Adobe WinSoft Linguistics Plugin x64 (Version: 1.1) Adobe XMP Panels CS4 (x32 Version: 2.0) AdobeColorCommonSetCMYK (x32 Version: 2.0) AdobeColorCommonSetRGB (x32 Version: 2.0) Aldfaer (HKCU) AMD DnD V1.0.19 (x32 Version: 1.0.19) Any Video Converter 3.5.2 (x32) Apple Application Support (x32 Version: 1.2.1) Apple Software Update (x32 Version: 2.1.1.116) ATI Catalyst Install Manager (Version: 3.0.762.0) ATI Catalyst Registration (x32 Version: 2.01.0000) avast! Free Antivirus (x32 Version: 8.0.1489.0) Brother MFL-Pro Suite DCP-J315W (x32 Version: 1.0.3.0) BS.Player FREE (x32 Version: 2.63.1071) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center Core Implementation (x32 Version: 2010.0202.2335.42270) Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0202.2335.42270) Catalyst Control Center Graphics Full New (x32 Version: 2010.0202.2335.42270) Catalyst Control Center Graphics Light (x32 Version: 2010.0202.2335.42270) Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0202.2335.42270) Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0202.2335.42270) Catalyst Control Center HydraVision Full (x32 Version: 2010.0202.2335.42270) Catalyst Control Center InstallProxy (x32 Version: 2010.0202.2335.42270) CCC Help English (x32 Version: 2010.0202.2334.42270) ccc-core-static (x32 Version: 2010.0202.2335.42270) ccc-utility64 (Version: 2010.0202.2335.42270) CCleaner (x32 Version: 2.29) CDBurnerXP (Version: 4.3.2.2212) CDisplay 1.8 (x32) Combined Community Codec Pack 2011-11-11 (x32 Version: 2011.11.11.0) Connect (x32 Version: 1.0.0.1) eReg (x32 Version: 1.20.138.34) ERUNT 1.1j (x32) ESET Online Scanner v3 (x32) GIF Animator 4.0 (x32 Version: 4.0) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) Java 6 Update 16 (64-bit) (Version: 6.0.160) Java 6 Update 22 (x32 Version: 6.0.220) kuler (x32 Version: 2.0) Last.fm Scrobbler 2.1.35 (x32) Logitech SetPoint 6.0 (Version: 6.00.68) MagicTune Premium (x32 Version: 1.0 Beta) Malwarebytes Anti-Malware versie 1.75.0.1300 (x32 Version: 1.75.0.1300) marvell 61xx (x32 Version: 1.2.0.69) Media Go (x32 Version: 1.8.121) Microsoft Silverlight (Version: 5.1.20125.0) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Mozilla Firefox 22.0 (x86 nl) (x32 Version: 22.0) Mozilla Maintenance Service (x32 Version: 22.0) NWZ-A860 WALKMAN Guide (x32 Version: 2.0.2.04130) OpenOffice.org 3.3 (x32 Version: 3.3.9567) PDF Settings CS4 (x32 Version: 9.0) Photoshop Camera Raw (x32 Version: 5.0) Photoshop Camera Raw_x64 (Version: 5.0) Pixel Bender Toolkit (x32 Version: 1.0) Platform (x32 Version: 1.34) PlayStation®Network Downloader (x32 Version: 2.06.00741) PlayStation®Store (x32 Version: 4.3.3.12540) QuickTime (x32 Version: 7.66.71.0) Rainmeter (x32 Version: 2.5 beta r1696) Realtek 8136 8168 8169 Ethernet Driver (x32 Version: 1.00.0005) rosoft .NET Framework 4 Client Profile (Version: 4.0.30319) Samsung_MonSetup (x32 Version: 1.00.0000) SopCast 3.5.0 (x32 Version: 3.5.0) SoulseekQt (x32) Spybot - Search & Destroy (x32 Version: 1.6.2) StarCraft II (x32 Version: 2.0.9.26147) Suite Shared Configuration CS4 (x32 Version: 1.0) The Lord of the Rings FREE Trial (x32 Version: 1.00.0000) Torrent Stream 2.0.7.2 (HKCU Version: 2.0.7.2) TVUPlayer 2.5.3.1 (x32 Version: 2.5.3.1) Unity Web Player (HKCU Version: 2.6.1f3_31223) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Veetle TV 0.9.18 (x32 Version: 0.9.18) VIA Platform Device Manager (x32 Version: 1.34) Vuze (x32 Version: 4.7) Winamp (x32 Version: 5.572 ) Winamp Detector Plug-in (HKCU Version: 1.0.0.1) Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8) Windows Mobile Apparaatcentrum (Version: 6.1.6965.0) WinRAR ==================== Restore Points ========================= ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {1EDEBAFC-CBE5-49A5-B6F1-4D9F3434B1E0} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation) Task: {3368B096-42C5-4645-BC9B-0531ED94B69A} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2013-05-09] (AVAST Software) Task: {48DDCC91-2BC9-4ACA-9FA0-56B944821883} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {A190CCB1-8FA4-48CE-A2EC-2F93D225F583} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Error: (07/10/2013 11:51:03 PM) (Source: volsnap) (User: ) Description: Bij de schaduwkopieën van volume C: zijn afgebroken omdat de schaduwkopieopslag niet kan worden uitgebreid vanwege een door de gebruiker opgelegde limiet. Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 50% Total physical RAM: 4095.18 MB Available physical RAM: 2018.38 MB Total Pagefile: 8188.54 MB Available Pagefile: 5973.99 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:50 GB) (Free:5.4 GB) NTFS (Disk=0 Partition=1) ==>[Drive with boot components (obtained from BCD)] Drive d: (D0-P2) (Fixed) (Total:415.76 GB) (Free:69.9 GB) NTFS (Disk=0 Partition=2) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 30266228) Partition 1: (Active) - (Size=50 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=416 GB) - (Type=OF Extended) ==================== End Of Log ============================
- July 10, 2013
- 10 replies
Removal of win32.downloader.gen

IgnatiusJReilly replied to IgnatiusJReilly's topic in Resolved Malware Removal Logs

Thanks for the help so far. System log: --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.06.0.1004 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16618 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 3.000000 GHz Memory total: 4294103040, free: 2860658688 Downloaded database version: v2013.07.10.08 Initializing... ------------ Kernel report ------------ 07/10/2013 23:14:01 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_AuthenticAMD.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\sphw.sys \SystemRoot\System32\Drivers\WMILIB.SYS \SystemRoot\System32\Drivers\SCSIPORT.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\DRIVERS\mv61xx.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\PxHlpa64.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\AtiPcie.sys \SystemRoot\System32\Drivers\aswVmm.sys \SystemRoot\System32\Drivers\aswRvrt.sys \SystemRoot\system32\drivers\cdrom.sys \SystemRoot\System32\Drivers\aswSnx.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\Drivers\aswTdi.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\Drivers\aswrdr2.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\System32\Drivers\aswSP.SYS \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\amdppm.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atipmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\drivers\1394ohci.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\ASACPI.sys \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\System32\Drivers\ag80mmfc.SYS \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\AtiHdmi.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\viahduaa.sys \SystemRoot\System32\Drivers\LUsbFilt.Sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\LHidFilt.Sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\LMouFilt.Sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \??\C:\Windows\system32\drivers\aswMonFlt.sys \??\C:\Windows\system32\drivers\mbam.sys \SystemRoot\System32\Drivers\aswFsBlk.SYS \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\Drivers\adfs.SYS \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\iertutil.dll \Windows\System32\wininet.dll \Windows\System32\Wldap32.dll \Windows\System32\imagehlp.dll \Windows\System32\user32.dll \Windows\System32\lpk.dll \Windows\System32\psapi.dll \Windows\System32\msctf.dll \Windows\System32\rpcrt4.dll \Windows\System32\shell32.dll \Windows\System32\usp10.dll \Windows\System32\ws2_32.dll \Windows\System32\comdlg32.dll \Windows\System32\kernel32.dll \Windows\System32\sechost.dll \Windows\System32\nsi.dll \Windows\System32\clbcatq.dll \Windows\System32\normaliz.dll \Windows\System32\setupapi.dll \Windows\System32\shlwapi.dll \Windows\System32\urlmon.dll \Windows\System32\difxapi.dll \Windows\System32\advapi32.dll \Windows\System32\ole32.dll \Windows\System32\msvcrt.dll \Windows\System32\oleaut32.dll \Windows\System32\gdi32.dll \Windows\System32\imm32.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\cfgmgr32.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\devobj.dll \Windows\System32\wintrust.dll \Windows\System32\crypt32.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\comctl32.dll \Windows\System32\KernelBase.dll \Windows\System32\msasn1.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8004afd790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP1T1L0-5\ Lower Device Object: 0xfffffa8004af2680 Lower Device Driver Name: \Driver\atapi\ IRP handler 0 of \Driver\atapi points to an unknown module Unhooking enabled. <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8004afd790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP1T1L0-5\ Lower Device Object: 0xfffffa8004af2680 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi Initialization returned 0x0 Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0) Load Function returned 0x0 <<<2>>> Device number: 0, partition: 1 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8004afd790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8004af2040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8004afd790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800494e9b0, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa8004af2680, DeviceName: \Device\Ide\IdeDeviceP1T1L0-5\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0xfffff8a00dafa380, 0xfffffa8004afd790, 0xfffffa80077e9090 Lower DeviceData: 0xfffff8a010584c30, 0xfffffa8004af2680, 0xfffffa800572bb20 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> Device number: 0, partition: 1 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 1 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes File user open failed: C:\Windows\system32\drivers\sptd.sys (0x00000020) Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 30266228 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 104857600 Partition file system is NTFS Partition is bootable Partition 1 type is Extended with LBA (0xf) Partition is NOT ACTIVE. Partition starts at LBA: 104859648 Numsec = 871911424 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)... Done! Scan finished ======================================= Removal queue found; removal started Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam... Removal finished Mbar-log: Malwarebytes Anti-Rootkit BETA 1.06.0.1004 www.malwarebytes.org Database version: v2013.07.10.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 andy :: ANDY-PC [administrator] 10/07/2013 23:14:05 mbar-log-2013-07-10 (23-14-05).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: PUP Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged. Objects scanned: 242686 Time elapsed: 7 minute(s), 29 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) JRT: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.0.5 (07.10.2013:2) OS: Windows 7 Home Premium x64 Ran by andy on wo 10/07/2013 at 23:29:51,13 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} ~~~ Registry Keys Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\typelib\{1ea4dbf0-3c3b-11cf-810c-00aa00389b71} Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\typelib\{1ea4dbf0-3c3b-11cf-810c-00aa00389b71} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\typelib\{1ea4dbf0-3c3b-11cf-810c-00aa00389b71} Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\typelib\{1ea4dbf0-3c3b-11cf-810c-00aa00389b71} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasmancs Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\classes\typelib\{1ea4dbf0-3c3b-11cf-810c-00aa00389b71} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2B55D4B1-AB3E-45DA-99E8-C67B0F37DC8D} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EF546236-9EF5-4B8C-A3C7-2A51CA4C16F9} ~~~ Files Successfully deleted: [File] "C:\end" ~~~ Folders Successfully deleted: [Folder] "C:\Users\andy\appdata\locallow\conduit" Successfully deleted: [Folder] "C:\Users\andy\appdata\locallow\pricegong" Successfully deleted: [Folder] "C:\ProgramData\ask" ~~~ FireFox Successfully deleted: [File] C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\3coegp3n.default\searchplugins\askcom.xml Successfully deleted: [Folder] C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\3coegp3n.default\conduitcommon Successfully deleted the following from C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\3coegp3n.default\prefs.js user_pref("CT2504091..clientLogIsEnabled", true); user_pref("CT2504091.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); user_pref("CT2504091.CTID", "CT2504091"); user_pref("CT2504091.CurrentServerDate", "23-12-2011"); user_pref("CT2504091.DSInstall", false); user_pref("CT2504091.DialogsAlignMode", "LTR"); user_pref("CT2504091.DialogsGetterLastCheckTime", "Fri Dec 23 2011 21:34:36 GMT+0100 (Romance (standaardtijd))"); user_pref("CT2504091.DownloadReferralCookieData", ""); user_pref("CT2504091.EMailNotifierPollDate", "Fri Dec 23 2011 21:34:36 GMT+0100 (Romance (standaardtijd))"); user_pref("CT2504091.FeedLastCount129079840422964131", 0); user_pref("CT2504091.FeedPollDate128891351169457140", "Fri Dec 23 2011 21:34:36 GMT+0100 (Romance (standaardtijd))"); user_pref("CT2504091.FeedPollDate129079840422964131", "Fri Dec 23 2011 21:34:36 GMT+0100 (Romance (standaardtijd))"); user_pref("CT2504091.FeedTTL128891351169457140", 40); user_pref("CT2504091.FirstServerDate", "23-12-2011"); user_pref("CT2504091.FirstTime", true); user_pref("CT2504091.FirstTimeFF3", true); user_pref("CT2504091.FixPageNotFoundErrors", true); user_pref("CT2504091.GroupingServerCheckInterval", 1440); user_pref("CT2504091.HPInstall", false); user_pref("CT2504091.HasUserGlobalKeys", true); user_pref("CT2504091.Initialize", true); user_pref("CT2504091.InitializeCommonPrefs", true); user_pref("CT2504091.InstallationAndCookieDataSentCount", 1); user_pref("CT2504091.InstallationId", "ConduitNSISIntegration"); user_pref("CT2504091.InstallationType", "ConduitXPEIntegration"); user_pref("CT2504091.InstalledDate", "Fri Dec 23 2011 21:34:36 GMT+0100 (Romance (standaardtijd))"); user_pref("CT2504091.IsGrouping", false); user_pref("CT2504091.IsInitSetupIni", true); user_pref("CT2504091.IsMulticommunity", false); user_pref("CT2504091.IsOpenThankYouPage", false); user_pref("CT2504091.IsOpenUninstallPage", false); user_pref("CT2504091.LanguagePackLastCheckTime", "Fri Dec 23 2011 21:34:37 GMT+0100 (Romance (standaardtijd))"); user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440); user_pref("CT2504091.LastLogin_3.8.1.0", "Fri Dec 23 2011 21:34:37 GMT+0100 (Romance (standaardtijd))"); user_pref("CT2504091.LatestVersion", "3.8.1.0"); user_pref("CT2504091.Locale", "en-us"); user_pref("CT2504091.MCDetectTooltipHeight", "83"); user_pref("CT2504091.MCDetectTooltipWidth", "295"); user_pref("CT2504091.MyStuffEnabledAtInstallation", true); user_pref("CT2504091.OriginalFirstVersion", "3.8.1.0"); user_pref("CT2504091.SearchCaption", "Web Search"); user_pref("CT2504091.SearchFromAddressBarIsInit", true); user_pref("CT2504091.SearchInNewTabEnabled", true); user_pref("CT2504091.SearchInNewTabIntervalMM", 1440); user_pref("CT2504091.SearchInNewTabLastCheckTime", "Fri Dec 23 2011 21:34:37 GMT+0100 (Romance (standaardtijd))"); user_pref("CT2504091.SearchProtectorToolbarDisabled", true); user_pref("CT2504091.SendProtectorDataViaLogin", true); user_pref("CT2504091.ServiceMapLastCheckTime", "Fri Dec 23 2011 21:34:36 GMT+0100 (Romance (standaardtijd))"); user_pref("CT2504091.SettingsLastCheckTime", "Fri Dec 23 2011 21:34:36 GMT+0100 (Romance (standaardtijd))"); user_pref("CT2504091.SettingsLastUpdate", "1321973173"); user_pref("CT2504091.ThirdPartyComponentsInterval", 504); user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Fri Dec 23 2011 21:34:36 GMT+0100 (Romance (standaardtijd))"); user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1312887586"); user_pref("CT2504091.ToolbarDisabled", true); user_pref("CT2504091.ToolbarShrinkedFromSetup", false); user_pref("CT2504091.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com user_pref("CT2504091.UserID", "UN42295220951885537"); user_pref("CT2504091.alertChannelId", "897164"); user_pref("CT2504091.autoDisableScopes", -1); user_pref("CT2504091.defaultSearch", "false"); user_pref("CT2504091.enableAlerts", "false"); user_pref("CT2504091.enableSearchFromAddressBar", "true"); user_pref("CT2504091.firstTimeDialogOpened", true); user_pref("CT2504091.fixPageNotFoundError", "true"); user_pref("CT2504091.fixUrls", true); user_pref("CT2504091.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP user_pref("CT2504091.globalFirstTimeInfoLastCheckTime", "Fri Dec 23 2011 21:34:37 GMT+0100 (Romance (standaardtijd))"); user_pref("CT2504091.homepageProtectorEnableByLogin", true); user_pref("CT2504091.initDone", true); user_pref("CT2504091.installId", "ConduitNSISIntegration"); user_pref("CT2504091.installType", "ConduitNSISIntegration"); user_pref("CT2504091.isAppTrackingManagerOn", true); user_pref("CT2504091.isPerformedSmartBarTransition", "true"); user_pref("CT2504091.myStuffEnabled", true); user_pref("CT2504091.myStuffPublihserMinWidth", 400); user_pref("CT2504091.myStuffServiceIntervalMM", 1440); user_pref("CT2504091.openThankYouPage", "false"); user_pref("CT2504091.openUninstallPage", "false"); user_pref("CT2504091.revertSettingsEnabled", true); user_pref("CT2504091.searchProtectorDialogDelayInSec", 10); user_pref("CT2504091.searchProtectorEnableByLogin", true); user_pref("CT2504091.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); user_pref("CT2504091.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":1}"); user_pref("CT2504091.settingsINI", true); user_pref("CT2504091.shouldFirstTimeDialog", "false"); user_pref("CT2504091.smartbar.CTID", "CT2504091"); user_pref("CT2504091.smartbar.Uninstall", "0"); user_pref("CT2504091.smartbar.toolbarName", "Vuze Remote "); user_pref("CT2504091.startPage", "false"); user_pref("CT2504091.testingCtid", ""); user_pref("CT2504091.toolbarAppMetaDataLastCheckTime", "Fri Dec 23 2011 21:34:36 GMT+0100 (Romance (standaardtijd))"); user_pref("CT2504091.toolbarBornServerTime", "23-12-2011"); user_pref("CT2504091.toolbarContextMenuLastCheckTime", "Fri Dec 23 2011 21:34:37 GMT+0100 (Romance (standaardtijd))"); user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\andy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3coegp3n.default\\conduitCommon\\modules\\3.8.1.0"); user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.0"); user_pref("CommunityToolbar.ToolbarsList", "CT2504091"); user_pref("CommunityToolbar.ToolbarsList2", "CT2504091"); user_pref("CommunityToolbar.ToolbarsList4", "CT2504091"); user_pref("CommunityToolbar.globalUserId", "a07848e3-2fd5-4dc6-957e-a0a3ce00973d"); user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2504091"); user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Dec 23 2011 21:34:37 GMT+0100 (Romance (standaardtijd))"); user_pref("CommunityToolbar.notifications.alertInfoInterval", 60); user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Dec 23 2011 21:34:46 GMT+0100 (Romance (standaardtijd))"); user_pref("CommunityToolbar.notifications.locale", "en"); user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Dec 23 2011 21:34:37 GMT+0100 (Romance (standaardtijd))"); user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); user_pref("CommunityToolbar.notifications.showTrayIcon", false); user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); user_pref("CommunityToolbar.notifications.userId", "0adfaac2-469e-4d57-a978-7f0c2a446af6"); user_pref("CommunityToolbar.originalSearchEngine", "Google"); user_pref("Smartbar.keywordURLSelectedCTID", "CT2504091"); user_pref("browser.search.defaultengine", "Ask.com"); user_pref("browser.search.defaultenginename", "Ask.com"); user_pref("browser.search.order.1", "Ask.com"); user_pref("extensions.5043b23dc0ec2.scode", "(function(){try{if('aol.com,mail.google.com,mystart.incredibar.com,premiumreports.info,search.babylon.com,search.funmoods.com,sear user_pref("samfind.social.notused", "ballhype,bitly,blinklist,connotea,current,delicious,diigo,dzone,fark,faves,foxiewire,friendfeed,googlebookmarks,googlereader,healthranker, Emptied folder: C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\3coegp3n.default\minidumps [61 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on wo 10/07/2013 at 23:34:19,95 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AdwCleaner[s1]: # AdwCleaner v2.304 - Verslag gemaakt op 10/07/2013 om 23:41:10 # Geactualiseerd op 03/07/2013 door Xplode # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits) # Gebruiker : andy - ANDY-PC # Opstarten Modus : Normale modus # Gelanceerd vanaf : D:\unzipped\AdwCleaner.exe # Optie [Verwijderen] ***** [Diensten] ***** ***** [Files / Mappen] ***** ***** [Register] ***** Waarde Verwijderd : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}] Waarde Verwijderd : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}] ***** [browsers] ***** -\\ Internet Explorer v10.0.9200.16611 [OK] Het register bevat geen enkele ongeoorloofde invoer. -\\ Mozilla Firefox v22.0 (nl) File : C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\3coegp3n.default\prefs.js Verwijderd : user_pref("CT2504091.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Verwijderd : user_pref("CT2504091.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...] Verwijderd : user_pref("CT2504091.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":1}")[...] Verwijderd : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\andy\\AppData\\Roaming\\Mozilla\\Fi[...] ************************* AdwCleaner[s1].txt - [2138 octets] - [10/07/2013 23:41:10] ########## EOF - C:\AdwCleaner[s1].txt - [2198 octets] ########## ESET: D:\unzipped\cdbxp_setup_4.3.2.2212_x64.exe a variant of Win32/Bundled.Toolbar.Ask application D:\unzipped\FreemakeVideoConverterSetup.exe Win32/OpenCandy application
- July 10, 2013
- 10 replies
Removal of win32.downloader.gen

IgnatiusJReilly posted a topic in Resolved Malware Removal Logs

Hi I could use some help removing the win32.downloader.gen spybot. It's on my system according to Spybot s&d but the program can't remove it, at least not completely. Running Malwarebytes doesn't help either. I already used CCleaner (automatic start-up). I would appreciate any help. -andy dds.txt attach.txt
- July 10, 2013
- 10 replies

Sign In

IgnatiusJReilly

Posts

Joined

Last visited

Reputation

Removal of win32.downloader.gen

Removal of win32.downloader.gen

Removal of win32.downloader.gen

Removal of win32.downloader.gen

Removal of win32.downloader.gen

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information