Jump to content

Removal of win32.downloader.gen


Recommended Posts

  • Root Admin

Hello and :welcome:

Please run the following and post back all the logs as ATTACHMENTS by clicking on the More Reply Options button.


STEP 01

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE:  Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


    STEP 02

    Please download Malwarebytes Anti-Rootkit from HERE

    • Unzip the contents to a folder in a convenient location.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

    STEP 03

    Please download Junkware Removal Tool to your desktop.
    • Shutdown your antivirus to avoid any conflicts.
    • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next reply message
    • When completed make sure to re-enable your antivirus


    STEP 04

    Please download AdwCleaner by Xplode to your desktop.

    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • If prompted by the User Account Control click Yes to allow it to run.
    • Under Actions click on the Delete button.
    • Click OK on all prompts.
    • You will be prompted to restart your computer. A text file will open after the restart.
    • Please post the entire contents of that logfile to your next reply.
    • You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.

    STEP 05

    button_eos.gif

    Please go here to run the online antivirus scannner from ESET.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked
    • Click on Advanced Settings and ensure these options are ticked:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology

      [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.


Link to post
Share on other sites

Thanks for the help so far.

 

 

 

System log:

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16618

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.000000 GHz
Memory total: 4294103040, free: 2860658688

Downloaded database version: v2013.07.10.08
Initializing...
------------ Kernel report ------------
     07/10/2013 23:14:01
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\sphw.sys
\SystemRoot\System32\Drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\mv61xx.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atipmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\System32\Drivers\ag80mmfc.SYS
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtiHdmi.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\viahduaa.sys
\SystemRoot\System32\Drivers\LUsbFilt.Sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\Drivers\adfs.SYS
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\iertutil.dll
\Windows\System32\wininet.dll
\Windows\System32\Wldap32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\user32.dll
\Windows\System32\lpk.dll
\Windows\System32\psapi.dll
\Windows\System32\msctf.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\shell32.dll
\Windows\System32\usp10.dll
\Windows\System32\ws2_32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\kernel32.dll
\Windows\System32\sechost.dll
\Windows\System32\nsi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\normaliz.dll
\Windows\System32\setupapi.dll
\Windows\System32\shlwapi.dll
\Windows\System32\urlmon.dll
\Windows\System32\difxapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\ole32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\oleaut32.dll
\Windows\System32\gdi32.dll
\Windows\System32\imm32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\wintrust.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004afd790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T1L0-5\
Lower Device Object: 0xfffffa8004af2680
Lower Device Driver Name: \Driver\atapi\
IRP handler 0 of \Driver\atapi points to an unknown module
Unhooking enabled.
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004afd790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T1L0-5\
Lower Device Object: 0xfffffa8004af2680
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004afd790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004af2040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004afd790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800494e9b0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8004af2680, DeviceName: \Device\Ide\IdeDeviceP1T1L0-5\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a00dafa380, 0xfffffa8004afd790, 0xfffffa80077e9090
Lower DeviceData: 0xfffff8a010584c30, 0xfffffa8004af2680, 0xfffffa800572bb20
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File user open failed: C:\Windows\system32\drivers\sptd.sys (0x00000020)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 30266228

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 104857600
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 104859648  Numsec = 871911424

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Scan finished
=======================================

Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished

 

 

 

 

 

 

 

 

Mbar-log:

 

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.10.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
andy :: ANDY-PC [administrator]

10/07/2013 23:14:05
mbar-log-2013-07-10 (23-14-05).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 242686
Time elapsed: 7 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

 

 

 

 

 

JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.5 (07.10.2013:2)
OS: Windows 7 Home Premium x64
Ran by andy on wo 10/07/2013 at 23:29:51,13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}

 

~~~ Registry Keys

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\typelib\{1ea4dbf0-3c3b-11cf-810c-00aa00389b71}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\typelib\{1ea4dbf0-3c3b-11cf-810c-00aa00389b71}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\typelib\{1ea4dbf0-3c3b-11cf-810c-00aa00389b71}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\typelib\{1ea4dbf0-3c3b-11cf-810c-00aa00389b71}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasmancs
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\classes\typelib\{1ea4dbf0-3c3b-11cf-810c-00aa00389b71}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2B55D4B1-AB3E-45DA-99E8-C67B0F37DC8D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EF546236-9EF5-4B8C-A3C7-2A51CA4C16F9}

 

~~~ Files

Successfully deleted: [File] "C:\end"

 

~~~ Folders

Successfully deleted: [Folder] "C:\Users\andy\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\andy\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\ProgramData\ask"

 

~~~ FireFox

Successfully deleted: [File] C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\3coegp3n.default\searchplugins\askcom.xml
Successfully deleted: [Folder] C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\3coegp3n.default\conduitcommon
Successfully deleted the following from C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\3coegp3n.default\prefs.js

user_pref("CT2504091..clientLogIsEnabled", true);


user_pref("CT2504091.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

user_pref("CT2504091.CTID", "CT2504091");
user_pref("CT2504091.CurrentServerDate", "23-12-2011");
user_pref("CT2504091.DSInstall", false);
user_pref("CT2504091.DialogsAlignMode", "LTR");
user_pref("CT2504091.DialogsGetterLastCheckTime", "Fri Dec 23 2011 21:34:36 GMT+0100 (Romance (standaardtijd))");
user_pref("CT2504091.DownloadReferralCookieData", "");
user_pref("CT2504091.EMailNotifierPollDate", "Fri Dec 23 2011 21:34:36 GMT+0100 (Romance (standaardtijd))");
user_pref("CT2504091.FeedLastCount129079840422964131", 0);
user_pref("CT2504091.FeedPollDate128891351169457140", "Fri Dec 23 2011 21:34:36 GMT+0100 (Romance (standaardtijd))");
user_pref("CT2504091.FeedPollDate129079840422964131", "Fri Dec 23 2011 21:34:36 GMT+0100 (Romance (standaardtijd))");
user_pref("CT2504091.FeedTTL128891351169457140", 40);
user_pref("CT2504091.FirstServerDate", "23-12-2011");
user_pref("CT2504091.FirstTime", true);
user_pref("CT2504091.FirstTimeFF3", true);
user_pref("CT2504091.FixPageNotFoundErrors", true);
user_pref("CT2504091.GroupingServerCheckInterval", 1440);

user_pref("CT2504091.HPInstall", false);
user_pref("CT2504091.HasUserGlobalKeys", true);
user_pref("CT2504091.Initialize", true);
user_pref("CT2504091.InitializeCommonPrefs", true);
user_pref("CT2504091.InstallationAndCookieDataSentCount", 1);
user_pref("CT2504091.InstallationId", "ConduitNSISIntegration");
user_pref("CT2504091.InstallationType", "ConduitXPEIntegration");
user_pref("CT2504091.InstalledDate", "Fri Dec 23 2011 21:34:36 GMT+0100 (Romance (standaardtijd))");
user_pref("CT2504091.IsGrouping", false);
user_pref("CT2504091.IsInitSetupIni", true);
user_pref("CT2504091.IsMulticommunity", false);
user_pref("CT2504091.IsOpenThankYouPage", false);
user_pref("CT2504091.IsOpenUninstallPage", false);
user_pref("CT2504091.LanguagePackLastCheckTime", "Fri Dec 23 2011 21:34:37 GMT+0100 (Romance (standaardtijd))");
user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);

user_pref("CT2504091.LastLogin_3.8.1.0", "Fri Dec 23 2011 21:34:37 GMT+0100 (Romance (standaardtijd))");
user_pref("CT2504091.LatestVersion", "3.8.1.0");
user_pref("CT2504091.Locale", "en-us");
user_pref("CT2504091.MCDetectTooltipHeight", "83");

user_pref("CT2504091.MCDetectTooltipWidth", "295");
user_pref("CT2504091.MyStuffEnabledAtInstallation", true);
user_pref("CT2504091.OriginalFirstVersion", "3.8.1.0");
user_pref("CT2504091.SearchCaption", "Web Search");
user_pref("CT2504091.SearchFromAddressBarIsInit", true);
user_pref("CT2504091.SearchInNewTabEnabled", true);
user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
user_pref("CT2504091.SearchInNewTabLastCheckTime", "Fri Dec 23 2011 21:34:37 GMT+0100 (Romance (standaardtijd))");


user_pref("CT2504091.SearchProtectorToolbarDisabled", true);
user_pref("CT2504091.SendProtectorDataViaLogin", true);
user_pref("CT2504091.ServiceMapLastCheckTime", "Fri Dec 23 2011 21:34:36 GMT+0100 (Romance (standaardtijd))");
user_pref("CT2504091.SettingsLastCheckTime", "Fri Dec 23 2011 21:34:36 GMT+0100 (Romance (standaardtijd))");
user_pref("CT2504091.SettingsLastUpdate", "1321973173");
user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Fri Dec 23 2011 21:34:36 GMT+0100 (Romance (standaardtijd))");
user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1312887586");
user_pref("CT2504091.ToolbarDisabled", true);
user_pref("CT2504091.ToolbarShrinkedFromSetup", false);
user_pref("CT2504091.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
user_pref("CT2504091.UserID", "UN42295220951885537");
user_pref("CT2504091.alertChannelId", "897164");
user_pref("CT2504091.autoDisableScopes", -1);
user_pref("CT2504091.defaultSearch", "false");
user_pref("CT2504091.enableAlerts", "false");
user_pref("CT2504091.enableSearchFromAddressBar", "true");
user_pref("CT2504091.firstTimeDialogOpened", true);
user_pref("CT2504091.fixPageNotFoundError", "true");
user_pref("CT2504091.fixUrls", true);
user_pref("CT2504091.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP
user_pref("CT2504091.globalFirstTimeInfoLastCheckTime", "Fri Dec 23 2011 21:34:37 GMT+0100 (Romance (standaardtijd))");
user_pref("CT2504091.homepageProtectorEnableByLogin", true);
user_pref("CT2504091.initDone", true);
user_pref("CT2504091.installId", "ConduitNSISIntegration");
user_pref("CT2504091.installType", "ConduitNSISIntegration");
user_pref("CT2504091.isAppTrackingManagerOn", true);
user_pref("CT2504091.isPerformedSmartBarTransition", "true");
user_pref("CT2504091.myStuffEnabled", true);
user_pref("CT2504091.myStuffPublihserMinWidth", 400);

user_pref("CT2504091.myStuffServiceIntervalMM", 1440);

user_pref("CT2504091.openThankYouPage", "false");
user_pref("CT2504091.openUninstallPage", "false");
user_pref("CT2504091.revertSettingsEnabled", true);
user_pref("CT2504091.searchProtectorDialogDelayInSec", 10);
user_pref("CT2504091.searchProtectorEnableByLogin", true);
user_pref("CT2504091.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT2504091.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":1}");
user_pref("CT2504091.settingsINI", true);
user_pref("CT2504091.shouldFirstTimeDialog", "false");
user_pref("CT2504091.smartbar.CTID", "CT2504091");
user_pref("CT2504091.smartbar.Uninstall", "0");
user_pref("CT2504091.smartbar.toolbarName", "Vuze Remote ");
user_pref("CT2504091.startPage", "false");
user_pref("CT2504091.testingCtid", "");
user_pref("CT2504091.toolbarAppMetaDataLastCheckTime", "Fri Dec 23 2011 21:34:36 GMT+0100 (Romance (standaardtijd))");
user_pref("CT2504091.toolbarBornServerTime", "23-12-2011");
user_pref("CT2504091.toolbarContextMenuLastCheckTime", "Fri Dec 23 2011 21:34:37 GMT+0100 (Romance (standaardtijd))");










user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\andy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3coegp3n.default\\conduitCommon\\modules\\3.8.1.0");
user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.0");

user_pref("CommunityToolbar.ToolbarsList", "CT2504091");
user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");
user_pref("CommunityToolbar.ToolbarsList4", "CT2504091");
user_pref("CommunityToolbar.globalUserId", "a07848e3-2fd5-4dc6-957e-a0a3ce00973d");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2504091");
user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Dec 23 2011 21:34:37 GMT+0100 (Romance (standaardtijd))");
user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Dec 23 2011 21:34:46 GMT+0100 (Romance (standaardtijd))");

user_pref("CommunityToolbar.notifications.locale", "en");
user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Dec 23 2011 21:34:37 GMT+0100 (Romance (standaardtijd))");
user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

user_pref("CommunityToolbar.notifications.showTrayIcon", false);
user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.notifications.userId", "0adfaac2-469e-4d57-a978-7f0c2a446af6");

user_pref("CommunityToolbar.originalSearchEngine", "Google");

user_pref("Smartbar.keywordURLSelectedCTID", "CT2504091");
user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.defaultenginename", "Ask.com");
user_pref("browser.search.order.1", "Ask.com");

user_pref("extensions.5043b23dc0ec2.scode", "(function(){try{if('aol.com,mail.google.com,mystart.incredibar.com,premiumreports.info,search.babylon.com,search.funmoods.com,sear
user_pref("samfind.social.notused", "ballhype,bitly,blinklist,connotea,current,delicious,diigo,dzone,fark,faves,foxiewire,friendfeed,googlebookmarks,googlereader,healthranker,
Emptied folder: C:\Users\andy\AppData\Roaming\mozilla\firefox\profiles\3coegp3n.default\minidumps [61 files]

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on wo 10/07/2013 at 23:34:19,95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

 

 

 

 

 

AdwCleaner[s1]:

 

# AdwCleaner v2.304 - Verslag gemaakt op 10/07/2013 om 23:41:10
# Geactualiseerd op 03/07/2013 door Xplode
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Gebruiker : andy - ANDY-PC
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : D:\unzipped\AdwCleaner.exe
# Optie [Verwijderen]

***** [Diensten] *****

***** [Files / Mappen] *****

***** [Register] *****

Waarde Verwijderd : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Waarde Verwijderd : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

***** [browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Het register bevat geen enkele ongeoorloofde invoer.

-\\ Mozilla Firefox v22.0 (nl)

File : C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\3coegp3n.default\prefs.js

Verwijderd : user_pref("CT2504091.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Verwijderd : user_pref("CT2504091.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Verwijderd : user_pref("CT2504091.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":1}")[...]






Verwijderd : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\andy\\AppData\\Roaming\\Mozilla\\Fi[...]

*************************

AdwCleaner[s1].txt - [2138 octets] - [10/07/2013 23:41:10]

########## EOF - C:\AdwCleaner[s1].txt - [2198 octets] ##########

 

 

 

 

ESET:

 

D:\unzipped\cdbxp_setup_4.3.2.2212_x64.exe a variant of Win32/Bundled.Toolbar.Ask application
D:\unzipped\FreemakeVideoConverterSetup.exe Win32/OpenCandy application

 

Link to post
Share on other sites

  • Root Admin

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


 

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-07-2013 03
Ran by andy (administrator) on 11-07-2013 01:28:34
Running from D:\unzipped
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Dutch Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
() C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files\CDBurnerXP\NMSAccessU.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
() C:\Users\andy\AppData\Roaming\TorrentStream\engine\tsengine.exe
() C:\Program Files (x86)\MagicTune Premium\GammaTray.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Users\andy\AppData\Roaming\TorrentStream\updater\tsupdate.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [sunJavaUpdateSched] - "C:\Program Files\Java\jre6\bin\jusched.exe" [171520 2009-09-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1612880 2010-01-27] (Logitech, Inc.)
HKLM\...\Run: [Windows Mobile Device Center] - %windir%\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [spybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [AdobeBridge] -  [x]
HKCU\...\Run: [ccleaner] - "C:\Program Files (x86)\CCleaner\ccleaner.exe" /AUTO [1771320 2010-02-24] (Piriform Ltd)
HKCU\...\Run: [TorrentStream] - C:\Users\andy\AppData\Roaming\TorrentStream\engine\tsengine.exe [27256 2013-07-05] ()
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
MountPoints2: {93629181-39ad-11df-979c-90e6bad56782} - F:\Setup.exe
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [2171904 2009-06-05] (VIA)
HKLM-x32\...\Run: [startCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-02-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATICustomerCare] - "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [307200 2009-06-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avast5] - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [brStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN [2621440 2010-02-09] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\GammaTray.lnk
ShortcutTarget: GammaTray.lnk -> C:\Program Files (x86)\MagicTune Premium\GammaTray.exe ()
Startup: C:\Users\andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://be.msn.com/default.aspx
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 195.130.130.5 195.130.131.5

FireFox:
========
FF ProfilePath: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\3coegp3n.default
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Windows\system32\TVUAx\npTVUAx.dll No File
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @torrentstream.net/tsplugin,version=2.0.7.2 - C:\Users\andy\AppData\Roaming\TorrentStream\player\npts_plugin.dll (Innovative Digital Technologies)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\andy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\3coegp3n.default\searchplugins\dogpile.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\3coegp3n.default\searchplugins\firefox-add-ons.xml
FF SearchPlugin: C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\3coegp3n.default\searchplugins\lycos.xml
FF Extension: No Name - C:\Users\andy\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Custom Buttons - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\3coegp3n.default\Extensions\custombuttons@xsms.org
FF Extension: IE Tab Plus - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\3coegp3n.default\Extensions\ietab@ip.cn
FF Extension: samfind Bookmarks Bar - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\3coegp3n.default\Extensions\sam@samfind.com
FF Extension: artur.dubovoy - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\3coegp3n.default\Extensions\artur.dubovoy@gmail.com.xpi
FF Extension: firegestures - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\3coegp3n.default\Extensions\firegestures@xuldev.org.xpi
FF Extension: researchword - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\3coegp3n.default\Extensions\researchword@scott.xpi
FF Extension: No Name - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\3coegp3n.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi
FF Extension: No Name - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\3coegp3n.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\andy\AppData\Roaming\Mozilla\Firefox\Profiles\3coegp3n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF

==================== Services (Whitelisted) =================

S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 MagicTuneEngine; C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe [45056 2007-08-23] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NMSAccess64; C:\Program Files\CDBurnerXP\NMSAccessU.exe [82872 2009-01-12] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R0 mv61xx; C:\Windows\System32\DRIVERS\mv61xx.sys [178728 2009-05-12] (Marvell Semiconductor, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-03-27] ()
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2009-11-12] ()
U3 aok1cjr8; C:\Windows\System32\Drivers\aok1cjr8.sys [0 ] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-07-11 01:28 - 2013-07-11 01:28 - 00000000 ____D C:\FRST
2013-07-11 01:02 - 2013-07-11 01:02 - 00000168 ____A C:\Users\andy\Desktop\ESET.txt
2013-07-10 23:45 - 2013-07-10 23:45 - 00002267 ____A C:\Users\andy\Desktop\AdwCleaner[s1].txt
2013-07-10 23:41 - 2013-07-10 23:41 - 00002267 ____A C:\AdwCleaner[s1].txt
2013-07-10 23:34 - 2013-07-10 23:34 - 00014956 ____A C:\Users\andy\Desktop\JRT.txt
2013-07-10 23:29 - 2013-07-10 23:29 - 00000000 ____D C:\Windows\ERUNT
2013-07-10 23:14 - 2013-07-10 23:23 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-10 23:11 - 2013-07-10 23:11 - 00000000 ____D C:\Windows\ERDNT
2013-07-10 23:10 - 2013-07-10 23:10 - 00000935 ____A C:\Users\andy\Desktop\NTREGOPT.lnk
2013-07-10 23:10 - 2013-07-10 23:10 - 00000916 ____A C:\Users\andy\Desktop\ERUNT.lnk
2013-07-10 23:04 - 2013-07-10 23:04 - 00791393 ____A (Lars Hederer                                                ) C:\Users\andy\Downloads\erunt-setup.exe
2013-07-10 22:37 - 2013-07-10 22:37 - 00017121 ____A C:\Users\andy\Desktop\dds.txt
2013-07-10 22:37 - 2013-07-10 22:37 - 00007316 ____A C:\Users\andy\Desktop\attach.txt
2013-07-10 22:24 - 2013-07-10 23:44 - 00000448 ____A C:\Windows\setupact.log
2013-07-10 22:24 - 2013-07-10 22:24 - 00000000 ____A C:\Windows\setuperr.log
2013-07-08 21:37 - 2013-07-08 21:37 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-08 21:31 - 2013-07-10 23:46 - 00112069 ____A C:\Windows\WindowsUpdate.log
2013-07-07 21:54 - 2013-07-07 21:54 - 00001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-27 21:53 - 2013-06-27 21:53 - 00000175 ____A C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-06-26 20:44 - 2013-06-27 21:53 - 00000175 ____A C:\Windows\system32\Drivers\aswSP.sys.sum
2013-06-26 20:44 - 2013-06-27 21:53 - 00000175 ____A C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-06-23 18:51 - 2013-06-23 18:51 - 00027188 ____A C:\Users\andy\AppData\Local\soulseek-client.dat.1372006317838
2013-06-23 18:45 - 2013-06-23 18:45 - 00027188 ____A C:\Users\andy\AppData\Local\soulseek-client.dat.1372005942557
2013-06-23 17:45 - 2013-06-23 17:45 - 00027188 ____A C:\Users\andy\AppData\Local\soulseek-client.dat.1372002342555
2013-06-19 17:57 - 2013-06-19 17:57 - 00000000 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-15 20:35 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-06-15 20:35 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-06-15 20:35 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-06-15 20:35 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-06-15 20:35 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-06-15 20:35 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-06-15 20:35 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 20:35 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 20:35 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 20:35 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 20:35 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 20:35 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-11 23:34 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-11 23:34 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-11 23:34 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-11 23:34 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-11 23:34 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-11 23:34 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-11 23:34 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-11 23:34 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-11 23:34 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-06-11 23:34 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-06-11 23:34 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-06-11 23:34 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-06-11 23:34 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-06-11 23:34 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-06-11 23:34 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-06-11 23:34 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-06-11 23:34 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-06-11 23:34 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-06-11 23:34 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-11 23:31 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-06-11 23:31 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-11 23:31 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-06-11 23:31 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-06-11 23:31 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-11 23:31 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-11 23:31 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-06-11 23:30 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-06-11 23:30 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-06-11 23:30 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-06-11 23:30 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-06-11 23:30 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-11 23:30 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-11 23:30 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-11 23:30 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-06-11 23:30 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-11 23:30 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-11 23:30 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-11 23:30 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\system32\d3d11.dll

==================== One Month Modified Files and Folders =======

2013-07-11 01:28 - 2013-07-11 01:28 - 00000000 ____D C:\FRST
2013-07-11 01:02 - 2013-07-11 01:02 - 00000168 ____A C:\Users\andy\Desktop\ESET.txt
2013-07-10 23:50 - 2009-07-14 06:45 - 00018560 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-10 23:50 - 2009-07-14 06:45 - 00018560 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-10 23:46 - 2013-07-08 21:31 - 00112069 ____A C:\Windows\WindowsUpdate.log
2013-07-10 23:45 - 2013-07-10 23:45 - 00002267 ____A C:\Users\andy\Desktop\AdwCleaner[s1].txt
2013-07-10 23:44 - 2013-07-10 22:24 - 00000448 ____A C:\Windows\setupact.log
2013-07-10 23:43 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-10 23:41 - 2013-07-10 23:41 - 00002267 ____A C:\AdwCleaner[s1].txt
2013-07-10 23:34 - 2013-07-10 23:34 - 00014956 ____A C:\Users\andy\Desktop\JRT.txt
2013-07-10 23:29 - 2013-07-10 23:29 - 00000000 ____D C:\Windows\ERUNT
2013-07-10 23:23 - 2013-07-10 23:14 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-10 23:11 - 2013-07-10 23:11 - 00000000 ____D C:\Windows\ERDNT
2013-07-10 23:10 - 2013-07-10 23:10 - 00000935 ____A C:\Users\andy\Desktop\NTREGOPT.lnk
2013-07-10 23:10 - 2013-07-10 23:10 - 00000916 ____A C:\Users\andy\Desktop\ERUNT.lnk
2013-07-10 23:04 - 2013-07-10 23:04 - 00791393 ____A (Lars Hederer                                                ) C:\Users\andy\Downloads\erunt-setup.exe
2013-07-10 23:03 - 2010-03-26 21:24 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-10 22:42 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-10 22:37 - 2013-07-10 22:37 - 00017121 ____A C:\Users\andy\Desktop\dds.txt
2013-07-10 22:37 - 2013-07-10 22:37 - 00007316 ____A C:\Users\andy\Desktop\attach.txt
2013-07-10 22:24 - 2013-07-10 22:24 - 00000000 ____A C:\Windows\setuperr.log
2013-07-10 20:36 - 2012-07-10 22:50 - 00004184 ____A C:\Windows\System32\Tasks\avast! Emergency Update
2013-07-10 10:10 - 2011-01-19 20:09 - 00000000 ____D C:\Users\andy\AppData\Local\Last.fm
2013-07-08 21:37 - 2013-07-08 21:37 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-08 21:37 - 2012-05-08 21:41 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-07-08 21:37 - 2011-03-11 15:07 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-08 21:37 - 2011-03-11 15:07 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-08 21:37 - 2011-03-11 15:07 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-08 21:37 - 2010-05-02 23:11 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-07 21:54 - 2013-07-07 21:54 - 00001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-07 10:13 - 2009-07-14 07:08 - 00032592 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-02 17:14 - 2010-03-25 20:12 - 00000000 ____D C:\Users\andy\AppData\Roaming\Azureus
2013-06-27 21:53 - 2013-06-27 21:53 - 00000175 ____A C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-06-27 21:53 - 2013-06-26 20:44 - 00000175 ____A C:\Windows\system32\Drivers\aswSP.sys.sum
2013-06-27 21:53 - 2013-06-26 20:44 - 00000175 ____A C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-06-27 21:53 - 2013-03-19 21:48 - 00189936 ____A C:\Windows\system32\Drivers\aswVmm.sys
2013-06-27 21:53 - 2011-02-26 15:03 - 01030952 ____A (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-06-27 21:53 - 2010-03-20 14:19 - 00378944 ____A (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-06-23 18:51 - 2013-06-23 18:51 - 00027188 ____A C:\Users\andy\AppData\Local\soulseek-client.dat.1372006317838
2013-06-23 18:45 - 2013-06-23 18:45 - 00027188 ____A C:\Users\andy\AppData\Local\soulseek-client.dat.1372005942557
2013-06-23 17:45 - 2013-06-23 17:45 - 00027188 ____A C:\Users\andy\AppData\Local\soulseek-client.dat.1372002342555
2013-06-19 17:57 - 2013-06-19 17:57 - 00000000 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-18 18:09 - 2009-09-09 12:03 - 00701548 ____A C:\Windows\system32\perfh013.dat
2013-06-18 18:09 - 2009-09-09 12:03 - 00133580 ____A C:\Windows\system32\perfc013.dat
2013-06-18 18:09 - 2009-07-14 07:13 - 01571202 ____A C:\Windows\system32\PerfStringBackup.INI
2013-06-17 16:44 - 2012-03-31 21:53 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-17 16:44 - 2011-05-14 18:20 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-15 17:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-11 23:34 - 2010-03-21 10:29 - 75825640 ____A (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-07-03 17:32

==================== End Of Log ============================

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-07-2013 03
Ran by andy at 2013-07-11 01:29:27
Running from D:\unzipped
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

  
Acrobat.com (x32 Version: 0.0.0)
Acrobat.com (x32 Version: 1.2.443)
Adobe Acrobat 9 Pro - English, Français, Deutsch (x32 Version: 9.0.0)
Adobe After Effects CS4 (x32 Version: 9)
Adobe After Effects CS4 Presets (x32 Version: 9)
Adobe AIR (x32 Version: 1.1.0.5790)
Adobe Anchor Service CS4 (x32 Version: 2.0)
Adobe Anchor Service x64 CS4 (Version: 2.0)
Adobe Asset Services CS4 (x32 Version: 4)
Adobe Bridge CS4 (x32 Version: 3)
Adobe CMaps CS4 (x32 Version: 2.0)
Adobe CMaps x64 CS4 (Version: 2.0)
Adobe Color - Photoshop Specific CS4 (x32 Version: 2.0)
Adobe Color EU Extra Settings CS4 (x32 Version: 2.0)
Adobe Color JA Extra Settings CS4 (x32 Version: 2.0)
Adobe Color NA Recommended Settings CS4 (x32 Version: 2.0)
Adobe Color Video Profiles AE CS4 (x32 Version: 2.0)
Adobe Color Video Profiles CS CS4 (x32 Version: 2.0)
Adobe Contribute CS4 (x32 Version: 5.0)
Adobe Creative Suite 4 Master Collection (x32 Version: 4.0)
Adobe CS4 American English Speech Analysis Models (x32 Version: 1)
Adobe CSI CS4 (x32 Version: 1)
Adobe CSI CS4 x64 (Version: 1)
Adobe Default Language CS4 (x32 Version: 2.0)
Adobe Device Central CS4 (x32 Version: 2)
Adobe Dreamweaver CS4 (x32 Version: 10.0)
Adobe Drive CS4 (x32 Version: 1)
Adobe Drive CS4 x64 (Version: 1)
Adobe Dynamiclink Support (x32 Version: 1)
Adobe Encore CS4 (x32 Version: 4)
Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0)
Adobe Extension Manager CS4 (x32 Version: 2.0)
Adobe Fireworks CS4 (x32 Version: 10.0)
Adobe Flash CS4 (x32 Version: 10.0)
Adobe Flash CS4 Extension - Flash Lite STI en (x32 Version: 3.0)
Adobe Flash CS4 STI-en (x32 Version: 10.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Fonts All (x32 Version: 2.0)
Adobe Fonts All x64 (Version: 2.0)
Adobe Illustrator CS4 (x32 Version: 14.0)
Adobe InDesign CS4 (x32 Version: 6.0)
Adobe InDesign CS4 Application Feature Set Files (Roman) (x32 Version: 6.0)
Adobe InDesign CS4 Common Base Files (x32 Version: 6.0)
Adobe InDesign CS4 Icon Handler (x32 Version: 6.0)
Adobe InDesign CS4 Icon Handler x64 (Version: 6.0)
Adobe Linguistics CS4 (x32 Version: 4.0.0)
Adobe Linguistics CS4 x64 (Version: 4.0.0)
Adobe Media Encoder CS4 (x32 Version: 1.0)
Adobe Media Encoder CS4 Additional Exporter (x32 Version: 1.0)
Adobe Media Encoder CS4 Dolby (x32 Version: 1.0)
Adobe Media Player (x32 Version: 0.0.0)
Adobe Media Player (x32 Version: 1.1)
Adobe MotionPicture Color Files CS4 (x32 Version: 2.0)
Adobe OnLocation CS4 (x32 Version: 4)
Adobe Output Module (x32 Version: 2.0)
Adobe PDF Library Files CS4 (x32 Version: 9.0)
Adobe PDF Library Files x64 CS4 (Version: 9.0)
Adobe Photoshop CS4 (64 Bit) (Version: 11.0)
Adobe Photoshop CS4 (x32 Version: 11.0)
Adobe Photoshop CS4 Support (x32 Version: 11.0)
Adobe Premiere Pro CS4 (x32 Version: 4)
Adobe Premiere Pro CS4 Functional Content (x32 Version: 4)
Adobe Reader XI - Nederlands (x32 Version: 11.0.00)
Adobe Search for Help (x32 Version: 1.0)
Adobe Service Manager Extension (x32 Version: 1.0)
Adobe Setup (x32 Version: 2.0)
Adobe SGM CS4 (x32 Version: 3.0)
Adobe SING CS4 (x32 Version: 2.0)
Adobe Soundbooth CS4 (x32 Version: 2)
Adobe Type Support CS4 (x32 Version: 9.0)
Adobe Type Support x64 CS4 (Version: 9.0)
Adobe Update Manager CS4 (x32 Version: 6.0.0)
Adobe Version Cue CS4 Server (x32 Version: 4.0)
Adobe WinSoft Linguistics Plugin (x32 Version: 1.1)
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1)
Adobe XMP Panels CS4 (x32 Version: 2.0)
AdobeColorCommonSetCMYK (x32 Version: 2.0)
AdobeColorCommonSetRGB (x32 Version: 2.0)
Aldfaer (HKCU)
AMD DnD V1.0.19 (x32 Version: 1.0.19)
Any Video Converter 3.5.2 (x32)
Apple Application Support (x32 Version: 1.2.1)
Apple Software Update (x32 Version: 2.1.1.116)
ATI Catalyst Install Manager (Version: 3.0.762.0)
ATI Catalyst Registration (x32 Version: 2.01.0000)
avast! Free Antivirus (x32 Version: 8.0.1489.0)
Brother MFL-Pro Suite DCP-J315W (x32 Version: 1.0.3.0)
BS.Player FREE (x32 Version: 2.63.1071)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2010.0202.2335.42270)
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0202.2335.42270)
Catalyst Control Center Graphics Full New (x32 Version: 2010.0202.2335.42270)
Catalyst Control Center Graphics Light (x32 Version: 2010.0202.2335.42270)
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0202.2335.42270)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0202.2335.42270)
Catalyst Control Center HydraVision Full (x32 Version: 2010.0202.2335.42270)
Catalyst Control Center InstallProxy (x32 Version: 2010.0202.2335.42270)
CCC Help English (x32 Version: 2010.0202.2334.42270)
ccc-core-static (x32 Version: 2010.0202.2335.42270)
ccc-utility64 (Version: 2010.0202.2335.42270)
CCleaner (x32 Version: 2.29)
CDBurnerXP (Version: 4.3.2.2212)
CDisplay 1.8 (x32)
Combined Community Codec Pack 2011-11-11 (x32 Version: 2011.11.11.0)
Connect (x32 Version: 1.0.0.1)
eReg (x32 Version: 1.20.138.34)
ERUNT 1.1j (x32)
ESET Online Scanner v3 (x32)
GIF Animator 4.0 (x32 Version: 4.0)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Java 6 Update 16 (64-bit) (Version: 6.0.160)
Java 6 Update 22 (x32 Version: 6.0.220)
kuler (x32 Version: 2.0)
Last.fm Scrobbler 2.1.35 (x32)
Logitech SetPoint 6.0 (Version: 6.00.68)
MagicTune Premium (x32 Version: 1.0 Beta)
Malwarebytes Anti-Malware versie 1.75.0.1300 (x32 Version: 1.75.0.1300)
marvell 61xx (x32 Version: 1.2.0.69)
Media Go (x32 Version: 1.8.121)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 22.0 (x86 nl) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
NWZ-A860 WALKMAN Guide (x32 Version: 2.0.2.04130)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
PDF Settings CS4 (x32 Version: 9.0)
Photoshop Camera Raw (x32 Version: 5.0)
Photoshop Camera Raw_x64 (Version: 5.0)
Pixel Bender Toolkit (x32 Version: 1.0)
Platform (x32 Version: 1.34)
PlayStation®Network Downloader (x32 Version: 2.06.00741)
PlayStation®Store (x32 Version: 4.3.3.12540)
QuickTime (x32 Version: 7.66.71.0)
Rainmeter (x32 Version: 2.5 beta r1696)
Realtek 8136 8168 8169 Ethernet Driver (x32 Version: 1.00.0005)
rosoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Samsung_MonSetup (x32 Version: 1.00.0000)
SopCast 3.5.0 (x32 Version: 3.5.0)
SoulseekQt (x32)
Spybot - Search & Destroy (x32 Version: 1.6.2)
StarCraft II (x32 Version: 2.0.9.26147)
Suite Shared Configuration CS4 (x32 Version: 1.0)
The Lord of the Rings FREE Trial  (x32 Version: 1.00.0000)
Torrent Stream 2.0.7.2 (HKCU Version: 2.0.7.2)
TVUPlayer 2.5.3.1 (x32 Version: 2.5.3.1)
Unity Web Player (HKCU Version: 2.6.1f3_31223)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Veetle TV 0.9.18 (x32 Version: 0.9.18)
VIA Platform Device Manager (x32 Version: 1.34)
Vuze (x32 Version: 4.7)
Winamp (x32 Version: 5.572 )
Winamp Detector Plug-in (HKCU Version: 1.0.0.1)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
Windows Mobile Apparaatcentrum (Version: 6.1.6965.0)
WinRAR

==================== Restore Points  =========================

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1EDEBAFC-CBE5-49A5-B6F1-4D9F3434B1E0} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {3368B096-42C5-4645-BC9B-0531ED94B69A} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {48DDCC91-2BC9-4ACA-9FA0-56B944821883} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {A190CCB1-8FA4-48CE-A2EC-2F93D225F583} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (07/10/2013 11:51:03 PM) (Source: volsnap) (User: )
Description: Bij de schaduwkopieën van volume C: zijn afgebroken omdat de schaduwkopieopslag niet kan worden uitgebreid vanwege een door de gebruiker opgelegde limiet.

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 50%
Total physical RAM: 4095.18 MB
Available physical RAM: 2018.38 MB
Total Pagefile: 8188.54 MB
Available Pagefile: 5973.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:50 GB) (Free:5.4 GB) NTFS (Disk=0 Partition=1) ==>[Drive with boot components (obtained from BCD)]
Drive d: (D0-P2) (Fixed) (Total:415.76 GB) (Free:69.9 GB) NTFS (Disk=0 Partition=2)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 30266228)
Partition 1: (Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=416 GB) - (Type=OF Extended)

==================== End Of Log ============================

Link to post
Share on other sites

  • Root Admin

That log looks pretty good too.   Please uninstall these old Java programs as they have old exploited code.
 
Java™ 6 Update 16 (64-bit) (Version: 6.0.160)
Java™ 6 Update 22 (x32 Version: 6.0.220)

 
How is the computer running now?
Are there still any signs of an infection?
 
Please run MBAM and check for updates and do a Quick Scan and post back that log.
 
Please create an mbam-check log:

  • Download mbam-check.exe from here and save it to your desktop
  • Double-click on mbam-check.exe to run it, it should then open a log file
  • Please do not copy and paste the entire contents of the log into your next post, instead please attach the log CheckResults.txt file which should now be located on your desktop to your next post
Link to post
Share on other sites

  • Root Admin

Let's just double check for any old exploited code then before we finish up here and we should be done.

 

Next, download Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


 

Link to post
Share on other sites

Here you go.

 

Results of screen317's Security Check version 0.99.68 

 Windows 7 Service Pack 1 x64 (UAC is enabled) 

 Internet Explorer 10 

``````````````Antivirus/Firewall Check:``````````````

avast! Antivirus  

 Antivirus up to date!  

`````````Anti-malware/Other Utilities Check:`````````

 Spybot - Search & Destroy

 CCleaner    

 Java 7 Update 25 

 Adobe Flash Player 11.7.700.224 

 Adobe Reader XI 

 Mozilla Firefox (22.0)

````````Process Check: objlist.exe by Laurent```````` 

 Malwarebytes Anti-Malware mbamservice.exe 

 Malwarebytes Anti-Malware mbamgui.exe 

 Malwarebytes' Anti-Malware mbamscheduler.exe  

 Alwil Software Avast5 AvastSvc.exe 

 Alwil Software Avast5 AvastUI.exe 

`````````````````System Health check`````````````````

 Total Fragmentation on Drive C: 1%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

  • Root Admin

Everything looks good from here. You can go ahead and uninstall or delete any programs or logs we've used now.

I'll go ahead and close your topic then and please read the following when you have time.

Best Practices for Safe Computing - Prevention of Malware Infection

Take care and stay safe out there.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.