I have a Police Central e-crime Unit ransomware which blocks EVERYTHING :(

[ThCorp]

Please anytbody knows how to get rid of this Police Central e-crime Unit ransomware which does not even let you start safe mode??

 

[Fiery]

Hi ThCorp and welcome to MalwareTips!

I'm Fiery and I would gladly assist you in removing the malware on your computer.

PLEASE NOTE: The first 3 posts of ALL new members require approval by mods/admins. Please be patient if you don't see your post immediately after submitting it.

Before we start:

• Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
• Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
• Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
• Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
• The absence of symptoms does not mean your PC is fully disinfected.
• If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
• Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

<hr>
Download Farbar Recovery Scan Tool from the below link:
<ul><li>For 32 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST.exe" rel="nofollow external"><>Farbar Recovery Scan Tool</></a> and save it to a USB/flash drive.
</li>

<li>Plug the flashdrive into the infected PC.</li>

<li>Enter <>System Recovery Options</>.</li>

<>To enter System Recovery Options from the Advanced Boot Options:</>
<ul>
<li>Restart the computer.</li>
<li>As soon as the BIOS is loaded begin tapping the<> F8</> key until Advanced Boot Options appears.</li>
<li>Use the arrow keys to select the <>Repair your computer</> menu item.</li>
<li>Select <>US</> as the keyboard language settings, and then click <>Next</>.</li>
<li>Select the operating system you want to repair, and then click <>Next</>.</li>
<li>Select your user account an click <>Next</>.</li>
</ul>

<li>On the System Recovery Options menu you will get the following options:</span>
<pre>Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt</pre>
<ol>
<li>Select <>Command Prompt</></li>
<li>In the command window type in <>notepad</> and press <>Enter</>.</li>
<li>The notepad opens. Under File menu select <>Open</>.</li>
<li>Select "Computer" and find your flash drive letter and close the notepad.</li>
<li>In the command window type <><span style="color: #ff0000;">e</span>:\frst.exe</> and press <>Enter</>
<>Note:</><span style="color: #ff0000;"> Replace letter <>e</> with the drive letter of your flash drive.</span></li>
<li>The tool will start to run.</li>
<li>When the tool opens click <>Yes</> to disclaimer.</li>
<li>Press <>Scan</> button.</li>
<li><>FRST</> will let you know when the scan is complete and has written the <>FRST.txt</> to file, close the message.
<li>Type exit</li>
<li>Please copy and paste FRST.txt in your next reply</li></li>
</ol>
</ul>

 

[ThCorp]

I just managed to restore the computer to 2 weeks ago. Should I just use a malware detector to check it now?

 

[Fiery]

Yes you should. System restore doesn't always clear the malware.

Please download Malwarebytes' Anti-Malware from here to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• When it prompts you to try their 30-day trail, click decline
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Run Eset NOD32 Online AntiVirus here

Note: You will need to use Internet Explorer for this scan.
Vista / 7 users: You will need to to right-click on the Internet Explorer icon and select Run as Administrator

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Disable your current antivirus software. You can usually do this with its Notfication Tray icon near the clock.
• Make sure that the option "Remove found threats" is Un-checked, and the following Advance Settings are Checked
  • Scan unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Click Scan
• Wait for the scan to finish
• When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
• Save that text file on your desktop. Copy and paste the contents of that log in your next reply to this topic.
• The log can also be found in logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt

 

[ThCorp]

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.26.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
TOMI :: TOMI-PC [administrator]

Protection: Enabled

26/05/2013 21:26:29
MBAM-log-2013-05-26 (21-35-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 250727
Time elapsed: 8 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Policies (Backdoor.Agent.PGen) -> Data: C:\Users\TOMI\AppData\Roaming\install\twain.exe -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|win32 (Backdoor.Agent.Gen) -> Data: C:\Users\TOMI\AppData\Roaming\install\twain.exe -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\TOMI\Templates\2433f433 (Trojan.Agent.TPL) -> No action taken.
C:\ProgramData\2433f433 (Trojan.Agent.TPL) -> No action taken.
C:\Users\TOMI\AppData\Roaming\2433f433 (Trojan.Agent.TPL) -> No action taken.
C:\Users\TOMI\AppData\Local\2433f433 (Trojan.Agent.TPL) -> No action taken.

(end)

 

[Fiery]

As expected, the malware remained even though you had no symptoms of infection. We have to go through the entire cleaning process as the system restore did nothing but remove the lock up screen.

Did you remove the threats using malwarebytes? Also, if you haven't started ESET scan yet, leave it for now.

Please do a scan with Farbar Recovery Scan Tool in my first post.

 

[ThCorp]

I haven't removed anything yet as I was waiting for your instructions and launched the ESET scan which is almost over. It detected 7 threats so far :s I am doing the Farbar scan then.

 

[ThCorp]

It doesn't work...

It displays : The subsystem needed to support the image typa is not present.

 

[Fiery]

You have a 64 bit machine then. Try this link.

<li>For 64 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST64.exe" rel="nofollow external"><>Farbar Recovery Scan Tool x64</></a> and save it to a USB/flash drive.</li>

 

[ThCorp]

Stupid me....

 

[ThCorp]

It displays now : f:\frst.exe is not recognised as an internal or external command, openable program or batch file :s

 

[Fiery]

Ah.

<li>In the command window type <><span style="color: #ff0000;">e</span>:\frst64</> and press <>Enter</>
<>Note:</><span style="color: #ff0000;"> Replace letter <>e</> with the drive letter of your flash drive.</span></li>

 

[ThCorp]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-05-2013 04
Ran by SYSTEM on 27-05-2013 09:34:00
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2399632 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2011-09-16] (LogMeIn, Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-09-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe [479232 2005-07-15] (Google Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4767304 2013-03-06] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Conime] %windir%\system32\conime.exe [x]
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [39136 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-24] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [825560 2012-12-18] (Adobe Systems Inc.)
HKU\Guest\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Guest\...\Run: [Google Update] "C:\Users\TOMI\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-08-02] (Google Inc.)
HKU\Guest\...\Run: [win32] C:\Users\Guest\AppData\Roaming\install\twain.exe [x]
HKU\Guest\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1635752 2013-05-03] (Valve Corporation)
HKU\Guest\...\Run: [Facebook Update] "C:\Users\TOMI\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)
HKU\Guest\...\Run: [Bitcasa] C:\Program Files\Bitcasa\Bitcasa.exe [9068544 2012-02-10] ()
HKU\Guest\...\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade [516096 2010-11-20] (Microsoft Corporation)
HKU\Guest\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_ActiveX.exe -update activex [x]
HKU\TOMI\...\Run: [Google Update] "C:\Users\TOMI\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-08-02] (Google Inc.)
HKU\TOMI\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
HKU\TOMI\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [719672 2012-01-20] (Microsoft Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Camera Monitor SD.lnk
ShortcutTarget: Camera Monitor SD.lnk -> C:\Program Files (x86)\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe (PIXELA CORPORATION)

==================== Services (Whitelisted) =================

S2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-09-28] (ArcSoft Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [45248 2013-03-06] (AVAST Software)
S2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] ()
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [375728 2012-11-02] (LogMeIn, Inc.)
S2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [147888 2012-11-02] (LogMeIn, Inc.)
S2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-09-16] (LogMeIn, Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 PCToolsFirewallPlus; C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe [818432 2009-11-09] (PC Tools)
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-08-09] ()

==================== Drivers (Whitelisted) ====================

S3 applewtp; C:\Windows\System32\DRIVERS\applewtp.sys [53760 2010-10-14] (Apple Inc.)
S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-03-06] (AVAST Software)
S1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21136 2012-10-30] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-03-06] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [70992 2013-03-06] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-03-06] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1025808 2013-03-06] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [377920 2013-03-06] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [68920 2013-03-06] (AVAST Software)
S3 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178624 2013-03-06] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2009-11-29] ()
S2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2009-11-29] ()
S2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2011-09-16] (LogMeIn, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-28] ()
S3 PCTFW-DNS; C:\Windows\system32\drivers\pctNdis-DNS64.sys [42456 2010-03-28] (PC Tools)
S3 PCTFW-PacketFilter; C:\Windows\system32\drivers\pctNdis-PacketFilter64.sys [95504 2010-03-28] (PC Tools)
S1 pctgntdi; C:\Windows\system32\drivers\pctgntdi64.sys [306648 2010-03-28] (PC Tools)
S3 pctplfw; C:\Windows\System32\drivers\pctplfw64.sys [164496 2010-03-28] (PC Tools)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2011-03-28] (Duplex Secure Ltd.)
S4 LMIRfsClientNP; No ImagePath
S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-27 09:33 - 2013-05-27 09:33 - 00000000 ____D C:\FRST
2013-05-27 00:31 - 2013-05-27 00:31 - 00005120 ____N C:\bootex.log
2013-05-27 00:31 - 2013-05-27 00:31 - 00003352 ____N C:\bootsqm.dat
2013-05-27 00:28 - 2013-05-27 00:28 - 00000000 __SHD C:\found.000
2013-05-26 14:23 - 2013-04-04 22:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-26 14:23 - 2013-04-04 22:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-26 14:23 - 2013-04-04 22:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-26 14:23 - 2013-04-04 22:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-26 14:23 - 2013-04-04 22:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-26 14:23 - 2013-04-04 22:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-26 14:23 - 2013-04-04 22:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-26 14:23 - 2013-04-04 22:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-26 14:23 - 2013-04-04 22:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-26 14:23 - 2013-04-04 22:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-26 14:23 - 2013-04-04 22:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-26 14:23 - 2013-04-04 22:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-26 14:23 - 2013-04-04 22:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-26 14:23 - 2013-04-04 22:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-26 14:23 - 2013-04-04 21:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-26 14:23 - 2013-04-04 21:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-26 14:23 - 2013-04-04 21:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-26 14:23 - 2013-04-04 21:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-26 14:23 - 2013-04-04 21:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-26 14:23 - 2013-04-04 21:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-26 14:23 - 2013-04-04 21:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-26 14:23 - 2013-04-04 21:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-26 14:23 - 2013-04-04 21:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-26 14:23 - 2013-04-04 21:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-26 14:23 - 2013-04-04 21:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-26 14:23 - 2013-04-04 21:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-26 14:23 - 2013-04-04 21:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-26 14:23 - 2013-04-04 20:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-26 14:23 - 2013-04-04 20:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-26 14:23 - 2013-04-04 19:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-26 14:23 - 2013-04-04 19:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-26 12:31 - 2013-04-09 22:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-26 12:31 - 2013-04-09 22:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-26 12:31 - 2013-02-26 22:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-26 12:31 - 2013-02-26 21:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-26 12:31 - 2013-02-26 21:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-26 12:31 - 2013-02-26 21:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-26 12:31 - 2013-02-26 21:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-26 12:31 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-26 12:31 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-26 12:31 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-26 12:31 - 2011-02-03 03:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-26 12:30 - 2013-04-09 19:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-26 12:30 - 2013-03-18 21:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-26 12:30 - 2013-03-18 21:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-26 12:28 - 2013-05-26 12:28 - 00000000 ____D C:\Program Files (x86)\ESET
2013-05-26 12:15 - 2013-05-26 12:15 - 17613192 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-05-26 12:06 - 2013-05-26 12:06 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-26 12:06 - 2013-05-26 12:06 - 00000000 ____D C:\Users\TOMI\AppData\Roaming\Malwarebytes
2013-05-26 12:06 - 2013-05-26 12:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-26 12:06 - 2013-05-26 12:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-26 12:06 - 2013-04-04 05:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-05-15 14:23 - 2013-05-17 09:30 - 00000000 ____D C:\Users\TOMI\Desktop\RD
2013-05-12 09:21 - 2013-05-26 20:50 - 00000000 ____D C:\ProgramData\RealNetworks
2013-05-12 09:21 - 2013-05-12 09:21 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-05-11 03:57 - 2013-05-16 11:30 - 00000000 ____D C:\Users\TOMI\Documents\My Kindle Content
2013-05-11 03:56 - 2013-05-11 03:56 - 00000000 ____D C:\Users\TOMI\AppData\Local\Amazon
2013-05-11 03:56 - 2013-05-11 03:56 - 00000000 ____D C:\Program Files (x86)\Amazon
2013-05-05 14:11 - 2013-05-05 14:11 - 00000000 ____D C:\Users\TOMI\Documents\Klei
2013-05-05 04:06 - 2010-06-01 19:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-05-05 04:06 - 2010-06-01 19:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2013-05-05 04:06 - 2010-06-01 19:55 - 00239960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2013-05-05 04:06 - 2010-06-01 19:55 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll
2013-05-05 04:06 - 2010-06-01 19:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2013-05-05 04:06 - 2010-06-01 19:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-05-05 04:06 - 2010-05-26 02:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2013-05-05 04:06 - 2010-05-26 02:41 - 02401112 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll
2013-05-05 04:06 - 2010-05-26 02:41 - 02106216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-05-05 04:06 - 2010-05-26 02:41 - 01998168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2013-05-05 04:06 - 2010-05-26 02:41 - 01907552 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll
2013-05-05 04:06 - 2010-05-26 02:41 - 01868128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2013-05-05 04:06 - 2010-05-26 02:41 - 00511328 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll
2013-05-05 04:06 - 2010-05-26 02:41 - 00470880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2013-05-05 04:06 - 2010-05-26 02:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2013-05-05 04:06 - 2010-05-26 02:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-05-05 04:06 - 2010-02-04 01:01 - 00530776 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll
2013-05-05 04:06 - 2010-02-04 01:01 - 00528216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2013-05-05 04:06 - 2010-02-04 01:01 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2013-05-05 04:06 - 2010-02-04 01:01 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
2013-05-05 04:06 - 2010-02-04 01:01 - 00078680 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll
2013-05-05 04:06 - 2010-02-04 01:01 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2013-05-05 04:06 - 2010-02-04 01:01 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
2013-05-05 04:06 - 2010-02-04 01:01 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2013-05-02 10:51 - 2013-05-02 10:52 - 02298074 ____A C:\Users\TOMI\Desktop\GCSE French.zip
2013-04-29 23:17 - 2013-04-29 23:17 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-04-29 23:17 - 2013-04-29 23:17 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-04-29 23:17 - 2013-04-29 23:17 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-04-29 23:17 - 2013-04-29 23:17 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-04-29 23:17 - 2013-04-29 23:17 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-04-29 23:17 - 2013-04-29 23:17 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-04-29 23:17 - 2013-04-29 23:17 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-04-29 23:17 - 2013-04-29 23:17 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-04-29 23:17 - 2013-04-29 23:17 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-04-29 23:17 - 2013-04-29 23:17 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-04-29 23:17 - 2013-04-29 23:17 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-04-29 23:17 - 2013-04-29 23:17 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-04-29 23:17 - 2013-04-29 23:17 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-04-29 23:17 - 2013-04-29 23:17 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-04-29 23:17 - 2013-04-29 23:17 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-04-29 23:17 - 2013-04-29 23:17 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-04-29 23:17 - 2013-04-29 23:17 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-04-29 23:17 - 2013-04-29 23:17 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-04-29 23:17 - 2013-04-29 23:17 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-04-29 23:17 - 2013-04-29 23:17 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-04-29 23:17 - 2013-04-29 23:17 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-04-29 23:14 - 2013-04-29 23:19 - 00007201 ____A C:\Windows\IE10_main.log

==================== One Month Modified Files and Folders =======

2013-05-27 09:33 - 2013-05-27 09:33 - 00000000 ____D C:\FRST
2013-05-27 00:31 - 2013-05-27 00:31 - 00005120 ____N C:\bootex.log
2013-05-27 00:31 - 2013-05-27 00:31 - 00003352 ____N C:\bootsqm.dat
2013-05-27 00:28 - 2013-05-27 00:28 - 00000000 __SHD C:\found.000
2013-05-27 00:21 - 2010-06-01 07:34 - 02055017 ____A C:\Windows\WindowsUpdate.log
2013-05-27 00:11 - 2010-08-02 13:42 - 00001074 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2859402052-3199446746-1923838893-1001UA.job
2013-05-27 00:10 - 2012-08-23 14:41 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-26 22:27 - 2011-07-09 02:55 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2859402052-3199446746-1923838893-1001UA.job
2013-05-26 22:11 - 2010-08-02 13:42 - 00001022 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2859402052-3199446746-1923838893-1001Core.job
2013-05-26 20:55 - 2013-02-21 10:15 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-26 20:55 - 2013-02-21 10:15 - 00000000 ____D C:\Program Files\iTunes
2013-05-26 20:55 - 2013-02-21 10:15 - 00000000 ____D C:\Program Files\iPod
2013-05-26 20:55 - 2013-02-21 10:15 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-05-26 20:55 - 2013-02-03 10:27 - 00000000 ____D C:\Users\TOMI\Desktop\Lacie
2013-05-26 20:55 - 2013-02-03 10:27 - 00000000 ____D C:\Users\TOMI\Desktop\Kingston
2013-05-26 20:55 - 2010-06-01 07:16 - 00000000 ____D C:\users\Guest
2013-05-26 20:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\L2Schemas
2013-05-26 20:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2013-05-26 20:55 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-05-26 20:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-05-26 20:52 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-05-26 20:50 - 2013-05-12 09:21 - 00000000 ____D C:\ProgramData\RealNetworks
2013-05-26 18:51 - 2011-04-25 05:12 - 00000000 ____D C:\Users\TOMI\Desktop\Games Stuff
2013-05-26 18:51 - 2011-01-29 10:56 - 00000000 ____D C:\Program Files (x86)\FoxTabMP4Converter
2013-05-26 17:36 - 2011-11-13 13:57 - 00000000 ____D C:\ProgramData\LogMeIn
2013-05-26 14:53 - 2009-07-13 20:45 - 00013760 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-26 14:53 - 2009-07-13 20:45 - 00013760 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-26 14:45 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-26 14:44 - 2011-10-12 20:26 - 00369191 ____A C:\Windows\setupact.log
2013-05-26 14:44 - 2009-07-13 20:45 - 00423216 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-26 14:30 - 2009-11-19 06:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-26 14:27 - 2010-06-11 16:42 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-26 14:26 - 2009-07-13 21:13 - 00788892 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-26 14:18 - 2011-11-09 10:22 - 00090840 ____A C:\Windows\PFRO.log
2013-05-26 13:27 - 2011-07-09 02:55 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2859402052-3199446746-1923838893-1001Core.job
2013-05-26 12:28 - 2013-05-26 12:28 - 00000000 ____D C:\Program Files (x86)\ESET
2013-05-26 12:21 - 2010-12-12 13:12 - 00000000 ____D C:\Users\TOMI\AppData\Roaming\vlc
2013-05-26 12:15 - 2013-05-26 12:15 - 17613192 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-05-26 12:15 - 2012-08-23 14:41 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-26 12:15 - 2011-06-21 11:47 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-26 12:09 - 2009-10-14 09:09 - 00000000 ___HD C:\ASUS.000
2013-05-26 12:06 - 2013-05-26 12:06 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-26 12:06 - 2013-05-26 12:06 - 00000000 ____D C:\Users\TOMI\AppData\Roaming\Malwarebytes
2013-05-26 12:06 - 2013-05-26 12:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-26 12:06 - 2013-05-26 12:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-26 12:02 - 2011-04-09 10:15 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-05-26 11:58 - 2010-06-01 07:16 - 00000000 ____D C:\users\TOMI
2013-05-17 09:30 - 2013-05-15 14:23 - 00000000 ____D C:\Users\TOMI\Desktop\RD
2013-05-16 11:30 - 2013-05-11 03:57 - 00000000 ____D C:\Users\TOMI\Documents\My Kindle Content
2013-05-13 10:02 - 2011-08-03 06:08 - 00000000 ____D C:\Users\TOMI\AppData\Roaming\iSpy
2013-05-13 09:27 - 2009-10-23 05:18 - 00000000 ____D C:\Users\TOMI\AppData\Roaming\Mozilla
2013-05-12 12:55 - 2011-04-10 09:45 - 00000000 ____D C:\Program Files (x86)\Steam
2013-05-12 09:21 - 2013-05-12 09:21 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-05-11 03:56 - 2013-05-11 03:56 - 00000000 ____D C:\Users\TOMI\AppData\Local\Amazon
2013-05-11 03:56 - 2013-05-11 03:56 - 00000000 ____D C:\Program Files (x86)\Amazon
2013-05-05 14:11 - 2013-05-05 14:11 - 00000000 ____D C:\Users\TOMI\Documents\Klei
2013-05-05 04:06 - 2011-11-30 11:37 - 00019173 ____A C:\Windows\DirectX.log
2013-05-02 10:52 - 2013-05-02 10:51 - 02298074 ____A C:\Users\TOMI\Desktop\GCSE French.zip
2013-05-01 17:06 - 2009-10-23 05:57 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-04-30 13:13 - 2010-06-01 17:11 - 00000000 ____D C:\Windows\Panther
2013-04-30 13:12 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-04-29 23:19 - 2013-04-29 23:14 - 00007201 ____A C:\Windows\IE10_main.log
2013-04-29 23:17 - 2013-04-29 23:17 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-04-29 23:17 - 2013-04-29 23:17 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-04-29 23:17 - 2013-04-29 23:17 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-04-29 23:17 - 2013-04-29 23:17 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-04-29 23:17 - 2013-04-29 23:17 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-04-29 23:17 - 2013-04-29 23:17 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-04-29 23:17 - 2013-04-29 23:17 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-04-29 23:17 - 2013-04-29 23:17 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-04-29 23:17 - 2013-04-29 23:17 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-04-29 23:17 - 2013-04-29 23:17 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-04-29 23:17 - 2013-04-29 23:17 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-04-29 23:17 - 2013-04-29 23:17 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-04-29 23:17 - 2013-04-29 23:17 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-04-29 23:17 - 2013-04-29 23:17 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-04-29 23:17 - 2013-04-29 23:17 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-04-29 23:17 - 2013-04-29 23:17 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-04-29 23:17 - 2013-04-29 23:17 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-04-29 23:17 - 2013-04-29 23:17 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-04-29 23:17 - 2013-04-29 23:17 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-04-29 23:17 - 2013-04-29 23:17 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-04-29 23:17 - 2013-04-29 23:17 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-04-29 23:17 - 2013-04-29 23:17 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-04-29 22:59 - 2013-04-25 10:36 - 00035840 ____A C:\Users\TOMI\Desktop\9xSp1.xls
2013-04-28 23:06 - 2013-04-25 10:36 - 00034304 ____A C:\Users\TOMI\Desktop\9ySp1.xls
2013-04-28 08:06 - 2013-01-30 11:52 - 00000000 ____D C:\Users\TOMI\Desktop\Constabulary

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-05-21 09:46:15
Restore point made on: 2013-05-26 12:57:59
Restore point made on: 2013-05-26 14:22:25

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 4087.05 MB
Available physical RAM: 3444.12 MB
Total Pagefile: 4085.2 MB
Available Pagefile: 3435.92 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:466.49 GB) NTFS (Disk=0 Partition=2)
Drive f: (A LEVEL) (Removable) (Total:14.89 GB) (Free:14.89 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: E3942019)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)


Last Boot: 2013-05-24 14:45

==================== End Of Log ============================

 

[Fiery]

Hi,

Remove the threats detected by Malwarebytes if you haven't already. Then,

Open notepad and copy & paste the following:

start
HKU\Guest\...\Run: [win32] C:\Users\Guest\AppData\Roaming\install\twain.exe [x]
C:\Users\Guest\AppData\Roaming\install\twain.exe

Folder: C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
end

and save it as fixlist.txt onto your flash drive.

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log.

Reboot your PC normally,
Download Malwarebytes Anti-Rootkit from here to your Desktop

• Unzip the contents to a folder on your Desktop.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
• After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
• When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool(For Vista or Windows 7, right-click and select Run as Administrator to start)
• Click delete
• Please post the content of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt

Download & SAVE to your Desktop RogueKiller or from here

• Quit all programs that you may have started.
• Please disconnect any USB or external drives from the computer before you run this scan!
• For Vista or Windows 7, right-click and select Run as Administrator to start
• Wait until Prescan has finished, then click on "Scan" button
• Wait until the Status box shows "Scan Finished"
• Click delete and wait until it saids deleting finished
• Click on "Report" and copy/paste the content of the Notepad into your next reply.
• The log should be found in RKreport[1].txt on your Desktop
  Exit/Close RogueKiller+

 

[ThCorp]

Sorry for the delay but I was not at my place for hte past 2 days. Thank you again for guiding me through the process Here is the scan result:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-05-2013 04
Ran by TOMI at 2013-05-30 11:46:13 Run:1
Running from E:\
Boot Mode: Safe Mode (with Networking)
==============================================

HKEY_USERS\Guest\Software\Microsoft\Windows\CurrentVersion\Run\\win32 => Value deleted successfully.
C:\Users\Guest\AppData\Roaming\install\twain.exe => File/Directory not found.

========================= Folder: C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 ========================

2012-08-21 13:01 - 2012-08-21 13:01 - 1977816 ____A (GEAR Software, Inc.) C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\GEARDIFx.exe
2013-05-28 22:17 - 2013-05-28 22:17 - 0000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64
2012-08-21 13:01 - 2012-08-21 13:01 - 0519048 ____A (Microsoft Corporation) C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DIFxAPI.dll
2012-08-21 13:01 - 2012-08-21 13:01 - 0131544 ____A (GEAR Software, Inc.) C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DifXInst64.exe
2013-05-28 22:17 - 2013-05-28 22:17 - 0004842 ____A () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DIFxInstallLog.txt
2012-08-21 13:01 - 2012-08-21 13:01 - 0106928 ____A (GEAR Software Inc.) C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\GEARAspi.dll
2012-08-21 13:01 - 2012-08-21 13:01 - 0125872 ____A (GEAR Software Inc.) C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\GEARAspi64.dll
2012-08-21 13:01 - 2012-08-21 13:01 - 0002561 ____A () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\GEARAspiWDM.inf
2012-08-21 13:01 - 2012-08-21 13:01 - 0007638 ____A () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\gearaspiwdmx64.cat
2013-05-28 22:17 - 2013-05-28 22:17 - 0000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\x64
2012-08-21 13:01 - 2012-08-21 13:01 - 0033240 ____A (GEAR Software Inc.) C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\x64\GEARAspiWDM.sys

====== End of Folder: ======

==== End of Fixlog ====

 

[ThCorp]

Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.05.30.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
TOMI :: TOMI-PC [administrator]

30/05/2013 12:06:45
mbar-log-2013-05-30 (12-06-45).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 285155
Time elapsed: 19 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

---

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1003

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16576

Java version: 1.6.0_37

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.674000 GHz
Memory total: 4285587456, free: 1539727360

Downloaded database version: v2013.05.30.02
Downloaded database version: v2013.05.22.01
Initializing...
------------ Kernel report ------------
05/30/2013 12:06:41
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\Drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\aswKbd.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\??\C:\Windows\system32\drivers\pctgntdi64.sys
\Device\Harddisk0\Partition2\Windows\system32\drivers\PctWfpFilter64.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\SysWOW64\drivers\Afc.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\lmimirr.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\AtiHdmi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\usbaapl64.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\atksgt.sys
\??\C:\Windows\system32\drivers\dokan.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
\??\C:\Windows\system32\drivers\LMIRfsDriver.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Windows\system32\drivers\pctNdis-PacketFilter64.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WinUsb.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8005cd1060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000073\
Lower Device Object: 0xfffffa8005b39b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004de3060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T1L0-5\
Lower Device Object: 0xfffffa8004add060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004de3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004de3b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004de3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004adc520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8004add060, DeviceName: \Device\Ide\IdeDeviceP2T1L0-5\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E3942019

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 1953329282

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8005cd1060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005cbb040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005cd1060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005b39b60, DeviceName: \Device\00000073\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0

Partition information:

Partition 0 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 32 Numsec = 31266784

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 16008609792 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...
Removal finished

 

[ThCorp]

# AdwCleaner v2.301 - Logfile created 05/30/2013 at 12:29:45
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : TOMI - TOMI-PC
# Boot Mode : Normal
# Running from : C:\Users\TOMI\Desktop\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Users\TOMI\AppData\Roaming\Mozilla\Firefox\Profiles\8nis2nwb.default\searchplugins\SweetIm.xml
Folder Found : C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Found : C:\Program Files (x86)\SweetIM
Folder Found : C:\ProgramData\SweetIM
Folder Found : C:\Users\TOMI\AppData\Roaming\Mozilla\Firefox\Profiles\8nis2nwb.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}

***** [Registry] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Found : HKLM\SOFTWARE\Classes\sim-packages
Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Found : HKU\S-1-5-21-2859402052-3199446746-1923838893-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Mozilla Firefox v11.0 (fr)

File : C:\Users\TOMI\AppData\Roaming\Mozilla\Firefox\Profiles\8nis2nwb.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.94

File : C:\Users\TOMI\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.3043] : urls_to_restore_on_startup = [ "hxxps://www.facebook.com/", "hxxps://mail.google.com/mail/?ui=2&shva=1#inbox", "hxxps://dub116.mail.live.com/default.aspx?id=64855&owa=1&owasuffix=owa%2f", "hxxp://translate.google.com/#fr/en/", "hxxps://www.google.com/calendar/render?pli=1", "hxxp://fr.anno-online.com/fr/jouer", "hxxp://movies.netflix.com/WiHome?movieid=70170559" ]

*************************

AdwCleaner[R1].txt - [6197 octets] - [30/05/2013 12:29:45]

########## EOF - C:\AdwCleaner[R1].txt - [6257 octets] ##########

 

[ThCorp]

# AdwCleaner v2.301 - Logfile created 05/30/2013 at 12:33:35
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : TOMI - TOMI-PC
# Boot Mode : Normal
# Running from : C:\Users\TOMI\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\TOMI\AppData\Roaming\Mozilla\Firefox\Profiles\8nis2nwb.default\searchplugins\SweetIm.xml
Folder Deleted : C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files (x86)\SweetIM
Folder Deleted : C:\ProgramData\SweetIM
Folder Deleted : C:\Users\TOMI\AppData\Roaming\Mozilla\Firefox\Profiles\8nis2nwb.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Deleted : HKLM\SOFTWARE\Classes\sim-packages
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Mozilla Firefox v11.0 (fr)

File : C:\Users\TOMI\AppData\Roaming\Mozilla\Firefox\Profiles\8nis2nwb.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.94

File : C:\Users\TOMI\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.3043] : urls_to_restore_on_startup = [ "hxxps://www.facebook.com/", "hxxps://mail.google.com/mail/?ui[...]

*************************

AdwCleaner[R1].txt - [6314 octets] - [30/05/2013 12:29:45]
AdwCleaner[S1].txt - [315 octets] - [30/05/2013 12:33:09]
AdwCleaner[S2].txt - [5959 octets] - [30/05/2013 12:33:35]

########## EOF - C:\AdwCleaner[S2].txt - [6019 octets] ##########

 

[ThCorp]

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : TOMI [Admin rights]
Mode : Remove -- Date : 30/05/2013 13:04:53
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[TASK][SUSP PATH] {03141A39-7BCD-4EE7-B5D8-3AB22F7412F1} : C:\Users\TOMI\Desktop\DaemonToolsPro4.41.0314.0232\DAEMON Tools Pro.exe [x] -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 activate.adobe.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD103UJ ATA Device +++++
--- User ---
[MBR] d57fc1508205c2ddf51f01c657b04772
[BSP] 57ed144913e2927fe60d4927dab2e08d : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953774 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_30052013_130453.txt >>
RKreport[1]_S_30052013_124201.txt ; RKreport[2]_D_30052013_130453.txt

 

[Fiery]

Hi,

can you update and do a new scan with Malwarebytes Antimalware?

Afterwards, run Eset NOD32 Online AntiVirus here

Note: You will need to use Internet Explorer for this scan.
Vista / 7 users: You will need to to right-click on the Internet Explorer icon and select Run as Administrator

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Disable your current antivirus software. You can usually do this with its Notfication Tray icon near the clock.
• Make sure that the option "Remove found threats" is Un-checked, and the following Advance Settings are Checked
  • Scan unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Click Scan
• Wait for the scan to finish
• When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
• Save that text file on your desktop. Copy and paste the contents of that log in your next reply to this topic.
• The log can also be found in logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt