Jump to content

Annoying Video Ads in Corner of Firefox


Recommended Posts

Hello everyone, I believe I have had the snap.do malware for quite some time now. It's only gotten worse in the last few days as when I view Youtube videos an annoying advertisement begins to play all the way at the bottom of the page. I successfully uninstalled the physical points of the malware however it is not completely removed. I read the stickied topic and I believe this is what I am supposed to post.

ATTACH.TXT

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 10/10/2011 6:56:36 PM

System Uptime: 1/26/2013 9:19:06 PM (16 hours ago)

.

Motherboard: Hewlett-Packard | | 167E

Processor: Intel® Core i3-2310M CPU @ 2.10GHz | CPU 1 | 2100/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 276 GiB total, 76.759 GiB free.

D: is CDROM ()

G: is CDROM (UDF)

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP274: 1/22/2013 7:31:49 AM - Windows Update

RP275: 1/22/2013 8:31:36 AM - Removed Java 6 Update 33

RP276: 1/25/2013 8:34:53 PM - Windows Update

RP277: 1/25/2013 8:51:31 PM - HPSF Applying updates

RP278: 1/25/2013 8:51:31 PM - HPSF Applying updates

RP279: 1/27/2013 1:34:39 PM - Removed SPORE™ Galactic Adventures

RP280: 1/27/2013 1:37:58 PM - Removed SPORE™

RP281: 1/27/2013 1:39:14 PM - Removed Snagit 11

RP282: 1/27/2013 1:43:04 PM - Removed Rosetta Stone Version 3

.

==== Installed Programs ======================

.

7-Zip 9.20

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.2

Adobe Shockwave Player 11.6

Agatha Christie - Peril at End House

Age of Empires Online

AirMech

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft Webcam Sharing Manager

ASIO4ALL

Audacity 1.3.13 (Unicode)

avast! Free Antivirus

Bejeweled 2 Deluxe

Belkin Setup and Router Monitor

Belkin USB Print and Storage Center

Blasterball 3

Bluetooth Win7 Suite (64)

Bonjour

Bounce Symphony

Build-a-Lot - The Elizabethan Era

Cake Mania

CamStudio OSS Desktop Recorder

Camtasia Studio 8

Chuzzle Deluxe

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

D3DX10

DefaultTab

Device Access Manager for HP ProtectTools

Diner Dash 2 Restaurant Rescue

Dream of the Blood Moon

Drive Encryption For HP ProtectTools

Energy Star Digital Logo

Evernote v. 4.2.2

Face Recognition for HP ProtectTools

Farm Frenzy

FATE

File Sanitizer For HP ProtectTools

FL Studio 10

Galeria fotogràfica del Windows Live

Galerie de photos Windows Live

Galería fotográfica de Windows Live

Google Chrome

Google Talk Plugin

Google Update Helper

Hewlett-Packard ACLM.NET v1.2.1.1

HP 3D DriveGuard

HP Auto

HP Connection Manager

HP Customer Experience Enhancements

HP DayStarter

HP Documentation

HP ESU for Microsoft Windows 7

HP Game Console

HP Games

HP HD Webcam [Fixed]

HP Power Assistant

HP ProtectTools Security Manager

HP QuickWeb

HP Setup

HP SoftPaq Download Manager

HP Software Framework

HP Software Setup

HP Support Assistant

HP System Default Settings

HP Wallpaper

IDT Audio

Insaniquarium Deluxe

Intel® Identity Protection Technology 1.0.71.0

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

Jahshaka

Jewel Quest II

Jewel Quest Solitaire

JMicron Flash Media Controller Driver

John Deere Drive Green

jZip

Malwarebytes Anti-Malware version 1.70.0.1100

Microsoft .NET Framework 1.1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft PowerPoint Viewer

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft WSE 3.0 Runtime

Microsoft_VC90_CRT_x86

Moon Breakers

Mozilla Firefox 18.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MultiClock 1.0

MultiClock Packages

Nexon Game Manager

Now Boarding

OpenAL

OpenLibraries

OpenOffice.org 3.1

Pando Media Booster

PDF Complete Special Edition

Penguins!

Plants vs. Zombies

Polar Bowler

Privacy Manager for HP ProtectTools

Project64 1.6

Qualcomm Atheros Driver Installation Program

Realm of the Mad God

Realtek Ethernet Controller All-In-One Windows Driver

Screencast-O-Matic

SDK

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Skype™ 6.0

Slingo Deluxe

Spiral Knights

Spotify

Steam

swMSM

Synaptics Pointing Device Driver

System Requirements Lab CYRI

Team Fortress 2

Theft Recovery for HP ProtectTools

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Validity Fingerprint Sensor Driver

VC80CRTRedist - 8.0.50727.6195

VIP Access SDK x64(1.0.0.50)

Virtual Villagers - The Secret City

VirtualCloneDrive

VLC media player 2.0.5

Web 3D Player

Wedding Dash

Windows Live

Windows Live Argazki Galeria

Windows Live Communications Platform

Windows Live Essentials

Windows Live Galeria de Fotos

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinZip 14.5

WinZip System Utilities Suite

World of Tanks

Xobni

Xobni Core

Yahoo! Detect

Zuma Deluxe

.

==== Event Viewer Messages From Past Week ========

.

1/27/2013 11:50:19 AM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

1/22/2013 9:13:11 AM, Error: Service Control Manager [7022] - The Authentication Service service hung on starting.

1/22/2013 10:58:41 AM, Error: Service Control Manager [7034] - The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s).

1/22/2013 10:58:17 AM, Error: Service Control Manager [7000] - The hpHotkeyMonitor service failed to start due to the following error: The system cannot find the file specified.

1/22/2013 10:56:44 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPDayStarterService service.

.

==== End Of File ===========================

DDS.TXT

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457

Run by Jesper Drlicka at 13:54:11 on 2013-01-27

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4030.1548 [GMT -5:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\windows\system32\svchost.exe -k GPSvcGroup

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\Hpservice.exe

C:\windows\system32\vcsFPService.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\windows\System32\spoolsv.exe

c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe

C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Users\Jesper Drlicka\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe

c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe

C:\Program Files (x86)\PDF Complete\pdfsvc.exe

C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe

C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe

c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe

C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Users\Jesper Drlicka\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe

C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe

C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe

C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe

c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe

C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe

C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe

C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\windows\system32\wuauclt.exe

C:\windows\system32\igfxext.exe

C:\windows\system32\igfxsrvc.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\msiexec.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe

C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=491949f4-8852-4123-8b0e-d5edc6411797&searchtype=hp

uSearch Bar = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=491949f4-8852-4123-8b0e-d5edc6411797&searchtype=ds&q={searchTerms}

uSearch Page = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=491949f4-8852-4123-8b0e-d5edc6411797&searchtype=ds&q={searchTerms}

uProxyServer = hxxp=127.0.0.1:52263

uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=491949f4-8852-4123-8b0e-d5edc6411797&searchtype=ds&q={searchTerms}

uURLSearchHooks: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - <orphaned>

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: File Sanitizer for HP ProtectTools: {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>

BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Jesper Drlicka\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll

BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -

BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>

uRun: [spotify Web Helper] "C:\Users\Jesper Drlicka\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

mRun: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [HP HD Webcam [Fixed]_Monitor] C:\Program Files (x86)\HP HD Webcam [Fixed]\monitor.exe

mRun: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe

mRun: [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe

mRun: [HPQuickWebProxy] "c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"

mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

mRun: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

StartupFolder: C:\Users\JESPER~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: NameServer = 192.168.2.1

TCP: Interfaces\{CE5B463C-FE02-4413-823F-F23F679072B9} : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{CE5B463C-FE02-4413-823F-F23F679072B9}\2656C6B696E6E2631336 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{CE5B463C-FE02-4413-823F-F23F679072B9}\A4570796475627 : DHCPNameServer = 192.168.1.1 75.75.75.75

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: DeviceNP - DeviceNP.dll

SSODL: WebCheck - <orphaned>

LSA: Notification Packages = EpePcNp64 DPPassFilter scecli

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-mWinlogon: Userinit = C:\windows\System32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,

x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>

x64-Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"

x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"

x64-Run: [MfeEpePcMonitor] "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\windows\System32\igfxpers.exe

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Jesper Drlicka\AppData\Roaming\Mozilla\Firefox\Profiles\mke1z7oj.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&q=&SearchSource=2

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Web 3D Player\npgamecore.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\Users\Jesper Drlicka\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\Jesper Drlicka\AppData\Roaming\Mozilla\Firefox\Profiles\mke1z7oj.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\plugins\np-mswmp.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll

FF - plugin: C:\windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2012-12-27 13:51; {7473b6bd-4691-4744-a82b-7854eb3d70b6}; C:\Users\Jesper Drlicka\AppData\Roaming\Mozilla\Firefox\Profiles\mke1z7oj.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}

.

---- FIREFOX POLICIES ----

FF - user.js: general.useragent.extra.brc -

user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);

============= SERVICES / DRIVERS ===============

.

R0 MfeEpeOpal;MfeEpeOpal;C:\windows\System32\drivers\MfeEpeOpal.sys [2012-2-8 100808]

R0 MfeEpePc;MfeEpePc;C:\windows\System32\drivers\MfeEpePc.sys [2012-2-8 158920]

R1 aswKbd;aswKbd;C:\windows\System32\drivers\aswKbd.sys [2012-8-10 19600]

R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2012-7-16 984144]

R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2012-7-16 370288]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-3-29 89600]

R2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2012-7-16 25232]

R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2012-7-16 71600]

R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-1-6 138400]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-1-6 53920]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-12-14 44808]

R2 Belkin Local Backup Service;Belkin Local Backup Service;C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2011-12-24 181760]

R2 Belkin Network USB Helper;Belkin Network USB Helper;C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2011-12-24 55296]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\Jesper Drlicka\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2013-1-1 107520]

R2 HP Power Assistant Service;HP Power Assistant Service;C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-1-26 131128]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]

R2 HPDayStarterService;HP DayStarter Service;C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [2011-1-28 133688]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-9-6 197536]

R2 HPFSService;File Sanitizer for HP ProtectTools;C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2011-2-7 320000]

R2 hpsrv;HP Service;C:\windows\System32\hpservice.exe [2012-2-28 31000]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-9 13336]

R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]

R2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2012-2-8 1323008]

R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-5-4 1127448]

R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-5-4 113264]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 sxuptp;SXUPTP Driver;C:\windows\System32\drivers\sxuptp.sys [2011-12-24 291352]

R2 uArcCapture;ArcCapture;C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe [2011-8-9 502464]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-9 2656280]

R2 vcsFPService;Validity VCS Fingerprint Service;C:\windows\System32\vcsFPService.exe [2011-8-23 3175728]

R2 WINZIPSSDiskOptimizer;WINZIPSSDiskOptimizer;C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe [2012-6-15 628040]

R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;C:\windows\System32\drivers\ArcSoftVCapture.sys [2011-8-9 32192]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\windows\System32\drivers\btath_bus.sys [2011-1-6 28832]

R3 HP ProtectTools Service;HP ProtectTools Service;C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2011-1-12 36864]

R3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-4-5 1094712]

R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-4-18 317440]

R3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2013-1-25 175928]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2013-1-16 708200]

R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 SPUVCbv;SPUVCb Driver Service;C:\windows\System32\drivers\SPUVCBv_x64.sys [2011-8-9 2611704]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 DefaultTabSearch;DefaultTabSearch;C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [2012-11-14 568832]

S2 hpHotkeyMonitor;hpHotkeyMonitor;C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe --> C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [?]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]

S2 XobniService;XobniService;C:\Program Files (x86)\Xobni\XobniService.exe [2011-3-7 62184]

S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\windows\System32\drivers\btath_flt.sys [2011-1-6 36000]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\drivers\btath_a2dp.sys [2011-1-6 298144]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\drivers\btath_hcrp.sys [2011-1-6 201376]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\drivers\btath_lwflt.sys [2011-1-6 55456]

S3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\drivers\btath_rcp.sys [2011-1-6 154272]

S3 BtFilter;BtFilter;C:\windows\System32\drivers\btfilter.sys [2011-1-6 279200]

S3 DAMDrv;DAMDrv;C:\windows\System32\drivers\DAMDrv64.sys [2011-2-7 63336]

S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;C:\Windows\SysWOW64\flcdlock.exe [2011-2-3 464480]

S3 npggsvc;nProtect GameGuard Service;C:\windows\System32\GameMon.des -service --> C:\windows\System32\GameMon.des -service [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-10-15 1255736]

.

=============== File Associations ===============

.

ShellExec: DigitalTheatre.exe: open="c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTStart.exe" "%1"

.

=============== Created Last 30 ================

.

2013-01-26 16:11:19 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{889CA1F7-C28E-4AD7-8290-0A0FE7A93EC8}\offreg.dll

2013-01-26 02:02:13 175928 ----a-w- C:\windows\System32\drivers\jmcr.sys

2013-01-26 01:35:50 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{889CA1F7-C28E-4AD7-8290-0A0FE7A93EC8}\mpengine.dll

2013-01-22 14:02:26 -------- d-----w- C:\Users\Jesper Drlicka\AppData\Local\Programs

2013-01-17 00:02:23 74344 ----a-w- C:\windows\System32\RtNicProp64.dll

2013-01-17 00:02:23 708200 ----a-w- C:\windows\System32\drivers\Rt64win7.sys

2013-01-09 06:33:14 751104 ----a-w- C:\windows\System32\win32spl.dll

2013-01-09 06:33:12 492032 ----a-w- C:\windows\SysWow64\win32spl.dll

2013-01-09 06:31:54 424960 ----a-w- C:\windows\System32\KernelBase.dll

2013-01-05 14:32:59 -------- d-----w- C:\Users\Jesper Drlicka\AppData\Roaming\MultiClockPackages

2013-01-05 14:32:49 -------- d-----w- C:\Program Files (x86)\ADLSoft

2013-01-01 22:46:10 -------- d-----w- C:\Program Files (x86)\DefaultTab

2013-01-01 22:46:04 -------- d-----w- C:\Users\Jesper Drlicka\AppData\Roaming\DefaultTab

2013-01-01 14:23:20 77656 ----a-w- C:\windows\System32\XAPOFX1_5.dll

2013-01-01 14:23:20 74072 ----a-w- C:\windows\SysWow64\XAPOFX1_5.dll

2013-01-01 14:23:19 527192 ----a-w- C:\windows\SysWow64\XAudio2_7.dll

2013-01-01 14:23:19 518488 ----a-w- C:\windows\System32\XAudio2_7.dll

2013-01-01 14:23:15 2526056 ----a-w- C:\windows\System32\D3DCompiler_43.dll

2013-01-01 14:23:15 2106216 ----a-w- C:\windows\SysWow64\D3DCompiler_43.dll

2013-01-01 14:23:13 276832 ----a-w- C:\windows\System32\d3dx11_43.dll

2013-01-01 14:23:13 248672 ----a-w- C:\windows\SysWow64\d3dx11_43.dll

2013-01-01 14:23:07 2401112 ----a-w- C:\windows\System32\D3DX9_43.dll

2013-01-01 14:23:07 1998168 ----a-w- C:\windows\SysWow64\D3DX9_43.dll

2013-01-01 14:23:02 24920 ----a-w- C:\windows\System32\X3DAudio1_7.dll

2013-01-01 14:23:02 22360 ----a-w- C:\windows\SysWow64\X3DAudio1_7.dll

2013-01-01 14:22:59 81768 ----a-w- C:\windows\SysWow64\xinput1_3.dll

2013-01-01 14:22:59 107368 ----a-w- C:\windows\System32\xinput1_3.dll

2013-01-01 14:21:35 -------- d-----w- C:\UDK

2012-12-31 00:38:26 -------- d-----w- C:\Program Files (x86)\Common Files\TechSmith Shared

2012-12-30 20:58:47 -------- d-----w- C:\Users\Jesper Drlicka\AppData\Local\Screencast-O-Matic

2012-12-30 03:57:51 -------- d-----w- C:\Users\Jesper Drlicka\AppData\Roaming\Image-Line

2012-12-30 03:22:55 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll

2012-12-30 03:22:55 1700352 ----a-w- C:\windows\SysWow64\gdiplus.dll

2012-12-30 03:22:55 1060864 ----a-w- C:\windows\SysWow64\mfc71.dll

2012-12-30 03:12:42 -------- d-----w- C:\Program Files (x86)\ASIO4ALL v2

2012-12-30 03:10:36 225280 ----a-w- C:\windows\SysWow64\rewire.dll

2012-12-30 03:10:25 1554944 ----a-w- C:\windows\SysWow64\vorbis.acm

2012-12-30 03:10:21 -------- d-----w- C:\Program Files (x86)\Outsim

2012-12-30 03:06:54 -------- d-----w- C:\Program Files (x86)\Image-Line

2012-12-28 21:07:03 -------- d-----r- C:\Program Files (x86)\Skype

2012-12-28 20:35:57 -------- d-----w- C:\Users\Jesper Drlicka\AppData\Roaming\GameCore

2012-12-28 20:33:44 -------- d-----w- C:\Program Files (x86)\Web 3D Player

.

==================== Find3M ====================

.

2013-01-17 00:01:29 107552 ----a-w- C:\windows\System32\RTNUninst64.dll

2013-01-09 02:26:30 74248 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-09 02:26:30 697864 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-12-16 16:52:02 46080 ----a-w- C:\windows\System32\atmlib.dll

2012-12-16 14:40:45 367616 ----a-w- C:\windows\System32\atmfd.dll

2012-12-16 14:25:27 295424 ----a-w- C:\windows\SysWow64\atmfd.dll

2012-12-16 14:25:19 34304 ----a-w- C:\windows\SysWow64\atmlib.dll

2012-12-14 21:49:28 24176 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-12-07 05:41:16 441856 ----a-w- C:\windows\System32\Wpc.dll

2012-12-07 05:35:34 2745856 ----a-w- C:\windows\System32\gameux.dll

2012-12-07 05:04:20 308736 ----a-w- C:\windows\SysWow64\Wpc.dll

2012-12-07 04:57:38 2576384 ----a-w- C:\windows\SysWow64\gameux.dll

2012-12-07 03:21:08 45568 ----a-w- C:\windows\SysWow64\oflc-nz.rs

2012-12-02 09:23:22 0 ----a-w- C:\windows\SysWow64\sho8067.tmp

2012-11-30 05:50:00 362496 ----a-w- C:\windows\System32\wow64win.dll

2012-11-30 05:50:00 243200 ----a-w- C:\windows\System32\wow64.dll

2012-11-30 05:50:00 13312 ----a-w- C:\windows\System32\wow64cpu.dll

2012-11-30 05:49:28 215040 ----a-w- C:\windows\System32\winsrv.dll

2012-11-30 05:46:35 16384 ----a-w- C:\windows\System32\ntvdm64.dll

2012-11-30 05:06:50 5120 ----a-w- C:\windows\SysWow64\wow32.dll

2012-11-30 05:06:49 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll

2012-11-30 03:33:03 338432 ----a-w- C:\windows\System32\conhost.exe

2012-11-30 02:56:36 25600 ----a-w- C:\windows\SysWow64\setup16.exe

2012-11-30 02:56:35 7680 ----a-w- C:\windows\SysWow64\instnm.exe

2012-11-30 02:56:34 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll

2012-11-30 02:56:33 2048 ----a-w- C:\windows\SysWow64\user.exe

2012-11-30 02:51:41 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-11-30 02:51:41 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 02:51:41 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 02:51:41 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-11-23 03:45:35 3147264 ----a-w- C:\windows\System32\win32k.sys

2012-11-22 10:32:45 801280 ----a-w- C:\windows\System32\usp10.dll

2012-11-22 09:33:26 627712 ----a-w- C:\windows\SysWow64\usp10.dll

2012-11-20 05:55:59 307200 ----a-w- C:\windows\System32\ncrypt.dll

2012-11-20 05:10:07 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll

2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-11-09 05:34:27 2048 ----a-w- C:\windows\System32\tzres.dll

2012-11-09 04:49:37 2048 ----a-w- C:\windows\SysWow64\tzres.dll

2012-11-02 05:30:41 2001408 ----a-w- C:\windows\System32\msxml6.dll

2012-11-02 05:30:40 1880064 ----a-w- C:\windows\System32\msxml3.dll

2012-11-02 05:27:51 478208 ----a-w- C:\windows\System32\dpnet.dll

2012-11-02 04:50:33 1388544 ----a-w- C:\windows\SysWow64\msxml6.dll

2012-11-02 04:50:33 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll

2012-11-02 04:48:28 376832 ----a-w- C:\windows\SysWow64\dpnet.dll

2012-10-30 23:51:55 984144 ----a-w- C:\windows\System32\drivers\aswSnx.sys

2012-10-30 23:51:55 71600 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys

2012-10-30 23:51:07 41224 ----a-w- C:\windows\avastSS.scr

.

============= FINISH: 13:54:36.19 ===============

Link to post
Share on other sites

  • Staff

Please run the following:

  • Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool.
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
    • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
    • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

Link to post
Share on other sites

I got a blue screen, and my computer restarted.

Then I scanned again after starting my computer and got this.

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2013-01-27 14:52:17

-----------------------------

14:52:17.441 OS Version: Windows x64 6.1.7600

14:52:17.442 Number of processors: 4 586 0x2A07

14:52:17.444 ComputerName: FIXALLTHEISSUES UserName: Jesper Drlicka

14:52:19.939 Initialize success

14:52:20.480 AVAST engine defs: 13012700

14:52:29.446 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

14:52:29.452 Disk 0 Vendor: TOSHIBA_ MH00 Size: 305245MB BusType: 3

14:52:29.470 Disk 0 MBR read successfully

14:52:29.476 Disk 0 MBR scan

14:52:29.483 Disk 0 Windows 7 default MBR code

14:52:29.492 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 2048

14:52:29.508 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 282514 MB offset 616448

14:52:29.592 Disk 0 scanning C:\windows\system32\drivers

14:52:48.192 Service scanning

14:53:16.350 Modules scanning

14:53:16.368 Disk 0 trace - called modules:

14:53:16.391 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys iaStor.sys hal.dll

14:53:16.403 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800669d060]

14:53:16.417 3 CLASSPNP.SYS[fffff88001ab743f] -> nt!IofCallDriver -> [0xfffffa80048a0b10]

14:53:16.430 5 hpdskflt.sys[fffff88001440189] -> nt!IofCallDriver -> [0xfffffa800477fc80]

14:53:16.444 7 ACPI.sys[fffff88000f7e781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80047a3050]

14:53:17.416 AVAST engine scan C:\windows

14:53:21.553 AVAST engine scan C:\windows\system32

14:57:27.096 AVAST engine scan C:\windows\system32\drivers

14:57:43.137 AVAST engine scan C:\Users\Jesper Drlicka

15:01:36.878 File: C:\Users\Jesper Drlicka\AppData\Local\Temp\is1373634743\volonetBrowseForChangeInstaller.exe **INFECTED** Win32:Dropper-gen [Drp]

15:04:35.389 Disk 0 MBR has been saved successfully to "C:\Users\Jesper Drlicka\Desktop\MBR.dat"

15:04:35.411 The log file has been saved successfully to "C:\Users\Jesper Drlicka\Desktop\aswMBR.txt"

MBR.zip

Link to post
Share on other sites

  • Staff

Please run the following

Refer to the ComboFix User's Guide

  1. Download ComboFix from the following location:
    Link
    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on ComboFix.exe & follow the prompts.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

NEXT

  • Download RogueKiller and save it to your desktop.
  • Quit all other programs
  • Start RogueKiller.exe
  • Wait until the Prescan has finished ...
  • Click on Scan
    RGKRScan.png
  • Wait for the end of the scan
  • A report will be created on your desktop.
  • Click on the Delete button
    RGKRDelete.png
  • Next click on the ShortcutsFix
    RGKRShortcutsFix.png
  • another report will be created on your desktop.

Please post: All RKreport.txt text files located on your desktop.

Link to post
Share on other sites

ComboFix 13-01-27.03 - Jesper Drlicka 01/27/2013 16:45:47.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4030.1429 [GMT -5:00]

Running from: c:\users\Jesper Drlicka\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\users\Jesper Drlicka\AppData\Local\assembly\tmp

c:\users\Jesper Drlicka\AppData\Local\Temp\1.tmp\F_IN_BOX.dll

c:\users\Jesper Drlicka\AppData\Roaming\DefaultTab\DefaultTab

c:\users\Jesper Drlicka\AppData\Roaming\DefaultTab\DefaultTab\addon.ico

c:\users\Jesper Drlicka\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg

c:\users\Jesper Drlicka\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll

c:\users\Jesper Drlicka\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe

c:\users\Jesper Drlicka\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe

c:\users\Jesper Drlicka\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabUninstaller.exe

c:\users\Jesper Drlicka\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll

c:\users\Jesper Drlicka\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll

c:\users\Jesper Drlicka\AppData\Roaming\DefaultTab\DefaultTab\DT.ico

c:\users\Jesper Drlicka\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe

c:\users\Jesper Drlicka\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico

c:\users\Jesper Drlicka\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe

c:\users\Jesper Drlicka\AppData\Roaming\Love

c:\users\Jesper Drlicka\AppData\Roaming\Love\mari0\mappacks\custom_mappack_1\settings.txt

c:\users\Jesper Drlicka\AppData\Roaming\Love\mari0\options.txt

c:\users\Jesper Drlicka\AppData\Roaming\Love\ortho_robot\save.txt

c:\users\Jesper Drlicka\AppData\Roaming\Love\Rimshot\saves\kool.txt

c:\users\JESPER~1\AppData\Local\Temp\1.tmp\F_IN_BOX.dll

c:\windows\SysWow64\URTTemp

c:\windows\SysWow64\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_DefaultTabSearch

-------\Service_DefaultTabUpdate

-------\Service_DefaultTabUpdate

.

.

((((((((((((((((((((((((( Files Created from 2012-12-27 to 2013-01-27 )))))))))))))))))))))))))))))))

.

.

2013-01-27 19:41 . 2013-01-27 19:42 -------- d-----w- c:\program files\Construct 2

2013-01-26 16:11 . 2013-01-26 16:11 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{889CA1F7-C28E-4AD7-8290-0A0FE7A93EC8}\offreg.dll

2013-01-26 02:02 . 2013-01-26 02:02 175928 ----a-w- c:\windows\system32\drivers\jmcr.sys

2013-01-26 01:35 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{889CA1F7-C28E-4AD7-8290-0A0FE7A93EC8}\mpengine.dll

2013-01-22 14:02 . 2013-01-22 14:02 -------- d-----w- c:\users\Jesper Drlicka\AppData\Local\Programs

2013-01-22 13:34 . 2013-01-27 18:41 -------- d-----w- c:\program files (x86)\ERUNT

2013-01-17 00:02 . 2013-01-17 00:01 74344 ----a-w- c:\windows\system32\RtNicProp64.dll

2013-01-17 00:02 . 2013-01-17 00:01 708200 ----a-w- c:\windows\system32\drivers\Rt64win7.sys

2013-01-09 06:33 . 2012-11-09 05:34 751104 ----a-w- c:\windows\system32\win32spl.dll

2013-01-09 06:33 . 2012-11-09 04:49 492032 ----a-w- c:\windows\SysWow64\win32spl.dll

2013-01-09 06:31 . 2012-11-30 05:43 424960 ----a-w- c:\windows\system32\KernelBase.dll

2013-01-05 16:11 . 2013-01-05 16:11 -------- d-----w- c:\windows\Sun

2013-01-05 14:32 . 2013-01-05 14:32 -------- d-----w- c:\users\Jesper Drlicka\AppData\Roaming\MultiClockPackages

2013-01-05 14:32 . 2013-01-05 14:32 -------- d-----w- c:\program files (x86)\ADLSoft

2013-01-01 22:46 . 2013-01-01 22:46 -------- d-----w- c:\program files (x86)\DefaultTab

2013-01-01 22:46 . 2013-01-27 22:00 -------- d-----w- c:\users\Jesper Drlicka\AppData\Roaming\DefaultTab

2013-01-01 14:23 . 2010-06-02 09:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll

2013-01-01 14:23 . 2010-06-02 09:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll

2013-01-01 14:23 . 2010-06-02 09:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll

2013-01-01 14:23 . 2010-06-02 09:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll

2013-01-01 14:23 . 2010-05-26 16:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll

2013-01-01 14:23 . 2010-05-26 16:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll

2013-01-01 14:23 . 2010-05-26 16:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll

2013-01-01 14:23 . 2010-05-26 16:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll

2013-01-01 14:23 . 2010-05-26 16:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll

2013-01-01 14:23 . 2010-05-26 16:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll

2013-01-01 14:23 . 2010-02-04 15:01 24920 ----a-w- c:\windows\system32\X3DAudio1_7.dll

2013-01-01 14:23 . 2010-02-04 15:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll

2013-01-01 14:22 . 2007-04-04 23:54 107368 ----a-w- c:\windows\system32\xinput1_3.dll

2013-01-01 14:22 . 2007-04-04 23:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll

2013-01-01 14:21 . 2013-01-01 14:21 -------- d-----w- C:\UDK

2012-12-31 00:38 . 2012-12-31 00:38 -------- d-----w- c:\program files (x86)\QuickTime

2012-12-31 00:38 . 2012-12-31 00:38 -------- d-----w- c:\program files (x86)\Common Files\TechSmith Shared

2012-12-30 20:58 . 2012-12-31 00:04 -------- d-----w- c:\users\Jesper Drlicka\AppData\Local\Screencast-O-Matic

2012-12-30 03:57 . 2012-12-30 03:57 -------- d-----w- c:\users\Jesper Drlicka\AppData\Roaming\Image-Line

2012-12-30 03:22 . 2012-12-30 03:22 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2012-12-30 03:22 . 2012-12-30 03:22 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll

2012-12-30 03:22 . 2012-12-30 03:22 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll

2012-12-30 03:12 . 2012-12-30 03:12 -------- d-----w- c:\program files (x86)\ASIO4ALL v2

2012-12-30 03:10 . 2006-06-20 08:56 225280 ----a-w- c:\windows\SysWow64\rewire.dll

2012-12-30 03:10 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\SysWow64\vorbis.acm

2012-12-30 03:10 . 2012-12-30 03:10 -------- d-----w- c:\program files (x86)\Outsim

2012-12-30 03:06 . 2013-01-01 22:54 -------- d-----w- c:\program files (x86)\Image-Line

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-17 00:01 . 2011-05-05 01:18 107552 ----a-w- c:\windows\system32\RTNUninst64.dll

2013-01-09 02:26 . 2012-04-06 13:16 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-01-09 02:26 . 2011-10-11 00:01 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-27 03:42 . 2012-12-27 03:42 40960 ----a-r- c:\users\Jesper Drlicka\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe

2012-12-27 03:42 . 2012-12-27 03:42 40960 ----a-r- c:\users\Jesper Drlicka\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe

2012-12-16 16:52 . 2012-12-22 15:02 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-16 14:40 . 2012-12-22 15:01 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-16 14:25 . 2012-12-22 15:01 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-16 14:25 . 2012-12-22 15:02 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-14 21:49 . 2011-10-11 00:04 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-02 09:23 . 2012-12-02 09:23 0 ----a-w- c:\windows\SysWow64\sho8067.tmp

2012-11-30 04:56 . 2013-01-09 06:31 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-11-14 07:06 . 2012-12-15 08:00 17811968 ----a-w- c:\windows\system32\mshtml.dll

2012-11-14 06:32 . 2012-12-15 08:00 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-11-14 06:11 . 2012-12-15 08:01 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-11-14 06:04 . 2012-12-15 08:01 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-11-14 06:04 . 2012-12-15 08:01 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-11-14 06:02 . 2012-12-15 08:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-14 06:02 . 2012-12-15 08:01 237056 ----a-w- c:\windows\system32\url.dll

2012-11-14 05:59 . 2012-12-15 08:01 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-11-14 05:58 . 2012-12-15 08:01 816640 ----a-w- c:\windows\system32\jscript.dll

2012-11-14 05:57 . 2012-12-15 08:01 599040 ----a-w- c:\windows\system32\vbscript.dll

2012-11-14 05:57 . 2012-12-15 08:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-14 05:55 . 2012-12-15 08:01 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-11-14 05:55 . 2012-12-15 08:01 729088 ----a-w- c:\windows\system32\msfeeds.dll

2012-11-14 05:53 . 2012-12-15 08:01 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-11-14 05:52 . 2012-12-15 08:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-11-14 05:46 . 2012-12-15 08:01 248320 ----a-w- c:\windows\system32\ieui.dll

2012-11-14 02:09 . 2012-12-15 08:01 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-11-14 01:58 . 2012-12-15 08:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-11-14 01:57 . 2012-12-15 08:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-11-14 01:49 . 2012-12-15 08:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-11-14 01:48 . 2012-12-15 08:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-11-14 01:44 . 2012-12-15 08:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-11-09 05:34 . 2012-12-15 00:14 2048 ----a-w- c:\windows\system32\tzres.dll

2012-11-09 04:49 . 2012-12-15 00:14 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-11-02 05:27 . 2012-12-15 00:13 478208 ----a-w- c:\windows\system32\dpnet.dll

2012-11-02 04:48 . 2012-12-15 00:13 376832 ----a-w- c:\windows\SysWow64\dpnet.dll

2012-10-30 23:51 . 2012-07-16 18:46 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-10-30 23:51 . 2012-07-16 18:46 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-10-30 23:51 . 2012-07-16 18:46 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-10-30 23:51 . 2012-07-16 18:46 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-10-30 23:51 . 2012-07-16 18:46 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-10-30 23:51 . 2012-07-16 18:46 41224 ----a-w- c:\windows\avastSS.scr

2012-10-30 23:50 . 2012-07-16 18:46 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-10-30 23:50 . 2011-10-11 00:46 285328 ----a-w- c:\windows\system32\aswBoot.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Spotify Web Helper"="c:\users\Jesper Drlicka\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-11-13 1199576]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-12-15 1354736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-02-01 656920]

"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2011-02-07 12274688]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-26 283160]

"HP HD Webcam [Fixed]_Monitor"="c:\program files (x86)\HP HD Webcam [Fixed]\monitor.exe" [2010-11-26 11:31 267128]

"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-04-05 94264]

"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-02-11 76344]

"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]

"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-04-29 1770400]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]

.

c:\users\Jesper Drlicka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]

2011-02-03 22:09 75360 ----a-w- c:\windows\System32\DeviceNP.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ DPPassFilter scecli

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-01-27 131128]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]

R2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]

R2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe [2011-03-07 62184]

R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-01-07 36000]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-01-07 298144]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-01-07 201376]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-01-07 55456]

R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-01-07 154272]

R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-01-07 279200]

R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]

R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [2011-02-07 63336]

R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\EA Sports\Fifa Online 2\GameGuard\dump_wmimmc.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2011-02-03 464480]

R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-04-05 1094712]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2013-01-26 175928]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-15 1255736]

R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]

S0 MfeEpeOpal;MfeEpeOpal; [x]

S0 MfeEpePc;MfeEpePc; [x]

S1 aswKbd;aswKbd; [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-03-29 89600]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]

S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-01-07 138400]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-01-07 53920]

S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2010-02-17 181760]

S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2010-02-09 55296]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [2011-01-28 133688]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-09-06 197536]

S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2011-02-07 320000]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2012-02-28 31000]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-26 13336]

S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]

S2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2012-02-08 1323008]

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-02-01 1127448]

S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-01-18 113264]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [2009-06-22 291352]

S2 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [2010-11-11 502464]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]

S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2011-08-23 3175728]

S2 WINZIPSSDiskOptimizer;WINZIPSSDiskOptimizer;c:\program files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe [2011-11-10 628040]

S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2010-11-11 32192]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-01-07 28832]

S3 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2011-01-12 36864]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-04-19 317440]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2013-01-17 708200]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv_x64.sys [2011-01-12 2611704]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-01-25 23:54 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-27 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 02:26]

.

2013-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-11 00:46]

.

2013-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-11 00:46]

.

2013-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4088980869-1917275451-116283548-1004Core.job

- c:\users\Bozena Beatrice\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-27 21:57]

.

2013-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4088980869-1917275451-116283548-1004UA.job

- c:\users\Bozena Beatrice\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-27 21:57]

.

2013-01-13 c:\windows\Tasks\HPCeeScheduleForFIXALLTHEISSUES$.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

2013-01-27 c:\windows\Tasks\HPCeeScheduleForJesper Drlicka.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 23:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-01-27 13880]

"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-01-07 615584]

"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-01-07 379040]

"MfeEpePcMonitor"="c:\program files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe" [2012-02-08 200704]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-03-29 1424896]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-19 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-19 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-19 416024]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=491949f4-8852-4123-8b0e-d5edc6411797&searchtype=hp

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyServer = http=127.0.0.1:52263

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=491949f4-8852-4123-8b0e-d5edc6411797&searchtype=ds&q={searchTerms}

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Jesper Drlicka\AppData\Roaming\Mozilla\Firefox\Profiles\mke1z7oj.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&q=&SearchSource=2

FF - ExtSQL: 2012-12-27 13:51; {7473b6bd-4691-4744-a82b-7854eb3d70b6}; c:\users\Jesper Drlicka\AppData\Roaming\Mozilla\Firefox\Profiles\mke1z7oj.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}

FF - ExtSQL: 2013-01-27 15:56; amznUWL2@amazon.com; c:\users\Jesper Drlicka\AppData\Roaming\Mozilla\Firefox\Profiles\mke1z7oj.default\extensions\amznUWL2@amazon.com.xpi

FF - user.js: general.useragent.extra.brc -

user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)

BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\Jesper Drlicka\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll

Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe

Wow6432Node-HKLM-Run-DTRun - c:\program files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-DefaultTab - c:\users\Jesper Drlicka\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe

AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-4088980869-1917275451-116283548-1001\Software\SecuROM\License information*]

"datasecu"=hex:0c,a9,18,fd,da,67,67,83,76,35,5a,12,71,c4,3d,c6,86,05,cd,29,16,

5a,ab,a2,b9,f3,ba,73,22,64,a8,36,7e,f7,a3,e4,b2,89,ff,98,e4,36,47,9b,13,6b,\

"rkeysecu"=hex:64,3d,e3,4b,36,81,31,5e,4d,8b,5d,36,f0,5c,fa,6b

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

c:\program files (x86)\OpenOffice.org 3\program\soffice.exe

c:\program files (x86)\OpenOffice.org 3\program\soffice.bin

c:\program files (x86)\HP HD Webcam [Fixed]\Monitor.exe

c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2013-01-27 18:41:52 - machine was rebooted

ComboFix-quarantined-files.txt 2013-01-27 23:41

.

Pre-Run: 81,397,157,888 bytes free

Post-Run: 105,905,782,784 bytes free

.

- - End Of File - - C8433FDA48DA2234F3A905DD3CAE86B2

RogueKiller V8.4.3 [Jan 27 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User : Jesper Drlicka [Admin rights]

Mode : Shortcuts HJfix -- Date : 01/27/2013 18:55:01

| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤

Desktop: Success 1 / Fail 0

Quick launch: Success 1 / Fail 0

Programs: Success 278 / Fail 0

Start menu: Success 1 / Fail 0

User folder: Success 543 / Fail 0

My documents: Success 0 / Fail 0

My favorites: Success 0 / Fail 0

My pictures: Success 0 / Fail 0

My music: Success 4 / Fail 0

My videos: Success 0 / Fail 0

Local drives: Success 74 / Fail 0

Backup: [NOT FOUND]

Drives:

[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored

[D:] \Device\CdRom1 -- 0x5 --> Skipped

[G:] \Device\CdRom0 -- 0x5 --> Skipped

[Q:] \Device\SftVol -- 0x3 --> Restored

Finished : << RKreport[3]_SC_01272013_02d1855.txt >>

RKreport[1]_S_01272013_02d1851.txt ; RKreport[2]_D_01272013_02d1851.txt ; RKreport[3]_SC_01272013_02d1855.txt

Link to post
Share on other sites

Sorry.

This is number one, and the second is number two. The one I posted first I think was number 3.

RogueKiller V8.4.3 [Jan 27 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User : Jesper Drlicka [Admin rights]

Mode : Scan -- Date : 01/27/2013 18:51:10

| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:52263) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK3261GSYN +++++

--- User ---

[MBR] b4430ae22c55822deb3988c615953176

[bSP] 55a2345e79c8d4ab64d9f45faba7464f : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 300 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 616448 | Size: 282514 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] d0129188fbda94214e44e7311a4017f4

[bSP] 55a2345e79c8d4ab64d9f45faba7464f : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 300 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 616448 | Size: 61440 Mo

2 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 167999488 | Size: 1001 Mo

3 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 171999232 | Size: 2000 Mo

Finished : << RKreport[1]_S_01272013_02d1851.txt >>

RKreport[1]_S_01272013_02d1851.txt

____________________________________________

RogueKiller V8.4.3 [Jan 27 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User : Jesper Drlicka [Admin rights]

Mode : Remove -- Date : 01/27/2013 18:51:52

| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:52263) -> NOT REMOVED, USE PROXYFIX

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK3261GSYN +++++

--- User ---

[MBR] b4430ae22c55822deb3988c615953176

[bSP] 55a2345e79c8d4ab64d9f45faba7464f : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 300 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 616448 | Size: 282514 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] d0129188fbda94214e44e7311a4017f4

[bSP] 55a2345e79c8d4ab64d9f45faba7464f : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 300 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 616448 | Size: 61440 Mo

2 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 167999488 | Size: 1001 Mo

3 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 171999232 | Size: 2000 Mo

Finished : << RKreport[2]_D_01272013_02d1851.txt >>

RKreport[1]_S_01272013_02d1851.txt ; RKreport[2]_D_01272013_02d1851.txt

Link to post
Share on other sites

  • Staff

please re-run Rogue Killer and press the "ProxyFix" button, (please post the new log)

then do the following:

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT

Download AdwCleaner from here and save it to your desktop.

  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

NEXT

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT

Go here to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Link to post
Share on other sites

RogueKiller V8.4.3 [Jan 27 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User : Jesper Drlicka [Admin rights]

Mode : ProxyFix -- Date : 01/27/2013 20:17:20

| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:52263) -> DELETED

¤¤¤ Driver : [NOT LOADED] ¤¤¤

Finished : << RKreport[1]_PR_01272013_02d2017.txt >>

RKreport[1]_PR_01272013_02d2017.txt

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.5.2 (01.26.2013:2)

OS: Windows 7 Home Premium x64

Ran by Jesper Drlicka on Sun 01/27/2013 at 20:18:54.50

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{687578b9-7132-4a7a-80e4-30ee31099e03}

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_users\S-1-5-21-4088980869-1917275451-116283548-1001\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\S-1-5-21-4088980869-1917275451-116283548-1001\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\search\\Default_Search_URL

Successfully repaired: [Registry Value] hkey_users\S-1-5-21-4088980869-1917275451-116283548-1001\software\microsoft\internet explorer\search\\Default_Search_URL

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchurl\\Default

Successfully repaired: [Registry Value] hkey_users\S-1-5-21-4088980869-1917275451-116283548-1001\software\microsoft\internet explorer\searchurl\\Default

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchurl\\Default

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\search\\SearchAssistant

Successfully repaired: [Registry Value] hkey_users\S-1-5-21-4088980869-1917275451-116283548-1001\software\microsoft\internet explorer\search\\SearchAssistant

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\conduit

Successfully deleted: [Registry Key] hkey_local_machine\software\conduit

Successfully deleted: [Registry Key] hkey_current_user\software\default tab

Successfully deleted: [Registry Key] hkey_local_machine\software\default tab

Successfully deleted: [Registry Key] hkey_current_user\software\defaulttab

Successfully deleted: [Registry Key] hkey_local_machine\software\defaulttab

Successfully deleted: [Registry Key] hkey_current_user\software\softonic

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\defaulttab

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar

Successfully deleted: [Registry Key-Heur] HKEY_CLASSES_ROOT\CrossriderApp0021802.BHO

Successfully deleted: [Registry Key-Heur] HKEY_CLASSES_ROOT\CrossriderApp0021802.Sandbox

Successfully deleted: [Registry Key-Heur] HKEY_CLASSES_ROOT\CrossriderApp0021802.Sandbox.1

Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021802.BHO

Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021802.Sandbox

Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021802.Sandbox.1

Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT3072253

Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT3198785

Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT3220468

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{7f6afbf1-e065-4627-a2fd-810366367d01}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{7f6afbf1-e065-4627-a2fd-810366367d01}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ae07101b-46d4-4a98-af68-0333ea26e113}

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{2fa28606-de77-4029-af96-b231e3b8f827}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{2fa28606-de77-4029-af96-b231e3b8f827}

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}

~~~ Files

Successfully deleted: [File] C:\eula.1028.txt

Successfully deleted: [File] C:\eula.1031.txt

Successfully deleted: [File] C:\eula.1033.txt

Successfully deleted: [File] C:\eula.1036.txt

Successfully deleted: [File] C:\eula.1040.txt

Successfully deleted: [File] C:\eula.1041.txt

Successfully deleted: [File] C:\eula.1042.txt

Successfully deleted: [File] C:\eula.2052.txt

Successfully deleted: [File] C:\install.res.1028.dll

Successfully deleted: [File] C:\install.res.1031.dll

Successfully deleted: [File] C:\install.res.1033.dll

Successfully deleted: [File] C:\install.res.1036.dll

Successfully deleted: [File] C:\install.res.1040.dll

Successfully deleted: [File] C:\install.res.1041.dll

Successfully deleted: [File] C:\install.res.1042.dll

Successfully deleted: [File] C:\install.res.2052.dll

Successfully deleted: [File] C:\install.res.3082.dll

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Jesper Drlicka\AppData\Roaming\defaulttab"

Successfully deleted: [Folder] "C:\Users\Jesper Drlicka\appdata\local\conduit"

Successfully deleted: [Folder] "C:\Users\Jesper Drlicka\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"

Successfully deleted: [Folder] "C:\Program Files (x86)\defaulttab"

Successfully deleted: [Folder] "C:\windows\syswow64\ai_recyclebin"

~~~ FireFox

Successfully deleted: [File] C:\Users\Jesper Drlicka\AppData\Roaming\mozilla\firefox\profiles\mke1z7oj.default\user.js

Successfully deleted: [File] C:\Users\Jesper Drlicka\AppData\Roaming\mozilla\firefox\profiles\mke1z7oj.default\extensions\enrwujqhtf@enrwujqhtf.org.xpi [Tracur]

Successfully deleted: [File] C:\Users\Jesper Drlicka\AppData\Roaming\mozilla\firefox\profiles\mke1z7oj.default\searchplugins\search-here.xml

Successfully deleted: [Folder] C:\Users\Jesper Drlicka\AppData\Roaming\mozilla\firefox\profiles\mke1z7oj.default\smartbar

Successfully deleted: [Folder] C:\Users\Jesper Drlicka\AppData\Roaming\mozilla\firefox\profiles\mke1z7oj.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}

Successfully deleted the following from C:\Users\Jesper Drlicka\AppData\Roaming\mozilla\firefox\profiles\mke1z7oj.default\prefs.js

user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

user_pref("CT3220468.FirstTime", "true");

user_pref("CT3220468.FirstTimeFF3", "true");

user_pref("CT3220468.LoginRevertSettingsEnabled", true);

user_pref("CT3220468.RevertSettingsEnabled", true);

user_pref("CT3220468.UserID", "UN04389095570160151");

user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");

user_pref("CT3220468.autoDisableScopes", -1);

user_pref("CT3220468.defaultSearch", "false");

user_pref("CT3220468.enableAlerts", "always");

user_pref("CT3220468.enableSearchFromAddressBar", "false");

user_pref("CT3220468.firstTimeDialogOpened", "true");

user_pref("CT3220468.fixPageNotFoundError", "true");

user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");

user_pref("CT3220468.fixUrls", true);

user_pref("CT3220468.installType", "xpe");

user_pref("CT3220468.isCheckedStartAsHidden", true);

user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

user_pref("CT3220468.isFirstTimeToolbarLoading", "false");

user_pref("CT3220468.isNewTabEnabled", false);

user_pref("CT3220468.isPerformedSmartBarTransition", "true");

user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

user_pref("CT3220468.migrateAppsAndComponents", true);

user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://uTorrentContr

user_pref("CT3220468.openThankYouPage", "true");

user_pref("CT3220468.openUninstallPage", "false");

user_pref("CT3220468.revertSettingsEnabled", "false");

user_pref("CT3220468.searchInNewTabEnabled", "false");

user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");

user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");

user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3220468\"}");

user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://uTorrentControlv2.OurToolbar.com//xpi\"}");

user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentControl_v2\"}");

user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");

user_pref("CT3220468.serviceLayer_services_login_10.13.40.15_lastUpdate", "1359323834700");

user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1359261953107");

user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1359323834124");

user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1359261955545");

user_pref("CT3220468.settingsINI", true);

user_pref("CT3220468.shouldFirstTimeDialog", "false");

user_pref("CT3220468.smartbar.CTID", "CT3220468");

user_pref("CT3220468.smartbar.Uninstall", "0");

user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");

user_pref("CT3220468.startPage", "false");

user_pref("CT3220468.toolbarBornServerTime", "26-12-2012");

user_pref("CT3220468.toolbarCurrentServerTime", "28-1-2013");

user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1359336384998,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}

user_pref("Smartbar.ConduitHomepagesList", "");

user_pref("Smartbar.ConduitSearchEngineList", "");

user_pref("Smartbar.ConduitSearchUrlList", "");

user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=");

user_pref("Smartbar.keywordURLSelectedCTID", "CT3220468");

user_pref("browser.search.defaultthis.engineName", "WhiteSmoke US Customized Web Search");

user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=3&q={searchTerms}");

user_pref("extensions.helperbar.SmartbarDisabled", false);

user_pref("extensions.helperbar.SmartbarStateMinimaized", false);

user_pref("extensions.wrc.SearchRules.baidu.com.style", ".WRCN {display:none} .result .f .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");

user_pref("extensions.wrc.SearchRules.baidu.com.url", "^hxxp\\:\\/\\/www\\.baidu\\.com\\/.*");

user_pref("extensions.wrc.SearchRules.excite.com.style", ".WRCN {display:none} .searchResult .resultTitlePane .WRCN {display:inline !important; background: url(\"IMAGE\") righ

user_pref("extensions.wrc.SearchRules.excite.com.url", "^hxxp\\:\\/\\/msxml\\.excite\\.com\\/search\\/.*");

user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&q=&SearchSource=2");

Emptied folder: C:\Users\Jesper Drlicka\AppData\Roaming\mozilla\firefox\profiles\mke1z7oj.default\minidumps [60 files]

~~~ Chrome

Dumping contents of C:\Users\Jesper Drlicka\appdata\local\Google\Chrome\User Data\Default\Default

C:\Users\Jesper Drlicka\appdata\local\Google\Chrome\User Data\Default\Default\aaibemgdkhlkejfefjpbdedkjbnmfhhd

C:\Users\Jesper Drlicka\appdata\local\Google\Chrome\User Data\Default\Default\Extensions

C:\Users\Jesper Drlicka\appdata\local\Google\Chrome\User Data\Default\Default\Preferences

C:\Users\Jesper Drlicka\appdata\local\Google\Chrome\User Data\Default\Default\Web Data

C:\Users\Jesper Drlicka\appdata\local\Google\Chrome\User Data\Default\Default\aaibemgdkhlkejfefjpbdedkjbnmfhhd\background.html

C:\Users\Jesper Drlicka\appdata\local\Google\Chrome\User Data\Default\Default\aaibemgdkhlkejfefjpbdedkjbnmfhhd\ContentScript.js

C:\Users\Jesper Drlicka\appdata\local\Google\Chrome\User Data\Default\Default\aaibemgdkhlkejfefjpbdedkjbnmfhhd\manifest.json

C:\Users\Jesper Drlicka\appdata\local\Google\Chrome\User Data\Default\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

Successfully deleted: [Folder] C:\Users\Jesper Drlicka\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]

Successfully deleted: [Folder] C:\Users\Jesper Drlicka\appdata\local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

Successfully deleted: [Registry Key] hkey_current_user\software\google\chrome\extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\kdidombaedgpfiiedeimiebkmbilgmlc

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 01/27/2013 at 20:31:34.79

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

# AdwCleaner v2.109 - Logfile created 01/27/2013 at 20:36:56

# Updated 26/01/2013 by Xplode

# Operating system : Windows 7 Home Premium (64 bits)

# User : Jesper Drlicka - FIXALLTHEISSUES

# Boot Mode : Normal

# Running from : C:\Users\Jesper Drlicka\Downloads\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\END

Folder Deleted : C:\Users\Jesper Drlicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{EB132DB0-A4CA-11DF-9732-0E29E0D72085}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Users\Jesper Drlicka\AppData\Roaming\Mozilla\Firefox\Profiles\mke1z7oj.default\prefs.js

Deleted : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Deleted : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

Deleted : user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]

Deleted : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]

Deleted : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]

Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]

Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]

Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]

Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]

Deleted : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]

File : C:\Users\Bozena Beatrice\AppData\Roaming\Mozilla\Firefox\Profiles\9nhfpdbp.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.56

File : C:\Users\Jesper Drlicka\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.18] : homepage = "hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=491949f4-8852-[...]

Deleted [l.2201] : homepage = "hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=491949f4-8852-4[...]

*************************

AdwCleaner[s1].txt - [3797 octets] - [27/01/2013 20:36:56]

########## EOF - C:\AdwCleaner[s1].txt - [3857 octets] ##########

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.27.09

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Jesper Drlicka :: FIXALLTHEISSUES [administrator]

1/27/2013 8:46:21 PM

mbam-log-2013-01-27 (20-46-21).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 258189

Time elapsed: 4 minute(s), 6 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

esetscan.txt

C:\Users\Jesper Drlicka\Downloads\ADLSoft_MultiClock.exe a variant of Win32/InstallCore.AZ application

C:\Users\Jesper Drlicka\Downloads\slender_setup.exe a variant of Win32/Adware.iBryte.D application

C:\Users\Jesper Drlicka\Downloads\SoftonicDownloader_for_slender-the-eight-pages.exe a variant of Win32/SoftonicDownloader.E application

Link to post
Share on other sites

  • Staff

those installer files identified by ESET, are bundled with adware so I would delete them if you no longer need them

NEXT

Visit ADOBE and download the latest version of Acrobat Reader (version XI)

Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

Please advise how the computer is running now and if there are any outstanding issues

Link to post
Share on other sites

  • Staff

We just have some housekeeping to do now,

Please do the following:

You can delete the DDS, JRT, Roguekiller and aswMBR logs and programs from your desktop.

NEXT

Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Combofix_uninstall_image.jpg

NEXT

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

If there are any logs/tools remaining on your desktop > right click and delete them.

NEXT

Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

    [*]Download TFC to your desktop

    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean

    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

    [*]WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

    • Green to go
    • Yellow for caution
    • Red to stop

    WOT has an addon available for both Firefox and IE

    [*]Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

    [*]In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

    PC Safety and Security--What Do I Need?.

    [*]Simple and easy ways to keep your computer safe and secure on the Internet

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.