Jump to content

Recommended Posts

Hi,

I'm getting a lot of missing files after scanning. Am I infected?

Thanks in advance for a reply.

theakseffect

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 23:30:17, on 31-3-2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v10.0 (10.00.9200.16521)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Iomega Storage Manager\IomegaStorageManager.exe

C:\Program Files (x86)\Evernote\EvernoteClipper.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Windows\SysWOW64\RunDll32.exe

D:\Programs\Adobe MC CS6\Acrobat 10.0\Acrobat\acrotray.exe

C:\Program Files (x86)\AltBinz\altbinz.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Spotnet\Spotnet.exe

C:\Users\Avi\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll

F2 - REG:system.ini: UserInit=userinit.exe

O1 - Hosts: 74.208.10.249 gs.apple.com

O2 - BHO: Freecorder - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\EvernoteIE.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Programs\Adobe MC CS6\Acrobat 10.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun

O4 - HKLM\..\Run: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN

O4 - HKCU\..\Run: [Google Update] "C:\Users\Avi\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\EvernoteClipper.exe

O4 - Startup: Logitech . Productregistratie.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe

O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Iomega Storage Manager.lnk = C:\Program Files (x86)\Iomega Storage Manager\IomegaStorageManager.exe

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Kopieer selectie - C:\Program Files (x86)\Evernote\\EvernoteIERes\Clip.html?clipAction=3

O8 - Extra context menu item: Kopieer URL - C:\Program Files (x86)\Evernote\\EvernoteIERes\Clip.html?clipAction=0

O8 - Extra context menu item: Nieuwe notitie - C:\Program Files (x86)\Evernote\\EvernoteIERes\NewNote.html

O8 - Extra context menu item: Pagina opemen - C:\Program Files (x86)\Evernote\\EvernoteIERes\Clip.html?clipAction=1

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Send Image To MindManager - res://C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/201

O8 - Extra context menu item: Send Link To MindManager - res://C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/203

O8 - Extra context menu item: Send Page To MindManager - res://C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/204

O8 - Extra context menu item: Send Text To MindManager - res://C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/202

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: @C:\Program Files (x86)\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\\EvernoteIERes\AddNote.html

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\\EvernoteIERes\AddNote.html

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: http://cecrm.ce-company.com

O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Unknown owner - C:\Windows\System32\appdrvrem01.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe

O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - Unknown owner - C:\Program Files (x86)\BlueStacks\HD-Service.exe (file missing)

O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - Unknown owner - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (file missing)

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: @%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000 (c2wts) - Unknown owner - C:\Program Files (x86)\Windows Identity Foundation\v3.5\c2wtshost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe

O23 - Service: PCloudd - Iomega Corp - C:\Program Files (x86)\Iomega Storage Manager\pCloudd.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Scrybe Updater (ScrybeUpdater) - Synaptics, Inc. - C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe

O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: XnetSrvc - Unknown owner - C:\Windows\system32\xnetsrvc.exe (file missing)

--

End of file - 16772 bytes

Link to post
Share on other sites

Hi theakseffect,

Welcome to Malwarebytes Forum

My name is Tomk1. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.

The fixes are specific to your problem and should only be used for the issues on this machine.

Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.

It's often worth reading through these instructions and printing them for ease of reference.

If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.

Please reply to this thread. Do not start a new topic.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Those (file missing) notations are normal when HJT is ran on a Windows 7 system.

If you are having some trouble and would like me to look over a log... I'll need a different one.

Please download DDS by sUBs from one of the following links and save it to your desktop.


  • [*]Disable any script blocking protection (How to Disable your Security Programs)

    [*]Double click DDS icon to run the tool (may take up to 3 minutes to run)

    [*]When done, DDS.txt will open.

    [*]After a few moments, attach.txt will open in a second window.

    [*]Save both reports to your desktop.

---------------------------------------------------

  • Post the contents of the DDS.txt and Attach.txt reports in your next reply

Link to post
Share on other sites

Hi Tomk1,

Thanks again for your reply. Below are the results.

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16521

Run by A at 14:56:12 on 2013-04-01

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1033.18.8052.6467 [GMT 2:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Iomega Storage Manager\pCloudd.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\SysWOW64\vmnat.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Windows\SysWOW64\vmnetdhcp.exe

C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\System32\x856Mbgnd.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Iomega Storage Manager\IomegaStorageManager.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Evernote\EvernoteClipper.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

D:\Programs\Adobe MC CS6\Acrobat 10.0\Acrobat\acrotray.exe

C:\Windows\system32\xrxbeacn.exe

C:\Windows\system32\xnetsrvc.exe

C:\Windows\SysWOW64\RunDll32.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files (x86)\Browny02\BrYNSvc.exe

C:\Program Files\Windows Mail\WinMail.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll

mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll

mWinlogon: Userinit = userinit.exe

BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: CmjBrowserHelperObject Object: {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\EvernoteIE.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Freecorder Toolbar: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

uRun: [Google Update] "C:\Users\Avi\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [AdobeBridge] <no file>

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Acrobat Assistant 8.0] "D:\Programs\Adobe MC CS6\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun

mRun: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN

StartupFolder: C:\Users\Avi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\EvernoteClipper.exe

StartupFolder: C:\Users\Avi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe

StartupFolder: C:\Users\Avi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IOMEGA~1.LNK - C:\Program Files (x86)\Iomega Storage Manager\IomegaStorageManager.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: Kopieer selectie - C:\Program Files (x86)\Evernote\\EvernoteIERes\Clip.html?clipAction=3

IE: Kopieer URL - C:\Program Files (x86)\Evernote\\EvernoteIERes\Clip.html?clipAction=0

IE: Nieuwe notitie - C:\Program Files (x86)\Evernote\\EvernoteIERes\NewNote.html

IE: Pagina opemen - C:\Program Files (x86)\Evernote\\EvernoteIERes\Clip.html?clipAction=1

IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105

IE: Send Image To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/201

IE: Send Link To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/203

IE: Send Page To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/204

IE: Send Text To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/202

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll

IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\\EvernoteIERes\AddNote.html

LSP: %windir%\system32\vsocklib.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

TCP: NameServer = 212.54.40.25 212.54.35.25

TCP: Interfaces\{3A89F0F5-1A55-4CE6-BEDB-00C596D71C4B} : DHCPNameServer = 212.54.40.25 212.54.35.25

TCP: Interfaces\{71135DF5-4C34-4AE5-B022-BB21CA22D2CF} : DHCPNameServer = 8.8.8.8

TCP: Interfaces\{7E3E95A3-C190-4DA6-BB08-353AECBCBDE6} : DHCPNameServer = 212.54.40.25 212.54.35.25

TCP: Interfaces\{7E3E95A3-C190-4DA6-BB08-353AECBCBDE6}\14256573531393135424035354 : DHCPNameServer = 192.168.2.254

TCP: Interfaces\{7E3E95A3-C190-4DA6-BB08-353AECBCBDE6}\14C6C60235071636560245562702141627 : DHCPNameServer = 192.168.2.254

TCP: Interfaces\{7E3E95A3-C190-4DA6-BB08-353AECBCBDE6}\960586F6E656026716E602146796E6163786 : DHCPNameServer = 194.151.228.3 194.151.228.51

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

mASetup: {90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB} - C:\Program Files (x86)\Mindjet\MindManager 10\sys\MmInternetExplorerActiveSetup.vbs

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming

x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized

x64-Run: [XeroxMercuryBackgroundTask] C:\Windows\System32\x856Mbgnd.exe 1

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

.

INFO: x64-HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

Hosts: 127.0.0.1 www.spywareinfo.com

Hosts: 74.208.10.249 gs.apple.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Avi\AppData\Roaming\Mozilla\Firefox\Profiles\301z4jqz.default\

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll

FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll

FF - plugin: C:\Users\Avi\AppData\Local\Citrix\Plugins\94\npappdetector.dll

FF - plugin: C:\Users\Avi\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Users\Avi\AppData\Roaming\Mozilla\Firefox\Profiles\301z4jqz.default\extensions\battlefieldplay4free@ea.com\plugins\npBP4FUpdater.dll

FF - plugin: C:\Users\Avi\AppData\Roaming\TorrentStream\player\npts.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll

FF - plugin: D:\Programs\Adobe MC CS6\Acrobat 10.0\Acrobat\Air\nppdf32.dll

FF - plugin: D:\Programs\Adobe MC CS6\Acrobat 10.0\Acrobat\browser\nppdf32.dll

FF - ExtSQL: 2013-02-28 15:25; web2pdfextension@web2pdf.adobedotcom; D:\Programs\Adobe MC CS6\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

FF - ExtSQL: 2013-03-11 14:32; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Avi\AppData\Roaming\Mozilla\Firefox\Profiles\301z4jqz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF - ExtSQL: 2013-03-11 14:35; {8b86149f-01fb-4842-9dd8-4d7eb02fd055}; C:\Users\Avi\AppData\Roaming\Mozilla\Firefox\Profiles\301z4jqz.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}

FF - ExtSQL: 2013-03-11 14:35; omnibar@ajitk.com; C:\Users\Avi\AppData\Roaming\Mozilla\Firefox\Profiles\301z4jqz.default\extensions\omnibar@ajitk.com.xpi

FF - ExtSQL: 2013-03-11 14:35; locationbar2@design-noir.de; C:\Users\Avi\AppData\Roaming\Mozilla\Firefox\Profiles\301z4jqz.default\extensions\locationbar2@design-noir.de.xpi

FF - ExtSQL: 2013-03-11 14:35; bytubed@cs213.cse.iitk.ac.in; C:\Users\Avi\AppData\Roaming\Mozilla\Firefox\Profiles\301z4jqz.default\extensions\bytubed@cs213.cse.iitk.ac.in

FF - ExtSQL: 2013-03-11 14:35; adblockpopups@jessehakanen.net; C:\Users\Avi\AppData\Roaming\Mozilla\Firefox\Profiles\301z4jqz.default\extensions\adblockpopups@jessehakanen.net.xpi

FF - ExtSQL: 2013-03-11 14:43; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; C:\Users\Avi\AppData\Roaming\Mozilla\Firefox\Profiles\301z4jqz.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi

FF - ExtSQL: 2013-03-12 10:36; nl-NL@dictionaries.addons.mozilla.org; C:\Users\Avi\AppData\Roaming\Mozilla\Firefox\Profiles\301z4jqz.default\extensions\nl-NL@dictionaries.addons.mozilla.org

FF - ExtSQL: 2013-03-15 16:03; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - ExtSQL: 2013-03-23 18:38; battlefieldplay4free@ea.com; C:\Users\Avi\AppData\Roaming\Mozilla\Firefox\Profiles\301z4jqz.default\extensions\battlefieldplay4free@ea.com

FF - ExtSQL: 2013-03-30 19:35; magicplayer@torrentstream.org; C:\Users\Avi\AppData\Roaming\Mozilla\Firefox\Profiles\301z4jqz.default\extensions\magicplayer@torrentstream.org.xpi

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-5-5 56208]

R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2012-10-10 70256]

R1 appdrv01;Application Driver (01);C:\Windows\System32\drivers\appdrv01.sys [2011-12-5 3852976]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-6-11 239616]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-17 13592]

R2 PanService;PandoraService;C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-9-25 625816]

R2 PCloudd;PCloudd;C:\Program Files (x86)\Iomega Storage Manager\pCloudd.exe [2012-9-9 213504]

R2 ScrybeUpdater;Scrybe Updater;C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-1-14 1294848]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-1-31 3289208]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-17 2320920]

R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-8-1 917656]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]

R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-3-25 266240]

R3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2012-6-13 594472]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-6-13 39976]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-3-1 56344]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-8-6 320040]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-24 22408]

R3 vNICdrv;Iomega Virtual Miniport;C:\Windows\System32\drivers\vNICdrv.sys [2012-5-11 20048]

R3 XnetSrvc;XnetSrvc;C:\Windows\System32\xnetsrvc.exe [2013-2-25 204544]

S2 appdrvrem01;Application Driver Auto Removal Service (01);C:\Windows\System32\appdrvrem01.exe svc --> C:\Windows\System32\appdrvrem01.exe svc [?]

S2 BstHdAndroidSvc;BlueStacks Android Service;"C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android --> C:\Program Files (x86)\BlueStacks\HD-Service.exe [?]

S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe --> C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]

S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2009-7-2 52264]

S3 c2wts;Claims to Windows Token Service;C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [2013-2-18 15768]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-24 16008]

S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2011-6-17 97040]

S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-10 22528]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 130008]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-16 19456]

S3 StkCMini;Syntek AVStream USB2.0 ATV;C:\Windows\System32\drivers\StkCMini.sys [2012-3-13 1816968]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-16 57856]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]

S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]

S4 Bizagi Standard Server Operations Service;Bizagi Standard Server Operations Service;C:\Program Files\BizAgi\BizAgi Standard\ServerOperationsService\BizAgi.ServerOperationsService.exe [2012-6-1 9728]

S4 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2012-4-24 255376]

.

=============== File Associations ===============

.

FileExt: .js: jsfile="D:\Programs\Adobe MC CS6\Adobe Dreamweaver CS6\Dreamweaver.exe","%1"

ShellExec: dreamweaver.exe: Open="D:\Programs\Adobe MC CS6\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"

.

=============== Created Last 30 ================

.

2013-03-31 13:44:18 9311288 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5A50BC58-D849-42CC-92C1-823A03CB0262}\mpengine.dll

2013-03-29 23:33:58 9311288 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-03-25 13:31:15 -------- d-----r- C:\Users\Avi\AppData\Roaming\Brother

2013-03-25 13:26:32 -------- d-----w- C:\Users\Avi\AppData\Roaming\ControlCenter4

2013-03-25 13:14:01 -------- d-----w- C:\ProgramData\Brother

2013-03-21 08:39:56 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{893E04E6-9FFD-4B1D-8721-A354B170014A}\gapaengine.dll

2013-03-18 13:52:40 -------- d-----w- C:\Users\Avi\AppData\Local\Citrix

2013-03-17 00:59:01 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys

2013-03-11 13:40:48 -------- d-----w- C:\Users\Avi\AppData\Local\Macromedia

2013-03-11 13:28:00 -------- d-----w- C:\Users\Avi\AppData\Local\Mozilla

2013-03-11 12:27:03 -------- d-----w- C:\Windows\SysWow64\searchplugins

2013-03-11 12:27:03 -------- d-----w- C:\Windows\SysWow64\Extensions

2013-03-11 12:26:24 -------- d-----w- C:\Program Files (x86)\Direct Video Downloader

2013-03-11 12:24:23 -------- d-----w- C:\Users\Avi\AppData\Local\Programs

2013-03-11 11:33:52 -------- d-----w- C:\Program Files\WinHTTrack

2013-03-11 11:18:57 -------- d-----w- C:\Users\Avi\AppData\Local\Evernote

2013-03-11 11:18:12 -------- d-----w- C:\Program Files (x86)\Evernote

2013-03-10 22:40:27 291824 ----a-w- C:\Windows\To the Moon Uninstaller.exe

2013-03-10 22:40:16 -------- d-----w- C:\Program Files (x86)\To the Moon

.

==================== Find3M ====================

.

2013-03-26 18:30:13 282104 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2013-03-26 18:30:13 282104 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2013-03-26 18:29:48 282080 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2013-03-22 10:03:13 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys

2013-03-19 09:31:25 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-19 09:31:25 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe

2013-01-20 14:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys

2013-01-20 14:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys

2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll

2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll

2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll

2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll

2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll

2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll

2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll

2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll

2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll

2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll

2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll

2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll

2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll

2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll

2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll

2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll

2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll

2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll

2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll

2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll

2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll

2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll

2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll

2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll

2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll

2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll

2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll

2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2006-05-03 10:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll

2007-02-21 11:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll

2008-03-16 13:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll

2010-01-06 22:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll

.

============= FINISH: 14:57:47,30 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume3

Install Date: 17-5-2011 0:01:08

System Uptime: 1-4-2013 13:28:11 (1 hours ago)

.

Motherboard: Acer | | Aspire 5740

Processor: Intel® Core i5 CPU M 430 @ 2.27GHz | CPU 1 | 2267/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 186 GiB total, 7,912 GiB free.

D: is FIXED (FAT32) - 233 GiB total, 15,949 GiB free.

E: is CDROM ()

G: is CDROM ()

H: is FIXED (NTFS) - 932 GiB total, 73,576 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: BlueStacks Hypervisor

Device ID: ROOT\LEGACY_BSTHDDRV\0000

Manufacturer:

Name: BlueStacks Hypervisor

PNP Device ID: ROOT\LEGACY_BSTHDDRV\0000

Service: BstHdDrv

.

==== System Restore Points ===================

.

RP351: 29-3-2013 13:12:01 - Scheduled Checkpoint

RP352: 30-3-2013 0:33:03 - Windows Update

.

==== Installed Programs ======================

.

64 Bit HP CIO Components Installer

7-Zip 9.20 (x64 edition)

Aangifte inkomstenbelasting 2011

Acer Updater

Acoustica CD/DVD Label Maker

Adobe Acrobat X Pro - English, Français, Deutsch

Adobe AIR

Adobe Creative Suite 6 Master Collection

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Help Manager

Adobe Shockwave Player 11.6

Adobe Widget Browser

Alt.Binz 0.39.4

AMD Accelerated Video Transcoding

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Media Foundation Decoders

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Atheros Driver Installation Program

µTorrent

Battlefield 2

Battlefield 3™

Battlefield Play4Free

Battlelog Web Plugins

Bizagi Enterprise 64-Bit

Bizagi Process Modeler

bl

Bonjour

BPMN 2.0 Modeler for Visio Version 3.1

Broadcom Gigabit NetLink Controller

Brother MFL-Pro Suite MFC-J5910DW

calibre

CamStudio OSS Desktop Recorder

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CDBurnerXP

CDisplayEx 1.8

D3DX10

DAEMON Tools Toolbar

Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition

Direct Video Downloader version 1.1

Dropbox

eReg

erLT

ESET Online Scanner v3

ESN Sonar

Evernote v. 4.6.3

Freecorder 5

Freecorder Toolbar

Freemake Video Converter version 3.1.1

GEAR driver installer for AMD64 and Intel EM64T

GIMP 2.6.11

Google Chrome

GoToMeeting 5.5.0.1133

Grand Theft Auto IV

ImgBurn

inSSIDer

Intel® Control Center

Intel® Management Engine Components

Intel® Rapid Storage Technology

Iomega Storage Manager

iTunes

Live 8.2

Logitech Gaming Software

Logitech Gaming Software 8.35

Logitech SetPoint 6.51

Magic ISO Maker v5.5 (build 0281)

Mass Effect™ 3

MD5Check 3.0

Medieval CUE Splitter

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Games for Windows - LIVE Redistributable

Microsoft Office 2010 Language Pack Service Pack 1 (SP1)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (Dutch) 2010

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (Dutch) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (Dutch) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (Dutch) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Language Pack 2010 - Dutch/Nederlands

Microsoft Office Live Meeting 2007

Microsoft Office O MUI (Dutch) 2010

Microsoft Office Office 32-bit Components 2010

Microsoft Office OneNote MUI (Dutch) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (Dutch) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (Dutch) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (Dutch) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (German) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (Dutch) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (Dutch) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 32-bit MUI (Dutch) 2010

Microsoft Office Shared 32-bit MUI (English) 2010

Microsoft Office Shared MUI (Dutch) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office SharePoint Designer MUI (Dutch) 2010

Microsoft Office Visio 2010

Microsoft Office Visio MUI (English) 2010

Microsoft Office Word MUI (Dutch) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Office X MUI (Dutch) 2010

Microsoft Research Mesh Virtual WIFI

Microsoft Security Client

Microsoft Security Essentials

Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)

Microsoft Silverlight

Microsoft SQL Server 2005 Backward compatibility

Microsoft SQL Server 2012 Setup (English)

Microsoft Visio 2010 Service Pack 1 (SP1)

Microsoft Visio Premium 2010

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual J# 2.0 Redistributable Package - SE (x64)

Microsoft_VC80_CRT_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

Mindjet MindManager 2012

MixMeister Studio Demo 7.4.4

MKVToolNix 5.9.0

Mozilla Firefox 19.0.2 (x86 en-US)

Mozilla Maintenance Service

Mp3tag v2.49a

MSVCRT

NBA 2K12

Next Generation Visualisations

Nexus Mod Manager

Notification Center

NVIDIA PhysX

Origin

Pandora Service

PDF-Viewer

PDF Settings CS6

ph

Pro Evolution Soccer 2012

Pro Evolution Soccer 2013

ProcessView 2.0 for Visio 2010 (64-bit edition)

PunkBuster Services

QuickPar 0.9

QuickTime

Ray Adams ATI Tray Tools

Rockstar Games Social Club

SABnzbd 0.7.5

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 64-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 64-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687436) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 64-Bit Edition

Security Update for Microsoft Visio 2010 (KB2760762) 64-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 64-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition

SEGA Mega Drive Classic Collection: Gold Edition

Shank 2

Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002)

Skype Click to Call

Skype™ 6.1

SMPlayer 0.8.0

SopCast 3.5.0

SpotLite

Spotnet

Spybot - Search & Destroy

Steam

StreamTorrent 1.0

SUPER © v2012.build.53 (Sep 13, 2012) version v2012.build.53

swMSM

Synaptics Gesture Suite featuring SYNAPTICS | Scrybe

Synaptics Pointing Device Driver

TagScanner 5.1.621

The Elder Scrolls V Skyrim - High Resolution Texture Pack

The KMPlayer (remove only)

To the Moon

tools-windows

Torrent Stream 1.0.6

TrackMania 2 - Canyon

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition

Update for Microsoft SharePoint Designer 2010 (KB2553459) 64-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition

USB2.0 Grabber

Veetle TV

VLC media player 2.0.5

VLC media player 2.1.0-git-20120217-1212

VMware Player

VMwarePlayer_x64

WBFS Manager 3.0

WIDCOMM Bluetooth Software

Windows 7 USB/DVD Download Tool

Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)

Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)

Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Media Player Firefox Plugin

WinHTTrack Website Copier 3.46-1 (x64)

WinPcap 4.1.2

WinRAR 4.20 (64-bit)

WinSCP 5.1.3

Wireshark 1.6.8 (64-bit)

XBMC

.

==== Event Viewer Messages From Past Week ========

.

30-3-2013 19:21:29, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff8000320d123, 0xfffff8800a62bb90, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 033013-21964-01.

30-3-2013 18:47:53, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Scrybe Updater service to connect.

30-3-2013 18:47:53, Error: Service Control Manager [7000] - The Scrybe Updater service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

29-3-2013 13:07:18, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

1-4-2013 13:30:12, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

1-4-2013 13:30:07, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

1-4-2013 13:29:13, Error: Service Control Manager [7001] - The BlueStacks Android Service service depends on the BlueStacks Hypervisor service which failed to start because of the following error: The system cannot find the file specified.

1-4-2013 13:28:52, Error: Service Control Manager [7000] - The BlueStacks Log Rotator Service service failed to start due to the following error: The system cannot find the file specified.

1-4-2013 13:28:52, Error: Service Control Manager [7000] - The BlueStacks Hypervisor service failed to start due to the following error: The system cannot find the file specified.

.

==== End Of File ===========================

Link to post
Share on other sites

That doesn't look to bad. It looks like you have collected a couple toolsbars. Let's spiff things up.

AdwCleaner

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

Link to post
Share on other sites

Ok, did it. Below is the result. A little sidenote: I actually installed Freecorder myself, guess I'll have to look for an alternative since it's considered mal-/adware.

# AdwCleaner v2.115 - Logfile created 04/01/2013 at 20:45:33

# Updated 17/03/2013 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)

# User : A

# Boot Mode : Normal

# Running from : C:\Users\A\Downloads\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\1ClickDownload

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Program Files (x86)\DAEMON Tools Toolbar

Folder Deleted : C:\Program Files (x86)\Freecorder

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freecorder

Folder Deleted : C:\Users\A\AppData\Local\Conduit

Folder Deleted : C:\Users\A\AppData\Local\TempDir

Folder Deleted : C:\Users\A\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\A\AppData\LocalLow\Freecorder

Folder Deleted : C:\Users\A\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\A\Documents\Freecorder

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\Freecorder

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\Ask&Record

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\DataMngr

Key Deleted : HKCU\Software\DataMngr_Toolbar

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1392B8D2-5C05-419F-A8F6-B9F15A596612}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E92257F-3F0A-451D-B231-6E2DB60CDC71}

Key Deleted : HKCU\Software\PIP

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\526db8ce76ee515

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\Software\Freecorder

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9E92257F-3F0A-451D-B231-6E2DB60CDC71}

Key Deleted : HKLM\Software\PIP

Key Deleted : HKLM\SOFTWARE\Wow6432Node\526db8ce76ee515

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9E92257F-3F0A-451D-B231-6E2DB60CDC71}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5BE96F84-B9BE-4FE2-8FB4-97D2D5619A83}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CC1369B6-E623-4189-AAA3-D84C8A91C600}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392B8D2-5C05-419F-A8F6-B9F15A596612}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder Toolbar

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16521

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\301z4jqz.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v25.0.1364.172

File : C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.2596] : homepage = "hxxp://isearch.babylon.com/?affID=120307&babsrc=HP_ss&mntrId=905ecb9d000000000000261[...]

Deleted [l.3520] : urls_to_restore_on_startup = [ "hxxp://isearch.babylon.com/?affID=120307&babsrc=HP_ss&mntrId=[...]

*************************

AdwCleaner[R1].txt - [4538 octets] - [01/04/2013 20:45:12]

AdwCleaner[s1].txt - [4541 octets] - [01/04/2013 20:45:33]

########## EOF - C:\AdwCleaner[s1].txt - [4601 octets] ##########

Link to post
Share on other sites

To the best of my knowledge... yes. That doesn't mean that we might not find something else if we continue to dig... but if things seem to be operating alright, I don't think it is necessary.

If you want to work on it some more... let me know. Otherwise, let's clean up.

You can just delete DDS, it's logs, AdwCleaner and it's logs.

Be sure you have turned any security programs that were disabled back on.

The following is my standard advice for the future. Use what you can and pat yourself on the back for what you're already doing.

Please take time to read Preventing Malware - Tools and Practices for Safe Computing. Very important information for your consideration is contained therein.

I would also suggest you read this:

So how did I get infected in the first place?

by Tony Klein

Also: "How to prevent malware"

by miekiemoes

Please respond back that you understand the above and let me know if you have any questions. Otherwise, this thread will be closed Resolved.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.