Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

VIrus, Malware, and/or Adware [Closed]

Started by Serine , Jan 09 2014 06:21 PM

This topic is locked

#16
Serine

Posted 16 January 2014 - 04:00 PM

Member

Topic Starter
Member
109 posts

Hi,

I got a call from my internet provider today, informing me that I have a bot virus on my computer (which is probably why system restore isn't working).

#17
Biscuithd

Posted 16 January 2014 - 04:44 PM

Trusted Helper

Malware Removal
2,573 posts

Hi Serine,

Earlier today I re-reviewed your logs and forwarded additional details that I found to my instructor. He's in a different time zone, but I expect that he will respond to me by morning and I'll post the next steps for you.

How did your ISP reach out to you, telephone, email, etc? I agree that you have something significant on your computer, but I'm often skeptical when ISP's initiate contact, so be careful what information you share. Also, until we get this sorted out, I'd not use this computer for financial transactions, etc.

#18
Serine

Posted 16 January 2014 - 05:49 PM

Member

Topic Starter
Member
109 posts

Hi,

My ISP reached me by telephone, I called back through the company number and they confirmed the message. Okay, thank you for the help.

#19
Biscuithd

Posted 17 January 2014 - 09:37 AM

Trusted Helper

Malware Removal
2,573 posts

Hi Serine,

Thank you again for your patience. Sometimes these infections prove to be quite clever and find ways to hide from our discovery tools. This time we are going to try two different tools that are particulary good at exposing infections.

Boot normally.

Then

Download and Scan with aswMBR

Please download aswMBR.exe to your desktop.
Double click the file to run it.
It will ask if you want to download the latest Avast! virus definitions, please answer No.

Click the Scan button to begin the scan.

Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
Click Exit

Then run the second tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator. When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called (FRST.txt) in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

So when you return please post

FRST.txt
asw.txt

Just to level set, neither of these tools are being used (right now) to alter or "cure" your machine of any infection. We are just scanning to uncover the infection(s) and/or infection indicators.

#20
Serine

Posted 18 January 2014 - 09:17 PM

Member

Topic Starter
Member
109 posts

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-01-18 21:22:55
-----------------------------
21:22:55.726 OS Version: Windows 6.0.6001 Service Pack 1
21:22:55.726 Number of processors: 2 586 0xF0D
21:22:55.726 ComputerName: OWNER UserName: user
21:22:56.833 Initialize success
21:23:00.359 AVAST engine defs: 14011801
21:23:04.664 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:23:04.664 Disk 0 Vendor: WDC_WD2500BEVT-60ZCT1 13.01A13 Size: 238475MB BusType: 3
21:23:04.774 Disk 0 MBR read successfully
21:23:04.774 Disk 0 MBR scan
21:23:04.774 Disk 0 unknown MBR code
21:23:04.789 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 228893 MB offset 63
21:23:04.820 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 9578 MB offset 468774912
21:23:04.836 Disk 0 scanning sectors +488390656
21:23:04.867 Disk 0 scanning C:\Windows\system32\drivers
21:23:13.978 Service scanning
21:23:35.131 Modules scanning
21:23:43.025 Disk 0 trace - called modules:
21:23:43.040 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys tcpip.sys NETIO.SYS
21:23:43.555 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x869a2ac8]
21:23:43.555 3 CLASSPNP.SYS[805e3745] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x862ddba0]
21:23:44.725 AVAST engine scan C:\Windows
21:23:47.845 AVAST engine scan C:\Windows\system32
21:26:22.879 AVAST engine scan C:\Windows\system32\drivers
21:26:40.616 AVAST engine scan C:\Users\user
21:56:24.009 AVAST engine scan C:\ProgramData
22:01:34.219 Scan finished successfully
22:11:42.309 Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
22:11:42.309 The log file has been saved successfully to "C:\Users\user\Desktop\asw.txt"

#21
Serine

Posted 18 January 2014 - 09:28 PM

Member

Topic Starter
Member
109 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-01-2014 03
Ran by user (administrator) on OWNER on 18-01-2014 22:25:54
Running from C:\Users\user\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Program Files\WTouch\WTouchService.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
( ) C:\Windows\System32\lxebcoms.exe
() C:\Windows\SMINST\BLService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Wacom Technology, Corp.) C:\Windows\System32\Pen_Tablet.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Program Files\WTouch\WTouchUser.exe
(Microsoft Corporation) C:\Windows\System32\wpcumi.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe
() C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Akamai Technologies, Inc.) C:\Users\user\AppData\Local\Akamai\netsession_win.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Akamai Technologies, Inc.) C:\Users\user\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [WPCUMI] - C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [UCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2007-12-24] (CyberLink Corp.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-17] (Synaptics, Inc.)
HKLM\...\Run: [QPService] - C:\Program Files\HP\QuickPlay\QPService.exe [468264 2008-06-12] (CyberLink Corp.)
HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2008-05-12] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Microsoft Works Update Detection] - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [50688 2003-06-07] (Microsoft® Corporation)
HKLM\...\Run: [hpWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HP Health Check Scheduler] - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office 2010\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [AdobeCS4ServiceManager] - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421736 2011-08-19] (Apple Inc.)
HKLM\...\Run: [lxebmon.exe] - C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe [770728 2011-01-23] ()
HKLM\...\Run: [EzPrint] - C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe [148280 2011-01-23] ()
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2011-08-30] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3568312 2013-11-02] (AVAST Software)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2289664 2008-02-26] (Hewlett-Packard Company)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\user\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: {4ba9db6d-4ec9-11e2-8bb5-001f1653213c} - F:\PcOptions.exe
MountPoints2: {4ba9db76-4ec9-11e2-8bb5-001f1653213c} - F:\PcOptions.exe
MountPoints2: {568a84bf-1192-11e2-ab38-001f1653213c} - F:\PcOptions.exe
HKU\Ace\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [ 2008-02-26] (Hewlett-Packard Company)
HKU\Ace\...\Run: [msnmsgr] - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKU\Ace\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe -update activex
HKU\Ace\...\Policies\system: [LogonHoursAction] 2
HKU\Ace\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2008-01-20] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2008-01-20] (Microsoft Corporation)
HKU\Guest\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2008-01-20] (Microsoft Corporation)
HKU\Guest\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [ 2008-02-26] (Hewlett-Packard Company)
HKU\Guest\...\Run: [msnmsgr] - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5011EBE45703CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM - {3405851E-616E-4C48-A09B-1BBCA358146D} URL = http://ca.search.yah...ing}&fr=hp-psnb
SearchScopes: HKLM - {E9B7B3CA-A87E-4958-B740-084A0AA86A9D} URL = http://www.ask.com/w...}&l=dis&o=cacql
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {3405851E-616E-4C48-A09B-1BBCA358146D} URL = http://ca.search.yah...ing}&fr=hp-psnb
SearchScopes: HKCU - {E9B7B3CA-A87E-4958-B740-084A0AA86A9D} URL =
BHO: No Name - {000123B4-9B42-4900-B3F7-F4B073EFC214} - No File
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: No Name - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - No File
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 19 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 64.71.255.204 64.71.255.198

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol1itmyx.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://ca.msn.com/|hxxp://ca.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1206147.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MI7967~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MI7967~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.3 - C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol1itmyx.default\searchplugins\conduit-search.xml
FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol1itmyx.default\Extensions\staged [2014-01-15]
FF Extension: NoScript - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol1itmyx.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-11-06]
FF Extension: Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol1itmyx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-06]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-05-06]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-02-25]

========================== Services (Whitelisted) =================

R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2013-11-02] (AVAST Software)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard)
S2 lxebCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxebserv.exe [193192 2010-04-14] (Lexmark International, Inc.)
R2 lxeb_device; C:\Windows\system32\lxebcoms.exe [598696 2010-04-14] ( )
S3 MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation)
S3 MSSQL$SONY_MEDIAMGR2; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S3 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [361808 2008-04-26] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation)
R2 WTouchService; C:\Program Files\WTouch\WTouchService.exe [113448 2009-11-23] (Wacom Technology, Corp.)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [35656 2013-11-02] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2013-11-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2013-11-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-11-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774392 2013-11-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [403440 2013-11-06] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2013-11-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178304 2013-11-02] ()
S3 NPF; C:\Windows\System32\drivers\npf.sys [34064 2007-11-06] (CACE Technologies)
R3 WacomVTHid; C:\Windows\System32\DRIVERS\WacomVTHid.sys [13480 2009-07-09] (Wacom Technology)
R2 WinFLdrv; C:\Windows\System32\WinFLdrv.sys [17984 2010-08-14] ()
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 rootrepeal; \??\C:\Windows\system32\drivers\rootrepeal.sys [x]
S3 SysProtDrv.sys; \??\C:\Users\user\Desktop\SysProt\SysProt\SysProtDrv.sys [x]
U3 aswMBR; \??\C:\Users\user\AppData\Local\Temp\aswMBR.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-18 22:25 - 2014-01-18 22:26 - 00020826 _____ C:\Users\user\Desktop\FRST.txt
2014-01-18 22:14 - 2014-01-18 22:14 - 00000000 ____D C:\FRST
2014-01-18 22:13 - 2014-01-18 22:13 - 01220608 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2014-01-18 22:11 - 2014-01-18 22:11 - 00001869 _____ C:\Users\user\Desktop\asw.txt
2014-01-18 22:11 - 2014-01-18 22:11 - 00000512 _____ C:\Users\user\Desktop\MBR.dat
2014-01-18 21:22 - 2014-01-18 21:22 - 00024345 _____ C:\Users\user\Desktop\farbar-recovery-scan-tool.htm
2014-01-18 21:21 - 2014-01-18 21:21 - 04745728 _____ (AVAST Software) C:\Users\user\Desktop\aswmbr.exe
2014-01-16 18:42 - 2014-01-16 18:42 - 32249624 _____ (Rogers) C:\Users\user\Desktop\RogersTechxpert_SecurityBasicUi.exe
2014-01-16 17:12 - 2014-01-16 17:12 - 03640880 _____ C:\Users\user\Desktop\avg_remover_zbot.exe
2014-01-15 17:04 - 2014-01-15 17:06 - 00003388 _____ C:\Users\user\Desktop\FSS.txt
2014-01-15 17:04 - 2014-01-15 17:04 - 00361185 _____ (Farbar) C:\Users\user\Desktop\FSS.exe
2014-01-12 18:26 - 2014-01-12 18:26 - 00002490 _____ C:\Users\user\Desktop\HitmanPro_20140112_1826.log
2014-01-12 18:02 - 2014-01-12 18:17 - 00000108 ___RH C:\Users\user\Desktop\Stinger.opt
2014-01-12 18:02 - 2014-01-12 18:17 - 00000000 ____D C:\Program Files\stinger
2014-01-12 18:01 - 2014-01-12 18:01 - 10583912 _____ (McAfee Inc) C:\Users\user\Desktop\stinger32.exe
2014-01-12 17:54 - 2014-01-12 17:57 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-12 17:54 - 2014-01-12 17:54 - 00001732 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2014-01-12 17:54 - 2014-01-12 17:54 - 00000000 ____D C:\Program Files\HitmanPro
2014-01-10 22:19 - 2014-01-10 22:40 - 00000127 _____ C:\Users\user\Desktop\ckfiles.txt
2014-01-10 22:14 - 2014-01-10 22:14 - 00468480 _____ () C:\Users\user\Desktop\CKScanner.exe
2014-01-09 23:17 - 2014-01-09 23:17 - 00137814 _____ C:\Users\user\Desktop\OTL 2.Txt
2014-01-09 23:17 - 2014-01-09 23:17 - 00053260 _____ C:\Users\user\Desktop\Extras 2.Txt
2014-01-09 22:21 - 2014-01-09 22:21 - 00053260 _____ C:\Users\user\Desktop\Extras.Txt
2014-01-09 21:05 - 2014-01-15 15:19 - 00084206 _____ C:\Users\user\Desktop\OTL.Txt
2014-01-09 20:48 - 2014-01-09 20:48 - 00602112 _____ (OldTimer Tools) C:\Users\user\Desktop\OTL.exe
2014-01-09 01:56 - 2014-01-09 01:56 - 00000000 ____D C:\Users\user\AppData\Roaming\Free PDF Solutions
2014-01-07 21:46 - 2014-01-07 21:47 - 00000000 ____D C:\Users\user\Downloads\Molecular Biology of the Cell 5th
2013-12-19 22:51 - 2013-12-19 22:51 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-01-18 22:26 - 2014-01-18 22:25 - 00020826 _____ C:\Users\user\Desktop\FRST.txt
2014-01-18 22:26 - 2010-09-04 09:43 - 00000414 ____H C:\Windows\Tasks\User_Feed_Synchronization-{B75A2C7B-2F0B-4546-8094-5981395FB375}.job
2014-01-18 22:23 - 2012-05-05 18:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-18 22:22 - 2013-08-23 01:47 - 00000390 ____H C:\Windows\Tasks\User_Feed_Synchronization-{E4561535-CFD0-4B75-A6EC-F773166355B3}.job
2014-01-18 22:14 - 2014-01-18 22:14 - 00000000 ____D C:\FRST
2014-01-18 22:13 - 2014-01-18 22:13 - 01220608 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2014-01-18 22:13 - 2006-11-02 07:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-18 22:13 - 2006-11-02 07:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-18 22:11 - 2014-01-18 22:11 - 00001869 _____ C:\Users\user\Desktop\asw.txt
2014-01-18 22:11 - 2014-01-18 22:11 - 00000512 _____ C:\Users\user\Desktop\MBR.dat
2014-01-18 21:32 - 2008-11-23 13:48 - 01991192 _____ C:\Windows\WindowsUpdate.log
2014-01-18 21:22 - 2014-01-18 21:22 - 00024345 _____ C:\Users\user\Desktop\farbar-recovery-scan-tool.htm
2014-01-18 21:21 - 2014-01-18 21:21 - 04745728 _____ (AVAST Software) C:\Users\user\Desktop\aswmbr.exe
2014-01-18 20:57 - 2008-11-23 14:32 - 00000284 _____ C:\Users\Public\Documents\hpqp.ini
2014-01-18 20:56 - 2012-02-03 16:51 - 00101558 _____ C:\ProgramData\lxebscan.log
2014-01-18 20:56 - 2011-02-13 15:22 - 00000000 ____D C:\Users\user\AppData\Roaming\WTablet
2014-01-18 20:55 - 2013-07-14 12:24 - 00028950 _____ C:\Windows\PFRO.log
2014-01-18 20:55 - 2009-12-08 21:37 - 00000000 ____D C:\Program Files\Common Files\Akamai
2014-01-18 20:55 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-18 01:13 - 2006-11-02 08:01 - 00032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-16 18:42 - 2014-01-16 18:42 - 32249624 _____ (Rogers) C:\Users\user\Desktop\RogersTechxpert_SecurityBasicUi.exe
2014-01-16 17:12 - 2014-01-16 17:12 - 03640880 _____ C:\Users\user\Desktop\avg_remover_zbot.exe
2014-01-15 17:06 - 2014-01-15 17:04 - 00003388 _____ C:\Users\user\Desktop\FSS.txt
2014-01-15 17:04 - 2014-01-15 17:04 - 00361185 _____ (Farbar) C:\Users\user\Desktop\FSS.exe
2014-01-15 15:23 - 2009-10-26 16:38 - 00002595 _____ C:\Users\user\Desktop\Microsoft Word.lnk
2014-01-15 15:19 - 2014-01-09 21:05 - 00084206 _____ C:\Users\user\Desktop\OTL.Txt
2014-01-15 15:07 - 2013-07-30 02:01 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 15:00 - 2006-11-02 05:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-14 22:09 - 2012-09-11 18:11 - 00000000 ____D C:\Users\user\Documents\Biology 1000 and 1001
2014-01-14 22:09 - 2009-01-17 12:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-14 02:08 - 2009-05-23 19:49 - 00000000 ____D C:\Users\user\Documents\MS WORD - POWERPOINT
2014-01-13 23:54 - 2009-04-02 10:46 - 00000318 _____ C:\Windows\Tasks\HPCeeScheduleForuser.job
2014-01-13 14:34 - 2009-01-17 13:02 - 00128208 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-13 14:32 - 2006-11-02 07:47 - 02357408 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-12 18:26 - 2014-01-12 18:26 - 00002490 _____ C:\Users\user\Desktop\HitmanPro_20140112_1826.log
2014-01-12 18:17 - 2014-01-12 18:02 - 00000108 ___RH C:\Users\user\Desktop\Stinger.opt
2014-01-12 18:17 - 2014-01-12 18:02 - 00000000 ____D C:\Program Files\stinger
2014-01-12 18:01 - 2014-01-12 18:01 - 10583912 _____ (McAfee Inc) C:\Users\user\Desktop\stinger32.exe
2014-01-12 17:57 - 2014-01-12 17:54 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-12 17:54 - 2014-01-12 17:54 - 00001732 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2014-01-12 17:54 - 2014-01-12 17:54 - 00000000 ____D C:\Program Files\HitmanPro
2014-01-10 22:40 - 2014-01-10 22:19 - 00000127 _____ C:\Users\user\Desktop\ckfiles.txt
2014-01-10 22:37 - 2009-01-19 19:22 - 00000000 ____D C:\Users\user\Documents\My Received Files
2014-01-10 22:27 - 2009-07-06 19:00 - 00000000 ____D C:\Users\user\Documents\Xilisoft Corporation
2014-01-10 22:14 - 2014-01-10 22:14 - 00468480 _____ () C:\Users\user\Desktop\CKScanner.exe
2014-01-09 23:17 - 2014-01-09 23:17 - 00137814 _____ C:\Users\user\Desktop\OTL 2.Txt
2014-01-09 23:17 - 2014-01-09 23:17 - 00053260 _____ C:\Users\user\Desktop\Extras 2.Txt
2014-01-09 22:21 - 2014-01-09 22:21 - 00053260 _____ C:\Users\user\Desktop\Extras.Txt
2014-01-09 20:48 - 2014-01-09 20:48 - 00602112 _____ (OldTimer Tools) C:\Users\user\Desktop\OTL.exe
2014-01-09 20:02 - 2010-05-01 18:10 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-09 18:57 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\Resources
2014-01-09 01:56 - 2014-01-09 01:56 - 00000000 ____D C:\Users\user\AppData\Roaming\Free PDF Solutions
2014-01-07 22:10 - 2009-06-17 17:34 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2014-01-07 21:47 - 2014-01-07 21:46 - 00000000 ____D C:\Users\user\Downloads\Molecular Biology of the Cell 5th
2013-12-30 22:39 - 2011-08-09 23:45 - 00000000 ____D C:\Users\user\AppData\Roaming\HpUpdate
2013-12-22 22:30 - 2009-04-14 22:39 - 00128208 _____ C:\Users\user\AppData\Roaming\GDIPFONTCACHEV1.DAT
2013-12-20 17:39 - 2013-11-06 15:17 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-19 22:51 - 2013-12-19 22:51 - 00000000 ____D C:\Program Files\Mozilla Firefox

Files to move or delete:
====================
C:\Users\Ace\jagex_runescape_preferences.dat
C:\Users\Ace\jagex_runescape_preferences2.dat
C:\Users\Ace\jagex__preferences3.dat
C:\Users\user\jagex_runescape_preferences.dat
C:\Users\user\jagex_runescape_preferences2.dat
C:\Users\user\jagex__preferences3.dat

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\6_Offer_15.exe
C:\Users\user\AppData\Local\Temp\Checkupdate.exe
C:\Users\user\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\user\AppData\Local\Temp\gcapi_dll.dll
C:\Users\user\AppData\Local\Temp\gtapi_signed.dll
C:\Users\user\AppData\Local\Temp\Quarantine.exe
C:\Users\user\AppData\Local\Temp\utt4EE0.tmp.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-04-14 17:33] - [2009-03-02 23:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830

ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-01-18 21:01

==================== End Of Log ============================

#22
Serine

Posted 18 January 2014 - 09:30 PM

Member

Topic Starter
Member
109 posts

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-01-2014 03
Ran by user at 2014-01-18 22:27:26
Running from C:\Users\user\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

µTorrent (Version: 3.3.2.30303 - BitTorrent Inc.)
AC3Filter (remove only) (Version: - )
ACD/Labs Freeware in C:\Program Files\ACD2012FREE\ (Version: v14.00, FREE - ACD/Labs)
Activation Assistant for the 2007 Microsoft Office suites (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (Version: 1.1.18.0 - Hewlett-Packard) Hidden
Adobe AIR (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe AIR (Version: 1.1.0.5790 - Adobe Systems Inc.) Hidden
Adobe Anchor Service CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles CS CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS4 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS4 (Version: 14.0 - Adobe Systems Incorporated)
Adobe Illustrator CS4 (Version: 14.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (Version: 1.1 - Adobe Systems Incorporated)
Adobe Output Module (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop CS4 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 Support (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader 8.3.1 (Version: 8.3.1 - Adobe Systems Incorporated)
Adobe Search for Help (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Service Manager Extension (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player (Version: 10.2.0.023 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.0 (Version: 12.0.6.147 - Adobe Systems, Inc.)
Adobe Type Support CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetCMYK (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (Version: 2.0 - Adobe Systems Incorporated) Hidden
Akamai NetSession Interface (Version: - Akamai Technologies, Inc)
Akamai NetSession Interface Service (Version: - )
Algebra 2 Solved! (Version: 20.08.0074 - Bagatrix)
Apple Application Support (Version: 2.0.1 - Apple Inc.)
Apple Mobile Device Support (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (Version: 5.2 - Atheros)
avast! Free Antivirus (Version: 9.0.2007 - Avast Software)
Bamboo (Version: - Wacom Technology Corp.)
Bonjour (Version: 3.0.0.2 - Apple Inc.)
Calculus Solved! (Version: 20.08.0074 - Bagatrix)
Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000 - Hewlett-Packard) Hidden
CCleaner (Version: 4.01 - Piriform)
CineForm HD VFW Codec (Version: - )
CineForm NEO Player 4.0 (Version: 4.0 - CineForm, Inc.)
Cisco EAP-FAST Module (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (Version: 1.0.13 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (Version: 4.58.0.0 - Conexant)
Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
CyberLink DVD Suite (Version: 5.5.1519 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.1616 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.1616 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (Version: - Microsoft)
DivX Converter (Version: 7.0.0 - DivX, Inc.)
DivX Plus DirectShow Filters (Version: - DivX, Inc.)
DivX Setup (Version: 2.6.1.32 - DivX, LLC)
DivX Version Checker (Version: 7.0.0.19 - DivX, Inc.)
doPDF 7.2 printer (Version: - Softland)
ESU for Microsoft Vista (Version: 1.0.0 - Hewlett-Packard)
Foxit Reader (Version: 6.0.6.722 - Foxit Corporation)
GPL Ghostscript (Version: 9.09 - Artifex Software Inc.)
HDAUDIO Soft Data Fax Modem with SmartCP (Version: - )
HitmanPro 3.7 (Version: 3.7.3.193 - SurfRight B.V.)
HP Active Support Library (Version: 3.1.9.1 - Hewlett-Packard)
HP Customer Experience Enhancements (Version: 5.7.0.2630 - Hewlett-Packard)
HP Doc Viewer (Version: 1.01.0005 - Hewlett-Packard)
HP DVD Play 3.7 (Version: - Hewlett-Packard)
HP Easy Setup - Frontend (Version: 5.7.0.2630 - Hewlett-Packard)
HP Help and Support (Version: 2.0.10.0 - Hewlett-Packard)
HP Photosmart Essential 2.5 (Version: 1.02.0000 - Hewlett-Packard) Hidden
HP Photosmart Essential 2.5 (Version: 2.5 - HP)
HP Quick Launch Buttons 6.40 F1 (Version: 6.40 F1 - Hewlett-Packard)
HP Total Care Advisor (Version: 2.1.4047.2685 - Hewlett-Packard)
HP Update (Version: 5.003.001.001 - Hewlett-Packard)
HP User Guides 0121 (Version: 1.00.0000 - Hewlett-Packard )
HP Wireless Assistant (Version: 3.00 J1 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 2.0.64.3 - Hewlett-Packard) Hidden
HPNetworkAssistant (Version: 1.1.70 - Hewlett-Packard.) Hidden
HPPhotoSmartDiscLabel_PaperLabel (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_Tattoo (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.02.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookHolidayPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookModernPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookPlayfulPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookScrapbookPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (Version: - Intel Corporation)
IrfanView (remove only) (Version: 4.36 - Irfan Skiljan)
iTunes (Version: 10.4.1.10 - Apple Inc.)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
LabelPrint (Version: 2.20.2719 - CyberLink Corp.)
Lexmark Printable Web (Version: 1.0.0.0 - )
Lexmark Pro200-S500 Series (Version: - Lexmark International, Inc.)
LightScribe System Software 1.12.33.2 (Version: 1.12.33.2 - LightScribe)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2416447) (Version: - )
Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Easy Assist v2 (Version: 8.1.6416.0 - Microsoft Corporation)
Microsoft Encarta Encyclopedia Standard 2004 (Version: 2004 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.3 (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Picture It! Photo Premium 9 (Version: 9.0.0.0000 - Microsoft Corporation)
Microsoft Picture It! Photo Premium 9 (Version: 9.0.0.0000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (SONY_MEDIAMGR2) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) (Version: 8.00.761 - Microsoft Corporation)
Microsoft SQL Server Native Client (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Word 2002 (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Works (Version: 07.03.0719 - Microsoft Corporation)
Microsoft Works (Version: 9.7.0621 - Microsoft Corporation)
Microsoft Works 2004 Setup Launcher (Version: - )
Microsoft Works Suite Add-in for Microsoft Word (Version: 7.0.0.0000 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee autoProducer 6.1 (Version: 6.10.050 - muvee Technologies)
My HP Games (Version: 1.0.0.43 - WildTangent)
NetWaiting (Version: 2.5.52 - BVRP Software, Inc)
PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
PDF Split Or Merge 1.1 (Version: 1.1 - )
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
Power2Go (Version: 5.6.3919 - CyberLink Corp.)
PowerDirector (Version: 6.5.2719 - CyberLink Corp.)
PowerDirector (Version: 6.5.2719 - CyberLink Corp.) Hidden
PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden
QuickPlay SlingPlayer 0.4.6 (Version: 0.4.6 - SlingMedia)
QuickTime (Version: 7.70.80.34 - Apple Inc.)
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000 - Realtek)
Realtek USB 2.0 Card Reader (Version: - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (Version: - )
Shockwave (Version: - )
Sony Media Manager 2.3 (Version: 2.3.113 - Sony)
Sony Vegas Pro 8.0 (Version: 8.0.179 - Sony)
Sothink SWF Catcher for Internet Explorer (Version: 3.0 - SourceTec Software Co., LTD)
Spybot - Search & Destroy (Version: 1.6.2 - Safer Networking Limited)
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (Version: 11.1.3.0 - Synaptics)
TI-83 Plus Flash Debugger (Version: - )
Trigonometry Solved! (Version: 20.08.0074 - Bagatrix)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2010 (KB2494150) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden
WebTablet IE Plugin (Version: 1.1.0.4 - Wacom Technology Corp.)
WebTablet Netscape Plugin (Version: 1.1.0.3 - Wacom Technology Corp.)
WinPcap 4.0.2 (Version: 4.0.0.1040 - CACE Technologies)
Xilisoft Video Converter Ultimate (Version: 5.0.60.0625 - Xilisoft)
Xiph.Org Open Codecs 0.85.17777 (Version: 0.85.17777 - Xiph.Org)
Yahoo! Toolbar (Version: - )

==================== Restore Points =========================

==================== Hosts content: ==========================

2006-11-02 05:23 - 2010-11-22 18:55 - 00425428 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: {12707EB9-96CF-4ADE-9782-C9E38909A9EB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1EB85247-2AFF-4849-9795-24B0F29DBB0D} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2013-11-02] (AVAST Software)
Task: {20A7D54A-F3BA-4B16-A3C5-FDBEB8865799} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {4FCEA399-4AC1-42C0-A631-1ED0ED371D15} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {987F1C35-4402-4F44-9C5A-25BF0CBCBCB9} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {D07AD1B1-94ED-47B0-9BDA-E5C18E3B91F1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {D1A1FC38-8135-4CC5-8FA1-7DB45ECDC22D} - System32\Tasks\HPCeeScheduleForuser => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-04-15] (Hewlett-Packard)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {EC6721EA-E497-400D-9DFB-A368A6FDB5CE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForuser.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{B75A2C7B-2F0B-4546-8094-5981395FB375}.job => C:\Windows\system32\msfeedssync.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{E4561535-CFD0-4B75-A6EC-F773166355B3}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2011-01-11 20:00 - 2011-01-11 20:00 - 00195584 _____ () C:\Program Files\Xiph.Org\Open Codecs\dsfOggDemux2.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-02-03 16:49 - 2010-04-01 12:23 - 00389120 _____ () C:\Program Files\Lexmark Pro200-S500 Series\lxebscw.dll
2012-02-03 16:51 - 2009-05-27 07:16 - 00192512 _____ () C:\Windows\system32\spool\drivers\w32x86\3\lxebdatr.dll
2012-02-03 16:49 - 2010-04-01 12:24 - 01159168 _____ () C:\Program Files\Lexmark Pro200-S500 Series\lxebDRS.dll
2012-02-03 16:49 - 2009-03-10 00:43 - 00155648 _____ () C:\Program Files\Lexmark Pro200-S500 Series\lxebcaps.dll
2012-02-03 16:49 - 2010-04-05 05:56 - 00716954 _____ () C:\Program Files\Lexmark Pro200-S500 Series\Epwizard.DLL
2012-02-03 16:49 - 2010-04-05 05:55 - 00159890 _____ () C:\Program Files\Lexmark Pro200-S500 Series\customui.dll
2012-02-03 16:49 - 2010-04-05 05:54 - 00123033 _____ () C:\Program Files\Lexmark Pro200-S500 Series\Eputil.DLL
2012-02-03 16:49 - 2010-04-05 05:54 - 00143502 _____ () C:\Program Files\Lexmark Pro200-S500 Series\Imagutil.DLL
2012-02-03 16:49 - 2010-04-05 05:55 - 00061604 _____ () C:\Program Files\Lexmark Pro200-S500 Series\Epfunct.DLL
2012-02-03 16:49 - 2010-04-05 05:56 - 02203803 _____ () C:\Program Files\Lexmark Pro200-S500 Series\EPWizRes.dll
2012-02-03 16:49 - 2010-04-05 05:56 - 00045221 _____ () C:\Program Files\Lexmark Pro200-S500 Series\epstring.dll
2012-02-03 16:49 - 2010-04-05 05:56 - 00094359 _____ () C:\Program Files\Lexmark Pro200-S500 Series\EPOEMDll.dll
2012-02-03 16:49 - 2009-04-07 14:25 - 00409600 _____ () C:\Program Files\Lexmark Pro200-S500 Series\iptk.dll
2012-02-03 16:49 - 2009-03-02 09:25 - 00151552 _____ () C:\Program Files\Lexmark Pro200-S500 Series\lxebptp.dll
2013-02-12 21:38 - 2013-02-12 21:38 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2013-11-02 00:54 - 2013-11-02 00:54 - 19336120 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2007-07-12 15:55 - 2007-07-12 15:55 - 01581056 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2007-08-14 15:59 - 2007-08-14 15:59 - 06365184 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2007-07-12 15:55 - 2007-07-12 15:55 - 00131072 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2008-07-12 06:30 - 2008-06-12 00:17 - 00066856 _____ () C:\Program Files\HP\QuickPlay\Kernel\Common\MCEMediaStatus.dll
2008-05-21 21:28 - 2008-05-21 21:28 - 00180224 _____ () C:\Program Files\Lexmark Printable Web\bho.dll
2008-05-21 21:28 - 2008-05-21 21:28 - 00389120 _____ () C:\Program Files\Lexmark Printable Web\resource.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Public\Nike Kids.avi:TOC.WMV
AlternateDataStreams: C:\Users\user\Documents\What the....png:SummaryInformation
AlternateDataStreams: C:\Users\user\Documents\What the....png:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/18/2014 09:12:26 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on a Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine details PostFinalCommitSnapshots({4a3b8ea2-be00-4cfe-b6a5-adc8cc0574c7}, 2) [hr = 0x80042308].

Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (01/18/2014 09:12:26 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy14 - 00000140,0x00560038,01A62FD0,0,01A61FC8,4096,[0]).

Operation:
Processing PostFinalCommitSnapshots

Context:
Execution Context: System Provider

Error: (01/18/2014 08:56:33 PM) (Source: TabletServicePen) (User: )
Description: Could not init tablet driver

Error: (01/18/2014 08:56:06 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2014 08:59:18 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on a Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine details PostFinalCommitSnapshots({d881c665-a13c-422c-bf67-39f25cee69a2}, 2) [hr = 0x80042308].

Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (01/17/2014 08:59:18 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy14 - 00000138,0x00560038,00E829F0,0,00E819E8,4096,[0]).

Operation:
Processing PostFinalCommitSnapshots

Context:
Execution Context: System Provider

Error: (01/17/2014 08:54:21 PM) (Source: TabletServicePen) (User: )
Description: Could not init tablet driver

Error: (01/17/2014 08:42:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/16/2014 04:54:12 PM) (Source: TabletServicePen) (User: )
Description: Could not init tablet driver

Error: (01/16/2014 04:53:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (05/18/2011 03:40:22 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 4:32:34 PM on 5/18/2011 was unexpected.

Error: (05/18/2011 03:21:56 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 4:08:01 PM on 5/18/2011 was unexpected.

Error: (05/18/2011 03:07:15 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (05/18/2011 03:07:15 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue99.254.141.86:63331

Error: (05/18/2011 03:07:15 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue192.168.100.10:63331

Error: (05/18/2011 03:07:15 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue192.168.0.197:63331

Error: (05/18/2011 03:07:15 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue192.168.0.199:63331

Error: (05/18/2011 03:07:15 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue192.168.0.195:63331

Error: (05/18/2011 03:07:15 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue192.168.0.198:63331

Error: (05/18/2011 03:07:15 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue169.254.208.196:63331

Microsoft Office Sessions:
=========================
Error: (01/18/2014 09:12:26 PM) (Source: VSS)(User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}PostFinalCommitSnapshots({4a3b8ea2-be00-4cfe-b6a5-adc8cc0574c7}, 2)0x80042308

Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (01/18/2014 09:12:26 PM) (Source: VSS)(User: )
Description: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy14 - 00000140,0x00560038,01A62FD0,0,01A61FC8,4096,[0])

Operation:
Processing PostFinalCommitSnapshots

Context:
Execution Context: System Provider

Error: (01/18/2014 08:56:33 PM) (Source: TabletServicePen)(User: )
Description: Could not init tablet driver

Error: (01/18/2014 08:56:06 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2014 08:59:18 PM) (Source: VSS)(User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}PostFinalCommitSnapshots({d881c665-a13c-422c-bf67-39f25cee69a2}, 2)0x80042308

Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (01/17/2014 08:59:18 PM) (Source: VSS)(User: )
Description: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy14 - 00000138,0x00560038,00E829F0,0,00E819E8,4096,[0])

Operation:
Processing PostFinalCommitSnapshots

Context:
Execution Context: System Provider

Error: (01/17/2014 08:54:21 PM) (Source: TabletServicePen)(User: )
Description: Could not init tablet driver

Error: (01/17/2014 08:42:49 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/16/2014 04:54:12 PM) (Source: TabletServicePen)(User: )
Description: Could not init tablet driver

Error: (01/16/2014 04:53:16 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
Date: 2014-01-18 22:26:40.626
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-18 22:26:40.423
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-18 22:26:40.205
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-18 22:26:39.971
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-18 22:26:39.690
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-18 22:26:39.456
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-18 22:26:39.253
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-18 22:26:39.004
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-17 21:11:19.782
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-17 21:11:19.579
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 59%
Total physical RAM: 3002.45 MB
Available physical RAM: 1225.09 MB
Total Pagefile: 6231.18 MB
Available Pagefile: 4215.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1907.18 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.53 GB) (Free:136.39 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:9.35 GB) (Free:1.2 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 5B965B96)
Partition 1: (Active) - (Size=224 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=9 GB) - (Type=07 NTFS)

==================== End Of Log ============================

#23
Biscuithd

Posted 21 January 2014 - 04:51 AM

Trusted Helper

Malware Removal
2,573 posts

Hello Serine,

Sorry again that my response has taken longer than expected.

Please download RogueKiller and save it to your desktop.

If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.com Also, if the program still will not work, boot to Safe Mode and try it that way. If you need instructions for Safe Mode, let me know.

NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
Quit all programs
Start RogueKiller.exe.
Wait until Prescan has finished ...
Click on Scan

Wait for the end of the scan.
The report has been created on the desktop.
Click on the Delete button.

The report has been created on the desktop.

Next click on the ShortcutsFix

The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

#24
Serine

Posted 22 January 2014 - 10:18 PM

Member

Topic Starter
Member
109 posts

RogueKiller V8.8.2 [Jan 17 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Safe mode
User : user [Admin rights]
Mode : Scan [Aborted] -- Date : 01/22/2014 22:23:01
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0xc000035f] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

Finished : << RKreport[0]_S_01222014_222301.txt >>

#25
Serine

Posted 22 January 2014 - 10:19 PM

Member

Topic Starter
Member
109 posts

RogueKiller V8.8.2 [Jan 17 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Safe mode
User : user [Admin rights]
Mode : Shortcuts HJfix [Aborted] -- Date : 01/22/2014 22:28:11
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED 0xc000035f] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 1 / Fail 0
My documents: Success 1 / Fail 1
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 12 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 61 / Fail 13
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[0]_SC_01222014_222811.txt >>
RKreport[0]_S_01222014_222301.txt

#26
Biscuithd

Posted 25 January 2014 - 10:36 AM

Trusted Helper

Malware Removal
2,573 posts

Hi Serine,

Sorry that this is taking so long. I'm working through all of your logs to see what I've missed and what needs to be taken care of. I will hopefully have some information later today or tomorrow for certain.

#27
Serine

Posted 26 January 2014 - 08:50 PM

Member

Topic Starter
Member
109 posts

Hi,

No worries, thank you for your help.

#28
Biscuithd

Posted 28 January 2014 - 07:04 AM

Trusted Helper

Malware Removal
2,573 posts

Hi Serine,

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST.exe (Right click on it and select Run as Administrator)
If FRST detects that an update is needed, allow it to perform the update.
Next, press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Next, Malwarebytes is already downloaded, so please re-run it as you have done in the past

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy & Paste the entire report in your next reply.

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Then, ESET Online Scanner:

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

Click the green ESET Online Scanner box
Tick the box next to YES, I accept the Terms of Use
then click on: Start
You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install.
Make sure that the option Remove found threats is unticked
If your firewall asks whether you want to allow installation, say yes.
Make sure that the option Scan archives is checked.
Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Click on Start
The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically. The scan may take several hours.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close, make sure you copy the logfile first! located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
Then paste the Logfile in the thread
Then click on: Finish

Download Security Check from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

In your next post to me please include the following logs.
Fixlog log
MBAM log
Esett log
Security Check Log

Attached Files

fixlist.txt 1.43KB 91 downloads

#29
Serine

Posted 29 January 2014 - 11:19 PM

Member

Topic Starter
Member
109 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 29-01-2014 01
Ran by user at 2014-01-29 16:04:17 Run:1
Running from C:\Users\user\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM - {E9B7B3CA-A87E-4958-B740-084A0AA86A9D} URL = http://www.ask.com/w...}&l=dis&o=cacql
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {E9B7B3CA-A87E-4958-B740-084A0AA86A9D} URL =
BHO: No Name - {000123B4-9B42-4900-B3F7-F4B073EFC214} - No File
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: No Name - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - No File
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol1itmyx.default\searchplugins\conduit-search.xml
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 rootrepeal; \??\C:\Windows\system32\drivers\rootrepeal.sys [x]
S3 SysProtDrv.sys; \??\C:\Users\user\Desktop\SysProt\SysProt\SysProtDrv.sys [x]
U3 aswMBR; \??\C:\Users\user\AppData\Local\Temp\aswMBR.sys [x]
C:\Users\Ace\jagex_runescape_preferences.dat
C:\Users\Ace\jagex_runescape_preferences2.dat
C:\Users\Ace\jagex__preferences3.dat
C:\Users\user\jagex_runescape_preferences.dat
C:\Users\user\jagex_runescape_preferences2.dat
C:\Users\user\jagex__preferences3.dat
2006-11-02 05:23 - 2010-11-22 18:55 - 00425428 ____R C:\Windows\system32\Drivers\etc\hosts

*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9B7B3CA-A87E-4958-B740-084A0AA86A9D} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{E9B7B3CA-A87E-4958-B740-084A0AA86A9D} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9B7B3CA-A87E-4958-B740-084A0AA86A9D} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{E9B7B3CA-A87E-4958-B740-084A0AA86A9D} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214} => Key deleted successfully.
HKCR\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key deleted successfully.
HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9} => Key deleted successfully.
HKCR\CLSID\{593DDEC6-7468-4cdd-90E1-42DADAA222E9} => Key not found.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol1itmyx.default\searchplugins\conduit-search.xml => Moved successfully.
rpcapd => Service deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
rootrepeal => Service deleted successfully.
SysProtDrv.sys => Service deleted successfully.
aswMBR => Service not found.
C:\Users\Ace\jagex_runescape_preferences.dat => Moved successfully.
C:\Users\Ace\jagex_runescape_preferences2.dat => Moved successfully.
C:\Users\Ace\jagex__preferences3.dat => Moved successfully.
C:\Users\user\jagex_runescape_preferences.dat => Moved successfully.
C:\Users\user\jagex_runescape_preferences2.dat => Moved successfully.
C:\Users\user\jagex__preferences3.dat => Moved successfully.
C:\Windows\system32\Drivers\etc\hosts => Moved successfully.

==== End of Fixlog ====

#30
Serine

Posted 29 January 2014 - 11:19 PM

Member

Topic Starter
Member
109 posts

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.29.09

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
user :: OWNER [administrator]

1/29/2014 5:20:45 PM
mbam-log-2014-01-29 (17-20-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 291365
Time elapsed: 17 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)