flopje Posted March 3, 2013 ID:652915 Share Posted March 3, 2013 MBAM (pro) found hijack.homepage and I removed it a couple of times but it is still coming back, I also tried to manually delete the registry key but the acces was denied. I copied the DDS, attach and hijackthis files. Help would be appreciated.DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.15.2Run by Jafar at 14:35:24 on 2013-03-03Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4063.2167 [GMT 1:00].AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\atieclxx.exeC:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exeC:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exeC:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exeC:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exeC:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exeC:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\taskhost.exeC:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exeC:\Windows\system32\Dwm.exeC:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exeC:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exeC:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exeC:\Program Files (x86)\AVG\AVG2013\avgnsa.exeC:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exeC:\Program Files\Apoint\Apoint.exeC:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files\Apoint\ApMsgFwd.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\taskeng.exeC:\Program Files\Apoint\Apntex.exeC:\Program Files\Apoint\Apvfb.exeC:\Program Files\Sony\VAIO Care\VCsystray.exeC:\Windows\SysWOW64\DllHost.exeC:\Program Files\Java\jre6\bin\jusched.exec:\Program Files\Microsoft Security Client\NisSrv.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Windows\system32\svchost.exe -k bthsvcsC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exeC:\Windows\System32\WUDFHost.exeC:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exeC:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exeC:\Program Files (x86)\AVG Secure Search\vprot.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\AVG\AVG2013\avgui.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Sony\VAIO Update\VAIOUpdt.exeC:\Program Files\Sony\VAIO Update\VUAgent.exeC:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Program Files\Sony\VAIO Power Management\SPMService.exeC:\Program Files\Sony\VAIO Power Management\SPMgr.exeC:\Windows\system32\svchost.exe -k SDRSVCC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\notepad.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exec:\Program Files\Microsoft Security Client\MpCmdRun.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://google.nl/uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNTmDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNTuURLSearchHooks: <No Name>: - LocalServer32 - <no file>BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dllBHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dllBHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - LocalServer32 - <no file>TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dllTB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - LocalServer32 - <no file>TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dlluRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /backgrounduRun: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifworkuRun: [ctfmon.exe] "C:\Windows\System32\ctfmon.exe"uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorunuRun: [Google Update] "C:\Users\Jafar\AppData\Local\Google\Update\GoogleUpdate.exe" /cuRun: [Facebook Update] "C:\Users\Jafar\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserveruRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"mRun: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartupmRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startupmRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServicesmRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLYmRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [sSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exemRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScriptStartupFolder: C:\Users\Jafar\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXEStartupFolder: C:\Users\Jafar\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Xfire.lnk - C:\Program Files (x86)\Xfire\xfire.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeuPolicies-Explorer: HideSCAHealth = dword:1uPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:0mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableLUA = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmIE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmDPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CABDPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cabDPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cabTCP: NameServer = 87.236.0.10 62.166.128.20TCP: Interfaces\{0B75CB2B-3513-452F-9C6E-48CF5DC98F94} : DHCPNameServer = 87.236.0.10 62.166.128.20TCP: Interfaces\{0B75CB2B-3513-452F-9C6E-48CF5DC98F94}\275797368627F636B6C61616E602135323 : DHCPNameServer = 192.168.1.1TCP: Interfaces\{0B75CB2B-3513-452F-9C6E-48CF5DC98F94}\77962756C6563737 : DHCPNameServer = 87.236.0.10 62.166.128.20Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - LocalServer32 - <no file>Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dllHandler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllNotify: VESWinlogon - VESWinlogon.dllSSODL: WebCheck - <orphaned>x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - LocalServer32 - <no file>x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllx64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - LocalServer32 - <no file>x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - LocalServer32 - <no file>x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exex64-Run: [iAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyx64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - LocalServer32 - <no file>x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmx64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cabx64-DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cabx64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cabx64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - LocalServer32 - <no file>x64-Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - <orphaned>x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Jafar\AppData\Roaming\Mozilla\Firefox\Profiles\km1l9na8.default\FF - prefs.js: keyword.URL - trueFF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLLFF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dllFF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dllFF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dllFF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dllFF - plugin: C:\Users\Jafar\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll.---- FIREFOX POLICIES ----FF - user.js: extensions.BabylonToolbar_i.id - 86897b9100000000000000ffd2a20c58FF - user.js: extensions.BabylonToolbar_i.hardId - 86897b9100000000000000ffd2a20c58FF - user.js: extensions.BabylonToolbar_i.instlDay - 15428FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:17:24FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylonFF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbarFF - user.js: extensions.BabylonToolbar_i.aflt - babsstFF - user.js: extensions.BabylonToolbar_i.smplGrp - noneFF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9FF - user.js: extensions.BabylonToolbar_i.newTab - falseFF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111434FF - user.js: extensions.BabylonToolbar_i.babExt -FF - user.js: extensions.BabylonToolbar_i.srcExt - ssFF - user.js: extensions.BabylonToolbar_i.instlRef - sst.user_pref('extensions.dealply.partner', 'vita');.user_pref('extensions.dealply.channel', 'vitadownloadsoft');.user_pref('extensions.dealply.installId', 'v23500262860150497696052012070522451839');.user_pref('extensions.dealply.installIdSource', 'inst');.user_pref('extensions.dealply.sampleGroup', '9');....============= SERVICES / DRIVERS ===============.R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-9-29 55280]R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1008030.006\SymEFA64.sys [2011-10-11 402992]R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-4 39768]R1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\System32\drivers\NISx64\1008030.006\BHDrvx64.sys [2011-10-11 334384]R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NISx64\1008030.006\cchpx64.sys [2011-10-11 561800]R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110325.001\IDSviA64.sys [2011-3-26 476792]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-9-4 203264]R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-24 398184]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-24 682344]R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 130008]R2 Norton Internet Security;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [2011-10-11 117648]R2 NU16StartManagerSvc;Norton Utilities 16 Start Manager Service;C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [2013-3-2 792608]R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-8-12 87040]R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2013-3-2 794272]R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2007-4-17 14112]R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2011-11-8 189984]R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-9-29 104960]R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-9-29 411496]R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-7-22 642920]R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-2-20 968880]R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2009-9-29 19968]R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-9-4 35104]R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-8-28 270912]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-2-24 24176]R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-6-8 5435904]R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2009-9-4 11392]R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update\VUAgent.exe [2013-2-22 1286784]R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]S2 AVGIDSAgent;AVGIDSAgent;"C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" --> C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 DiskDoctorService;Norton Disk Doctor Service;C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [2013-3-2 1147424]S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-22 48488]S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]S3 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2009-9-29 167424]S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-9-29 120104]S3 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-9-29 70952]S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-9-29 427304]S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-9-29 75048]S3 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-9-29 91432]S3 SpeedDiskService;Norton SpeedDisk Service;C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [2013-3-2 1160224]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-2 59392]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]S3 USBTINSP;TI-Nspire Handheld or TI Network Bridge Device Driver;C:\Windows\System32\drivers\tinspusb.sys [2010-3-29 142848]S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-9-29 468264]S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-9-29 357672]S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-9-29 110888]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-2 1255736]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== File Associations ===============.ShellExec: VCExporterLaunch.exe: open="C:\Program Files (x86)\Sony\VAIO VP Utilities\VCELaunch.exe" "%1".=============== Created Last 30 ================.2013-03-03 13:18:22 388096 ----a-r- C:\Users\Jafar\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe2013-03-03 13:18:21 -------- d-----w- C:\Program Files (x86)\Trend Micro2013-03-03 12:50:13 -------- d-----w- C:\Users\Jafar\AppData\Local\{6137AA93-F99C-4DFB-8795-B531F647FE0E}2013-03-03 12:15:30 -------- d-----w- C:\TDSSKiller_Quarantine2013-03-03 12:12:08 208216 ----a-w- C:\Windows\System32\drivers\12845916.sys2013-03-03 10:15:01 9162192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E645625B-C568-47B3-B76B-89E3E01D094E}\mpengine.dll2013-03-03 10:03:23 -------- d-----w- C:\Users\Jafar\AppData\Local\{DE7AFFB8-E9C4-4144-8055-DE294481D8E2}2013-03-02 22:33:12 -------- d-----w- C:\Users\Jafar\AppData\Roaming\Registry Mechanic2013-03-02 22:08:13 -------- d-----w- C:\Users\Jafar\AppData\Roaming\Norton Utilities 162013-03-02 21:46:47 -------- d-----w- C:\Users\Jafar\AppData\Local\{352F51B6-1A87-44F2-81AD-0536B6C723BC}2013-03-02 21:42:29 44544 ----a-w- C:\Windows\SysWow64\msxml4a.dll2013-03-02 21:42:02 -------- d-----w- C:\Program Files (x86)\Symantec2013-03-02 21:41:08 -------- d-----w- C:\Users\Jafar\AppData\Roaming\Product_NU162013-03-02 21:29:57 212992 ----a-w- C:\Windows\SysWow64\UniBoxVB12.ocx2013-03-02 21:29:57 1101824 ----a-w- C:\Windows\SysWow64\UniBox210.ocx2013-03-02 21:29:56 880640 ----a-w- C:\Windows\SysWow64\UniBox10.ocx2013-03-02 21:29:56 40992 ----a-w- C:\Windows\System32\CleanMFT64.exe2013-03-02 21:29:55 513696 ----a-w- C:\Windows\SysWow64\msxml.dll2013-03-02 21:29:27 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools2013-03-02 21:29:24 -------- d-----w- C:\Program Files (x86)\PC Tools2013-03-02 21:28:48 -------- d-----w- C:\ProgramData\PC Tools2013-03-02 21:28:44 -------- d-----w- C:\Users\Jafar\AppData\Roaming\Product_RM2013-03-02 00:51:44 9162192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-03-01 08:19:35 -------- d-----w- C:\Users\Jafar\AppData\Local\{63D3EF47-9CFD-48E7-8F23-C26A3D8BFA71}2013-02-27 15:40:30 -------- d-----w- C:\Program Files\THQ2013-02-27 09:16:25 -------- d-----w- C:\Users\Jafar\AppData\Local\{CC706479-A4DD-41E4-9AAD-5D225D035C6C}2013-02-26 11:49:06 -------- d-----w- C:\Users\Jafar\AppData\Local\{0843E0D4-D382-4937-8141-E3922B1ECB7E}2013-02-25 10:11:50 -------- d-----w- C:\Users\Jafar\AppData\Local\{23053F68-D87F-4F35-8D03-6ABD2B8B1F17}2013-02-24 21:08:06 -------- d-----w- C:\Users\Jafar\AppData\Local\{315AE101-18DD-4139-B8B2-9B02B437DB9E}2013-02-24 17:22:10 -------- d-----w- C:\Users\Jafar\AppData\Roaming\Malwarebytes2013-02-24 17:21:48 -------- d-----w- C:\ProgramData\Malwarebytes2013-02-24 17:21:46 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-02-24 17:21:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-02-23 09:04:23 -------- d-----w- C:\Program Files (x86)\Common Files\InterVideo2013-02-23 09:03:53 -------- d-----w- C:\Program Files (x86)\Common Files\Protexis2013-02-23 09:02:50 -------- d-----w- C:\Program Files (x86)\Corel2013-02-23 08:52:48 -------- d-----w- C:\Users\Jafar\AppData\Local\{1E6D22EE-D822-42A5-A700-313AC0E0BE4A}2013-02-22 16:32:12 -------- d-----w- C:\ProgramData\Corel2013-02-22 16:21:09 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-02-22 15:53:34 -------- d-----w- C:\Users\Jafar\AppData\Local\{7BF68A3D-F819-43F6-8464-1710E0443DB7}2013-02-22 15:36:35 -------- d-----w- C:\AMD2013-02-22 15:26:43 -------- d-----w- C:\Update2013-02-22 15:24:48 -------- d-----w- C:\Users\Jafar\AppData\Local\{F46E01CE-81E5-4ECF-8B53-942AD4DD5BD1}2013-02-21 10:55:03 -------- d-----w- C:\Users\Jafar\AppData\Local\{7222F380-0D34-458D-9250-9FDF20D68FEF}2013-02-21 05:43:07 -------- d-----w- C:\Users\Jafar\AppData\Local\{152FEFC8-D6F7-4CBA-B81B-E7382BF6AA42}2013-02-20 05:29:05 -------- d-----w- C:\Users\Jafar\AppData\Local\{1868A36A-C706-4714-BD1C-78E0DD46DE81}2013-02-18 11:54:27 -------- d-----w- C:\Users\Jafar\AppData\Local\{085EE261-AE56-4483-B9F6-37C506362C17}2013-02-17 11:10:10 -------- d-----w- C:\Users\Jafar\AppData\Local\{9EE2FB89-6BFD-4AC8-BA9E-6B0C8E508815}2013-02-15 22:31:23 186432 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll2013-02-15 22:31:23 186432 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll2013-02-15 15:44:21 -------- d-----w- C:\Users\Jafar\AppData\Local\{26E42E33-2EC8-48C0-A449-7BA703D0F1A1}2013-02-14 13:27:55 -------- d-----w- C:\Users\Jafar\AppData\Local\{807CF248-426A-42BF-B15B-22F489E82DA6}2013-02-13 20:29:54 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll2013-02-13 20:29:54 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll2013-02-13 20:26:59 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll2013-02-13 20:26:59 499200 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll2013-02-13 20:26:59 387584 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll2013-02-13 20:26:58 887808 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll2013-02-13 14:01:19 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-02-13 14:01:17 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2013-02-13 14:01:15 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2013-02-13 14:01:05 3153408 ----a-w- C:\Windows\System32\win32k.sys2013-02-13 14:01:02 215040 ----a-w- C:\Windows\System32\winsrv.dll2013-02-13 14:01:00 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2013-02-13 14:01:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2013-02-13 14:01:00 25600 ----a-w- C:\Windows\SysWow64\setup16.exe2013-02-13 14:01:00 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2013-02-13 14:00:55 2048 ----a-w- C:\Windows\SysWow64\user.exe2013-02-13 14:00:52 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS2013-02-13 14:00:52 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-02-13 13:51:18 -------- d-----w- C:\Users\Jafar\AppData\Local\{92856DDA-9646-44E8-B7F0-AFCE807D6ADC}2013-02-11 18:27:05 -------- d-----w- C:\Program Files (x86)\Auslogics2013-02-10 14:13:29 -------- d-----w- C:\Users\Jafar\AppData\Local\{F60DDF83-213E-46E2-941C-87A01F44A27E}2013-02-10 14:13:28 -------- d-----w- C:\Users\Jafar\AppData\Roaming\AVG20132013-02-10 14:02:49 -------- d-----w- C:\ProgramData\AVG20132013-02-10 13:54:58 -------- d-----w- C:\Users\Jafar\AppData\Local\MFAData2013-02-10 13:54:58 -------- d-----w- C:\Users\Jafar\AppData\Local\Avg20132013-02-10 13:52:43 -------- d-----w- C:\ProgramData\AVAST Software2013-02-10 13:52:43 -------- d-----w- C:\Program Files\AVAST Software2013-02-10 13:27:53 208216 ----a-w- C:\Windows\System32\drivers\23856517.sys2013-02-10 09:33:35 -------- d-----w- C:\Program Files (x86)\Dead Space 32013-02-08 16:49:57 -------- d-----w- C:\Users\Jafar\AppData\Local\{BC339610-D1AD-4E94-98EE-A8C7D9E62CE8}2013-02-07 14:01:09 -------- d-----w- C:\Users\Jafar\AppData\Local\{1A34EA39-93F1-4C7F-B33C-4998C7F6D5B4}2013-02-06 14:30:44 -------- d-----w- C:\Users\Jafar\AppData\Roaming\Auslogics2013-02-06 14:30:25 -------- d-----w- C:\Program Files (x86)\Auslogics Disk Defrag Professional2013-02-06 14:15:02 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll2013-02-06 14:15:02 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll2013-02-06 14:15:01 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll2013-02-06 06:52:00 -------- d-----w- C:\Riot Games2013-02-05 15:47:27 -------- d-----w- C:\Users\Jafar\AppData\Local\{E2E47383-190D-4110-9BD4-B67AF9A09262}2013-02-04 14:25:05 -------- d-----w- C:\Users\Jafar\AppData\Local\{CD6D0266-71F8-497B-B309-3607FE6CFF0C}.==================== Find3M ====================.2013-02-27 13:42:21 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-02-27 13:42:20 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-02-22 16:20:55 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll2013-02-22 16:20:55 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll2013-02-20 21:15:21 39768 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe2013-01-20 14:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys2013-01-20 14:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys2013-01-13 08:24:59 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr2013-01-12 11:26:44 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex02013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs.============= FINISH: 14:38:01,52 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume2Install Date: 19-2-2010 7:50:42System Uptime: 3-3-2013 13:47:32 (1 hours ago).Motherboard: Sony Corporation | | VAIOProcessor: Intel® Core2 Duo CPU P8700 @ 2.53GHz | N/A | 785/266mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 458 GiB total, 372,069 GiB free.E: is RemovableF: is CDROM ()G: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP682: 3-3-2013 13:30:03 - jwzRP683: 3-3-2013 14:17:40 - Installed HiJackThis.==== Installed Programs ======================. Update for Microsoft Office 2007 (KB2508958)Adobe AIRAdobe Flash Player 10 ActiveX 64-bitAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader X (10.1.6) - NederlandsAdobe Shockwave Player 11.5Alps Pointing-device for VAIOAMD Catalyst Install ManagerApple Application SupportApple Mobile Device SupportApple Software UpdateApplication Manager for VAIOArcSoft Magic-i Visual Effects 2ArcSoft WebCam Companion 3Auslogics Disk Defrag ProfessionalAuslogics Disk Defrag Professional version 4.2.1.0AVG 2012AVG 2013AVG Security ToolbarBitTorrentCatalyst Control Center - BrandingCatalyst Control Center Core ImplementationCatalyst Control Center Graphics Full ExistingCatalyst Control Center Graphics Full NewCatalyst Control Center Graphics LightCatalyst Control Center Graphics Previews CommonCatalyst Control Center Graphics Previews VistaCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-core-staticccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishCheat Engine 6.1Click to DiscClick to Disc EditorCopyTrans Suite Remove OnlyCorel WinDVDD3DX10DAEMON Tools LiteDC Mod ManagerDead Space™ 3Definition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDolby Control CenterDownload Manager 2.3.10Facebook Video Calling 1.2.0.287GhostMouseGoogle ChromeGoogle Toolbar for Internet ExplorerGoogle Update HelperHandBrake 0.9.5HiJackThisHTC BMP USB DriverHTC Driver InstallerHTC SynciCloudInquisition DaemonhuntIntel® Matrix Storage ManageriTunesJava 7 Update 15Java Auto UpdaterJava 6 Update 15 (64-bit)Java SE Development Kit 6 Update 15 (64-bit)Junk Mail filter updateJust Great Software EditPad Lite 7.0.3League of LegendsMalwarebytes Anti-Malware version 1.70.0.1100Mesh RuntimeMessenger CompanionMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Antimalware Service NL-NL Language PackMicrosoft Application Error ReportingMicrosoft DirectX SDK (June 2010)Microsoft Games for Windows - LIVE RedistributableMicrosoft Games for Windows MarketplaceMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (Dutch) 2007Microsoft Office Excel MUI (Dutch) 2007Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Groove MUI (Dutch) 2007Microsoft Office Home and Student 2007Microsoft Office InfoPath MUI (Dutch) 2007Microsoft Office Language Pack 2007 - Dutch/NederlandsMicrosoft Office O MUI (Dutch) 2007Microsoft Office Office 64-bit Components 2007Microsoft Office Office 64-bit Components 2010Microsoft Office OneNote MUI (Dutch) 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office Outlook 2010Microsoft Office Outlook MUI (Dutch) 2007Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (Dutch) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (Dutch) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2007Microsoft Office Proof (French) 2010Microsoft Office Proof (German) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (Dutch) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing (English) 2010Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher MUI (Dutch) 2007Microsoft Office Shared 64-bit MUI (Dutch) 2007Microsoft Office Shared 64-bit MUI (English) 2007Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (Dutch) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)Microsoft Office SharePoint Designer MUI (Dutch) 2007Microsoft Office Word MUI (Dutch) 2007Microsoft Office Word MUI (English) 2007Microsoft Office X MUI (Dutch) 2007Microsoft Outlook 2010Microsoft Security ClientMicrosoft Security Client NL-NL Language PackMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Web Platform Installer 3.0Mozilla Firefox 5.0 (x86 nl)MSVC80_x64_v2MSVC80_x86_v2MSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP2 and SOAP Toolkit 3.0MSXML 4.0 SP3 ParserMSXML 4.0 SP3 Parser (KB2721691)MSXML 4.0 SP3 Parser (KB2758694)MSXML 4.0 SP3 Parser (KB973685)Music TransferNorton Internet SecurityNorton Utilities 16NVIDIA PhysXPC Connectivity SolutionPC Tools Registry Mechanic 11.1PhotoFiltrePrimoQuickBooks Financial CenterQuickTimeRadLight 4.0 FINALRegiRuntimeSafariSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596672) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596744) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596754) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687311) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687441) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687499) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760416) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553091)Security Update for Microsoft Office 2010 (KB2553447) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589320) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2597986) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2598243) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687501) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687510) 32-Bit EditionSecurity Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit EditionSecurity Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2760421) 32-Bit EditionSecurity Update for Microsoft Word 2010 (KB2760410) 32-Bit EditionSetting Utility SeriesSmartWi Connection UtilitySony Home Network LibrarySony Picture UtilitySteel Legion DC 1.0.0Subtitle Workshop 2.51Symantec Technical Support Web ControlsTeach2000 version 8.53Tyranid Mod 0.5b2 for SoulstormUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2473228)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596660) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596848) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2494150)Update for Microsoft Office 2010 (KB2553181) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553267) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553378) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2566458)Update for Microsoft Office 2010 (KB2596964) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2598242) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2687509) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760631) 32-Bit EditionUpdate for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit EditionUpdate for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)Update for Microsoft OneNote 2010 (KB2687277) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2597090) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2687623) 32-Bit EditionUpdate for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit EditionUpdate for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit EditionUpdate voor Microsoft Office Excel 2007 Help (KB963678)Update voor Microsoft Office Powerpoint 2007 Help (KB963669)Update voor Microsoft Office Word 2007 Help (KB963665)VAIO CareVAIO Content Metadata Intelligent Analyzing ManagerVAIO Content Metadata Intelligent Network Service ManagerVAIO Content Metadata Manager SettingsVAIO Content Metadata XML Interface LibraryVAIO Content Monitoring SettingsVAIO Control CenterVAIO Data Restore ToolVAIO DVD Menu Data BasicVAIO Entertainment PlatformVAIO Event ServiceVAIO Help and SupportVAIO Media plusVAIO Media plus Opening MovieVAIO Movie StoryVAIO Movie Story Template DataVAIO OOBE and Startup AssistantVAIO Original Function SettingsVAIO Power ManagementVAIO Presentation SupportVAIO SurveyVAIO UpdateVAIO Wallpaper ContentsVisual Studio 2008 x64 RedistributablesVisual Studio 2010 x64 RedistributablesVLC media player 1.1.9VU5x64VU5x86WIDCOMM Bluetooth SoftwareWindows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)Windows Live Communications PlatformWindows Live EssentialsWindows Live Family SafetyWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live Messenger Companion CoreWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live SyncWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWinRAR 4.00 (64-bit)Xfire (remove only)XviD MPEG4 Video Codec (remove only)YourFileDownloader.==== Event Viewer Messages From Past Week ========.3-3-2013 14:32:33, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.3-3-2013 13:49:38, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.3-3-2013 13:49:38, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-2147218173.3-3-2013 13:48:02, Error: Service Control Manager [7003] - The AVGIDSAgent service depends the following service: AVGIDSDriver. This service might not be installed.3-3-2013 13:47:48, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter3-3-2013 13:47:48, Error: atikmdag [43029] - Display is not active27-2-2013 13:55:03, Error: Service Control Manager [7022] - The Windows Update service hung on starting.27-2-2013 13:40:32, Error: Service Control Manager [7034] - The Hotspot Shield Monitoring Service service terminated unexpectedly. It has done this 1 time(s).27-2-2013 13:40:06, Error: Service Control Manager [7034] - The Hotspot Shield Routing Service service terminated unexpectedly. It has done this 1 time(s).25-2-2013 12:55:49, Error: bowser [8003] - The master browser has received a server announcement from the computer ROB-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{0B75CB2B-3513-452F-9C6E-48CF5DC98F94}. The master browser is stopping or an election is being forced.25-2-2013 11:40:53, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.2-3-2013 23:12:33, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.2-3-2013 12:33:03, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded..==== End Of File ===========================my hijackthis log:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 14:35:51, on 3-3-2013Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v9.00 (9.00.8112.16464)Boot mode: NormalRunning processes:C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exeC:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exeC:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exeC:\Program Files (x86)\AVG Secure Search\vprot.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\AVG\AVG2013\avgui.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exeC:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Users\Jafar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DD6VQZB1\dds.scrC:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exeC:\Users\Jafar\AppData\Local\Temp\nshC505.tmp\PEV.DATR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.nl/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =R3 - URLSearchHook: (no name) - - (no file)O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dllO2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLLO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllO2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dllO2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllO2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLLO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllO3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dllO3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dllO3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllO4 - HKLM\..\Run: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartupO4 - HKLM\..\Run: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startupO4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServicesO4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLYO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [sSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exeO4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScriptO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifworkO4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorunO4 - HKCU\..\Run: [Google Update] "C:\Users\Jafar\AppData\Local\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [Facebook Update] "C:\Users\Jafar\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserverO4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXEO4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\xfire.exeO4 - Global Startup: Bluetooth.lnk = ?O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmO8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllO9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CABO16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dllO18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dllO18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllO23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exeO23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)O23 - Service: AVGIDSAgent - Unknown owner - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (file missing)O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exeO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exeO23 - Service: Norton Disk Doctor Service (DiskDoctorService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exeO23 - Service: Norton Utilities 16 Start Manager Service (NU16StartManagerSvc) - Unknown owner - C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exeO23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exeO23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exeO23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exeO23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exeO23 - Service: Intel® Sample Collector (SampleCollector) - Intel Corporation - C:\Program Files\Sony\VAIO Care\collsvc.exeO23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exeO23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exeO23 - Service: VAIO Media plus Database Manager (SOHDBSvr) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exeO23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exeO23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exeO23 - Service: VAIO Media plus Playlist Manager (SOHPlMgr) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exeO23 - Service: Norton SpeedDisk Service (SpeedDiskService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exeO23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exeO23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exeO23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exeO23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exeO23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exeO23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exeO23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exeO23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exeO23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exeO23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exeO23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update\VUAgent.exeO23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exeO23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)--End of file - 18349 bytes Link to post Share on other sites More sharing options...
MrCharlie Posted March 3, 2013 ID:653014 Share Posted March 3, 2013 Welcome to the forum.Please remove any usb or external drives from the computer before you run this scan!Please download and run RogueKiller to your desktop. RogueKiller<---use this one for 64 bit systemsQuit all running programs.For Windows XP, double-click to start.For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.Click Scan to scan the system. When the scan completes > Close out the program > Don't Fix anything!Don't run any other options, they're not all bad!!!!!!!Post back the report which should be located on your desktop. (please don't put logs in code or quotes)P2P Warning:If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.MrC<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.<+>Please stick with me until I give you the "all clear".<+>The removal of malware isn't instantaneous, please be patient.------->Your topic will be closed if you haven't replied within 3 days!<--------(If I don't respond within 24 hours, please send me a PM) Link to post Share on other sites More sharing options...
flopje Posted March 3, 2013 Author ID:653073 Share Posted March 3, 2013 I disabled Bittorent before I ran the scans as requested, and here is the roguekiller logRogueKiller V8.5.2 _x64_ [Feb 23 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/Website : http://tigzy.geekstogo.com/roguekiller.phpBlog : http://tigzyrk.blogspot.com/Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Jafar [Admin rights]Mode : Scan -- Date : 03/03/2013 21:13:21| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 8 ¤¤¤[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤[Tr.Karagany][FOLDER] shed : C:\Users\Jafar\AppData\Roaming\Adobe\shed --> FOUND¤¤¤ Driver : [NOT LOADED] ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> C:\Windows\system32\drivers\etc\hosts¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: ST9500420AS +++++--- User ---[MBR] 1d28f8634ae76215143cf10ea501cd33[bSP] b0e1157958d835fbcd3b118df174e453 : Windows Vista MBR CodePartition table:0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 8171 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16736256 | Size: 100 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 16941056 | Size: 468667 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[1]_S_03032013_02d2113.txt >>RKreport[1]_S_03032013_02d2113.txt Link to post Share on other sites More sharing options...
MrCharlie Posted March 3, 2013 ID:653087 Share Posted March 3, 2013 Please download and run ComboFix.The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.Please visit this webpage for download links, and instructions for running ComboFixhttp://www.bleepingcomputer.com/combofix/how-to-use-combofixEnsure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Information on disabling your malware programs can be found Here.Make sure you run ComboFix from your desktop. Give it at least 30-45 minutes to finish if needed.Please include the C:\ComboFix.txt in your next reply for further review.---------->NOTE<----------If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.MrC Link to post Share on other sites More sharing options...
flopje Posted March 5, 2013 Author ID:653686 Share Posted March 5, 2013 ComboFix 13-03-05.01 - Jafar 05-03-2013 16:46:20.1.2 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4063.2121 [GMT 1:00]Running from: c:\users\Jafar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OAUO910C\ComboFix.exeAV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:\install.exec:\program files (x86)\DealPlyc:\program files (x86)\DealPly\DealPly.crxc:\program files (x86)\DealPly\DealPly.xpic:\program files (x86)\DealPly\DealPlyTune.dllc:\program files (x86)\DealPly\DealPlyUpdate.exec:\program files (x86)\DealPly\DealPlyUpdate.logc:\program files (x86)\DealPly\DealPlyUpdateRun.exec:\program files (x86)\DealPly\icon.icoc:\program files (x86)\DealPly\uninst.exec:\programdata\ntuser.datc:\users\Jafar\AppData\Roaming\Adobe\shedc:\windows\wininit.ini..((((((((((((((((((((((((( Files Created from 2013-02-05 to 2013-03-05 )))))))))))))))))))))))))))))))..2013-03-05 16:27 . 2013-03-05 16:27 -------- d-----w- c:\users\iskander\AppData\Local\temp2013-03-05 16:27 . 2013-03-05 16:27 -------- d-----w- c:\users\Default\AppData\Local\temp2013-03-05 15:21 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AF824A5C-FF28-4C0B-A9B5-BFECBBE6D77E}\mpengine.dll2013-03-04 14:30 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-03-03 13:18 . 2013-03-03 13:18 388096 ----a-r- c:\users\Jafar\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe2013-03-03 13:18 . 2013-03-03 13:18 -------- d-----w- c:\program files (x86)\Trend Micro2013-03-03 12:15 . 2013-03-03 12:15 -------- d-----w- C:\TDSSKiller_Quarantine2013-03-03 12:12 . 2013-03-03 12:12 208216 ----a-w- c:\windows\system32\drivers\12845916.sys2013-03-02 22:33 . 2013-03-02 22:37 -------- d-----w- c:\users\Jafar\AppData\Roaming\Registry Mechanic2013-03-02 22:08 . 2013-03-02 22:08 -------- d-----w- c:\users\Jafar\AppData\Roaming\Norton Utilities 162013-03-02 21:42 . 2011-07-26 15:15 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll2013-03-02 21:42 . 2013-03-02 21:42 -------- d-----w- c:\program files (x86)\Symantec2013-03-02 21:41 . 2013-03-02 21:41 -------- d-----w- c:\users\Jafar\AppData\Roaming\Product_NU162013-03-02 21:29 . 2008-04-02 14:54 1101824 ----a-w- c:\windows\SysWow64\UniBox210.ocx2013-03-02 21:29 . 2008-04-02 14:53 212992 ----a-w- c:\windows\SysWow64\UniBoxVB12.ocx2013-03-02 21:29 . 2012-09-29 21:49 40992 ----a-w- c:\windows\system32\CleanMFT64.exe2013-03-02 21:29 . 2008-04-02 14:53 880640 ----a-w- c:\windows\SysWow64\UniBox10.ocx2013-03-02 21:29 . 2012-08-21 13:44 513696 ----a-w- c:\windows\SysWow64\msxml.dll2013-03-02 21:29 . 2013-03-02 21:29 -------- d-----w- c:\program files (x86)\Common Files\PC Tools2013-03-02 21:29 . 2013-03-02 21:29 -------- d-----w- c:\program files (x86)\PC Tools2013-03-02 21:28 . 2013-03-02 21:28 -------- d-----w- c:\programdata\PC Tools2013-03-02 21:28 . 2013-03-02 21:28 -------- d-----w- c:\users\Jafar\AppData\Roaming\Product_RM2013-02-27 15:40 . 2013-02-28 20:53 -------- d-----w- c:\program files\THQ2013-02-24 17:22 . 2013-02-24 17:22 -------- d-----w- c:\users\Jafar\AppData\Roaming\Malwarebytes2013-02-24 17:21 . 2013-02-24 17:21 -------- d-----w- c:\programdata\Malwarebytes2013-02-24 17:21 . 2013-02-24 17:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2013-02-24 17:21 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys2013-02-23 09:04 . 2013-02-23 09:04 -------- d-----w- c:\program files (x86)\Common Files\InterVideo2013-02-23 09:03 . 2013-02-23 09:03 -------- d-----w- c:\program files (x86)\Common Files\Protexis2013-02-23 09:02 . 2013-02-23 09:02 -------- d-----w- c:\program files (x86)\Corel2013-02-22 16:32 . 2013-02-23 09:04 -------- d-----w- c:\programdata\Corel2013-02-22 16:21 . 2013-02-22 16:21 -------- d-----w- c:\program files (x86)\Common Files\Java2013-02-22 16:21 . 2013-02-22 16:21 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-02-22 15:36 . 2013-02-22 15:36 -------- d-----w- C:\AMD2013-02-22 15:26 . 2013-02-23 09:07 -------- d-----w- C:\Update2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll2013-02-13 20:29 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll2013-02-13 20:29 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll2013-02-13 20:26 . 2013-01-09 01:13 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll2013-02-13 20:26 . 2013-01-08 22:05 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll2013-02-13 20:26 . 2013-01-08 22:04 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll2013-02-13 20:26 . 2013-01-09 01:14 887808 ----a-w- c:\program files\Internet Explorer\iedvtool.dll2013-02-13 20:26 . 2013-01-09 01:48 17812992 ----a-w- c:\windows\system32\mshtml.dll2013-02-13 20:26 . 2013-01-09 01:22 10925568 ----a-w- c:\windows\system32\ieframe.dll2013-02-13 14:01 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe2013-02-13 14:01 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2013-02-13 14:01 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2013-02-13 14:01 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys2013-02-13 14:01 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll2013-02-13 14:01 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll2013-02-13 14:01 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe2013-02-13 14:01 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe2013-02-13 14:01 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll2013-02-13 14:00 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe2013-02-13 14:00 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-02-13 14:00 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS2013-02-11 18:27 . 2013-02-11 18:27 -------- d-----w- c:\program files (x86)\Auslogics2013-02-10 14:13 . 2013-02-10 14:13 -------- d-----w- c:\users\Jafar\AppData\Roaming\AVG20132013-02-10 14:02 . 2013-02-10 14:05 -------- d-----w- c:\programdata\AVG20132013-02-10 13:54 . 2013-02-10 13:54 -------- d-----w- c:\users\Jafar\AppData\Local\MFAData2013-02-10 13:54 . 2013-02-10 13:54 -------- d-----w- c:\users\Jafar\AppData\Local\Avg20132013-02-10 13:54 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe2013-02-10 13:52 . 2013-02-12 14:25 -------- d-----w- c:\programdata\AVAST Software2013-02-10 13:52 . 2013-02-10 13:52 -------- d-----w- c:\program files\AVAST Software2013-02-10 13:27 . 2013-02-10 13:27 208216 ----a-w- c:\windows\system32\drivers\23856517.sys2013-02-10 09:33 . 2013-02-10 09:53 -------- d-----w- c:\program files (x86)\Dead Space 32013-02-06 14:30 . 2013-02-06 14:30 -------- d-----w- c:\users\Jafar\AppData\Roaming\Auslogics2013-02-06 14:30 . 2013-02-06 14:30 -------- d-----w- c:\program files (x86)\Auslogics Disk Defrag Professional2013-02-06 14:15 . 2008-07-12 07:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll2013-02-06 14:15 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll2013-02-06 14:15 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll2013-02-06 06:52 . 2013-02-06 06:52 -------- d-----w- C:\Riot Games...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-02-27 13:42 . 2012-07-05 20:47 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-02-27 13:42 . 2011-06-24 19:36 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-02-22 16:20 . 2012-12-02 10:15 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll2013-02-22 16:20 . 2012-12-02 10:15 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll2013-02-20 21:15 . 2012-09-04 19:07 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys2013-02-13 20:35 . 2010-02-19 21:03 70004024 ----a-w- c:\windows\system32\MRT.exe2013-01-30 10:53 . 2010-09-15 17:00 273840 ------w- c:\windows\system32\MpSigStub.exe2013-01-20 14:59 . 2013-01-20 14:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys2013-01-20 14:59 . 2010-10-24 19:25 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys2013-01-13 08:24 . 2011-03-30 15:48 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr2013-01-12 11:26 . 2011-03-30 13:41 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex02013-01-04 04:43 . 2013-02-13 14:01 44032 ----a-w- c:\windows\apppatch\acwow64.dll2012-12-16 17:11 . 2012-12-26 21:53 46080 ----a-w- c:\windows\system32\atmlib.dll2012-12-16 14:45 . 2012-12-26 21:53 367616 ----a-w- c:\windows\system32\atmfd.dll2012-12-16 14:13 . 2012-12-26 21:53 295424 ----a-w- c:\windows\SysWow64\atmfd.dll2012-12-16 14:13 . 2012-12-26 21:53 34304 ----a-w- c:\windows\SysWow64\atmlib.dll2012-12-07 13:20 . 2013-01-09 15:45 441856 ----a-w- c:\windows\system32\Wpc.dll2012-12-07 13:15 . 2013-01-09 15:45 2746368 ----a-w- c:\windows\system32\gameux.dll2012-12-07 12:26 . 2013-01-09 15:45 308736 ----a-w- c:\windows\SysWow64\Wpc.dll2012-12-07 12:20 . 2013-01-09 15:45 2576384 ----a-w- c:\windows\SysWow64\gameux.dll2012-12-07 11:20 . 2013-01-09 15:45 30720 ----a-w- c:\windows\system32\usk.rs2012-12-07 11:20 . 2013-01-09 15:45 43520 ----a-w- c:\windows\system32\csrr.rs2012-12-07 11:20 . 2013-01-09 15:45 23552 ----a-w- c:\windows\system32\oflc.rs2012-12-07 11:20 . 2013-01-09 15:45 45568 ----a-w- c:\windows\system32\oflc-nz.rs2012-12-07 11:20 . 2013-01-09 15:45 44544 ----a-w- c:\windows\system32\pegibbfc.rs2012-12-07 11:20 . 2013-01-09 15:45 20480 ----a-w- c:\windows\system32\pegi-fi.rs2012-12-07 11:20 . 2013-01-09 15:45 20480 ----a-w- c:\windows\system32\pegi-pt.rs2012-12-07 11:19 . 2013-01-09 15:45 20480 ----a-w- c:\windows\system32\pegi.rs2012-12-07 11:19 . 2013-01-09 15:45 46592 ----a-w- c:\windows\system32\fpb.rs2012-12-07 11:19 . 2013-01-09 15:45 40960 ----a-w- c:\windows\system32\cob-au.rs2012-12-07 11:19 . 2013-01-09 15:45 21504 ----a-w- c:\windows\system32\grb.rs2012-12-07 11:19 . 2013-01-09 15:45 15360 ----a-w- c:\windows\system32\djctq.rs2012-12-07 11:19 . 2013-01-09 15:45 55296 ----a-w- c:\windows\system32\cero.rs2012-12-07 11:19 . 2013-01-09 15:45 51712 ----a-w- c:\windows\system32\esrb.rs2012-12-07 10:46 . 2013-01-09 15:45 43520 ----a-w- c:\windows\SysWow64\csrr.rs2012-12-07 10:46 . 2013-01-09 15:45 30720 ----a-w- c:\windows\SysWow64\usk.rs2012-12-07 10:46 . 2013-01-09 15:45 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs2012-12-07 10:46 . 2013-01-09 15:45 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs2012-12-07 10:46 . 2013-01-09 15:45 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs2012-12-07 10:46 . 2013-01-09 15:45 23552 ----a-w- c:\windows\SysWow64\oflc.rs2012-12-07 10:46 . 2013-01-09 15:45 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs2012-12-07 10:46 . 2013-01-09 15:45 46592 ----a-w- c:\windows\SysWow64\fpb.rs2012-12-07 10:46 . 2013-01-09 15:45 20480 ----a-w- c:\windows\SysWow64\pegi.rs2012-12-07 10:46 . 2013-01-09 15:45 21504 ----a-w- c:\windows\SysWow64\grb.rs2012-12-07 10:46 . 2013-01-09 15:45 40960 ----a-w- c:\windows\SysWow64\cob-au.rs2012-12-07 10:46 . 2013-01-09 15:45 15360 ----a-w- c:\windows\SysWow64\djctq.rs2012-12-07 10:46 . 2013-01-09 15:45 55296 ----a-w- c:\windows\SysWow64\cero.rs2012-12-07 10:46 . 2013-01-09 15:45 51712 ----a-w- c:\windows\SysWow64\esrb.rs..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]2013-02-20 21:15 1929392 ----a-w- c:\program files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll" [2013-02-20 1929392].[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}][HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1][HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj].[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"igndlm.exe"="c:\program files (x86)\Download Manager\DLM.exe" [2009-10-27 1103216]"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]"Facebook Update"="c:\users\Jafar\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-08-20 138096]"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-29 39408].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-09-02 80384]"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-05-26 317288]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-08-22 593920]"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-02-20 1151152]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-08-21 105120].c:\users\Jafar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]Xfire.lnk - c:\program files (x86)\Xfire\xfire.exe [2007-11-15 2836304].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 1079584].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]2009-07-01 18:49 98304 ------w- c:\windows\System32\VESWinlogon.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux1"=wdmaud.drv.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]@="FSFilter Activity Monitor".R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]R3 DiskDoctorService;Norton Disk Doctor Service;c:\program files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [2012-09-29 1147424]R3 esgiguard;esgiguard;c:\program files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [x]R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]R3 SampleCollector;Intel® Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2008-09-29 167424]R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-07-27 120104]R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-07-27 70952]R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-07-27 427304]R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-07-27 75048]R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-07-27 91432]R3 SpeedDiskService;Norton SpeedDisk Service;c:\program files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [2012-09-29 1160224]R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]R3 USBTINSP;TI-Nspire Handheld or TI Network Bridge Device Driver;c:\windows\system32\DRIVERS\tinspusb.sys [2010-03-29 142848]R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-06-26 468264]R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-06-26 357672]R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-06-18 110888]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-02 1255736]R3 wrssweep;Webroots Volume Access Driver;c:\progra~2\Webroot\WEBROO~1\Cleanup\wrssweep.sys [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-05-20 55280]S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS [2009-09-29 402992]S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-02-20 39768]S1 BHDrvx64;Symantec Heuristics Driver;c:\windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys [2010-01-20 334384]S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys [2011-10-11 561800]S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110325.001\IDSvia64.sys [2010-11-09 476792]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-27 203264]S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]S2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [2011-09-22 117648]S2 NU16StartManagerSvc;Norton Utilities 16 Start Manager Service;c:\program files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [2012-09-29 792608]S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-08-21 794272]S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-09-24 189984]S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-08-22 411496]S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-07-22 642920]S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-02-20 968880]S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-08-03 35104]S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-04-12 52632]S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-28 270912]S3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-05 5435904]S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2009-06-11 11392]S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe [2012-10-26 1286784]S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]..Contents of the 'Scheduled Tasks' folder.2013-03-02 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-05 13:42].2013-03-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3924209248-2309973261-2892999690-1001Core.job- c:\users\Jafar\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-20 20:34].2013-03-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3924209248-2309973261-2892999690-1001UA.job- c:\users\Jafar\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-20 20:34].2013-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-30 09:15].2013-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-30 09:15].2013-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3924209248-2309973261-2892999690-1001Core.job- c:\users\Jafar\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-13 20:12].2013-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3924209248-2309973261-2892999690-1001UA.job- c:\users\Jafar\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-13 20:12].2013-03-05 c:\windows\Tasks\NUAutoUpdate.job- c:\program files (x86)\Symantec\Norton Utilities 16\SULauncher.exe [2013-03-02 21:49].2013-03-02 c:\windows\Tasks\NUSchedule.job- c:\program files (x86)\Symantec\Norton Utilities 16\nu.exe [2013-03-02 21:49].2013-03-05 c:\windows\Tasks\RMAutoUpdate.job- c:\program files (x86)\PC Tools\PC Tools Registry Mechanic\SULauncher.exe [2013-03-02 13:44].2013-03-03 c:\windows\Tasks\RMSchedule.job- c:\program files (x86)\PC Tools\PC Tools Registry Mechanic\RegMech.exe [2013-03-02 13:43]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://google.nl/mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNTmLocal Page = c:\windows\SysWOW64\blank.htmIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htmTCP: DhcpNameServer = 87.236.0.10 62.166.128.20TCP: Interfaces\{0B75CB2B-3513-452F-9C6E-48CF5DC98F94}: NameServer = 4.2.2.2,4.2.2.3Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dllFF - ProfilePath - c:\users\Jafar\AppData\Roaming\Mozilla\Firefox\Profiles\km1l9na8.default\FF - prefs.js: keyword.URL - trueFF - user.js: extensions.BabylonToolbar_i.id - 86897b9100000000000000ffd2a20c58FF - user.js: extensions.BabylonToolbar_i.hardId - 86897b9100000000000000ffd2a20c58FF - user.js: extensions.BabylonToolbar_i.instlDay - 15428FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:17FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylonFF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbarFF - user.js: extensions.BabylonToolbar_i.aflt - babsstFF - user.js: extensions.BabylonToolbar_i.smplGrp - noneFF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9FF - user.js: extensions.BabylonToolbar_i.newTab - falseFF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111434FF - user.js: extensions.BabylonToolbar_i.babExt -FF - user.js: extensions.BabylonToolbar_i.srcExt - ssFF - user.js: extensions.BabylonToolbar_i.instlRef - sstuser_pref('extensions.dealply.partner', 'vita');user_pref('extensions.dealply.channel', 'vitadownloadsoft');user_pref('extensions.dealply.installId', 'v23500262860150497696052012070522451839');user_pref('extensions.dealply.installIdSource', 'inst');user_pref('extensions.dealply.sampleGroup', '9');.- - - - ORPHANS REMOVED - - - -.HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startBHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (value not set)WebBrowser-{2D8D9ACC-F6D7-4362-8876-A275CA929591} - (no file)HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exeAddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe...[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Norton Internet Security]"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\diMaster.dll\" /prefetch:1"--.[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\"".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-03-05 17:36:34ComboFix-quarantined-files.txt 2013-03-05 16:36.Pre-Run: 398.266.515.456 bytes freePost-Run: 397.791.281.152 bytes free.- - End Of File - - 10B90D1ABBD9D287D9A72B503C778469 Link to post Share on other sites More sharing options...
MrCharlie Posted March 5, 2013 ID:653725 Share Posted March 5, 2013 Please download AdwCleaner from here and save it on your Desktop. AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.AdwCleaner is a tool that deletes :· Adwares (software ads)· PUP/LPI (Potentially Undesirable Program)· Toolbars· Hijacker (Hijack of the browser's homepage)It works with a Search and Deletion methode. It can be easily uninstalled using the "Uninstall" mode.Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.Now click on the Search tab.Please post the contents of the log-file created in your next post.Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.Note:Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.MrC Link to post Share on other sites More sharing options...
flopje Posted March 5, 2013 Author ID:653730 Share Posted March 5, 2013 I´m getting an error message saying: post_too_short Link to post Share on other sites More sharing options...
MrCharlie Posted March 5, 2013 ID:653734 Share Posted March 5, 2013 Did it create a log???MrC Link to post Share on other sites More sharing options...
flopje Posted March 5, 2013 Author ID:653745 Share Posted March 5, 2013 yes it did but I can´t post it here for some reason? Link to post Share on other sites More sharing options...
MrCharlie Posted March 5, 2013 ID:653751 Share Posted March 5, 2013 Attach it:To attach a log:Bottom right corner of this page.New window that comes up.MrC Link to post Share on other sites More sharing options...
flopje Posted March 5, 2013 Author ID:653761 Share Posted March 5, 2013 Here you areAdwCleanerR1.txt Link to post Share on other sites More sharing options...
MrCharlie Posted March 5, 2013 ID:653764 Share Posted March 5, 2013 Please create a new system restore point before continuing.Lots of adware found....lets clear it out.....Please re-run AdwCleanerClick on Delete button.Confirm each time with OK if asked.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.MrC Link to post Share on other sites More sharing options...
flopje Posted March 5, 2013 Author ID:653773 Share Posted March 5, 2013 # AdwCleaner v2.114 - Logfile created 03/05/2013 at 21:52:49# Updated 05/03/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : Jafar - JAFAR# Boot Mode : Normal# Running from : C:\Users\Jafar\Desktop\adwcleaner.exe# Option [Delete]***** [services] ********** [Files / Folders] *****Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure SearchFile Deleted : C:\ENDFile Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xmlFile Deleted : C:\user.jsFolder Deleted : C:\Program Files (x86)\AVG Secure SearchFolder Deleted : C:\Program Files (x86)\yourfiledownloaderFolder Deleted : C:\ProgramData\AVG Secure SearchFolder Deleted : C:\ProgramData\BabylonFolder Deleted : C:\ProgramData\PartnerFolder Deleted : C:\ProgramData\Tarma InstallerFolder Deleted : C:\Users\Jafar\AppData\Local\AVG Secure SearchFolder Deleted : C:\Users\Jafar\AppData\Local\BabylonFolder Deleted : C:\Users\Jafar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipjeFolder Deleted : C:\Users\Jafar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahlaFolder Deleted : C:\Users\Jafar\AppData\Local\OpenCandyFolder Deleted : C:\Users\Jafar\AppData\LocalLow\AVG Secure SearchFolder Deleted : C:\Users\Jafar\AppData\LocalLow\ConduitFolder Deleted : C:\Users\Jafar\AppData\LocalLow\PriceGongFolder Deleted : C:\Users\Jafar\AppData\Roaming\BabylonFolder Deleted : C:\Users\Jafar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.comFolder Deleted : C:\Users\Jafar\AppData\Roaming\Mozilla\Firefox\Profiles\km1l9na8.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}Folder Deleted : C:\Users\Jafar\AppData\Roaming\Mozilla\Firefox\Profiles\km1l9na8.default\extensions\ffxtlbr@babylon.comFolder Deleted : C:\Users\Jafar\AppData\Roaming\OpenCandyFolder Deleted : C:\Users\Jafar\AppData\Roaming\yourfiledownloader***** [Registry] *****Key Deleted : HKCU\Software\1ClickDownloadKey Deleted : HKCU\Software\AppDataLow\Software\AskToolbarKey Deleted : HKCU\Software\AppDataLow\Software\PriceGongKey Deleted : HKCU\Software\Ask.comKey Deleted : HKCU\Software\AVG Secure SearchKey Deleted : HKCU\Software\ConduitKey Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipjeKey Deleted : HKCU\Software\InstallCoreKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\YourFileDownloaderKey Deleted : HKCU\Software\SoftonicKey Deleted : HKCU\Software\YourFileDownloaderKey Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}Key Deleted : HKLM\Software\AVG Secure SearchKey Deleted : HKLM\Software\AVG Security ToolbarKey Deleted : HKLM\Software\BabylonKey Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXEKey Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLLKey Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPIKey Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObjKey Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlprKey Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1Key Deleted : HKLM\SOFTWARE\Classes\Conduit.EngineKey Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObjKey Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1Key Deleted : HKLM\SOFTWARE\Classes\Prod.capKey Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocolKey Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApiKey Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2849859Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLEKey Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1Key Deleted : HKLM\Software\ConduitKey Deleted : HKLM\Software\DealPlyKey Deleted : HKLM\Software\IminentKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-pluginKey Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipjeKey Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekfKey Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahlaKey Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure SearchKey Deleted : HKLM\Software\YourFileDownloaderKey Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEFValue Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]***** [internet Browsers] *****-\\ Internet Explorer v9.0.8112.16464[OK] Registry is clean.-\\ Mozilla Firefox v5.0 (nl)File : C:\Users\Jafar\AppData\Roaming\Mozilla\Firefox\Profiles\km1l9na8.default\prefs.jsC:\Users\Jafar\AppData\Roaming\Mozilla\Firefox\Profiles\km1l9na8.default\user.js ... Deleted !Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\11.1.0.12");Deleted : user_pref("avg.install.userHPSettings", "hxxp://search.hotspotshield.com/g/?c=h");Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");Deleted : user_pref("extensions.BabylonToolbar.admin", false);Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");Deleted : user_pref("extensions.BabylonToolbar.babExt", "");Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=111434");Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 17);Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true);Deleted : user_pref("extensions.BabylonToolbar.hmpg", true);Deleted : user_pref("extensions.BabylonToolbar.id", "86897b9100000000000000ffd2a20c58");Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15428");Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");Deleted : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?AF=111434&tt=290312_be[...]Deleted : user_pref("extensions.BabylonToolbar.lastDP", 17);Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1719:17:24");Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "5.0");Deleted : user_pref("extensions.BabylonToolbar.newTab", true);Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 81107959);Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1719:17:24");Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111434");Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "86897b9100000000000000ffd2a20c58");Deleted : user_pref("extensions.BabylonToolbar_i.id", "86897b9100000000000000ffd2a20c58");Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15428");Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1719:17:24");Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");Deleted : user_pref("extensions.enabledAddons", "survey-remover@gmx.com:3.1.2,afurladvisor@anchorfree.com:1.0,[...]-\\ Google Chrome v25.0.1364.97File : C:\Users\Jafar\AppData\Local\Google\Chrome\User Data\Default\PreferencesDeleted [l.1] : icon_url ={"backup":{"_signature":"vx0a8rlsu1z/AxGWtDnot2zoF2q2mtfAurC+03eulHA=","_version":4,"extensions":{"i[...]*************************AdwCleaner[R1].txt - [58156 octets] - [05/03/2013 19:19:31]AdwCleaner[R2].txt - [58217 octets] - [05/03/2013 19:25:51]AdwCleaner[R3].txt - [58278 octets] - [05/03/2013 20:27:24]AdwCleaner[R4].txt - [58339 octets] - [05/03/2013 21:09:15]AdwCleaner[R5].txt - [58400 octets] - [05/03/2013 21:51:58]AdwCleaner[s1].txt - [16144 octets] - [05/03/2013 21:52:49]########## EOF - C:\AdwCleaner[s1].txt - [16205 octets] ########## Link to post Share on other sites More sharing options...
MrCharlie Posted March 5, 2013 ID:653778 Share Posted March 5, 2013 How are things now??? MrC Link to post Share on other sites More sharing options...
flopje Posted March 6, 2013 Author ID:654003 Share Posted March 6, 2013 The scan still finds hijack.HomePage in HKEY_CLASSES_ROOT/CLSID/{871C5380-42A0-1069-A2EA-08002B30309D}/shell/OpenHomePage . Also, My network is experiencing ´mini´ time-outs lately that I did'nt have before. I think it may be DNS related but I'm kind of guessing. Could it somehow have been caused by the adware on the PC? Link to post Share on other sites More sharing options...
MrCharlie Posted March 6, 2013 ID:654006 Share Posted March 6, 2013 The scan still finds hijack.HomePage in HKEY_CLASSES_ROOT/CLSID/{871C5380-42A0-1069-A2EA-08002B30309D}/shell/OpenHomePageWhat scan??? MrC Link to post Share on other sites More sharing options...
flopje Posted March 6, 2013 Author ID:654046 Share Posted March 6, 2013 A quick/full scan by mbam Link to post Share on other sites More sharing options...
MrCharlie Posted March 6, 2013 ID:654049 Share Posted March 6, 2013 Did you have MB delete it?? Is your original problem resolved??MrC Link to post Share on other sites More sharing options...
flopje Posted March 7, 2013 Author ID:654430 Share Posted March 7, 2013 I had it delteted multiple times but it is still found by the scans Link to post Share on other sites More sharing options...
MrCharlie Posted March 7, 2013 ID:654432 Share Posted March 7, 2013 Can you post the log from Malwarebytes.Is your original problem resolved??MrC Link to post Share on other sites More sharing options...
flopje Posted March 8, 2013 Author ID:654816 Share Posted March 8, 2013 My original problem was that the scans of MB would find the threat hijack.homepage even after I removed it with the program, hijack.homepage is still found in the scans so no Link to post Share on other sites More sharing options...
MrCharlie Posted March 8, 2013 ID:654817 Share Posted March 8, 2013 Once again, please post the log from Malwarebytes. MrC Link to post Share on other sites More sharing options...
flopje Posted March 12, 2013 Author ID:656253 Share Posted March 12, 2013 Malwarebytes Anti-Malware (PRO) 1.70.0.1100www.malwarebytes.orgDatabase version: v2013.03.12.06Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Jafar :: JAFAR [administrator]Protection: Disabled12-3-2013 18:07:52MBAM-log-2013-03-12 (18-14-30).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 255758Time elapsed: 6 minute(s), 29 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 1HKCR\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command| (Hijack.HomePage) -> Bad: (http://securityresponse.symantec.com/avcenter/fix_homepage/) Good: (iexplore.exe) -> No action taken.Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
MrCharlie Posted March 12, 2013 ID:656258 Share Posted March 12, 2013 It looks like Norton has changed it.Have you followed the instructions here to fix it: http://us.norton.com/security_response/fix-homepage.jspLet me know...MrC Link to post Share on other sites More sharing options...
flopje Posted March 13, 2013 Author ID:656699 Share Posted March 13, 2013 My home page wasn´t changed, but I set it to google. And are you saying norton fixed it? and what do I do when mb detects the same threat again, is it just false alarm? Link to post Share on other sites More sharing options...
Recommended Posts