Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google and Yahoo! redirect virus [Solved]


  • This topic is locked This topic is locked

#16
Sarcelles

Sarcelles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hello again Gringo, thank you for your patience. Here is the ESET SCAN report:

C:\Qoobox\Quarantine\C\Users\Line\AppData\Local\Adobe\temp\iqpvkldb.dll.vir Win32/TrojanDownloader.Tracur.V trojan
C:\Users\User\Documents\BitTorrent-6.4d.exe multiple threats
C:\Users\Utilisateur\Documents\BitTorrent-6.4d.exe multiple threats
  • 0

Advertisements


#17
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Sarcelles

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the code box (below)...to Notepad.
    @echo off
    del /f /s /q "C:\Users\User\Documents\BitTorrent-6.4d.exe"
    del /f /s /q "C:\Users\Utilisateur\Documents\BitTorrent-6.4d.exe"
    del %0
  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

About Java


During the cleaning process if I found that Java was installed I asked for it to be uninstalled, Many home users will not miss it. If you use OpenOffice, play online games or use business applications which require Java, Then you need to install the latest version and make sure to disable it in your web browsers.

If an application or website requires it, you should receive a notification indicating that when you attempt to launch that application or access that website.

Link to download latest version. - install Java

How to disable java in your web browsers - Disable Java



:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:


It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
Strong passwords: How to create and use them
Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.


The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as 'perfect security'. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
  • 0

#18
Sarcelles

Sarcelles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Thank you for your help Gringo. Thanks also for the info about Internet security, I guess I really need to implement a "real System".
I have a new problem though: I cannot download files from Internet Explorer anymore. I cleared the Do not save encrypted pages to disk checkbox but this did not work. Sorry to bother you with another problem.
  • 0

#19
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Sarcelles

first I would like you to go here and click on the fixit button - http://support.microsoft.com/kb/923737


Then I want you to do the following

  • Start Internet Explorer.
  • click on "safety"
  • click on "Delete Browsing History"
  • make sure all boxes are checked
  • click on "Delete"
  • click on "Tools",
  • click "Internet Options".
  • On the "Advanced" tab, click "Reset"
  • put a check mark next to "Delete Personal Settings"
  • click "Reset" to confirm
  • when complete click the "Close" button
  • restart IE


Gringo
  • 0

#20
Sarcelles

Sarcelles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Thank you Gringo but it didn't work.
  • 0

#21
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
what happens when you try to download?


gringo
  • 0

#22
Sarcelles

Sarcelles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I get the same message: xxx couldn't be downloaded. So, I downloaded the FixIt thing from another PC, ran it, but it didn't do anything. The other procedure didn't work either.
  • 0

#23
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Sarcelles

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
•Internet access
•Windows Update
•Windows Firewall9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

When you are complete please send me both reports

Gringo
  • 0

#24
Sarcelles

Sarcelles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hello gringo,
Anti-Rootkit didn't detect any threats. Here is the log for aswMBR.


aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-06-04 12:02:23
-----------------------------
12:02:23.607 OS Version: Windows 6.0.6002 Service Pack 2
12:02:23.607 Number of processors: 2 586 0xF0D
12:02:23.607 ComputerName: ORDI UserName: Line
12:02:24.792 Initialize success
12:03:51.006 AVAST engine defs: 13060400
12:03:58.135 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
12:03:58.151 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
12:03:58.323 Disk 0 MBR read successfully
12:03:58.323 Disk 0 MBR scan
12:03:58.323 Disk 0 Windows VISTA default MBR code
12:03:58.338 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
12:03:58.369 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10000 MB offset 81920
12:03:58.416 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 140026 MB offset 20561920
12:03:58.416 Disk 0 Partition - 00 0F Extended LBA 2559 MB offset 307337216
12:03:58.525 Disk 0 Partition 4 00 DD MSDOS5.0 2558 MB offset 307339264
12:03:58.541 Disk 0 scanning sectors +312578048
12:03:58.744 Disk 0 scanning C:\Windows\system32\drivers
12:04:20.771 Service scanning
12:04:46.308 Modules scanning
12:04:54.592 Disk 0 trace - called modules:
12:04:54.623 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
12:04:54.639 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86956ac8]
12:04:54.654 3 CLASSPNP.SYS[8bda78b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8588b030]
12:04:56.448 AVAST engine scan C:\Windows
12:04:59.646 AVAST engine scan C:\Windows\system32
12:10:07.777 AVAST engine scan C:\Windows\system32\drivers
12:10:31.099 AVAST engine scan C:\Users\Line
12:15:04.864 Disk 0 MBR has been saved successfully to "C:\Users\Line\Desktop\MBR.dat"
12:15:04.879 The log file has been saved successfully to "C:\Users\Line\Desktop\aswMBR.txt"
  • 0

#25
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello



I want you to uninstall AVG and see if it helped


gringo
  • 0

Advertisements


#26
Sarcelles

Sarcelles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I did but the problem is still there.
  • 0

#27
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
I want you to turn off smart screen and see if it stops - http://www.sevenforu...r-turn-off.html



Gringo
  • 0

#28
Sarcelles

Sarcelles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
No, nothing happens.
  • 0

#29
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Sarcelles



Please download Farbar Recovery Scan Tool and save it to your desktop.


Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Gringo
  • 0

#30
Sarcelles

Sarcelles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Here the content of the FRST.txt:


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-06-2013 01
Ran by Line (administrator) on 05-06-2013 20:46:13
Running from H:\
Windows Vista ™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Dell Inc.) C:\Windows\System32\bcmwltry.exe
(brother Industries Ltd) C:\Windows\system32\brsvc01a.exe
(brother Industries Ltd) C:\Windows\system32\brss01a.exe
(Array Networks, Inc.) C:\Program Files\Array Networks\Common\8,4,0,264\arr_isrv.exe
(Andrea Electronics Corporation) C:\Windows\system32\aestsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
(Nalpeiron Ltd.) C:\Windows\system32\nalserv.exe
(Nalpeiron Ltd.) C:\Windows\system32\nlssrv32.exe
(IDT, Inc.) C:\Windows\system32\STacSV.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [167936 2008-05-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe [3563520 2008-07-03] (Dell Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Runonce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/w...0"&"ver=9.0.894 [x]
HKLM\...\Runonce: [PC-Doctor for Windows REBOOT] [x]
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [X]
Startup: C:\ProgramData\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=us&ibd=5081212
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll (Google Inc.)
Toolbar: HKLM - &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
Toolbar: HKCU -&Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
PDF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
PDF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://copainsdavant...geUploader5.cab
PDF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
PDF: {B6648EB8-2460-484F-9255-9654454C4C70} https://adc-ssl-cnc-...lhost/arr_x.cab
PDF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://epicor.webex...br/ieatgpc1.cab
PDF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

========================== Services (Whitelisted) =================

R2 Array_Utility_Service8.4.0.264; C:\Program Files\Array Networks\Common\8,4,0,264\arr_isrv.exe [398768 2010-03-10] (Array Networks, Inc.)
R2 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [57344 2004-06-13] (brother Industries Ltd)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation)
S3 GameConsoleService; C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe [164600 2008-07-04] (WildTangent, Inc.)
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [51168 2009-11-06] (NOS Microsystems Ltd.)
R2 NalServ; C:\Windows\system32\nalserv.exe [135168 2012-08-17] (Nalpeiron Ltd.)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2654208 2008-07-03] (Dell Inc.)

==================== Drivers (Whitelisted) ====================

R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-07-03] (Broadcom Corporation)
R3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [39608 2012-09-18] (Logitech, Inc.)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30392 2012-09-18] (Logitech, Inc.)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R2 Packet; C:\Windows\System32\DRIVERS\packet.sys [22016 2008-06-17] (SingleClick Systems)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S0 TfFsMon; system32\drivers\TfFsMon.sys [x]
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [x]
S0 TfSysMon; system32\drivers\TfSysMon.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-05 20:45 - 2013-06-05 20:45 - 00000000 ____D C:\FRST
2013-06-05 12:59 - 2013-06-05 13:00 - 00000000 ____D C:\Program Files\My Dell
2013-06-04 20:59 - 2013-06-04 20:59 - 00000000 ____D C:\Users\Line\AppData\Local\WindowsUpdate
2013-06-04 12:15 - 2013-06-04 12:15 - 00002018 ____A C:\Users\Line\Desktop\aswMBR.txt
2013-06-04 12:15 - 2013-06-04 12:15 - 00000512 ____A C:\Users\Line\Desktop\MBR.dat
2013-06-04 11:42 - 2013-06-04 11:55 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-04 11:41 - 2013-06-04 11:41 - 00000000 ____D C:\Users\Line\Desktop\mbar-1.06.0.1003
2013-06-04 11:39 - 2013-06-04 11:37 - 04745728 ____A (AVAST Software) C:\Users\Line\Desktop\aswMBR.exe
2013-06-04 11:39 - 2013-06-04 11:35 - 13169742 ____A C:\Users\Line\Desktop\mbar-1.06.0.1003.zip
2013-06-01 18:23 - 2013-06-01 18:23 - 00000000 ____D C:\ProgramData\Sun
2013-06-01 18:23 - 2013-06-01 18:23 - 00000000 ____D C:\Program Files\Common Files\Java
2013-06-01 18:22 - 2013-06-01 18:21 - 00866720 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-06-01 18:22 - 2013-06-01 18:21 - 00263584 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-01 18:22 - 2013-06-01 18:21 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-01 18:22 - 2013-06-01 18:21 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-01 18:22 - 2013-06-01 18:21 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-01 18:20 - 2013-06-01 18:20 - 00903072 ____A (Oracle Corporation) C:\Users\Line\Desktop\JavaSetup7u21.exe
2013-05-30 17:27 - 2013-05-30 17:27 - 00000247 ____A C:\Users\Line\Desktop\ESET SCAN.txt
2013-05-30 15:57 - 2013-05-30 15:57 - 00000000 ____D C:\Users\Line\Desktop\backups
2013-05-29 18:30 - 2013-05-29 18:30 - 00009161 ____A C:\Users\Line\Desktop\hijackthis.log
2013-05-29 18:26 - 2013-05-29 18:26 - 00388608 ____A (Trend Micro Inc.) C:\Users\Line\Desktop\HijackThis.exe
2013-05-29 18:04 - 2013-05-29 18:04 - 00562688 ____A (Microsoft Corporation) C:\install.exe
2013-05-29 18:04 - 2013-05-29 18:04 - 00000002 ____A C:\Windows\0535251103110107106.yux
2013-05-29 17:28 - 2013-05-29 17:28 - 00000868 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-29 17:28 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-05-29 17:27 - 2013-05-29 17:27 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Line\Desktop\mbam-setup-1.75.0.1300.exe
2013-05-29 17:24 - 2013-05-29 17:24 - 00000766 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-05-29 17:24 - 2013-05-29 17:24 - 00000000 ____D C:\Program Files\CCleaner
2013-05-29 17:23 - 2013-05-29 17:23 - 04378864 ____A (Piriform Ltd) C:\Users\Line\Desktop\ccsetup402.exe
2013-05-29 17:20 - 2013-05-29 17:20 - 00001854 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-05-29 17:20 - 2013-05-29 17:20 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-05-29 17:06 - 2013-05-29 17:06 - 00001019 ____A C:\Users\Line\Desktop\Revo Uninstaller.lnk
2013-05-29 17:06 - 2013-05-29 17:06 - 00000000 ____D C:\Program Files\VS Revo Group
2013-05-29 17:05 - 2013-05-29 17:05 - 02617648 ____A (VS Revo Group Ltd.) C:\Users\Line\Desktop\revosetup.exe
2013-05-29 17:00 - 2013-05-29 17:00 - 00000000 ____D C:\Users\Line\AppData\Local\VS Revo Group
2013-05-29 17:00 - 2013-05-29 17:00 - 00000000 ____D C:\ProgramData\VS Revo Group
2013-05-27 09:51 - 2013-05-27 09:51 - 00000000 ____D C:\Users\Line\Desktop\Voyage Maman
2013-05-26 16:08 - 2013-05-26 16:08 - 00002033 ____A C:\Users\Line\AppData\Roaming\install.dat
2013-05-26 06:20 - 2013-05-26 06:20 - 00001757 ____A C:\Users\Line\Desktop\JRT.txt
2013-05-26 06:18 - 2013-05-26 06:18 - 00000000 ____D C:\Windows\ERUNT
2013-05-26 06:18 - 2013-05-26 06:18 - 00000000 ____D C:\JRT
2013-05-26 06:15 - 2013-05-26 06:15 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Line\Desktop\JRT.exe
2013-05-26 06:07 - 2013-05-26 06:07 - 00001135 ____A C:\AdwCleaner[S1].txt
2013-05-26 06:04 - 2013-05-26 06:04 - 00001087 ____A C:\Users\Line\Desktop\Instructions.txt
2013-05-26 06:02 - 2013-05-26 06:02 - 00632031 ____A C:\Users\Line\Desktop\AdwCleaner.exe
2013-05-25 17:04 - 2013-05-25 18:56 - 00000000 ____D C:\Users\Line\Desktop\GooredFix Backups
2013-05-25 08:50 - 2013-05-26 14:56 - 00000000 ____D C:\Users\Line\AppData\Local\PASS Engineering
2013-05-15 08:11 - 2013-05-05 13:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-15 08:11 - 2013-05-05 13:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-15 08:05 - 2013-05-15 08:07 - 00000000 ____D C:\3ab726d07657582fb9c281
2013-05-15 08:04 - 2013-04-04 16:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-15 08:04 - 2013-04-04 16:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-15 08:04 - 2013-04-04 16:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-15 08:04 - 2013-04-04 16:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-15 08:04 - 2013-04-04 16:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-15 08:04 - 2013-04-04 16:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-15 08:04 - 2013-04-04 15:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-15 08:04 - 2013-04-04 15:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-15 08:04 - 2013-04-04 15:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-15 08:04 - 2013-04-04 15:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-15 08:04 - 2013-04-04 15:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-15 08:04 - 2013-04-04 15:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-15 08:04 - 2013-04-04 15:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-15 08:04 - 2013-04-04 15:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-15 07:12 - 2013-04-15 08:20 - 00638328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 07:12 - 2013-04-13 04:56 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-15 07:12 - 2013-04-08 19:36 - 02049024 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-08 22:21 - 2013-05-08 22:21 - 00000000 ____D C:\ProgramData\WebEx

==================== One Month Modified Files and Folders ========

2013-06-05 20:46 - 2006-11-02 04:33 - 00791040 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-05 20:45 - 2013-06-05 20:45 - 00000000 ____D C:\FRST
2013-06-05 19:48 - 2008-12-12 18:37 - 02082469 ____N C:\Windows\WindowsUpdate.log
2013-06-05 17:35 - 2006-11-02 06:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-05 17:35 - 2006-11-02 06:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-05 16:16 - 2008-12-13 01:03 - 00000000 ____D C:\ProgramData\Adobe
2013-06-05 13:00 - 2013-06-05 12:59 - 00000000 ____D C:\Program Files\My Dell
2013-06-05 13:00 - 2012-12-04 18:36 - 00000000 ____D C:\Program Files\Dell Support Center
2013-06-05 12:59 - 2008-12-13 01:24 - 00000000 ____D C:\ProgramData\PCDr
2013-06-05 06:31 - 2006-11-02 07:01 - 00032558 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-05 06:31 - 2006-11-02 07:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-04 20:59 - 2013-06-04 20:59 - 00000000 ____D C:\Users\Line\AppData\Local\WindowsUpdate
2013-06-04 12:15 - 2013-06-04 12:15 - 00002018 ____A C:\Users\Line\Desktop\aswMBR.txt
2013-06-04 12:15 - 2013-06-04 12:15 - 00000512 ____A C:\Users\Line\Desktop\MBR.dat
2013-06-04 11:55 - 2013-06-04 11:42 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-04 11:41 - 2013-06-04 11:41 - 00000000 ____D C:\Users\Line\Desktop\mbar-1.06.0.1003
2013-06-04 11:37 - 2013-06-04 11:39 - 04745728 ____A (AVAST Software) C:\Users\Line\Desktop\aswMBR.exe
2013-06-04 11:35 - 2013-06-04 11:39 - 13169742 ____A C:\Users\Line\Desktop\mbar-1.06.0.1003.zip
2013-06-03 17:59 - 2013-05-05 14:17 - 00000000 ____D C:\Users\Line\Desktop\Fichiers PDF
2013-06-02 20:29 - 2008-12-22 09:04 - 00059960 ____A C:\Users\Line\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-01 18:23 - 2013-06-01 18:23 - 00000000 ____D C:\ProgramData\Sun
2013-06-01 18:23 - 2013-06-01 18:23 - 00000000 ____D C:\Program Files\Common Files\Java
2013-06-01 18:21 - 2013-06-01 18:22 - 00866720 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-06-01 18:21 - 2013-06-01 18:22 - 00263584 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-01 18:21 - 2013-06-01 18:22 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-01 18:21 - 2013-06-01 18:22 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-01 18:21 - 2013-06-01 18:22 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-01 18:21 - 2013-05-05 14:09 - 00788896 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-06-01 18:21 - 2008-12-13 00:50 - 00000000 ____D C:\Program Files\Java
2013-06-01 18:20 - 2013-06-01 18:20 - 00903072 ____A (Oracle Corporation) C:\Users\Line\Desktop\JavaSetup7u21.exe
2013-06-01 18:20 - 2008-12-13 01:09 - 00000000 ____D C:\ProgramData\McAfee
2013-06-01 18:16 - 2006-11-02 06:47 - 00264216 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-01 18:13 - 2009-09-09 16:22 - 00000000 ____D C:\Windows\ERDNT
2013-05-31 06:46 - 2013-02-25 08:54 - 00000000 ____D C:\Users\Line\Documents\Fitness Tracker
2013-05-30 22:47 - 2009-04-20 11:38 - 00000000 ____D C:\Users\Line\AppData\Roaming\Adobe
2013-05-30 17:27 - 2013-05-30 17:27 - 00000247 ____A C:\Users\Line\Desktop\ESET SCAN.txt
2013-05-30 15:57 - 2013-05-30 15:57 - 00000000 ____D C:\Users\Line\Desktop\backups
2013-05-29 18:30 - 2013-05-29 18:30 - 00009161 ____A C:\Users\Line\Desktop\hijackthis.log
2013-05-29 18:27 - 2006-11-02 06:42 - 00000000 ____D C:\Windows\WindowsMobile
2013-05-29 18:26 - 2013-05-29 18:26 - 00388608 ____A (Trend Micro Inc.) C:\Users\Line\Desktop\HijackThis.exe
2013-05-29 18:04 - 2013-05-29 18:04 - 00562688 ____A (Microsoft Corporation) C:\install.exe
2013-05-29 18:04 - 2013-05-29 18:04 - 00000002 ____A C:\Windows\0535251103110107106.yux
2013-05-29 17:28 - 2013-05-29 17:28 - 00000868 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-29 17:28 - 2009-09-09 16:24 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-05-29 17:27 - 2013-05-29 17:27 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Line\Desktop\mbam-setup-1.75.0.1300.exe
2013-05-29 17:25 - 2009-09-11 07:03 - 00000000 ____D C:\Windows\Minidump
2013-05-29 17:25 - 2008-02-03 17:07 - 00000000 ____D C:\Windows\Panther
2013-05-29 17:24 - 2013-05-29 17:24 - 00000766 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-05-29 17:24 - 2013-05-29 17:24 - 00000000 ____D C:\Program Files\CCleaner
2013-05-29 17:23 - 2013-05-29 17:23 - 04378864 ____A (Piriform Ltd) C:\Users\Line\Desktop\ccsetup402.exe
2013-05-29 17:20 - 2013-05-29 17:20 - 00001854 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-05-29 17:20 - 2013-05-29 17:20 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-05-29 17:20 - 2008-12-13 01:03 - 00000000 ____D C:\Program Files\Adobe
2013-05-29 17:10 - 2008-12-13 00:53 - 00000000 ____D C:\Program Files\Dell
2013-05-29 17:07 - 2009-04-20 11:38 - 00000000 ____D C:\Users\Line\AppData\Local\Adobe
2013-05-29 17:06 - 2013-05-29 17:06 - 00001019 ____A C:\Users\Line\Desktop\Revo Uninstaller.lnk
2013-05-29 17:06 - 2013-05-29 17:06 - 00000000 ____D C:\Program Files\VS Revo Group
2013-05-29 17:05 - 2013-05-29 17:05 - 02617648 ____A (VS Revo Group Ltd.) C:\Users\Line\Desktop\revosetup.exe
2013-05-29 17:00 - 2013-05-29 17:00 - 00000000 ____D C:\Users\Line\AppData\Local\VS Revo Group
2013-05-29 17:00 - 2013-05-29 17:00 - 00000000 ____D C:\ProgramData\VS Revo Group
2013-05-27 09:51 - 2013-05-27 09:51 - 00000000 ____D C:\Users\Line\Desktop\Voyage Maman
2013-05-27 09:25 - 2013-02-06 10:36 - 00000060 ____A C:\Windows\wpd99.drv
2013-05-27 07:22 - 2012-12-04 18:26 - 00000000 ____D C:\Users\Line\AppData\Local\Apps\2.0
2013-05-26 20:34 - 2006-11-02 04:23 - 00000215 ____A C:\Windows\system.ini
2013-05-26 16:10 - 2012-11-21 12:28 - 00000000 ____D C:\Traduction
2013-05-26 16:08 - 2013-05-26 16:08 - 00002033 ____A C:\Users\Line\AppData\Roaming\install.dat
2013-05-26 14:56 - 2013-05-25 08:50 - 00000000 ____D C:\Users\Line\AppData\Local\PASS Engineering
2013-05-26 06:20 - 2013-05-26 06:20 - 00001757 ____A C:\Users\Line\Desktop\JRT.txt
2013-05-26 06:18 - 2013-05-26 06:18 - 00000000 ____D C:\Windows\ERUNT
2013-05-26 06:18 - 2013-05-26 06:18 - 00000000 ____D C:\JRT
2013-05-26 06:15 - 2013-05-26 06:15 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Line\Desktop\JRT.exe
2013-05-26 06:07 - 2013-05-26 06:07 - 00001135 ____A C:\AdwCleaner[S1].txt
2013-05-26 06:04 - 2013-05-26 06:04 - 00001087 ____A C:\Users\Line\Desktop\Instructions.txt
2013-05-26 06:02 - 2013-05-26 06:02 - 00632031 ____A C:\Users\Line\Desktop\AdwCleaner.exe
2013-05-25 19:29 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\nap
2013-05-25 18:56 - 2013-05-25 17:04 - 00000000 ____D C:\Users\Line\Desktop\GooredFix Backups
2013-05-15 09:48 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-05-15 08:07 - 2013-05-15 08:05 - 00000000 ____D C:\3ab726d07657582fb9c281
2013-05-15 08:05 - 2006-11-02 04:24 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-05-14 22:07 - 2013-05-05 14:17 - 00000000 ____D C:\Users\Line\Desktop\Fichiers Word
2013-05-12 12:08 - 2012-12-04 18:22 - 00000000 ____D C:\Users\Line\Documents\Impôts Line
2013-05-08 22:21 - 2013-05-08 22:21 - 00000000 ____D C:\ProgramData\WebEx

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2013-06-05 06:38

==================== End Of Log ============================
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP