Jump to content

search.certified-toolbar.com problem


Recommended Posts

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

Hi,

Sure I am!

Here's the MBAM report:

mbam-log-2013-01-23 (09-11-25)

===========================

Malwarebytes Anti-Malware (PRO) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.23.04

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Ran :: RAN-PC [limited]

Protection: Enabled

23/01/2013 09:11:25

mbam-log-2013-01-23 (09-11-25).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 311959

Time elapsed: 6 minute(s), 37 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

And here's the DDS.txt

==================

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.11.2

Run by Ran at 9:19:11 on 2013-01-23

Microsoft Windows 7 Ultimate 6.1.7601.1.1255.972.1037.18.3582.1081 [GMT 2:00]

.

AV: PC Tools Internet Security Anti-Virus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: PC Tools Internet Security Anti-Spyware *Enabled/Outdated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

FW: PC Tools Internet Security Firewall *Enabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

C:\Windows\system32\nvvsvc.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\1Password\Agile1pAgent.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\1Password\Agile1pService.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\Hola\app\hola.exe

C:\Program Files\BlueStacks\HD-Agent.exe

C:\Program Files\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe

C:\Program Files\CyberLink\PowerDVD12\PowerDVD12Agent.exe

C:\Program Files\BlueStacks\HD-LogRotatorService.exe

C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe

C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe

C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Ghotit\Ghotit.Setup.Administration.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\PC Tools Security\pctsGui.exe

C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe

C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe

C:\Users\Ran\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\DFX\DFX.exe

C:\Program Files\DFX\Universal\Apps\DfxSharedApp32.exe

C:\Program Files\DFX\Universal\Apps\dfxItunesSong.exe

C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe

C:\Program Files\Hotspot Shield\bin\openvpnas.exe

C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe

C:\Program Files\Hotspot Shield\bin\hsswd.exe

C:\Program Files\NeoSmart Technologies\iReboot\iRebootd.exe

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\PC Tools Security\pctsAuxs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\PC Tools Security\pctsSvc.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\System32\vds.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Hola\app\hola_svc.exe

C:\Program Files\Hotspot Shield\bin\openvpntray.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\PC Tools Security\TFEngine\TFService.exe

C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe

C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe

C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uDefault_Search_URL = hxxp://www.google.com

mStart Page = hxxp://www.google.com

mSearch Bar = hxxp://www.google.com

uProxyServer = hxxp=127.0.0.1:8555

uProxyOverride = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>

uURLSearchHooks: PC Tools Browser Defender: {472734EA-242A-422b-ADF8-83D1E48CC825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll

BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll

BHO: Shareaza Web Download Hook: {0EEDB912-C5FA-486F-8334-57288578C627} - c:\program files\shareaza\RazaWebHook32.dll

BHO: iSkysoft Video Downloader: {133232D2-DAE3-4B6F-AAC2-17CD87495682} - c:\program files\iskysoft\free video downlaoder\SVRIEPlugin.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: PC Tools Browser Defender BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll

BHO: Wondershare Video Converter Ultimate: {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} - c:\program files\wondershare\video converter ultimate\SVRIEPlugin.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: CutePDF Form Filler Helper: {D41289F2-69C6-417B-897E-C653D677CBAF} - c:\program files\acro software\cutepdf pro\CPFillerCo.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll

BHO: IEButton Class: {F81D52BF-F2F1-4F49-BF5F-05664E803039} - c:\program files\unh solutions\flash saving plugin\FlashSButton.dll

TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll

TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll

TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll

TB: PC Tools Browser Defender: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll

uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe

uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe

uRun: [com.apple.dav.bookmarks.daemon] c:\program files\common files\apple\internet services\BookmarkDAV_client.exe

uRun: [skyDrive] "c:\users\ran\appdata\local\microsoft\skydrive\SkyDrive.exe" /background

uRun: [FileHippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background

uRun: [ADB84C058E375A28FC96CDDFE59DDB89C7543610._service_run] "c:\program files\google\chrome\application\chrome.exe" --type=service

uRun: [GoogleChromeAutoLaunch_A11FB05A9E80780283AA19DAF68B649C] "c:\program files\google\chrome\application\chrome.exe" --no-startup-window

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [GhotitMonitor] c:\program files\ghotit\\Ghotit.Setup.Administration.exe /monitor

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [Agile1pAgent] c:\program files\1password\Agile1pAgent.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [browserPlugInHelper] c:\program files\wondershare\video converter ultimate\BrowserPlugInHelper.exe

mRun: [hola] c:\program files\hola\app\hola.exe --tray --autorun

mRun: [blueStacks Agent] c:\program files\bluestacks\HD-Agent.exe

mRun: [PowerDVD12DMREngine] "c:\program files\cyberlink\powerdvd12\kernel\dmr\PowerDVD12DMREngine.exe"

mRun: [PowerDVD12Agent] "c:\program files\cyberlink\powerdvd12\PowerDVD12Agent.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 11.0\acrobat\Acrotray.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [iSTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dfx.lnk - c:\program files\dfx\DFX.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIECapture.html

IE: Download with &Shareaza - c:\program files\shareaza\RazaWebHook32.dll/3000

IE: Download with USDownloader - <no file>

IE: Save ℑ with Flash and Media Capture - c:\program files\metaproducts flash & media capture\FMCapt.dll/saveimg.htm

IE: Save &media files with Flash and Media Capture - c:\program files\metaproducts flash & media capture\FMCapt.dll/savemedia.htm

IE: Save Flash - c:\program files\unh solutions\flash saving plugin\FlashSButton.dll/210

IE: Save YouTube Video - c:\program files\unh solutions\flash saving plugin\FlashSButton.dll/217

IE: {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - {5D7B119E-062F-476B-A5E7-797FAF554BA2} - <orphaned>

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001011-0002-0011-ABCDEFFEDCBC} - <orphaned>

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {2d930acb-2420-49dc-a746-4206b6a229dd} - {a4689b79-6a50-4cb1-b9e1-e5970c88bf96}

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {F6F76DF4-FD65-4DE7-942F-4BD5DE9B1C6B} - {B3DA38C9-7C7B-4C32-8A65-8745B3B6085E} - <orphaned>

LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: Interfaces\{D58FE94F-8666-451D-804A-718B381714ED} : NameServer = 127.0.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - c:\windows\system32\CbFsMntNtf3.dll

STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - c:\windows\system32\CbFsMntNtf3.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.52\installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\ran\appdata\roaming\mozilla\firefox\profiles\3qen2tqe.default-1351371553983\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\acrobat 11.0\acrobat\air\nppdf32.dll

FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect32.dll

FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect64.dll

FF - plugin: c:\program files\google\update\1.3.21.124\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

FF - ExtSQL: 2012-12-07 16:06; {8D150B8F-EFE8-45a3-A4A3-053020F48FAC}; c:\program files\wondershare\video converter ultimate\SVRFirefoxExt

FF - ExtSQL: 2012-12-14 11:07; onepassword@agilebits.com; c:\users\ran\appdata\roaming\mozilla\firefox\profiles\3qen2tqe.default-1351371553983\extensions\onepassword@agilebits.com.xpi

FF - ExtSQL: 2012-12-20 12:29; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\ran\appdata\roaming\mozilla\firefox\profiles\3qen2tqe.default-1351371553983\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF - ExtSQL: 2013-01-01 11:04; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\ran\appdata\roaming\mozilla\firefox\profiles\3qen2tqe.default-1351371553983\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - ExtSQL: 2013-01-03 11:18; add-to-searchbox@maltekraus.de; c:\users\ran\appdata\roaming\mozilla\firefox\profiles\3qen2tqe.default-1351371553983\extensions\add-to-searchbox@maltekraus.de.xpi

FF - ExtSQL: 2013-01-12 17:17; web2pdfextension@web2pdf.adobedotcom; c:\program files\adobe\acrobat 11.0\acrobat\browser\WCFirefoxExtn

FF - ExtSQL: 2013-01-17 13:01; jid1-4P0kohSJxU1qGg@jetpack; c:\users\ran\appdata\roaming\mozilla\firefox\profiles\3qen2tqe.default-1351371553983\extensions\jid1-4P0kohSJxU1qGg@jetpack.xpi

FF - ExtSQL: 2013-01-20 02:34; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\ran\appdata\roaming\mozilla\firefox\profiles\3qen2tqe.default-1351371553983\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

FF - ExtSQL: 2013-01-21 17:06; {cb84136f-9c44-433a-9048-c5cd9df1dc16}; c:\program files\pc tools security\bdt\Firefox

.

============= SERVICES / DRIVERS ===============

.

R0 DKDFM;Device Filter Manager Driver;c:\windows\system32\drivers\DKDFM.sys [2013-1-18 35120]

R0 DKTLFSMF;Telemetry File System Mini Filter Driver;c:\windows\system32\drivers\DKTLFSMF.sys [2013-1-18 85328]

R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2012-10-16 50312]

R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2012-10-16 42120]

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2013-1-22 368616]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2013-1-22 342168]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2013-1-22 909728]

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2013-1-22 54328]

R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [2013-1-22 574424]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-12-26 26984]

R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2012-10-16 17032]

R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2012-10-16 187016]

R1 hola-drv;Hola Driver;c:\windows\system32\drivers\hola_drv.sys [2012-12-17 460784]

R1 hola-mon-drv;Hola Monitor Driver;c:\windows\system32\drivers\hola_mon_drv.sys [2012-12-17 70768]

R1 hola_net;Hola Fast Internet Adapter;c:\windows\system32\drivers\hola_net.sys [2012-12-17 72560]

R1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\drivers\hssdrv6.sys [2012-11-15 35592]

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2013-1-22 260760]

R1 pctNdisLW;PC Tools NDIS 6 LightWeight filter;c:\windows\system32\drivers\pctNdisLW.sys [2013-1-22 58400]

R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2013-1-21 202280]

R2 Agile1Password;1Password;c:\program files\1password\Agile1pService.exe [2012-10-20 768776]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2013-1-22 550864]

R2 BstHdDrv;BlueStacks Hypervisor;c:\program files\bluestacks\HD-Hypervisor-x86.sys [2012-12-5 63864]

R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\bluestacks\HD-LogRotatorService.exe [2012-12-5 384888]

R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files\cyberlink\powerdvd12\kernel\dmp\clhnserver\CLHNServiceForPowerDVD12.exe [2012-12-30 90640]

R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files\cyberlink\powerdvd12\kernel\dms\CLMSMonitorServicePDVD12.exe [2012-12-30 78352]

R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files\cyberlink\powerdvd12\kernel\dms\CLMSServerPDVD12.exe [2012-12-30 295440]

R2 EaseUS Agent;EaseUS Agent Service;c:\program files\easeus\todo backup\bin\Agent.exe [2012-10-16 70280]

R2 GhotitAdminSrv;Ghotit Administration Service;c:\program files\ghotit\Ghotit.Setup.Administration.exe [2011-5-25 190656]

R2 Guard Agent;Guard Agent Service;c:\program files\easeus\todo backup\bin\GuardAgent.exe [2012-10-16 24712]

R2 hola_svc;Hola Internet Acceleration Service;c:\program files\hola\app\hola_svc.exe [2012-12-17 4251760]

R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2012-11-15 527728]

R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe [2012-11-15 389488]

R2 iReboot;iReboot Background Service;c:\program files\neosmart technologies\ireboot\iRebootd.exe [2009-9-15 17408]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-12-8 374704]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-11-4 47640]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-28 398184]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-28 682344]

R2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files\cyberlink\powerdvd12\kernel\dmp\clhnserver\ntk_PowerDVD12.sys [2012-12-30 121208]

R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2013-1-22 163288]

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2013-1-22 402336]

R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2013-1-22 1117624]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-12-13 3290896]

R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2010-5-18 327064]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-11-30 382824]

R3 cbfs3;EldoS Callback File System driver v3;c:\windows\system32\drivers\cbfs3.sys [2012-11-17 299024]

R3 DFX11_1;DFX Audio Enhancer 11.1;c:\windows\system32\drivers\dfx11_1.sys [2012-8-29 24424]

R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [2013-1-18 44496]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-28 21104]

R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2013-1-22 56840]

R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2013-1-22 91136]

R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2013-1-22 125888]

R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2013-1-22 70536]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]

R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\drivers\taphss6.sys [2012-11-15 35592]

R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2013-1-22 35264]

R3 ThreatFire;ThreatFire;c:\program files\pc tools security\tfengine\tfservice.exe service --> c:\program files\pc tools security\tfengine\TFService.exe service [?]

S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\bluestacks\HD-Service.exe [2012-12-5 393080]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 hola_updater;Hola Internet Acceleration Updater;c:\program files\hola\app\hola_updater.exe [2012-12-17 4228720]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]

S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2012-11-27 26080]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 DFX11_0;DFX Audio Enhancer 11;c:\windows\system32\drivers\dfx11_0.sys [2012-8-16 24424]

S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2012-10-15 62464]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 99272]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-10-25 14848]

S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2012-10-15 77184]

S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-10-25 24064]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-10-25 49664]

S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-10-25 27136]

S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2012-10-15 112640]

S3 VASDeviceDrm;Virtual Audio Streaming with Drm (WDM);c:\windows\system32\drivers\vasdDev.sys [2012-10-18 1451312]

S3 WatAdminSvc;השירות 'טכנולוגיות הפעלה של Windows;c:\windows\system32\wat\WatAdminSvc.exe [2012-10-17 1343400]

S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2012-10-28 25704]

S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2012-10-28 25704]

S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2012-10-28 25704]

S4 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\13.2.0\toolbarupdater.exe --> c:\program files\common files\avg secure search\vtoolbarupdater\13.2.0\ToolbarUpdater.exe [?]

.

=============== Created Last 30 ================

.

2013-01-22 22:41:36 6991832 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5a34b943-ecca-44eb-a506-0a9cebcd0ee4}\mpengine.dll

2013-01-22 17:46:14 -------- d-----w- c:\program files\PC Tools Registry Tool

2013-01-22 17:42:41 -------- d-----w- c:\users\ran\appdata\roaming\PC Tools

2013-01-22 17:42:38 -------- d-----w- c:\users\ran\appdata\roaming\Spam Monitor

2013-01-22 17:39:40 56840 ----a-w- c:\windows\system32\drivers\PCTBD.sys

2013-01-22 17:39:39 767952 ----a-w- c:\windows\BDTSupport.dll

2013-01-22 17:39:39 2250704 ----a-w- c:\windows\PCTBDCore.dll

2013-01-22 17:39:39 1681360 ----a-w- c:\windows\PCTBDRes.dll

2013-01-22 17:39:39 149456 ----a-w- c:\windows\SGDetectionTool.dll

2013-01-22 16:40:50 6991832 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2013-01-22 10:52:17 110080 ----a-r- c:\users\ran\appdata\roaming\microsoft\installer\{4fc9da9d-f608-454e-8191-d7effdcc5726}\IconF7A21AF7.exe

2013-01-22 10:52:17 110080 ----a-r- c:\users\ran\appdata\roaming\microsoft\installer\{4fc9da9d-f608-454e-8191-d7effdcc5726}\IconD7F16134.exe

2013-01-22 10:52:16 -------- d-----w- C:\sh4ldr

2013-01-22 10:52:16 -------- d-----w- c:\program files\Enigma Software Group

2013-01-22 10:51:16 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP

2013-01-22 10:51:06 -------- d-----w- c:\program files\common files\Wise Installation Wizard

2013-01-21 20:33:28 -------- d-----w- c:\users\ran\appdata\local\CrashDumps

2013-01-21 15:32:49 -------- d-----w- c:\program files\Webroot

2013-01-21 15:06:15 769144 ----a-w- c:\windows\BDTSupport.dll0102.old

2013-01-21 15:06:13 150648 ----a-w- c:\windows\SGDetectionTool.dll0102.old

2013-01-21 15:06:12 2280568 ----a-w- c:\windows\PCTBDCore.dll0102.old

2013-01-21 15:05:31 19464 ----a-w- c:\windows\system32\drivers\pctBTFix.sys

2013-01-21 15:04:53 -------- d-----w- c:\program files\PC Tools

2013-01-21 15:03:30 202280 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2013-01-21 15:03:28 -------- d-----w- c:\program files\common files\PC Tools

2013-01-21 15:02:04 -------- d-----w- c:\programdata\PC Tools

2013-01-21 15:02:02 -------- d-----w- c:\users\ran\appdata\roaming\TestApp

2013-01-19 17:08:15 -------- d-sh--w- C:\$RECYCLE.BIN

2013-01-19 17:08:12 -------- d-----w- c:\users\ran\appdata\local\temp

2013-01-19 16:52:32 98816 ----a-w- c:\windows\sed.exe

2013-01-19 16:52:32 256000 ----a-w- c:\windows\PEV.exe

2013-01-19 16:52:32 208896 ----a-w- c:\windows\MBR.exe

2013-01-18 16:22:53 -------- d-----w- c:\users\ran\appdata\roaming\Condusiv_Technologies

2013-01-18 16:22:53 -------- d-----w- c:\users\ran\appdata\local\Condusiv_Technologies

2013-01-18 12:20:33 85328 ----a-w- c:\windows\system32\drivers\DKTLFSMF.sys

2013-01-18 12:20:28 35120 ----a-w- c:\windows\system32\drivers\DKDFM.sys

2013-01-18 12:20:10 44496 ----a-w- c:\windows\system32\drivers\DKRtWrt.sys

2013-01-18 12:19:57 -------- d-----w- c:\program files\common files\Diskeeper Corporation

2013-01-18 12:19:55 -------- d-----w- c:\programdata\Condusiv Technologies

2013-01-18 12:19:47 -------- d-----w- c:\program files\Windows Home Server

2013-01-18 12:19:47 -------- d-----w- c:\program files\Condusiv Technologies

2013-01-18 12:17:56 -------- d-----w- c:\program files\Diskeeper Setup Files

2013-01-18 12:15:46 15360 ----a-w- c:\windows\Launcher.exe

2013-01-18 12:15:44 -------- d-----w- c:\users\ran\appdata\roaming\FTDownTango1bToolbar

2013-01-18 12:15:44 -------- d-----w- c:\program files\FTDownTango1bToolbar

2013-01-16 10:13:46 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-01-16 02:03:28 -------- d-----w- c:\users\ran\appdata\roaming\com.adobe.formscentral.FormsCentralForAcrobat

2013-01-12 15:28:35 -------- d-----w- c:\users\ran\appdata\roaming\SolidDocuments

2013-01-12 13:27:43 -------- d-----w- c:\program files\Readiris Pro 11 Mr.Underground Edition

2013-01-11 20:26:32 -------- d-----w- c:\users\ran\appdata\roaming\Thinstall

2013-01-10 13:28:08 -------- d-----w- c:\users\ran\appdata\roaming\Cocoon Software

2013-01-10 13:28:06 -------- d-----w- c:\users\ran\appdata\local\WDSetup

2013-01-10 13:27:57 -------- d-----w- c:\program files\QuickMediaConverter

2013-01-10 12:08:47 -------- d-----w- c:\program files\PlayFLV

2013-01-09 22:03:14 -------- d-----w- c:\programdata\Movavi Video Suite 10 SE

2013-01-09 20:59:41 -------- d-----w- c:\program files\JetVideo

2013-01-09 11:29:06 626688 ----a-w- c:\windows\system32\usp10.dll

2013-01-09 11:29:04 2345984 ----a-w- c:\windows\system32\win32k.sys

2013-01-09 11:29:02 492032 ----a-w- c:\windows\system32\win32spl.dll

2013-01-08 21:01:04 -------- d-----w- c:\users\ran\appdata\roaming\COWON

2013-01-08 20:49:03 -------- d-----w- c:\program files\common files\COWON

2013-01-08 20:48:57 -------- d-----w- c:\program files\JetAudio

2013-01-07 11:20:00 -------- d-----w- c:\users\ran\appdata\local\PutLockerDownloader

2013-01-07 11:19:36 -------- d-----w- c:\program files\PutLockerDownloader

2013-01-06 12:24:17 -------- d-----w- c:\program files\Readiris Corporate 12

2013-01-06 10:33:38 740840 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{4898ea7f-1686-4e45-a136-fa62b31e2757}\gapaengine.dll

2013-01-06 10:32:50 -------- d-----w- c:\program files\Microsoft Security Client

2013-01-06 09:52:24 -------- d-----w- c:\program files\Readiris Pro 12

2013-01-01 09:51:30 -------- d-----w- c:\users\ran\appdata\roaming\MetaProducts

2013-01-01 09:43:25 -------- d-----w- c:\program files\common files\MetaProducts

2013-01-01 09:43:22 -------- d-----w- c:\program files\MetaProducts Flash & Media Capture

2013-01-01 09:12:21 -------- d-----w- c:\program files\UnH Solutions

2012-12-31 08:40:01 -------- d-----w- c:\users\ran\appdata\roaming\XBMC

2012-12-31 08:39:52 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll

2012-12-31 08:38:35 -------- d-----w- c:\program files\XBMC

2012-12-30 21:24:23 -------- d-----w- c:\program files\AZR

2012-12-30 07:28:02 -------- d-----w- C:\MediaServer

2012-12-29 10:38:19 -------- d-----w- c:\programdata\BlueStacks

2012-12-29 10:38:19 -------- d-----w- c:\program files\BlueStacks

2012-12-28 10:31:01 -------- d-----w- c:\program files\CopyTrans

2012-12-26 20:06:58 -------- d-----w- c:\programdata\WoW Worldwide Software LTD

2012-12-26 13:51:17 -------- d-----w- c:\users\ran\appdata\roaming\PowerISO

2012-12-26 13:48:48 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2012-12-26 13:47:46 -------- d-----w- c:\program files\PowerISO

2012-12-26 11:25:49 -------- d-----w- c:\users\ran\appdata\roaming\WindSolutions

2012-12-26 11:25:49 -------- d-----w- c:\programdata\WindSolutions

.

==================== Find3M ====================

.

2013-01-21 22:20:24 72560 ----a-w- c:\windows\system32\drivers\hola_net.sys

2013-01-21 22:20:24 70768 ----a-w- c:\windows\system32\drivers\hola_mon_drv.sys

2013-01-21 22:20:24 460784 ----a-w- c:\windows\system32\drivers\hola_drv.sys

2013-01-16 10:13:33 859552 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-01-16 10:13:33 780192 ----a-w- c:\windows\system32\deployJava1.dll

2013-01-09 18:36:08 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-01-09 18:36:08 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-01 16:43:16 2212 ----a-w- c:\windows\system32\ASOROSet.bin

2012-12-16 14:13:28 295424 ----a-w- c:\windows\system32\atmfd.dll

2012-12-16 14:13:20 34304 ----a-w- c:\windows\system32\atmlib.dll

2012-12-14 14:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll

2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll

2012-12-03 15:39:40 9373032 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-12-03 15:39:40 889192 ----a-w- c:\windows\system32\nvdispgenco32.dll

2012-12-03 15:39:40 7819016 ----a-w- c:\windows\system32\nvcuda.dll

2012-12-03 15:39:40 6149904 ----a-w- c:\windows\system32\nvopencl.dll

2012-12-03 15:39:40 2606440 ----a-w- c:\windows\system32\nvcuvid.dll

2012-12-03 15:39:40 2496976 ----a-w- c:\windows\system32\nvapi.dll

2012-12-03 15:39:40 20335976 ----a-w- c:\windows\system32\nvoglv32.dll

2012-12-03 15:39:40 1874280 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-12-03 15:39:40 17559912 ----a-w- c:\windows\system32\nvcompiler.dll

2012-12-03 15:39:40 15122280 ----a-w- c:\windows\system32\nvd3dum.dll

2012-12-03 15:39:40 12603960 ----a-w- c:\windows\system32\nvwgf2um.dll

2012-12-03 15:39:40 1011048 ----a-w- c:\windows\system32\nvdispco32.dll

2012-12-01 04:38:18 2869608 ----a-w- c:\windows\system32\nvsvc.dll

2012-12-01 04:38:13 3984744 ----a-w- c:\windows\system32\nvcpl.dll

2012-12-01 04:37:55 645480 ----a-w- c:\windows\system32\nvvsvc.exe

2012-12-01 04:37:55 62312 ----a-w- c:\windows\system32\nvshext.dll

2012-12-01 04:37:55 2557288 ----a-w- c:\windows\system32\nvsvcr.dll

2012-12-01 04:37:55 108392 ----a-w- c:\windows\system32\nvmctray.dll

2012-11-30 20:43:52 438632 ----a-w- c:\windows\system32\nvStreaming.exe

2012-11-30 04:53:34 169984 ----a-w- c:\windows\system32\winsrv.dll

2012-11-30 04:47:45 293376 ----a-w- c:\windows\system32\KernelBase.dll

2012-11-30 02:55:25 271360 ----a-w- c:\windows\system32\conhost.exe

2012-11-30 02:38:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-11-30 02:38:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 02:38:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 02:38:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-11-23 02:48:41 49152 ----a-w- c:\windows\system32\taskhost.exe

2012-11-20 09:05:08 153088 ----a-w- c:\windows\system32\ISCM32.dll

2012-11-20 04:51:09 220160 ----a-w- c:\windows\system32\ncrypt.dll

2012-11-15 01:36:52 35592 ----a-w- c:\windows\system32\drivers\taphss6.sys

2012-11-15 01:29:54 35592 ----a-w- c:\windows\system32\drivers\hssdrv6.sys

2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-11-09 12:59:08 83912 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2012-11-09 12:59:07 52648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll

2012-11-09 12:59:06 92072 ----a-w- c:\windows\system32\LMIinit.dll

2012-11-09 12:59:06 31144 ----a-w- c:\windows\system32\LMIport.dll

2012-11-09 04:42:49 2048 ----a-w- c:\windows\system32\tzres.dll

2012-11-02 05:11:31 376832 ----a-w- c:\windows\system32\dpnet.dll

2012-11-01 04:47:54 1389568 ----a-w- c:\windows\system32\msxml6.dll

2012-10-31 12:21:30 178584 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys

2012-10-31 12:21:28 260760 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2012-10-27 06:17:36 421888 ----a-w- c:\windows\system32\RealMediaSplitter.ax

2012-06-06 04:06:50 2174976 ----a-w- c:\program files\common files\atimpenc.dll

2007-03-09 08:12:32 27648 --sha-w- c:\windows\system32\AVSredirect.dll

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.1.7601

.

CreateFile("\\.\PHYSICALDRIVE0"): ‏‏לתהליך אין אפשרות לגשת לקובץ מאחר שהוא נמצא בשימוש של תהליך אחר.

device: opened successfully

user: error reading MBR

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys

c:\windows\system32\drivers\PCTCore.sys PC Tools Kernel Driver Suite

1 ntkrnlpa!IofCallDriver[0x8348BBC5] -> \Device\Harddisk0\DR0[0x872DB9A8]

3 CLASSPNP[0x8D60859E] -> ntkrnlpa!IofCallDriver[0x8348BBC5] -> [0x872DA2C0]

5 PCTCore[0x8CEA8EFB] -> ntkrnlpa!IofCallDriver[0x8348BBC5] -> [0x86E54408]

7 ACPI[0x8CCBD3D4] -> ntkrnlpa!IofCallDriver[0x8348BBC5] -> \Device\Ide\IdeDeviceP3T1L0-9[0x86A4E908]

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; }

user != kernel MBR !!!

.

============= FINISH: 9:20:51.89 ===============

Link to post
Share on other sites

If your PC Tools Internet Security has a current license, I need to have you Uninstall Microsoft Security Essentials and Restart the system.

IF on the other hand, you have no license for it, then keep MS Security Essentials & Uninstall PC Tools Internet Security & Restart the system.

While this case is open, until I give you the all clear {whenever that is --- maybe days from now} then do NO websurfing, no online games, no online shopping or banking.

Consider & treat this pc as in quarantine and limited use.

Only go to this forum and those sites I guide you to for tools.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download AdwCleaner © Xplode from >>here<< and save it on your Desktop.

If your are running Windows XP, double click adwcleaner.exe to start it.

Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.

Now click on the Search tab.

Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\AdwCleaner[XX].txt where XX Denotes the number of times the application has been ran, so in this should be something like R1.

Step 4

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 5

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller

Do NOT click any FIX buttons !

Step 6

RE-Enable your antivirus program. :excl:

Then copy/paste the following into your post (in order):

  • the contents of C:\AdwCleaner[R1].txt;
  • the contents of TDSSKILLER log;
  • the contents of RKReport log;

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

Dear Maurice,

Your instructions reached me while I'm already in the middle of a support session (See: http://www.geekstogo.com/forum/topic/326477-certified-toolbar-on-my-browsers-and-ms-outlook/ ).

Since following instructions simulteanously from two sources may nullify both supporters' efforts, let me put a hold on the current session. I appreciate your efforts and will return if and when my other source ends up ineffective (which I hope it won't...)

Thanks again.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.