Jump to content


Photo

Firefox home page being set to search.conduit.com


  • This topic is locked This topic is locked
10 replies to this topic

#1 paket

paket

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 17 September 2012 - 05:52 PM

Something is setting my Firefox home page to search.conduit.com (specifically: search.conduit. com/?ctid=CT3227983&SearchSource=13). Chrome and IE seem to be fine. Here is the background:

My son installed some crapware for playing Minecraft, which naturally forced extra toolbars, search providers and home pages on my browsers. I uninstalled the crapware and removed the add-ons, toolbars and extensions. IE and Chrome seem to be fine, but something resets my Firefox home page every time I start it. I try scanning with MS Security, SuperAntiSpyWare and Spybot S&D. Some problems are found and fixed, but the Firefox home page keeps getting reset. I installed Malwarebytes Anti-Malware and ran a scan with it. It found and fixed some problems. I rebooted, scanned again and it was clean, but my home Firefox page is still being reset to search.conduit.com. Can anyone help me?

logs:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.17.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
alu :: TESLA [administrator]

17/09/2012 5:14:19 PM
mbam-log-2012-09-17 (17-14-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217833
Time elapsed: 5 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by alu at 17:23:47 on 2012-09-17
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.4094.2722 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\alu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\alu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\alu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\alu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\alu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\alu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\alu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0AzytB0EyCtCyCtBtD0BzztCtAtN0D0Tzu0CtByCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=414542317
mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0AzytB0EyCtCyCtBtD0BzztCtAtN0D0Tzu0CtByCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=414542317
mWinlogon: Userinit=userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
{ae07101b-46d4-4a98-af68-0333ea26e113}
uRun: [Google Update] "C:\Users\alu\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\alu\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
TCP: DhcpNameServer = 192.168.1.1 64.59.177.226
TCP: Interfaces\{4B38E3D3-A0C5-4479-B575-9E110BC082C2} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{4B38E3D3-A0C5-4479-B575-9E110BC082C2} : DhcpNameServer = 192.168.1.1 64.59.177.226
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: c:\progra~3\browse~1\22580~1.182\{d1538~1\brwmngr.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
{ae07101b-46d4-4a98-af68-0333ea26e113}
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
AppInit_DLLs-X64: c:\progra~3\browse~1\22580~1.182\{d1538~1\brwmngr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\alu\AppData\Roaming\Mozilla\Firefox\Profiles\nknickt9.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3227983&SearchSource=13
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\alu\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0AzytB0EyCtCyCtBtD0BzztCtAtN0D0Tzu0CtByCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=414542317
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0AzytB0EyCtCyCtBtD0BzztCtAtN0D0Tzu0CtByCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=414542317
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0AzytB0EyCtCyCtBtD0BzztCtAtN0D0Tzu0CtByCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=414542317&q=
FF - user.js: extensions.funmoods.id - 001A92E61620B813
FF - user.js: extensions.funmoods.instlDay - 15599
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2220:50:19
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - adknlg
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - adknlg
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: extensions.autoDisableScopes - 14//Playbryte-fa-bndl
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-7-4 361984]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-8-13 3064000]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys --> C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-8 116648]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-17 250568]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-8 116648]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-9-9 114144]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-09-17 22:01:45 -------- d-----w- C:\Users\alu\AppData\Roaming\Malwarebytes
2012-09-17 22:01:32 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-17 22:01:30 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-17 22:01:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-17 17:26:38 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{58AC58D8-633A-46D6-90C6-15E504DB7045}\mpengine.dll
2012-09-16 17:02:01 9310152 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-15 06:36:14 -------- d-----w- C:\Users\alu\AppData\Local\Microsoft Games
2012-09-15 02:16:05 -------- d-----w- C:\Users\alu\jagexcache
2012-09-14 04:26:06 -------- d-----w- C:\Program Files (x86)\uTorrent
2012-09-14 04:25:21 -------- d-----w- C:\Users\alu\AppData\Roaming\uTorrent
2012-09-12 06:25:45 -------- d-----w- C:\Program Files\Tor Browser
2012-09-12 06:06:04 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 06:06:04 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 06:06:04 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-12 00:01:10 -------- d-----w- C:\Users\alu\AppData\Local\Evernote
2012-09-12 00:00:50 -------- d-----w- C:\Program Files (x86)\Evernote
2012-09-10 21:22:29 -------- d-----w- C:\Users\alu\AppData\Local\{63BB2BAE-6341-44F6-85BA-34102731E35E}
2012-09-10 21:22:29 -------- d-----w- C:\Users\alu\AppData\Local\{45CB2799-A541-4D7E-B40B-F5745B51A285}
2012-09-10 21:22:17 -------- d-----w- C:\Users\alu\AppData\Roaming\Windows Live Writer
2012-09-10 21:22:17 -------- d-----w- C:\Users\alu\AppData\Local\Windows Live Writer
2012-09-10 05:16:28 -------- d-----w- C:\Program Files\Process Monitor
2012-09-10 01:06:15 -------- d-----w- C:\Program Files (x86)\WinDirStat
2012-09-10 00:55:06 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-09-09 21:25:48 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-09-09 21:25:48 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-09-09 16:15:07 -------- d-----w- C:\Program Files\profilemanager
2012-09-09 15:34:43 -------- d---a-w- C:\.Trash-1000
2012-09-09 07:48:51 -------- d-----w- C:\Users\alu\AppData\Local\Wajam
2012-09-09 04:18:05 -------- d-----w- C:\Windows\SysWow64\Extensions
2012-09-09 04:18:02 -------- d-----w- C:\Windows\SysWow64\searchplugins
2012-09-09 02:01:26 666272 ----a-w- C:\Program Files (x86)\Uninstall Information\ib_uninst_567\uninstall.exe
2012-09-09 02:01:06 -------- d-----w- C:\ProgramData\Browser Manager
2012-09-08 16:12:15 -------- d-s---w- C:\Users\alu\Google Drive
2012-09-07 22:46:29 -------- d-----w- C:\Windows\en
2012-09-07 22:42:35 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-09-07 22:36:06 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2012-09-07 22:31:53 -------- d-----w- C:\Program Files (x86)\Microsoft
2012-09-07 22:31:31 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2012-09-07 22:31:31 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2012-09-07 22:31:23 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2012-09-07 22:31:23 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2012-09-07 22:30:24 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2012-09-07 22:30:24 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2012-09-07 22:28:03 7450888 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9381ed81cd8d4805\bingbarsetup.exe
2012-09-07 22:27:43 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ff560f881cd8d4704\MeshBetaRemover.exe
2012-09-07 22:27:38 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\fc1822981cd8d4703\DSETUP.dll
2012-09-07 22:27:38 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\fc1822981cd8d4703\DXSETUP.exe
2012-09-07 22:27:38 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\fc1822981cd8d4703\dsetup32.dll
2012-09-07 22:27:33 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f8a20ea81cd8d4702\DXSETUP.exe
2012-09-07 22:27:33 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f8a20ea81cd8d4702\dsetup32.dll
2012-09-07 22:27:32 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f8a20ea81cd8d4702\DSETUP.dll
2012-09-07 22:27:26 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f4975bd81cd8d4701\Silverlight.4.0.exe
2012-09-07 22:27:05 -------- d-----w- C:\Users\alu\AppData\Local\Windows Live
2012-09-07 22:27:04 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2012-09-07 02:55:30 5115584 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-09-07 02:14:05 -------- d-----w- C:\Asus WebStorage
2012-09-07 02:08:30 -------- d-----w- C:\Users\alu\AppData\Roaming\ASUS WebStorage
2012-09-07 02:08:24 -------- d-----w- C:\ProgramData\ASUS WebStorage
2012-09-07 00:24:45 -------- d-----w- C:\Users\alu\AppData\Roaming\LibreOffice
2012-09-07 00:20:10 -------- d-----w- C:\Program Files (x86)\LibreOffice 3.6
2012-09-06 00:45:31 -------- d-----w- C:\Users\alu\AppData\Roaming\Guitar Pro 6
2012-09-05 21:20:26 389120 ----a-w- C:\Windows\SysWow64\RegistryHelperLM.ocx
2012-09-05 01:41:32 -------- d-----w- C:\Users\alu\AppData\Roaming\FreeFileSync
2012-09-05 01:41:03 -------- d-----w- C:\Program Files\FreeFileSync
2012-09-04 03:22:22 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-01 21:35:29 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-09-01 21:35:28 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-09-01 21:35:28 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-09-01 21:35:28 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-09-01 21:35:28 -------- d-----w- C:\Program Files (x86)\OpenAL
2012-09-01 21:35:04 -------- d-----w- C:\Program Files (x86)\Warzone 2100-3.1_rc2
2012-09-01 20:08:20 -------- d-----w- C:\.jagex_cache_32
2012-08-30 23:32:38 -------- d-----w- C:\Users\alu\AppData\Local\Turbine
2012-08-30 23:29:57 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
2012-08-30 23:29:56 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2012-08-30 23:29:55 3495784 ----a-w- C:\Windows\SysWow64\d3dx9_33.dll
2012-08-30 23:29:07 -------- d-----w- C:\Users\alu\AppData\Local\ApplicationHistory
2012-08-30 23:27:00 -------- d-----w- C:\Windows\SysWow64\URTTEMP
2012-08-30 23:08:34 -------- d-----w- C:\Program Files (x86)\Turbine
2012-08-30 19:30:42 -------- d-----w- C:\Program Files\DDO High Res Install Files
2012-08-30 19:05:55 -------- d-----w- C:\Program Files (x86)\Pando Networks
2012-08-29 23:29:52 -------- d--h--w- C:\Windows\System32\CanonMF Uninstaller Information
2012-08-29 23:26:47 -------- d-----w- C:\Program Files\Canon
2012-08-29 23:26:31 244736 ----a-w- C:\Windows\System32\CNCLSU38a.DLL
2012-08-29 23:26:31 114688 ----a-w- C:\Windows\System32\CNCLST38a.DLL
2012-08-29 23:26:30 99328 ----a-w- C:\Windows\System32\CNCLSC38a.DLL
2012-08-29 23:26:30 156160 ----a-w- C:\Windows\System32\CNCLSD38a.DLL
2012-08-29 23:26:30 110080 ----a-w- C:\Windows\System32\CNCLSI38a.DLL
2012-08-29 23:26:29 85504 ----a-w- C:\Windows\System32\CNCI4500.DLL
2012-08-29 23:26:29 49664 ----a-w- C:\Windows\System32\CNCLSO38a.dll
2012-08-29 23:26:29 372224 ----a-w- C:\Windows\System32\CNCC4500.DLL
2012-08-29 23:26:29 144384 ----a-w- C:\Windows\System32\CNCL4500.DLL
2012-08-29 23:26:29 136192 ----a-w- C:\Windows\System32\CNCE4500.DLL
2012-08-29 23:25:58 967168 ----a-w- C:\Windows\System32\CNAS0MOK.DLL
2012-08-29 23:25:07 247808 ----a-w- C:\Windows\SysWow64\CNCENPM6.dll
2012-08-29 23:25:07 247808 ----a-w- C:\Windows\System32\CNCENPM6.dll
2012-08-29 23:25:07 195584 ----a-w- C:\Windows\System32\CNCENPR6.dll
2012-08-29 23:25:07 140800 ----a-w- C:\Windows\System32\CNCENPU6.dll
2012-08-27 20:54:20 -------- d-----w- C:\ProgramData\Guitar Pro 6
2012-08-27 20:03:45 -------- d-----w- C:\Program Files (x86)\Guitar Pro 6
2012-08-26 18:48:14 -------- d-----w- C:\wamp
2012-08-26 18:14:52 -------- d-----w- C:\Users\alu\AppData\Roaming\freac
2012-08-26 18:14:44 -------- d-----w- C:\Program Files (x86)\freac
2012-08-26 17:57:26 -------- d-----w- C:\Windows\System32\appmgmt
2012-08-26 17:52:20 -------- d-----w- C:\Program Files (x86)\eRightSoft
2012-08-26 05:37:47 -------- d-----w- C:\Users\alu\AppData\Roaming\TeraCopy
2012-08-26 05:37:37 -------- d-----w- C:\Program Files\TeraCopy
2012-08-26 05:22:12 -------- d-----w- C:\Users\alu\Superfreakonomics
2012-08-24 22:39:04 -------- d-----w- C:\Users\alu\AppData\Roaming\HandBrake
2012-08-24 21:59:19 -------- d-----w- C:\Program Files\Handbrake
2012-08-23 02:10:15 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-08-23 02:10:14 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-08-22 04:49:00 -------- d-----w- C:\Program Files (x86)\WinCDEmu
2012-08-22 02:54:09 -------- d-----w- C:\Users\alu\AppData\Roaming\BANDISOFT
2012-08-22 02:53:53 -------- d-----w- C:\Program Files (x86)\BandiMPEG1
2012-08-22 00:59:29 -------- d-----r- C:\Program Files (x86)\Skype
2012-08-21 04:32:13 -------- d-----w- C:\Program Files (x86)\MP3Gain
2012-08-20 05:50:37 -------- d-----w- C:\Windows\System32\SPReview
2012-08-20 05:49:49 -------- d-----w- C:\Windows\System32\EventProviders
2012-08-19 23:59:04 -------- d-----w- C:\Windows\System32\ms-MY
2012-08-19 22:17:26 -------- d-----r- C:\Users\alu\Podcasts
2012-08-19 19:38:09 -------- d-----w- C:\Windows\System32\drivers\UMDF\ko-KR
2012-08-19 19:38:08 -------- d-----w- C:\Windows\System32\drivers\UMDF\ms-MY
2012-08-19 19:38:07 -------- d-----w- C:\Windows\System32\drivers\UMDF\id-ID
2012-08-19 19:38:06 -------- d-----w- C:\Windows\System32\drivers\UMDF\sv-SE
2012-08-19 19:38:05 -------- d-----w- C:\Windows\System32\drivers\UMDF\nb-NO
2012-08-19 19:38:04 -------- d-----w- C:\Windows\System32\drivers\UMDF\hu-HU
2012-08-19 19:38:03 -------- d-----w- C:\Windows\System32\drivers\UMDF\fi-FI
2012-08-19 19:38:02 -------- d-----w- C:\Windows\System32\drivers\UMDF\el-GR
2012-08-19 19:38:01 -------- d-----w- C:\Windows\System32\drivers\UMDF\da-DK
2012-08-19 19:34:06 -------- d-----w- C:\Windows\PCHEALTH
2012-08-19 19:11:59 828416 ----a-w- C:\Windows\System32\MPSSVC.dll
2012-08-19 19:10:59 78720 ----a-w- C:\Windows\System32\drivers\HpSAMD.sys
2012-08-19 19:09:59 755200 ----a-w- C:\Windows\SysWow64\sud.dll
2012-08-19 19:08:59 70656 ----a-w- C:\Windows\SysWow64\amstream.dll
2012-08-19 19:07:39 189952 ----a-w- C:\Windows\SysWow64\sqmapi.dll
2012-08-19 19:06:23 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2012-08-19 19:06:23 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2012-08-19 19:06:23 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll
2012-08-19 19:00:07 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2012-08-19 19:00:06 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2012-08-19 18:59:56 244736 ----a-w- C:\Windows\System32\sqmapi.dll
.
==================== Find3M ====================
.
2012-09-07 22:26:25 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-07 22:26:25 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-04 03:22:02 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-04 03:22:02 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-20 14:26:48 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-08-20 14:26:48 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-08-18 16:59:00 24576 ----a-w- C:\Windows\SysWow64\AsIO.dll
2012-08-18 16:59:00 13440 ----a-w- C:\Windows\SysWow64\drivers\AsIO.sys
2012-08-18 16:59:00 13368 ----a-w- C:\Windows\SysWow64\drivers\AsUpIO.sys
2012-08-17 01:54:20 0 ----a-w- C:\Windows\ativpsrm.bin
2012-08-09 07:40:36 70184 ----a-w- C:\Windows\System32\bdmpega64.acm
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-07-04 07:32:22 187392 ----a-w- C:\Windows\System32\clinfo.exe
2012-07-04 07:32:06 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-07-04 07:32:02 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-07-04 07:31:54 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-07-04 07:31:52 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-07-04 07:31:44 16457216 ----a-w- C:\Windows\System32\amdocl64.dll
2012-07-04 07:30:58 13008384 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-07-04 07:30:12 54784 ----a-w- C:\Windows\System32\OpenCL.dll
2012-07-04 07:30:08 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-07-04 06:59:32 11922944 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-07-04 06:52:04 26016256 ----a-w- C:\Windows\System32\atio6axx.dll
2012-07-04 06:35:46 19586048 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-07-04 06:27:18 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-07-04 06:27:08 918528 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-07-04 06:25:14 1081856 ----a-w- C:\Windows\System32\aticfx64.dll
2012-07-04 06:21:46 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-07-04 06:21:40 514048 ----a-w- C:\Windows\System32\atieclxx.exe
2012-07-04 06:20:54 238080 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-07-04 06:19:30 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-07-04 06:19:16 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-07-04 06:19:12 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-07-04 06:19:06 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-07-04 06:18:18 6811648 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-07-04 05:57:18 7510528 ----a-w- C:\Windows\System32\atidxx64.dll
2012-07-04 05:36:34 1053696 ----a-w- C:\Windows\System32\atiumd6v.dll
2012-07-04 05:36:24 69632 ----a-w- C:\Windows\System32\coinst_8.97.100.3.dll
2012-07-04 05:36:14 1960960 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-07-04 05:35:42 4261376 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-07-04 05:35:14 6245888 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-07-04 05:28:52 4749312 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-07-04 05:24:02 7477760 ----a-w- C:\Windows\System32\atiumd64.dll
2012-07-04 05:11:42 56320 ----a-w- C:\Windows\System32\atimpc64.dll
2012-07-04 05:11:42 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-07-04 05:11:40 535552 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-07-04 05:11:38 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-07-04 05:11:38 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-07-04 05:11:30 364544 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-07-04 05:11:18 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-07-04 05:11:16 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-07-04 05:11:16 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-07-04 05:11:12 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-07-04 05:11:04 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-07-04 05:10:56 359936 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-07-04 05:10:04 55296 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-07-04 05:09:56 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-07-04 05:09:50 45056 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-07-04 05:09:42 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-07-04 05:09:10 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-07-04 05:04:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-07-04 05:04:28 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-07-04 05:04:22 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-07-04 05:04:18 44544 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-07-04 05:04:08 15827456 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-07-04 04:59:40 13402112 ----a-w- C:\Windows\SysWow64\aticaldd.dll
.
============= FINISH: 17:24:48.19 ===============


Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
Java 7 Update 7
Adobe Flash Player 11.4.402.265
Mozilla Firefox (15.0.1)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


thx

EDIT: To disable malware link - please do not post active malware links in the forum...

Edited by Budfred, 17 September 2012 - 10:19 PM.


#2 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 17 September 2012 - 06:20 PM

Welcome paket to SpywareInfo. I am The Dark Knight and will be assisting you. Please ask questions if anything is unclear. :)

Please go to Start>Control Panel>Programs and Features>Programs and uninstall the following (if present):

  • Conduit
  • Conduit Engine
Please restart your computer after these program removals.
==========

Next, please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.
===========

Finally, please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[1].txt as well.
==========

In your reply please provide the following:
  • ComboFix.txt.
  • AdwCleaner[1].txt.

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#3 paket

paket

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 17 September 2012 - 11:38 PM

Thanks for your help. I ran ComboFix, but it never finished, even after letting it sit for a few hours. I ran Adwcleaner, hit 'Search', then 'Delete' and it told me it had to reboot the computer. After it was done restarting, the problem was gone, Thanks for your help!

Is there any way to lock the browser config and prevent the installation of any toolbars, extension and addons without the administrator's permission? Even if someone (a regular user, not an admin) tries to install one?

In case you are interested, here is the log file from Adwcleaner:


# AdwCleaner v2.002 - Logfile created 09/17/2012 at 23:24:26
# Updated 16/09/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : alu - TESLA
# Boot Mode : Normal
# Running from : C:\Users\alu\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\Browser Manager
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js
File Deleted : C:\Users\alu\AppData\Local\funmoods-speeddial.crx
File Deleted : C:\Users\alu\AppData\Roaming\Mozilla\Firefox\Profiles\nknickt9.default\searchplugins\search.xml
Folder Deleted : C:\Users\alu\AppData\Local\Wajam
Folder Deleted : C:\Users\alu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\bProtector
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\Software\bProtector
Key Deleted : HKLM\Software\BrowserMngr
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0AzytB0EyCtCyCtBtD0BzztCtAtN0D0Tzu0CtByCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=414542317 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - BrowserMngr Start Page] = hxxp://search.babylon.com/?affID=111511&tt=3612_2&babsrc=HP_ss&mntrId=80e0b813000000000000001a92e61620 --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\alu\AppData\Roaming\Mozilla\Firefox\Profiles\nknickt9.default\prefs.js

C:\Users\alu\AppData\Roaming\Mozilla\Firefox\Profiles\nknickt9.default\user.js ... Deleted !

Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3227983&SearchSource=13");
Deleted : user_pref("extensions.funmoods.aflt", "adknlg");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.cntry", "CA");
Deleted : user_pref("extensions.funmoods.cv", "cv5");
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hdrMd5", "49CA573AA6CF3D623EF5B8C95D4F70FE");
Deleted : user_pref("extensions.funmoods.hmpg", true);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2Xz[...]
Deleted : user_pref("extensions.funmoods.id", "001A92E61620B813");
Deleted : user_pref("extensions.funmoods.instlDay", "15599");
Deleted : user_pref("extensions.funmoods.instlRef", "adknlg");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2220:50:19");
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTab", true);
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.sg", "none");
Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd[...]
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2220:50:19");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods_i.newTab", true);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2220:50:19");

Profile name : default-1347845835245 [Profil par défaut]
File : C:\Users\brandon\AppData\Roaming\Mozilla\Firefox\Profiles\9ir6qi9y.default-1347845835245\prefs.js

Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3227983&SearchSource=13");

-\\ Google Chrome v21.0.1180.89

File : C:\Users\alu\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.13] : urls_to_restore_on_startup = [ "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0AzytB0EyCtCyCtBtD0BzztCtAtN0D0Tzu0CtByCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=414542317" ]
Deleted [l.1683] : urls_to_restore_on_startup = [ "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0AzytB0EyCtCyCtBtD0BzztCtAtN0D0Tzu0CtByCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=414542317" ]

*************************

AdwCleaner[R1].txt - [10419 octets] - [17/09/2012 19:08:41]
AdwCleaner[R2].txt - [10480 octets] - [17/09/2012 23:17:00]
AdwCleaner[R3].txt - [10541 octets] - [17/09/2012 23:23:50]
AdwCleaner[S2].txt - [11268 octets] - [17/09/2012 23:24:26]

########## EOF - C:\AdwCleaner[S2].txt - [11329 octets] ##########

#4 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 17 September 2012 - 11:47 PM

Good afternoon paket. :)

I'm glad the issue seems to have been solved.

Is there any way to lock the browser config and prevent the installation of any toolbars, extension and addons without the administrator's permission? Even if someone (a regular user, not an admin) tries to install one?

Not really. It all comes down to watching what you click and download. You could use a basic user account, as opposed to an Administrator, but other than that you just need to be careful. :)

Are you experiencing any other issues at the moment on your computer? It usually isn't a good sign if ComboFix doesn't complete.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com).
  • There are 3 different versions. If one of them won't run then download and try to run the other one.
  • Vista and Win7 users need to right click and choose Run as Admin.
  • You only need to get one of them to run, not all of them.
rkill.exe
rkill.com
rkill.scr

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the Desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

Before proceeding any further the processes that belong to Windows Recovery need to be terminated so that it does not interfere with the cleaning procedure.

Double-click on the RKill.exe icon in order to automatically attempt to stop any processes associated with Windows Recovery and other Rogue programs.
===

Please do not reboot your computer.

Then, please try running ComboFix. Post the contents of ComboFix.txt in your reply. :thumbup:

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#5 paket

paket

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 18 September 2012 - 12:19 PM

rkill.exe ran sucessfully, and so did ComboFix after that, although it took a really long time. I left it overnight. Logs are below.

Rkill 2.3.15 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingc...opic308364.html

Program started at: 09/18/2012 12:54:02 AM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\alu\Desktop\rkill\rkill-09-18-2012-12-54-05.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* WinDefend => %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [Incorrect ServiceDLL]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/18/2012 12:54:13 AM
Execution time: 0 hours(s), 0 minute(s), and 10 seconds(s)

ComboFix 12-09-18.02 - alu 18/09/2012 0:58.6.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.4094.2436 [GMT -5:00]
Running from: c:\users\alu\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\alu\AppData\Local\Temp\_MEI6762\_ctypes.pyd
c:\users\alu\AppData\Local\Temp\_MEI6762\_elementtree.pyd
c:\users\alu\AppData\Local\Temp\_MEI6762\_hashlib.pyd
c:\users\alu\AppData\Local\Temp\_MEI6762\_socket.pyd
c:\users\alu\AppData\Local\Temp\_MEI6762\_ssl.pyd
c:\users\alu\AppData\Local\Temp\_MEI6762\pyexpat.pyd
c:\users\alu\AppData\Local\Temp\_MEI6762\pysqlite2._sqlite.pyd
c:\users\alu\AppData\Local\Temp\_MEI6762\python26.dll
c:\users\alu\AppData\Local\Temp\_MEI6762\pythoncom26.dll
c:\users\alu\AppData\Local\Temp\_MEI6762\PyWinTypes26.dll
c:\users\alu\AppData\Local\Temp\_MEI6762\select.pyd
c:\users\alu\AppData\Local\Temp\_MEI6762\unicodedata.pyd
c:\users\alu\AppData\Local\Temp\_MEI6762\win32api.pyd
c:\users\alu\AppData\Local\Temp\_MEI6762\win32com.shell.shell.pyd
c:\users\alu\AppData\Local\Temp\_MEI6762\win32crypt.pyd
c:\users\alu\AppData\Local\Temp\_MEI6762\win32event.pyd
c:\users\alu\AppData\Local\Temp\_MEI6762\win32file.pyd
c:\users\alu\AppData\Local\Temp\_MEI6762\win32inet.pyd
c:\users\alu\AppData\Local\Temp\_MEI6762\win32pdh.pyd
c:\users\alu\AppData\Local\Temp\_MEI6762\win32process.pyd
c:\users\alu\AppData\Local\Temp\_MEI6762\windows._cacheinvalidation.pyd
c:\users\alu\AppData\Local\Temp\_MEI6762\wx._controls_.pyd
c:\users\alu\AppData\Local\Temp\_MEI6762\wx._core_.pyd
c:\users\alu\AppData\Local\Temp\_MEI6762\wx._gdi_.pyd
c:\users\alu\AppData\Local\Temp\_MEI6762\wx._html2.pyd
c:\users\alu\AppData\Local\Temp\_MEI6762\wx._misc_.pyd
c:\users\alu\AppData\Local\Temp\_MEI6762\wx._windows_.pyd
c:\users\alu\AppData\Local\Temp\_MEI6762\wx._wizard.pyd
c:\users\alu\AppData\Local\Temp\_MEI6762\wxbase293u_net_vc.dll
c:\users\alu\AppData\Local\Temp\_MEI6762\wxbase293u_vc.dll
c:\users\alu\AppData\Local\Temp\_MEI6762\wxmsw293u_adv_vc.dll
c:\users\alu\AppData\Local\Temp\_MEI6762\wxmsw293u_core_vc.dll
c:\users\alu\AppData\Local\Temp\_MEI6762\wxmsw293u_html_vc.dll
c:\users\alu\AppData\Local\Temp\_MEI6762\wxmsw293u_webview_vc.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-08-18 to 2012-09-18 )))))))))))))))))))))))))))))))
.
.
2012-09-18 06:10 . 2012-09-18 06:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-18 04:39 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4B7B364C-6E27-4F5B-9D2B-B679436B582E}\mpengine.dll
2012-09-17 22:01 . 2012-09-17 22:01 -------- d-----w- c:\users\alu\AppData\Roaming\Malwarebytes
2012-09-17 22:01 . 2012-09-17 22:01 -------- d-----w- c:\programdata\Malwarebytes
2012-09-17 22:01 . 2012-09-17 22:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-17 22:01 . 2012-09-07 22:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-16 17:02 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-15 06:36 . 2012-09-15 06:49 -------- d-----w- c:\users\alu\AppData\Local\Microsoft Games
2012-09-15 02:16 . 2012-09-15 02:16 -------- d-----w- c:\users\alu\jagexcache
2012-09-14 04:26 . 2012-09-14 04:26 -------- d-----w- c:\program files (x86)\uTorrent
2012-09-14 04:25 . 2012-09-15 01:25 -------- d-----w- c:\users\alu\AppData\Roaming\uTorrent
2012-09-12 06:25 . 2012-08-27 06:31 -------- d-----w- c:\program files\Tor Browser
2012-09-12 06:06 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 06:06 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 06:06 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 00:01 . 2012-09-12 00:01 -------- d-----w- c:\users\alu\AppData\Local\Evernote
2012-09-12 00:00 . 2012-09-12 00:00 -------- d-----w- c:\program files (x86)\Evernote
2012-09-10 21:22 . 2012-09-10 21:22 -------- d-----w- c:\users\alu\AppData\Local\Windows Live Writer
2012-09-10 21:22 . 2012-09-10 21:22 -------- d-----w- c:\users\alu\AppData\Roaming\Windows Live Writer
2012-09-10 05:16 . 2012-09-10 05:24 -------- d-----w- c:\program files\Process Monitor
2012-09-10 01:06 . 2012-09-10 01:06 -------- d-----w- c:\program files (x86)\WinDirStat
2012-09-10 00:55 . 2012-09-10 00:55 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-09-09 21:25 . 2012-09-17 21:59 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-09 21:25 . 2012-09-17 21:59 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-09-09 17:14 . 2012-09-09 17:14 -------- d-----w- c:\users\alu\AppData\Roaming\Notepad++
2012-09-09 17:14 . 2012-09-09 17:14 -------- d-----w- c:\program files (x86)\Notepad++
2012-09-09 16:15 . 2012-09-09 16:15 -------- d-----w- c:\program files\profilemanager
2012-09-09 15:34 . 2012-09-09 15:34 -------- d---a-w- C:\.Trash-1000
2012-09-09 04:18 . 2012-09-09 04:18 -------- d-----w- c:\windows\SysWow64\Extensions
2012-09-09 04:18 . 2012-09-09 04:18 -------- d-----w- c:\windows\SysWow64\searchplugins
2012-09-09 02:01 . 2012-09-07 22:26 666272 ----a-w- c:\program files (x86)\Uninstall Information\ib_uninst_567\uninstall.exe
2012-09-08 16:31 . 2012-09-08 16:31 -------- d-----w- c:\program files (x86)\7-Zip
2012-09-08 16:12 . 2012-09-18 05:19 -------- d-s---w- c:\users\alu\Google Drive
2012-09-07 22:46 . 2012-09-07 22:46 -------- d-----w- c:\windows\en
2012-09-07 22:42 . 2012-09-07 22:42 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-09-07 22:36 . 2012-09-07 22:36 -------- dc----w- c:\windows\system32\DRVSTORE
2012-09-07 22:36 . 2012-03-08 23:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-09-07 22:36 . 2012-09-07 22:46 -------- d-----w- c:\program files (x86)\Windows Live
2012-09-07 22:34 . 2012-09-07 22:36 -------- d-----w- c:\program files\Windows Live
2012-09-07 22:31 . 2012-09-09 14:33 -------- d-----w- c:\program files (x86)\Microsoft
2012-09-07 22:31 . 2009-09-04 22:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2012-09-07 22:31 . 2009-09-04 22:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2012-09-07 22:31 . 2009-09-04 22:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2012-09-07 22:31 . 2009-09-04 22:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-09-07 22:30 . 2006-11-29 18:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-09-07 22:30 . 2006-11-29 18:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2012-09-07 22:28 . 2012-09-09 14:47 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-09-07 22:27 . 2012-09-10 21:22 -------- d-----w- c:\users\alu\AppData\Local\Windows Live
2012-09-07 22:27 . 2012-09-07 22:27 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2012-09-07 02:14 . 2012-09-07 02:14 -------- d-----w- C:\Asus WebStorage
2012-09-07 02:08 . 2012-09-08 16:00 -------- d-----w- c:\users\alu\AppData\Roaming\ASUS WebStorage
2012-09-07 02:08 . 2012-09-07 02:08 -------- d-----w- c:\programdata\ASUS WebStorage
2012-09-07 00:24 . 2012-09-07 00:24 -------- d-----w- c:\users\alu\AppData\Roaming\LibreOffice
2012-09-07 00:20 . 2012-09-07 00:22 -------- d-----w- c:\program files (x86)\LibreOffice 3.6
2012-09-06 00:45 . 2012-09-06 01:54 -------- d-----w- c:\users\alu\AppData\Roaming\Guitar Pro 6
2012-09-05 21:20 . 2012-09-05 21:20 389120 ----a-w- c:\windows\SysWow64\RegistryHelperLM.ocx
2012-09-05 01:41 . 2012-09-05 02:07 -------- d-----w- c:\users\alu\AppData\Roaming\FreeFileSync
2012-09-05 01:41 . 2012-09-05 01:41 -------- d-----w- c:\program files\FreeFileSync
2012-09-04 03:22 . 2012-09-04 03:22 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-04 03:22 . 2012-09-04 03:22 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-04 03:21 . 2012-09-04 03:21 -------- d-----w- c:\program files (x86)\Java
2012-09-01 21:35 . 2012-09-01 21:35 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-09-01 21:35 . 2012-09-01 21:35 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-09-01 21:35 . 2012-09-01 21:35 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-09-01 21:35 . 2012-09-01 21:35 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-09-01 21:35 . 2012-09-01 21:35 -------- d-----w- c:\program files (x86)\OpenAL
2012-09-01 21:35 . 2012-09-01 22:13 -------- d-----w- c:\program files (x86)\Warzone 2100-3.1_rc2
2012-09-01 20:08 . 2012-09-01 20:08 -------- d-----w- C:\.jagex_cache_32
2012-08-30 23:32 . 2012-08-30 23:37 -------- d-----w- c:\users\alu\AppData\Local\Turbine
2012-08-30 23:29 . 2009-09-04 22:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2012-08-30 23:29 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2012-08-30 23:29 . 2007-03-12 21:42 3495784 ----a-w- c:\windows\SysWow64\d3dx9_33.dll
2012-08-30 23:29 . 2012-09-17 18:02 -------- d-----w- c:\users\alu\AppData\Local\ApplicationHistory
2012-08-30 23:08 . 2012-08-30 23:08 -------- d-----w- c:\program files (x86)\Turbine
2012-08-30 19:30 . 2012-08-30 21:53 -------- d-----w- c:\program files\DDO High Res Install Files
2012-08-30 19:05 . 2012-08-30 19:05 -------- d-----w- c:\program files (x86)\Pando Networks
2012-08-29 23:29 . 2012-08-29 23:29 -------- d--h--w- c:\windows\system32\CanonMF Uninstaller Information
2012-08-29 23:26 . 2012-08-29 23:29 -------- d-----w- c:\program files\Canon
2012-08-29 23:26 . 2010-09-17 19:55 114688 ----a-w- c:\windows\system32\CNCLST38a.DLL
2012-08-29 23:26 . 2010-09-17 19:55 244736 ----a-w- c:\windows\system32\CNCLSU38a.DLL
2012-08-29 23:26 . 2010-09-17 19:56 110080 ----a-w- c:\windows\system32\CNCLSI38a.DLL
2012-08-29 23:26 . 2010-09-17 19:55 156160 ----a-w- c:\windows\system32\CNCLSD38a.DLL
2012-08-29 23:26 . 2010-09-17 19:55 99328 ----a-w- c:\windows\system32\CNCLSC38a.DLL
2012-08-29 23:26 . 2010-09-17 19:56 49664 ----a-w- c:\windows\system32\CNCLSO38a.dll
2012-08-29 23:26 . 2010-09-17 19:55 136192 ----a-w- c:\windows\system32\CNCE4500.DLL
2012-08-29 23:26 . 2010-09-17 19:55 85504 ----a-w- c:\windows\system32\CNCI4500.DLL
2012-08-29 23:26 . 2010-09-17 19:55 372224 ----a-w- c:\windows\system32\CNCC4500.DLL
2012-08-29 23:26 . 2010-09-17 19:54 144384 ----a-w- c:\windows\system32\CNCL4500.DLL
2012-08-29 23:25 . 2010-07-09 13:42 967168 ----a-w- c:\windows\system32\CNAS0MOK.DLL
2012-08-29 23:25 . 2010-07-07 18:38 247808 ----a-w- c:\windows\SysWow64\CNCENPM6.dll
2012-08-29 23:25 . 2010-07-07 18:38 247808 ----a-w- c:\windows\system32\CNCENPM6.dll
2012-08-29 23:25 . 2009-06-18 23:43 195584 ----a-w- c:\windows\system32\CNCENPR6.dll
2012-08-29 23:25 . 2009-06-18 23:43 140800 ----a-w- c:\windows\system32\CNCENPU6.dll
2012-08-28 00:50 . 2012-09-08 16:09 -------- d-----w- c:\program files (x86)\Google
2012-08-27 20:54 . 2012-08-27 20:54 -------- d-----w- c:\programdata\Guitar Pro 6
2012-08-27 20:03 . 2012-08-27 20:04 -------- d-----w- c:\program files (x86)\Guitar Pro 6
2012-08-26 18:48 . 2012-08-26 18:55 -------- d-----w- C:\wamp
2012-08-26 18:14 . 2012-08-26 18:17 -------- d-----w- c:\users\alu\AppData\Roaming\freac
2012-08-26 18:14 . 2012-08-26 18:14 -------- d-----w- c:\program files (x86)\freac
2012-08-26 17:57 . 2012-08-26 18:08 -------- d-----w- c:\windows\system32\appmgmt
2012-08-26 17:52 . 2012-08-26 17:52 -------- d-----w- c:\program files (x86)\eRightSoft
2012-08-26 05:37 . 2012-08-26 18:32 -------- d-----w- c:\users\alu\AppData\Roaming\TeraCopy
2012-08-26 05:37 . 2012-08-26 05:37 -------- d-----w- c:\program files\TeraCopy
2012-08-26 05:22 . 2012-08-26 05:24 -------- d-----w- c:\users\alu\Superfreakonomics
2012-08-24 22:39 . 2012-08-26 17:58 -------- d-----w- c:\users\alu\AppData\Roaming\HandBrake
2012-08-24 21:59 . 2012-08-24 21:59 -------- d-----w- c:\program files\Handbrake
2012-08-24 04:09 . 2012-09-18 04:27 -------- d-----w- c:\users\alu\AppData\Roaming\Skype
2012-08-23 02:10 . 2012-08-23 02:09 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-23 02:10 . 2012-08-23 02:09 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-22 04:49 . 2012-08-22 04:49 -------- d-----w- c:\program files (x86)\WinCDEmu
2012-08-22 02:54 . 2012-08-22 02:54 -------- d-----w- c:\users\alu\AppData\Roaming\BANDISOFT
2012-08-22 02:53 . 2012-09-17 18:02 -------- d-----w- c:\program files (x86)\BandiMPEG1
2012-08-22 00:59 . 2012-08-22 00:59 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-08-22 00:59 . 2012-08-22 01:00 -------- d-----r- c:\program files (x86)\Skype
2012-08-22 00:59 . 2012-08-29 01:06 -------- d-----w- c:\programdata\Skype
2012-08-22 00:52 . 2012-09-07 04:27 -------- d-----w- c:\users\brandon
2012-08-21 04:32 . 2012-08-21 04:32 -------- d-----w- c:\program files (x86)\MP3Gain
2012-08-20 05:50 . 2012-08-20 05:50 -------- d-----w- c:\windows\system32\SPReview
2012-08-20 05:49 . 2012-08-20 05:49 -------- d-----w- c:\windows\system32\EventProviders
2012-08-19 23:59 . 2012-08-19 23:59 -------- d-----w- c:\windows\system32\ms-MY
2012-08-19 22:17 . 2012-09-18 05:26 -------- d-----r- c:\users\alu\Podcasts
2012-08-19 19:38 . 2012-08-19 19:38 -------- d-----w- c:\windows\system32\drivers\UMDF\ko-KR
2012-08-19 19:38 . 2012-08-19 19:38 -------- d-----w- c:\windows\system32\drivers\UMDF\ms-MY
2012-08-19 19:38 . 2012-08-19 19:38 -------- d-----w- c:\windows\system32\drivers\UMDF\id-ID
2012-08-19 19:38 . 2012-08-19 19:38 -------- d-----w- c:\windows\system32\drivers\UMDF\sv-SE
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-12 06:06 . 2012-08-17 03:49 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-07 22:34 . 2011-03-28 23:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-09-07 22:26 . 2012-08-18 04:20 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-07 22:26 . 2012-08-18 04:20 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-04 03:22 . 2012-08-18 04:26 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-04 03:22 . 2012-08-18 04:26 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-20 14:26 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-08-20 14:26 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-08-18 16:59 . 2012-08-18 17:00 13368 ----a-w- c:\windows\SysWow64\drivers\AsUpIO.sys
2012-08-18 16:59 . 2012-08-18 17:00 24576 ----a-w- c:\windows\SysWow64\AsIO.dll
2012-08-18 16:59 . 2012-08-18 17:00 13440 ----a-w- c:\windows\SysWow64\drivers\AsIO.sys
2012-08-17 05:21 . 2012-08-17 05:21 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{27084E78-2EA9-4FE6-A6C6-CDFC707185F2}\gapaengine.dll
2012-08-17 04:05 . 2012-08-17 04:05 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-08-17 04:05 . 2012-08-17 04:05 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-08-17 04:05 . 2012-08-17 04:05 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-17 04:05 . 2012-08-17 04:05 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-17 04:05 . 2012-08-17 04:05 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-08-17 04:05 . 2012-08-17 04:05 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-08-17 04:05 . 2012-08-17 04:05 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-08-17 04:05 . 2012-08-17 04:05 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-08-17 04:05 . 2012-08-17 04:05 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-08-17 04:05 . 2012-08-17 04:05 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-08-17 04:05 . 2012-08-17 04:05 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-08-17 04:05 . 2012-08-17 04:05 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-08-17 04:05 . 2012-08-17 04:05 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-08-17 04:05 . 2012-08-17 04:05 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-17 04:05 . 2012-08-17 04:05 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-08-17 04:05 . 2012-08-17 04:05 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-08-17 04:05 . 2012-08-17 04:05 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-17 04:05 . 2012-08-17 04:05 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-08-17 04:05 . 2012-08-17 04:05 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-17 04:05 . 2012-08-17 04:05 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-17 04:05 . 2012-08-17 04:05 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-08-17 04:05 . 2012-08-17 04:05 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-08-17 04:05 . 2012-08-17 04:05 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-17 04:05 . 2012-08-17 04:05 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-17 04:05 . 2012-08-17 04:05 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-17 04:05 . 2012-08-17 04:05 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-08-17 04:05 . 2012-08-17 04:05 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-08-17 04:05 . 2012-08-17 04:05 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-08-17 04:05 . 2012-08-17 04:05 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-08-17 04:05 . 2012-08-17 04:05 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-17 04:05 . 2012-08-17 04:05 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-17 04:05 . 2012-08-17 04:05 222208 ----a-w- c:\windows\system32\msls31.dll
2012-08-17 04:05 . 2012-08-17 04:05 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-17 04:05 . 2012-08-17 04:05 197120 ----a-w- c:\windows\system32\msrating.dll
2012-08-17 04:05 . 2012-08-17 04:05 17809920 ----a-w- c:\windows\system32\mshtml.dll
2012-08-17 04:05 . 2012-08-17 04:05 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-17 04:05 . 2012-08-17 04:05 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-08-17 04:05 . 2012-08-17 04:05 149504 ----a-w- c:\windows\system32\occache.dll
2012-08-17 04:05 . 2012-08-17 04:05 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-08-17 04:05 . 2012-08-17 04:05 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-17 04:05 . 2012-08-17 04:05 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-08-17 04:05 . 2012-08-17 04:05 12288 ----a-w- c:\windows\system32\mshta.exe
2012-08-17 04:05 . 2012-08-17 04:05 114176 ----a-w- c:\windows\system32\admparse.dll
2012-08-17 04:05 . 2012-08-17 04:05 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-08-17 04:05 . 2012-08-17 04:05 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-08-17 04:05 . 2012-08-17 04:05 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-08-17 04:05 . 2012-08-17 04:05 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-08-17 04:05 . 2012-08-17 04:05 82432 ----a-w- c:\windows\system32\icardie.dll
2012-08-17 04:05 . 2012-08-17 04:05 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-08-17 04:05 . 2012-08-17 04:05 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-08-17 04:05 . 2012-08-17 04:05 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-08-17 04:05 . 2012-08-17 04:05 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-08-17 04:05 . 2012-08-17 04:05 448512 ----a-w- c:\windows\system32\html.iec
2012-08-17 04:05 . 2012-08-17 04:05 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-08-17 04:05 . 2012-08-17 04:05 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-08-17 04:05 . 2012-08-17 04:05 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-08-17 04:05 . 2012-08-17 04:05 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-08-17 04:05 . 2012-08-17 04:05 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-17 04:05 . 2012-08-17 04:05 237056 ----a-w- c:\windows\system32\url.dll
2012-08-17 04:05 . 2012-08-17 04:05 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-08-17 04:05 . 2012-08-17 04:05 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-08-17 04:05 . 2012-08-17 04:05 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-17 04:05 . 2012-08-17 04:05 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-17 04:05 . 2012-08-17 04:05 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-17 04:05 . 2012-08-17 04:05 697344 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-17 04:05 . 2012-08-17 04:05 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-08-17 04:05 . 2012-08-17 04:05 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-17 04:05 . 2012-08-17 04:05 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-08-17 04:05 . 2012-08-17 04:05 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-08-17 04:05 . 2012-08-17 04:05 160256 ----a-w- c:\windows\system32\wextract.exe
2012-08-17 04:05 . 2012-08-17 04:05 103936 ----a-w- c:\windows\system32\inseng.dll
2012-08-09 07:40 . 2012-08-09 07:40 70184 ----a-w- c:\windows\system32\bdmpega64.acm
2012-07-18 18:15 . 2012-08-17 03:27 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-16 07:40 . 2012-08-17 03:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6AB9EF9E-9BA5-4218-BF64-3D8E55C053C3}\mpengine.dll
2012-07-04 22:16 . 2012-08-17 03:39 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-17 03:39 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-17 03:39 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-17 03:39 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-07-04 07:32 . 2012-07-04 07:32 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-07-04 07:32 . 2012-07-04 07:32 75264 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-07-04 07:32 . 2012-07-04 07:32 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-07-04 07:31 . 2012-07-04 07:31 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-07-04 07:31 . 2012-07-04 07:31 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-07-04 07:31 . 2012-07-04 07:31 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-07-04 07:30 . 2012-07-04 07:30 13008384 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-07-04 07:30 . 2012-07-04 07:30 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-07-04 07:30 . 2012-07-04 07:30 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-07-04 06:59 . 2012-07-04 06:59 11922944 ----a-w- c:\windows\system32\drivers\atikmdag.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-18 1353080]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-07-20 12218904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\alu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-8-14 1014624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-08 116648]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-07 250568]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-08 116648]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-17 1255736]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 238080]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-07-04 361984]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-07-04 11922944]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-07-04 359936]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [2011-08-08 198480]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-18 22:26]
.
2012-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-08 16:09]
.
2012-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-08 16:09]
.
2012-09-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-145603362-2156621200-4154018364-1000Core.job
- c:\users\alu\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-18 04:11]
.
2012-09-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-145603362-2156621200-4154018364-1000UA.job
- c:\users\alu\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-18 04:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-07-20 20:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-07-20 20:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-07-20 20:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-07-20 20:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"NVRaidService"="c:\program files\NVIDIA Corporation\Raid\nvraidservice.exe" [2010-04-09 291944]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"MFNetworkScanUtility"="c:\program files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE" [2009-12-15 508312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
TCP: DhcpNameServer = 192.168.1.1 64.59.177.226
TCP: Interfaces\{4B38E3D3-A0C5-4479-B575-9E110BC082C2}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\alu\AppData\Roaming\Mozilla\Firefox\Profiles\nknickt9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-145603362-2156621200-4154018364-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-145603362-2156621200-4154018364-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-18 08:27:48 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-18 13:27
.
Pre-Run: 742,576,009,216 bytes free
Post-Run: 742,238,502,912 bytes free
.
- - End Of File - - B41F52CC5532627475193E232BF700C1

#6 paket

paket

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 18 September 2012 - 12:23 PM

BTW - my browsers seem to be working fine. Thanks for your help.

#7 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 18 September 2012 - 11:33 PM

Hello paket. :)

So conduit has stopped making changes?

I see that you have a P2P (Peer-to-Peer) file sharing program installed (uTorrent). I highly recommend that you consider uninstalling it. P2P programs represent a security threat to the information on your system as they allow others to access your system. Just look at the number of high profile compromises in the news as a result of P2P software:
Data about Obama's helicopter breached via P2P?
Leak of congressional ethics document prompts calls for cybersecurity probe
Walter Reed suffers peer-to-peer data breach
Update: Seattle man arrested for p-to-p ID theft

More listed here:
Data Security Threats And Breaches
You should read the link at the bottom of that page:
Why File Sharing Networks Are Dangerous (Dartmouth study, .pdf file)

In many cases P2P programs also represent a risk of infection from the program itself, as some have installed adware/spyware, or other programs without consent. Even if the program itself is clean, many P2P networks are riddled with malware, and it's often the newest, most difficult to remove malware. There are many risks associated with P2P programs, none are worth the risks. If you don't uninstall the P2P software, we will continue to clean your system, but realize that it's likely only a matter of time before you are infected again.
==========

Please run a free online scan with the ESET Online Scanner.
Note: You can use Internet Explorer or Mozilla Firefox for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.
  • Click Scan.
    Wait for the scan to finish.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Are there any remaining issues on your computer?

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#8 paket

paket

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 19 September 2012 - 12:34 AM

No issues remaining; thanks for your help.

#9 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 19 September 2012 - 01:11 AM

Hey paket. :)

Did ESET find anything?

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#10 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 24 September 2012 - 07:41 AM

Are you still with me paket?

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#11 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 01 October 2012 - 07:50 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button