chermesh
-
Posts
7 -
Joined
-
Last visited
-
You right. I'mrunning shareaza. How do I get the list of pirated programs so as to be abke to uninstall it or completely disable?
-
Thanks for the prompt response. Please see the attached text files. FRST.txt Addition.txt
-
Hi, My win7 system keeps shouwing malwarebytes' message for port 6881 outbound. The IPs vary (218.10.61.66, 218.10.250.32, 41.35.69.144, 218.9.176.24, etc.) but all are windows explorer and for port 6881 outbound. How do I solve this problem?
-
search.certified-toolbar.com problem
chermesh replied to chermesh's topic in Resolved Malware Removal Logs
Dear Maurice, Your instructions reached me while I'm already in the middle of a support session (See: http://www.geekstogo.com/forum/topic/326477-certified-toolbar-on-my-browsers-and-ms-outlook/ ). Since following instructions simulteanously from two sources may nullify both supporters' efforts, let me put a hold on the current session. I appreciate your efforts and will return if and when my other source ends up ineffective (which I hope it won't...) Thanks again. -
search.certified-toolbar.com problem
chermesh replied to chermesh's topic in Resolved Malware Removal Logs
Hi, Sure I am! Here's the MBAM report: mbam-log-2013-01-23 (09-11-25) =========================== Malwarebytes Anti-Malware (PRO) 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.23.04 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Ran :: RAN-PC [limited] Protection: Enabled 23/01/2013 09:11:25 mbam-log-2013-01-23 (09-11-25).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 311959 Time elapsed: 6 minute(s), 37 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) And here's the DDS.txt ================== DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.11.2 Run by Ran at 9:19:11 on 2013-01-23 Microsoft Windows 7 Ultimate 6.1.7601.1.1255.972.1037.18.3582.1081 [GMT 2:00] . AV: PC Tools Internet Security Anti-Virus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2} AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: PC Tools Internet Security Anti-Spyware *Enabled/Outdated* {94076BB2-F3DA-227F-9A1E-F060FF73600F} FW: PC Tools Internet Security Firewall *Enabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Windows\System32\spoolsv.exe C:\Program Files\1Password\Agile1pAgent.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\1Password\Agile1pService.exe C:\Windows\system32\taskhost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Hola\app\hola.exe C:\Program Files\BlueStacks\HD-Agent.exe C:\Program Files\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe C:\Program Files\CyberLink\PowerDVD12\PowerDVD12Agent.exe C:\Program Files\BlueStacks\HD-LogRotatorService.exe C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Ghotit\Ghotit.Setup.Administration.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\PC Tools Security\pctsGui.exe C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe C:\Users\Ran\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\DFX\DFX.exe C:\Program Files\DFX\Universal\Apps\DfxSharedApp32.exe C:\Program Files\DFX\Universal\Apps\dfxItunesSong.exe C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe C:\Program Files\Hotspot Shield\bin\openvpnas.exe C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe C:\Program Files\Hotspot Shield\bin\hsswd.exe C:\Program Files\NeoSmart Technologies\iReboot\iRebootd.exe C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\PC Tools Security\pctsAuxs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\PC Tools Security\pctsSvc.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\System32\vds.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Hola\app\hola_svc.exe C:\Program Files\Hotspot Shield\bin\openvpntray.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\PC Tools Security\TFEngine\TFService.exe C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalServicePeerNet . ============== Pseudo HJT Report =============== . uStart Page = about:blank uDefault_Search_URL = hxxp://www.google.com mStart Page = hxxp://www.google.com mSearch Bar = hxxp://www.google.com uProxyServer = hxxp=127.0.0.1:8555 uProxyOverride = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local> uURLSearchHooks: PC Tools Browser Defender: {472734EA-242A-422b-ADF8-83D1E48CC825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll BHO: Shareaza Web Download Hook: {0EEDB912-C5FA-486F-8334-57288578C627} - c:\program files\shareaza\RazaWebHook32.dll BHO: iSkysoft Video Downloader: {133232D2-DAE3-4B6F-AAC2-17CD87495682} - c:\program files\iskysoft\free video downlaoder\SVRIEPlugin.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: PC Tools Browser Defender BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll BHO: Wondershare Video Converter Ultimate: {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} - c:\program files\wondershare\video converter ultimate\SVRIEPlugin.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL BHO: CutePDF Form Filler Helper: {D41289F2-69C6-417B-897E-C653D677CBAF} - c:\program files\acro software\cutepdf pro\CPFillerCo.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll BHO: IEButton Class: {F81D52BF-F2F1-4F49-BF5F-05664E803039} - c:\program files\unh solutions\flash saving plugin\FlashSButton.dll TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll TB: PC Tools Browser Defender: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe uRun: [com.apple.dav.bookmarks.daemon] c:\program files\common files\apple\internet services\BookmarkDAV_client.exe uRun: [skyDrive] "c:\users\ran\appdata\local\microsoft\skydrive\SkyDrive.exe" /background uRun: [FileHippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background uRun: [ADB84C058E375A28FC96CDDFE59DDB89C7543610._service_run] "c:\program files\google\chrome\application\chrome.exe" --type=service uRun: [GoogleChromeAutoLaunch_A11FB05A9E80780283AA19DAF68B649C] "c:\program files\google\chrome\application\chrome.exe" --no-startup-window mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [GhotitMonitor] c:\program files\ghotit\\Ghotit.Setup.Administration.exe /monitor mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s mRun: [Agile1pAgent] c:\program files\1password\Agile1pAgent.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [browserPlugInHelper] c:\program files\wondershare\video converter ultimate\BrowserPlugInHelper.exe mRun: [hola] c:\program files\hola\app\hola.exe --tray --autorun mRun: [blueStacks Agent] c:\program files\bluestacks\HD-Agent.exe mRun: [PowerDVD12DMREngine] "c:\program files\cyberlink\powerdvd12\kernel\dmr\PowerDVD12DMREngine.exe" mRun: [PowerDVD12Agent] "c:\program files\cyberlink\powerdvd12\PowerDVD12Agent.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 11.0\acrobat\Acrotray.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [iSTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dfx.lnk - c:\program files\dfx\DFX.exe uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIECapture.html IE: Download with &Shareaza - c:\program files\shareaza\RazaWebHook32.dll/3000 IE: Download with USDownloader - <no file> IE: Save ℑ with Flash and Media Capture - c:\program files\metaproducts flash & media capture\FMCapt.dll/saveimg.htm IE: Save &media files with Flash and Media Capture - c:\program files\metaproducts flash & media capture\FMCapt.dll/savemedia.htm IE: Save Flash - c:\program files\unh solutions\flash saving plugin\FlashSButton.dll/210 IE: Save YouTube Video - c:\program files\unh solutions\flash saving plugin\FlashSButton.dll/217 IE: {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - {5D7B119E-062F-476B-A5E7-797FAF554BA2} - <orphaned> IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001011-0002-0011-ABCDEFFEDCBC} - <orphaned> IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {2d930acb-2420-49dc-a746-4206b6a229dd} - {a4689b79-6a50-4cb1-b9e1-e5970c88bf96} IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {F6F76DF4-FD65-4DE7-942F-4BD5DE9B1C6B} - {B3DA38C9-7C7B-4C32-8A65-8745B3B6085E} - <orphaned> LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: Interfaces\{D58FE94F-8666-451D-804A-718B381714ED} : NameServer = 127.0.0.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - c:\windows\system32\CbFsMntNtf3.dll STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - c:\windows\system32\CbFsMntNtf3.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.52\installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome . ================= FIREFOX =================== . FF - ProfilePath - c:\users\ran\appdata\roaming\mozilla\firefox\profiles\3qen2tqe.default-1351371553983\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL FF - plugin: c:\program files\adobe\acrobat 11.0\acrobat\air\nppdf32.dll FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect32.dll FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect64.dll FF - plugin: c:\program files\google\update\1.3.21.124\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll FF - ExtSQL: 2012-12-07 16:06; {8D150B8F-EFE8-45a3-A4A3-053020F48FAC}; c:\program files\wondershare\video converter ultimate\SVRFirefoxExt FF - ExtSQL: 2012-12-14 11:07; onepassword@agilebits.com; c:\users\ran\appdata\roaming\mozilla\firefox\profiles\3qen2tqe.default-1351371553983\extensions\onepassword@agilebits.com.xpi FF - ExtSQL: 2012-12-20 12:29; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\ran\appdata\roaming\mozilla\firefox\profiles\3qen2tqe.default-1351371553983\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - ExtSQL: 2013-01-01 11:04; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\ran\appdata\roaming\mozilla\firefox\profiles\3qen2tqe.default-1351371553983\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - ExtSQL: 2013-01-03 11:18; add-to-searchbox@maltekraus.de; c:\users\ran\appdata\roaming\mozilla\firefox\profiles\3qen2tqe.default-1351371553983\extensions\add-to-searchbox@maltekraus.de.xpi FF - ExtSQL: 2013-01-12 17:17; web2pdfextension@web2pdf.adobedotcom; c:\program files\adobe\acrobat 11.0\acrobat\browser\WCFirefoxExtn FF - ExtSQL: 2013-01-17 13:01; jid1-4P0kohSJxU1qGg@jetpack; c:\users\ran\appdata\roaming\mozilla\firefox\profiles\3qen2tqe.default-1351371553983\extensions\jid1-4P0kohSJxU1qGg@jetpack.xpi FF - ExtSQL: 2013-01-20 02:34; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\ran\appdata\roaming\mozilla\firefox\profiles\3qen2tqe.default-1351371553983\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF - ExtSQL: 2013-01-21 17:06; {cb84136f-9c44-433a-9048-c5cd9df1dc16}; c:\program files\pc tools security\bdt\Firefox . ============= SERVICES / DRIVERS =============== . R0 DKDFM;Device Filter Manager Driver;c:\windows\system32\drivers\DKDFM.sys [2013-1-18 35120] R0 DKTLFSMF;Telemetry File System Mini Filter Driver;c:\windows\system32\drivers\DKTLFSMF.sys [2013-1-18 85328] R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2012-10-16 50312] R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2012-10-16 42120] R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2013-1-22 368616] R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2013-1-22 342168] R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2013-1-22 909728] R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2013-1-22 54328] R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [2013-1-22 574424] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-12-26 26984] R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2012-10-16 17032] R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2012-10-16 187016] R1 hola-drv;Hola Driver;c:\windows\system32\drivers\hola_drv.sys [2012-12-17 460784] R1 hola-mon-drv;Hola Monitor Driver;c:\windows\system32\drivers\hola_mon_drv.sys [2012-12-17 70768] R1 hola_net;Hola Fast Internet Adapter;c:\windows\system32\drivers\hola_net.sys [2012-12-17 72560] R1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\drivers\hssdrv6.sys [2012-11-15 35592] R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2013-1-22 260760] R1 pctNdisLW;PC Tools NDIS 6 LightWeight filter;c:\windows\system32\drivers\pctNdisLW.sys [2013-1-22 58400] R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2013-1-21 202280] R2 Agile1Password;1Password;c:\program files\1password\Agile1pService.exe [2012-10-20 768776] R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2013-1-22 550864] R2 BstHdDrv;BlueStacks Hypervisor;c:\program files\bluestacks\HD-Hypervisor-x86.sys [2012-12-5 63864] R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\bluestacks\HD-LogRotatorService.exe [2012-12-5 384888] R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files\cyberlink\powerdvd12\kernel\dmp\clhnserver\CLHNServiceForPowerDVD12.exe [2012-12-30 90640] R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files\cyberlink\powerdvd12\kernel\dms\CLMSMonitorServicePDVD12.exe [2012-12-30 78352] R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files\cyberlink\powerdvd12\kernel\dms\CLMSServerPDVD12.exe [2012-12-30 295440] R2 EaseUS Agent;EaseUS Agent Service;c:\program files\easeus\todo backup\bin\Agent.exe [2012-10-16 70280] R2 GhotitAdminSrv;Ghotit Administration Service;c:\program files\ghotit\Ghotit.Setup.Administration.exe [2011-5-25 190656] R2 Guard Agent;Guard Agent Service;c:\program files\easeus\todo backup\bin\GuardAgent.exe [2012-10-16 24712] R2 hola_svc;Hola Internet Acceleration Service;c:\program files\hola\app\hola_svc.exe [2012-12-17 4251760] R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2012-11-15 527728] R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe [2012-11-15 389488] R2 iReboot;iReboot Background Service;c:\program files\neosmart technologies\ireboot\iRebootd.exe [2009-9-15 17408] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-12-8 374704] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-11-4 47640] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-28 398184] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-28 682344] R2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files\cyberlink\powerdvd12\kernel\dmp\clhnserver\ntk_PowerDVD12.sys [2012-12-30 121208] R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2013-1-22 163288] R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2013-1-22 402336] R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2013-1-22 1117624] R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-12-13 3290896] R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2010-5-18 327064] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-11-30 382824] R3 cbfs3;EldoS Callback File System driver v3;c:\windows\system32\drivers\cbfs3.sys [2012-11-17 299024] R3 DFX11_1;DFX Audio Enhancer 11.1;c:\windows\system32\drivers\dfx11_1.sys [2012-8-29 24424] R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [2013-1-18 44496] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-28 21104] R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2013-1-22 56840] R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2013-1-22 91136] R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2013-1-22 125888] R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2013-1-22 70536] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776] R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\drivers\taphss6.sys [2012-11-15 35592] R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2013-1-22 35264] R3 ThreatFire;ThreatFire;c:\program files\pc tools security\tfengine\tfservice.exe service --> c:\program files\pc tools security\tfengine\TFService.exe service [?] S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\bluestacks\HD-Service.exe [2012-12-5 393080] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 hola_updater;Hola Internet Acceleration Updater;c:\program files\hola\app\hola_updater.exe [2012-12-17 4228720] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536] S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2012-11-27 26080] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 DFX11_0;DFX Audio Enhancer 11;c:\windows\system32\drivers\dfx11_0.sys [2012-8-16 24424] S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2012-10-15 62464] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 99272] S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-10-25 14848] S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2012-10-15 77184] S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-10-25 24064] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-10-25 49664] S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-10-25 27136] S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2012-10-15 112640] S3 VASDeviceDrm;Virtual Audio Streaming with Drm (WDM);c:\windows\system32\drivers\vasdDev.sys [2012-10-18 1451312] S3 WatAdminSvc;השירות 'טכנולוגיות הפעלה של Windows;c:\windows\system32\wat\WatAdminSvc.exe [2012-10-17 1343400] S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2012-10-28 25704] S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2012-10-28 25704] S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2012-10-28 25704] S4 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\13.2.0\toolbarupdater.exe --> c:\program files\common files\avg secure search\vtoolbarupdater\13.2.0\ToolbarUpdater.exe [?] . =============== Created Last 30 ================ . 2013-01-22 22:41:36 6991832 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5a34b943-ecca-44eb-a506-0a9cebcd0ee4}\mpengine.dll 2013-01-22 17:46:14 -------- d-----w- c:\program files\PC Tools Registry Tool 2013-01-22 17:42:41 -------- d-----w- c:\users\ran\appdata\roaming\PC Tools 2013-01-22 17:42:38 -------- d-----w- c:\users\ran\appdata\roaming\Spam Monitor 2013-01-22 17:39:40 56840 ----a-w- c:\windows\system32\drivers\PCTBD.sys 2013-01-22 17:39:39 767952 ----a-w- c:\windows\BDTSupport.dll 2013-01-22 17:39:39 2250704 ----a-w- c:\windows\PCTBDCore.dll 2013-01-22 17:39:39 1681360 ----a-w- c:\windows\PCTBDRes.dll 2013-01-22 17:39:39 149456 ----a-w- c:\windows\SGDetectionTool.dll 2013-01-22 16:40:50 6991832 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2013-01-22 10:52:17 110080 ----a-r- c:\users\ran\appdata\roaming\microsoft\installer\{4fc9da9d-f608-454e-8191-d7effdcc5726}\IconF7A21AF7.exe 2013-01-22 10:52:17 110080 ----a-r- c:\users\ran\appdata\roaming\microsoft\installer\{4fc9da9d-f608-454e-8191-d7effdcc5726}\IconD7F16134.exe 2013-01-22 10:52:16 -------- d-----w- C:\sh4ldr 2013-01-22 10:52:16 -------- d-----w- c:\program files\Enigma Software Group 2013-01-22 10:51:16 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP 2013-01-22 10:51:06 -------- d-----w- c:\program files\common files\Wise Installation Wizard 2013-01-21 20:33:28 -------- d-----w- c:\users\ran\appdata\local\CrashDumps 2013-01-21 15:32:49 -------- d-----w- c:\program files\Webroot 2013-01-21 15:06:15 769144 ----a-w- c:\windows\BDTSupport.dll0102.old 2013-01-21 15:06:13 150648 ----a-w- c:\windows\SGDetectionTool.dll0102.old 2013-01-21 15:06:12 2280568 ----a-w- c:\windows\PCTBDCore.dll0102.old 2013-01-21 15:05:31 19464 ----a-w- c:\windows\system32\drivers\pctBTFix.sys 2013-01-21 15:04:53 -------- d-----w- c:\program files\PC Tools 2013-01-21 15:03:30 202280 ----a-w- c:\windows\system32\drivers\PCTSD.sys 2013-01-21 15:03:28 -------- d-----w- c:\program files\common files\PC Tools 2013-01-21 15:02:04 -------- d-----w- c:\programdata\PC Tools 2013-01-21 15:02:02 -------- d-----w- c:\users\ran\appdata\roaming\TestApp 2013-01-19 17:08:15 -------- d-sh--w- C:\$RECYCLE.BIN 2013-01-19 17:08:12 -------- d-----w- c:\users\ran\appdata\local\temp 2013-01-19 16:52:32 98816 ----a-w- c:\windows\sed.exe 2013-01-19 16:52:32 256000 ----a-w- c:\windows\PEV.exe 2013-01-19 16:52:32 208896 ----a-w- c:\windows\MBR.exe 2013-01-18 16:22:53 -------- d-----w- c:\users\ran\appdata\roaming\Condusiv_Technologies 2013-01-18 16:22:53 -------- d-----w- c:\users\ran\appdata\local\Condusiv_Technologies 2013-01-18 12:20:33 85328 ----a-w- c:\windows\system32\drivers\DKTLFSMF.sys 2013-01-18 12:20:28 35120 ----a-w- c:\windows\system32\drivers\DKDFM.sys 2013-01-18 12:20:10 44496 ----a-w- c:\windows\system32\drivers\DKRtWrt.sys 2013-01-18 12:19:57 -------- d-----w- c:\program files\common files\Diskeeper Corporation 2013-01-18 12:19:55 -------- d-----w- c:\programdata\Condusiv Technologies 2013-01-18 12:19:47 -------- d-----w- c:\program files\Windows Home Server 2013-01-18 12:19:47 -------- d-----w- c:\program files\Condusiv Technologies 2013-01-18 12:17:56 -------- d-----w- c:\program files\Diskeeper Setup Files 2013-01-18 12:15:46 15360 ----a-w- c:\windows\Launcher.exe 2013-01-18 12:15:44 -------- d-----w- c:\users\ran\appdata\roaming\FTDownTango1bToolbar 2013-01-18 12:15:44 -------- d-----w- c:\program files\FTDownTango1bToolbar 2013-01-16 10:13:46 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-01-16 02:03:28 -------- d-----w- c:\users\ran\appdata\roaming\com.adobe.formscentral.FormsCentralForAcrobat 2013-01-12 15:28:35 -------- d-----w- c:\users\ran\appdata\roaming\SolidDocuments 2013-01-12 13:27:43 -------- d-----w- c:\program files\Readiris Pro 11 Mr.Underground Edition 2013-01-11 20:26:32 -------- d-----w- c:\users\ran\appdata\roaming\Thinstall 2013-01-10 13:28:08 -------- d-----w- c:\users\ran\appdata\roaming\Cocoon Software 2013-01-10 13:28:06 -------- d-----w- c:\users\ran\appdata\local\WDSetup 2013-01-10 13:27:57 -------- d-----w- c:\program files\QuickMediaConverter 2013-01-10 12:08:47 -------- d-----w- c:\program files\PlayFLV 2013-01-09 22:03:14 -------- d-----w- c:\programdata\Movavi Video Suite 10 SE 2013-01-09 20:59:41 -------- d-----w- c:\program files\JetVideo 2013-01-09 11:29:06 626688 ----a-w- c:\windows\system32\usp10.dll 2013-01-09 11:29:04 2345984 ----a-w- c:\windows\system32\win32k.sys 2013-01-09 11:29:02 492032 ----a-w- c:\windows\system32\win32spl.dll 2013-01-08 21:01:04 -------- d-----w- c:\users\ran\appdata\roaming\COWON 2013-01-08 20:49:03 -------- d-----w- c:\program files\common files\COWON 2013-01-08 20:48:57 -------- d-----w- c:\program files\JetAudio 2013-01-07 11:20:00 -------- d-----w- c:\users\ran\appdata\local\PutLockerDownloader 2013-01-07 11:19:36 -------- d-----w- c:\program files\PutLockerDownloader 2013-01-06 12:24:17 -------- d-----w- c:\program files\Readiris Corporate 12 2013-01-06 10:33:38 740840 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{4898ea7f-1686-4e45-a136-fa62b31e2757}\gapaengine.dll 2013-01-06 10:32:50 -------- d-----w- c:\program files\Microsoft Security Client 2013-01-06 09:52:24 -------- d-----w- c:\program files\Readiris Pro 12 2013-01-01 09:51:30 -------- d-----w- c:\users\ran\appdata\roaming\MetaProducts 2013-01-01 09:43:25 -------- d-----w- c:\program files\common files\MetaProducts 2013-01-01 09:43:22 -------- d-----w- c:\program files\MetaProducts Flash & Media Capture 2013-01-01 09:12:21 -------- d-----w- c:\program files\UnH Solutions 2012-12-31 08:40:01 -------- d-----w- c:\users\ran\appdata\roaming\XBMC 2012-12-31 08:39:52 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll 2012-12-31 08:38:35 -------- d-----w- c:\program files\XBMC 2012-12-30 21:24:23 -------- d-----w- c:\program files\AZR 2012-12-30 07:28:02 -------- d-----w- C:\MediaServer 2012-12-29 10:38:19 -------- d-----w- c:\programdata\BlueStacks 2012-12-29 10:38:19 -------- d-----w- c:\program files\BlueStacks 2012-12-28 10:31:01 -------- d-----w- c:\program files\CopyTrans 2012-12-26 20:06:58 -------- d-----w- c:\programdata\WoW Worldwide Software LTD 2012-12-26 13:51:17 -------- d-----w- c:\users\ran\appdata\roaming\PowerISO 2012-12-26 13:48:48 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2012-12-26 13:47:46 -------- d-----w- c:\program files\PowerISO 2012-12-26 11:25:49 -------- d-----w- c:\users\ran\appdata\roaming\WindSolutions 2012-12-26 11:25:49 -------- d-----w- c:\programdata\WindSolutions . ==================== Find3M ==================== . 2013-01-21 22:20:24 72560 ----a-w- c:\windows\system32\drivers\hola_net.sys 2013-01-21 22:20:24 70768 ----a-w- c:\windows\system32\drivers\hola_mon_drv.sys 2013-01-21 22:20:24 460784 ----a-w- c:\windows\system32\drivers\hola_drv.sys 2013-01-16 10:13:33 859552 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-01-16 10:13:33 780192 ----a-w- c:\windows\system32\deployJava1.dll 2013-01-09 18:36:08 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-01-09 18:36:08 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-01 16:43:16 2212 ----a-w- c:\windows\system32\ASOROSet.bin 2012-12-16 14:13:28 295424 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13:20 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-14 14:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll 2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll 2012-12-03 15:39:40 9373032 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-12-03 15:39:40 889192 ----a-w- c:\windows\system32\nvdispgenco32.dll 2012-12-03 15:39:40 7819016 ----a-w- c:\windows\system32\nvcuda.dll 2012-12-03 15:39:40 6149904 ----a-w- c:\windows\system32\nvopencl.dll 2012-12-03 15:39:40 2606440 ----a-w- c:\windows\system32\nvcuvid.dll 2012-12-03 15:39:40 2496976 ----a-w- c:\windows\system32\nvapi.dll 2012-12-03 15:39:40 20335976 ----a-w- c:\windows\system32\nvoglv32.dll 2012-12-03 15:39:40 1874280 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-12-03 15:39:40 17559912 ----a-w- c:\windows\system32\nvcompiler.dll 2012-12-03 15:39:40 15122280 ----a-w- c:\windows\system32\nvd3dum.dll 2012-12-03 15:39:40 12603960 ----a-w- c:\windows\system32\nvwgf2um.dll 2012-12-03 15:39:40 1011048 ----a-w- c:\windows\system32\nvdispco32.dll 2012-12-01 04:38:18 2869608 ----a-w- c:\windows\system32\nvsvc.dll 2012-12-01 04:38:13 3984744 ----a-w- c:\windows\system32\nvcpl.dll 2012-12-01 04:37:55 645480 ----a-w- c:\windows\system32\nvvsvc.exe 2012-12-01 04:37:55 62312 ----a-w- c:\windows\system32\nvshext.dll 2012-12-01 04:37:55 2557288 ----a-w- c:\windows\system32\nvsvcr.dll 2012-12-01 04:37:55 108392 ----a-w- c:\windows\system32\nvmctray.dll 2012-11-30 20:43:52 438632 ----a-w- c:\windows\system32\nvStreaming.exe 2012-11-30 04:53:34 169984 ----a-w- c:\windows\system32\winsrv.dll 2012-11-30 04:47:45 293376 ----a-w- c:\windows\system32\KernelBase.dll 2012-11-30 02:55:25 271360 ----a-w- c:\windows\system32\conhost.exe 2012-11-30 02:38:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-11-30 02:38:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 02:38:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 02:38:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-11-23 02:48:41 49152 ----a-w- c:\windows\system32\taskhost.exe 2012-11-20 09:05:08 153088 ----a-w- c:\windows\system32\ISCM32.dll 2012-11-20 04:51:09 220160 ----a-w- c:\windows\system32\ncrypt.dll 2012-11-15 01:36:52 35592 ----a-w- c:\windows\system32\drivers\taphss6.sys 2012-11-15 01:29:54 35592 ----a-w- c:\windows\system32\drivers\hssdrv6.sys 2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-09 12:59:08 83912 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2012-11-09 12:59:07 52648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll 2012-11-09 12:59:06 92072 ----a-w- c:\windows\system32\LMIinit.dll 2012-11-09 12:59:06 31144 ----a-w- c:\windows\system32\LMIport.dll 2012-11-09 04:42:49 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-02 05:11:31 376832 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 04:47:54 1389568 ----a-w- c:\windows\system32\msxml6.dll 2012-10-31 12:21:30 178584 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys 2012-10-31 12:21:28 260760 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2012-10-27 06:17:36 421888 ----a-w- c:\windows\system32\RealMediaSplitter.ax 2012-06-06 04:06:50 2174976 ----a-w- c:\program files\common files\atimpenc.dll 2007-03-09 08:12:32 27648 --sha-w- c:\windows\system32\AVSredirect.dll . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7601 . CreateFile("\\.\PHYSICALDRIVE0"): לתהליך אין אפשרות לגשת לקובץ מאחר שהוא נמצא בשימוש של תהליך אחר. device: opened successfully user: error reading MBR . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys c:\windows\system32\drivers\PCTCore.sys PC Tools Kernel Driver Suite 1 ntkrnlpa!IofCallDriver[0x8348BBC5] -> \Device\Harddisk0\DR0[0x872DB9A8] 3 CLASSPNP[0x8D60859E] -> ntkrnlpa!IofCallDriver[0x8348BBC5] -> [0x872DA2C0] 5 PCTCore[0x8CEA8EFB] -> ntkrnlpa!IofCallDriver[0x8348BBC5] -> [0x86E54408] 7 ACPI[0x8CCBD3D4] -> ntkrnlpa!IofCallDriver[0x8348BBC5] -> \Device\Ide\IdeDeviceP3T1L0-9[0x86A4E908] kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; } user != kernel MBR !!! . ============= FINISH: 9:20:51.89 =============== -
My system, win7 ultimate, was occupied by search.certified-toolbar. All browsers (IE, FF, and Chrome) and MS Outlook start with the certified-toolbar search page. What do you suggest me to do?
-
Hi, Quite frequently, when I run a deeperweb search, I get an ad, always promoted by directcpv.com. Is there a way to block or remove this pest? I'm running IE8 on a win7 os.