Inactive Malwarebytes Anti-Malware successfully blocked access to a potentially malicious site

[flarux]

I recently removed a malware from my comuputer (S.M.A.R.T Check) but now my malwarebytes anti-malware cannot stop saying me those messages: Malwarebytes Anti-Malware successfully blocked access to a potentially malicious website... and the port is bittorent

thanks in advance

 

[Bobbye]

Welcome to TechSpot!
If you would like us to check the system for malware, please follow these steps: Preliminary Virus and Malware Removal.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
==========================================
My Guidelines: please read and follow:

• Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
• Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
• If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
• File sharing programs should be uninstalled or disabled during the cleaning process..
• Observe these:
  [o] Don't follow directions given to someone else
  [o] Don't use any other cleaning programs or scans while I'm helping you.
  [o] Don't use a Registry cleaner or make any changes in the Registry.
  [o] Don't download and install new programs- except those I give you.

Threads are closed after 5 days if there is no reply.

 

[flarux]

maybe the scan I did with gmer failed because it restart my computer, anyway I'm doing another with it

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.30.07

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
0317 :: PC-DE-0317 [administrator]

Protection: Enabled

30/05/2012 11:29:56 PM
mbam-log-2012-05-30 (23-29-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 257392
Time elapsed: 9 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-31 17:41:39
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD4000AAJS-65TKA0 rev.12.01C01
Running: qm1t2hoq.exe; Driver: C:\Users\0317\AppData\Local\Temp\uwloraob.sys


---- Processes - GMER 1.0.15 ----

Process hidden process (*** hidden *** ) 48528
Process hidden process (*** hidden *** ) 55528

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\MediaProperties\PrivateProperties\Midi\Ports\Microsoft GS Wavetable Synth [
Reg HKLM\SYSTEM\CurrentControlSet\Control\MediaProperties\PrivateProperties\Midi\Ports\Microsoft GS Wavetable Synth [
Reg HKLM\SYSTEM\CurrentControlSet\Control\MediaProperties\PrivateProperties\Midi\Ports\Microsoft GS Wavetable Synth [@DMPortGUID 0x19 0x1A 0xA6 0xAA ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\MediaProperties\PrivateProperties\Midi\Ports\Microsoft MIDI Mapper [
Reg HKLM\SYSTEM\CurrentControlSet\Control\MediaProperties\PrivateProperties\Midi\Ports\Microsoft MIDI Mapper [
Reg HKLM\SYSTEM\CurrentControlSet\Control\MediaProperties\PrivateProperties\Midi\Ports\Microsoft MIDI Mapper [@DMPortGUID 0x64 0xFC 0x09 0x29 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Miniport r 1?
Reg HKLM\SYSTEM\ControlSet003\Control\MediaProperties\PrivateProperties\Midi\Ports\Microsoft GS Wavetable Synth [ (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Control\MediaProperties\PrivateProperties\Midi\Ports\Microsoft GS Wavetable Synth [ (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Control\MediaProperties\PrivateProperties\Midi\Ports\Microsoft GS Wavetable Synth [@DMPortGUID 0x19 0x1A 0xA6 0xAA ...
Reg HKLM\SYSTEM\ControlSet003\Control\MediaProperties\PrivateProperties\Midi\Ports\Microsoft MIDI Mapper [ (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Control\MediaProperties\PrivateProperties\Midi\Ports\Microsoft MIDI Mapper [ (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Control\MediaProperties\PrivateProperties\Midi\Ports\Microsoft MIDI Mapper [@DMPortGUID 0x64 0xFC 0x09 0x29 ...
Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Miniport r 1?
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Eushully\ 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Eushully\ 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Eushully\ 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010@ChangeID 779459572
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010@StatusExt 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010@Status 128
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010@Name Envoyer ? OneNote 2010
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010@Share Name
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010@Print Processor WinPrint
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010@Datatype RAW
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010@Parameters
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010@Action 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010@ObjectGUID
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010@DsKeyUpdate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010@DsKeyUpdateForeground 3
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010@Description
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010@Printer Driver Send To Microsoft OneNote 2010 Driver
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010@Default DevMode 0x45 0x00 0x6E 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010@Priority 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010@Default Priority 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010@StartTime 60
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010@UntilTime 60
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010@Separator File
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010@Location
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010@Attributes 576
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010@txTimeout 45000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010@dnsTimeout 15000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010@Security 0x01 0x00 0x0C 0x80 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010@CreatorSid 0x01 0x01 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010@SpoolDirectory
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010@Port nul:
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\DsDriver
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\DsDriver@printBinNames ?
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\DsDriver@printCollate 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\DsDriver@printColor 0x01
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\DsDriver@printDuplexSupported 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\DsDriver@printStaplingSupported 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\DsDriver@printMaxXExtent 2970
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\DsDriver@printMaxYExtent 4318
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\DsDriver@printMinXExtent 984
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\DsDriver@printMinYExtent 1905
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\DsDriver@printMediaSupported Lettre US (215,9 x 279,4 mm)?Tablo?d?Legal US?Ex?cutif US (18,42 x 26,67 cm)?A3?A4?B4 (JIS)?B5 (JIS)?Enveloppe US n? 10?Enveloppe US Monarch?
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\DsDriver@printMediaReady Letter?
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\DsDriver@printNumberUp 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\DsDriver@printMemory 32768
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\DsDriver@printOrientationsSupported PORTRAIT?LANDSCAPE?
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\DsDriver@printMaxResolutionSupported 1200
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\DsDriver@printLanguage ?
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\DsDriver@printRateUnit
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\DsDriver@driverVersion 1025
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\DsSpooler
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\DsSpooler@description
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\DsSpooler@driverName Send To Microsoft OneNote 2010 Driver
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\DsSpooler@location
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\DsSpooler@portName nul:?
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\DsSpooler@printStartTime 60
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\DsSpooler@printEndTime 60
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\DsSpooler@printerName Envoyer ? OneNote 2010
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\DsSpooler@printKeepPrintedJobs 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\DsSpooler@printSeparatorFile
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\DsSpooler@printShareName
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\DsSpooler@printSpooling PrintAfterSpooled
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\DsSpooler@priority 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\DsSpooler@uNCName \\PC-de-0317\Envoyer ? OneNote 2010
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\DsSpooler@serverName PC-de-0317
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\DsSpooler@shortServerName PC-DE-0317
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\DsSpooler@versionNumber 4
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\DsSpooler@flags 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\PrinterDriverData
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\PrinterDriverData@InitDriverVersion 1536
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\PrinterDriverData@Model Send To OneNote Driver
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\PrinterDriverData@FreeMem 0x00 0x80 0x00 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\PrinterDriverData@PrinterDataSize 560
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\PrinterDriverData@PrinterData 0x00 0x06 0x30 0x02 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\PrinterDriverData@FeatureKeywordSize 18
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\PrinterDriverData@FeatureKeyword 0x4D 0x65 0x6D 0x6F ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Envoyer ｷOneNote 2010\PrinterDriverData@Forms? 1368435906
Reg HKLM\SOFTWARE\Classes\Nero.MediaHub.10.gif.1\shell\Cr
Reg HKLM\SOFTWARE\Classes\Nero.MediaHub.10.gif.1\shell\Cr
Reg HKLM\SOFTWARE\Classes\Nero.MediaHub.10.gif.1\shell\Cr@ "C:\Program Files\NCH Software\VideoPad\videopad.exe" -extfind PhotoStage "%L"
Reg HKLM\SOFTWARE\Classes\Nero.MediaHub.10.jpeg.1\shell\Cr
Reg HKLM\SOFTWARE\Classes\Nero.MediaHub.10.jpeg.1\shell\Cr
Reg HKLM\SOFTWARE\Classes\Nero.MediaHub.10.jpeg.1\shell\Cr@ "C:\Program Files\NCH Software\VideoPad\videopad.exe" -extfind PhotoStage "%L"
Reg HKLM\SOFTWARE\Classes\Nero.MediaHub.10.png.1\shell\Cr
Reg HKLM\SOFTWARE\Classes\Nero.MediaHub.10.png.1\shell\Cr
Reg HKLM\SOFTWARE\Classes\Nero.MediaHub.10.png.1\shell\Cr@ "C:\Program Files\NCH Software\VideoPad\videopad.exe" -extfind PhotoStage "%L"
Reg HKLM\SOFTWARE\Classes\Photoshop.BMPFile.11\shell\Cr
Reg HKLM\SOFTWARE\Classes\Photoshop.BMPFile.11\shell\Cr
Reg HKLM\SOFTWARE\Classes\Photoshop.BMPFile.11\shell\Cr@ "C:\Program Files\NCH Software\VideoPad\videopad.exe" -extfind PhotoStage "%L"
Reg HKLM\SOFTWARE\Classes\Photoshop.CameraRawFileNikon.11\shell\Cr
Reg HKLM\SOFTWARE\Classes\Photoshop.CameraRawFileNikon.11\shell\Cr
Reg HKLM\SOFTWARE\Classes\Photoshop.CameraRawFileNikon.11\shell\Cr@ "C:\Program Files\NCH Software\VideoPad\videopad.exe" -extfind PhotoStage "%L"
Reg HKLM\SOFTWARE\Classes\VLC.asf\shell\Convertir le fichier vid
Reg HKLM\SOFTWARE\Classes\VLC.asf\shell\Convertir le fichier vid
Reg HKLM\SOFTWARE\Classes\VLC.asf\shell\Convertir le fichier vid@ "C:\Program Files\NCH Software\VideoPad\videopad.exe" -extfind Prism "%L"
Reg HKLM\SOFTWARE\Classes\VLC.avi\shell\Convertir le fichier vid
Reg HKLM\SOFTWARE\Classes\VLC.avi\shell\Convertir le fichier vid
Reg HKLM\SOFTWARE\Classes\VLC.avi\shell\Convertir le fichier vid@ "C:\Program Files\NCH Software\VideoPad\videopad.exe" -extfind Prism "%L"
Reg HKLM\SOFTWARE\Classes\VLC.divx\shell\Convertir le fichier vid
Reg HKLM\SOFTWARE\Classes\VLC.divx\shell\Convertir le fichier vid
Reg HKLM\SOFTWARE\Classes\VLC.divx\shell\Convertir le fichier vid@ "C:\Program Files\NCH Software\VideoPad\videopad.exe" -extfind Prism "%L"
Reg HKLM\SOFTWARE\Classes\VLC.m4v\shell\Convertir le fichier vid
Reg HKLM\SOFTWARE\Classes\VLC.m4v\shell\Convertir le fichier vid
Reg HKLM\SOFTWARE\Classes\VLC.m4v\shell\Convertir le fichier vid@ "C:\Program Files\NCH Software\VideoPad\videopad.exe" -extfind Prism "%L"
Reg HKLM\SOFTWARE\Classes\VLC.mov\shell\Convertir le fichier vid
Reg HKLM\SOFTWARE\Classes\VLC.mov\shell\Convertir le fichier vid
Reg HKLM\SOFTWARE\Classes\VLC.mov\shell\Convertir le fichier vid@ "C:\Program Files\NCH Software\VideoPad\videopad.exe" -extfind Prism "%L"
Reg HKLM\SOFTWARE\Classes\VLC.mp4\shell\Convertir le fichier vid
Reg HKLM\SOFTWARE\Classes\VLC.mp4\shell\Convertir le fichier vid
Reg HKLM\SOFTWARE\Classes\VLC.mp4\shell\Convertir le fichier vid@ "C:\Program Files\NCH Software\VideoPad\videopad.exe" -extfind Prism "%L"
Reg HKLM\SOFTWARE\Classes\VLC.mpeg\shell\Convertir le fichier vid
Reg HKLM\SOFTWARE\Classes\VLC.mpeg\shell\Convertir le fichier vid
Reg HKLM\SOFTWARE\Classes\VLC.mpeg\shell\Convertir le fichier vid@ "C:\Program Files\NCH Software\VideoPad\videopad.exe" -extfind Prism "%L"
Reg HKLM\SOFTWARE\Classes\VLC.mpeg2\shell\Convertir le fichier vid
Reg HKLM\SOFTWARE\Classes\VLC.mpeg2\shell\Convertir le fichier vid
Reg HKLM\SOFTWARE\Classes\VLC.mpeg2\shell\Convertir le fichier vid@ "C:\Program Files\NCH Software\VideoPad\videopad.exe" -extfind Prism "%L"
Reg HKLM\SOFTWARE\Classes\VLC.mpg\shell\Convertir le fichier vid
Reg HKLM\SOFTWARE\Classes\VLC.mpg\shell\Convertir le fichier vid
Reg HKLM\SOFTWARE\Classes\VLC.mpg\shell\Convertir le fichier vid@ "C:\Program Files\NCH Software\VideoPad\videopad.exe" -extfind Prism "%L"
Reg HKLM\SOFTWARE\Classes\VLC.vob\shell\Convertir le fichier vid
Reg HKLM\SOFTWARE\Classes\VLC.vob\shell\Convertir le fichier vid
Reg HKLM\SOFTWARE\Classes\VLC.vob\shell\Convertir le fichier vid@ "C:\Program Files\NCH Software\VideoPad\videopad.exe" -extfind Prism "%L"
Reg HKLM\SOFTWARE\Classes\xvidfile\Shell\Convertir le fichier vid
Reg HKLM\SOFTWARE\Classes\xvidfile\Shell\Convertir le fichier vid
Reg HKLM\SOFTWARE\Classes\xvidfile\Shell\Convertir le fichier vid@ "C:\Program Files\NCH Software\VideoPad\videopad.exe" -extfind Prism "%L"
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\PhotoPrintingWizard\Envoyer ｷOneNote 2010
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\PhotoPrintingWizard\Envoyer ｷOneNote 2010@DriverVersion 1536
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\PhotoPrintingWizard\Envoyer ｷOneNote 2010@DriverName Send To Microsoft OneNote 2010 Driver

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
.
Motherboard: ASUSTeK Computer INC. | | Berkeley
Processor: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz | CPU 1 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 366 GiB total, 77.95 GiB free.
D: is FIXED (NTFS) - 7 GiB total, 0.936 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
?f?u?a?I??‰? ver.1.00
32 Bit HP CIO Components Installer
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 8.1.0 - Francais
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.6
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Akamai NetSession Interface
Akamai NetSession Interface Service
Alaplaya Launcher
All Grown Up Krazy Karts
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Ask Toolbar Updater
AtomixMP3 v2.3 Trial
Audition Online
AviSynth 2.5
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.4
BB FlashBack Pro 3
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
BitTorrent
BlackBerry USB and Modem Drivers 7.0
Bonjour
BufferChm
Conduit Engine
Connect
CopyTrans Suite desinstallation uniquement
Coupon Printer for Windows
D1600
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DeviceDiscovery
DJ_SF_06_D1600_SW_Min
DNA
DVD Flick 1.3.0.7
Facebook Video Calling 1.2.0.159
Fairly OddParents Information Stupor Highway
Firebird SQL Server - MAGIX Edition
Free Realms
FrostWire 5.3.6
G-Senjou no Maou English
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
Hello Kitty(r) Online North America
High-Definition Video Playback
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Customer Feedback
HP Customer Participation Program 14.0
HP Deskjet D1600 Printer Driver Software 14.0 Rel. 6
HP Easy Setup - Frontend
HP Games
HP Imaging Device Functions 14.0
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photo Creations
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Picasso Media Center Add-In
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPAsset component for HP Active Support Library
HPPhotoGadget
HPProductAssistant
HPSSupply
ijji REACTOR
ImgBurn
Installation Windows Live
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
iPad/iPhone/iPod to Computer Transfer 7.6.0
iPod To Computer Transfer 6.1
iTunes
Java(TM) SE Runtime Environment 6 Update 1
KeyGen Software License Key Generator Demo
kuler
LightScribe System Software
Logiciel IntelR Viiv?
MAGIX Screenshare
MAGIX Screenshare 4.3.6.1987 (F)
MAGIX Speed burnR (MSI)
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
McAfee Security Scan Plus
Microsoft .NET Framework 3.5 Language Pack SP1 - fra
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile FRA Language Pack
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (French) 2010
Microsoft Office Excel MUI (French) 2010
Microsoft Office Famille et Petite Entreprise 2010
Microsoft Office OneNote MUI (French) 2010
Microsoft Office Outlook MUI (French) 2010
Microsoft Office PowerPoint MUI (French) 2010
Microsoft Office Proof (Arabic) 2010
Microsoft Office Proof (Dutch) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (French) 2010
Microsoft Office Publisher MUI (French) 2010
Microsoft Office Shared MUI (French) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (French) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Module linguistique Microsoft .NET Framework 3.5 SP1- fra
Module linguistique Microsoft .NET Framework 4 Client Profile FRA
Mozilla Firefox 12.0 (x86 fr)
Mozilla Maintenance Service
Mp3tag v2.39
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.0
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero BackItUp 10 Help (CHM)
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscCopyGadget 10 Help (CHM)
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10 Help (CHM)
Nero Vision 10 Help (CHM)
Nero WaveEditor 10 Help (CHM)
Norton Security Scan
Notification de cadeaux MSN
OGPlanet Game Launcher
OnRPG Toolbar
OpenAL
Outil de telechargement Windows Live
Outils de diagnostic du materiel
Pando Media Booster
PDF Settings CS4
Photoshop Camera Raw
PSSWCORE
PunkBuster Services
Python 2.5
QuickTime
Raptr
Realtek High Definition Audio Driver
Roblox for 0317
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
S4 League_EU
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2478663)
Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870)
Shop for HP Supplies
Skype? 5.3
SmartWebPrinting
Soft Data Fax Modem with SmartCP
Solution de clavier multimedia ameliore
SolutionCenter
Songr
Status
Suite Shared Configuration CS4
swMSM
Tap'Touche 5.5 demo
Text-To-Speech-Runtime
There
Toolbox
TouchCopy 09
TrayApp
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
UseNeXT
VDownloader 2.10.509.2
VideoPad - Logiciel de montage video
Videora iPod Converter 6
VideoToolkit01
VLC media player 1.1.11
WBFS Manager 3.0
WeatherBug Gadget
WebReg
Windows Live Call
Windows Live Communications Platform
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Media Player Firefox Plugin
WinRAR archiver
Wizard101
World of Kaneva v4.0
Xilisoft MP4 Converter
Xvid MPEG-4 Video Codec
Yahoo! Toolbar
神採りアルケミーマイスター
神採りアルケミーマイスター Append01
神採りアルケミーマイスター Append02
神採りアルケミーマイスター Ver2.00 Update
.
==== End Of File ===========================

 

[flarux]

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6001.18000
Run by 0317 at 17:45:01 on 2012-05-31
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\0317\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\alaplaya\launcher\AlaplayaLauncher.exe
C:\Users\0317\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Windows\system32\schtasks.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\jusched.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\0317\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\hp\kbd\kbd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\PROGRA~1\Raptr\raptr.exe
C:\PROGRA~1\Raptr\raptr_im.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\0317\Downloads\qm1t2hoq.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = <local>;*.local
uURLSearchHooks: H - No File
mURLSearchHooks: OnRPG Toolbar: {d22f6f66-2f47-4184-8625-fbfa4cbdb7ce} - c:\program files\onrpg\tbOnRP.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Aide pour le lien d'Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No File
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: OnRPG Toolbar: {d22f6f66-2f47-4184-8625-fbfa4cbdb7ce} - c:\program files\onrpg\tbOnRP.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll
BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: OnRPG Toolbar: {d22f6f66-2f47-4184-8625-fbfa4cbdb7ce} - c:\program files\onrpg\tbOnRP.dll
TB: @c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Raptr] c:\progra~1\raptr\raptrstub.exe --startup
uRun: [BitTorrent] "c:\program files\bittorrent\BitTorrent.exe" /MINIMIZED
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [AdobeBridge]
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Facebook Update] "c:\users\0317\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Akamai NetSession Interface] "c:\users\0317\appdata\local\akamai\netsession_win.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [CCUTRAYICON] FactoryMode
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [<NO NAME>]
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\0317\appdata\roaming\micros~1\windows\startm~1\programs\startup\alapla~1.lnk - c:\program files\alaplaya\launcher\AlaplayaLauncher.exe
StartupFolder: c:\users\0317\appdata\roaming\micros~1\windows\startm~1\programs\startup\notifi~1.lnk - c:\users\0317\appdata\roaming\microsoft\notification de cadeaux msn\lsnfier.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Envoyer a OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: {5CFA5B80-01F4-420F-B18B-545712C8A1C8} - http://www.playsushi.com/About.ps?l=97&t=nJ1LHJl4w
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} - hxxp://www-cdn.freerealms.com/gamedata/plugins/1.0.3.84/FreeRealmsInstaller.cab?v=1035
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {91F71D75-A73B-4E3B-8A14-F03557B82B29} - hxxp://www.graalonline.com/downloads/plugin/graalplugin.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://online.gamesgames.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 24.48.19.13 24.202.72.13 24.53.0.2
TCP: Interfaces\{46E1DEF3-8A09-40D2-93D0-367EEB492402} : DhcpNameServer = 24.48.19.13 24.202.72.13 24.53.0.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\0317\appdata\roaming\mozilla\firefox\profiles\marilila\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=fr&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\users\0317\appdata\roaming\mozilla\firefox\profiles\marilila\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\0317\appdata\roaming\mozilla\firefox\profiles\marilila\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\sony online entertainment\npsoe.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\0317\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\0317\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\npOGPPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-4-9 242240]
R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2012-2-26 4096]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-27 22344]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2012-5-28 27424]
.
=============== Created Last 30 ================
.
2012-05-30 06:24:11 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1f1f048d-0526-4021-81f1-41d6b1495b77}\offreg.dll
2012-05-29 11:09:46 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1f1f048d-0526-4021-81f1-41d6b1495b77}\mpengine.dll
2012-05-29 09:22:55 381816 ----a-w- c:\program files\mozilla firefox\tweaking.com - unhide non system files\files\psexec.exe
2012-05-29 09:22:55 36864 ----a-w- c:\program files\mozilla firefox\tweaking.com - unhide non system files\files\regini.exe
2012-05-29 09:22:55 290304 ----a-w- c:\program files\mozilla firefox\tweaking.com - unhide non system files\files\subinacl.exe
2012-05-29 09:22:55 262144 ----a-w- c:\program files\mozilla firefox\tweaking.com - unhide non system files\repair.exe
2012-05-28 21:25:00 27424 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-05-28 21:23:49 -------- d-----w- c:\programdata\HitmanPro
2012-05-27 14:50:11 -------- d-----w- c:\users\0317\appdata\roaming\Malwarebytes
2012-05-27 14:49:06 -------- d-----w- c:\programdata\Malwarebytes
2012-05-27 14:49:02 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-27 14:49:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-22 03:01:41 -------- d-----w- c:\program files\Ask.com
2012-05-22 03:00:12 -------- d-----w- c:\program files\FrostWire 5
2012-05-17 01:51:07 -------- d-----w- c:\programdata\Babylon
2012-05-12 13:20:19 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-12 13:20:19 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-11 21:33:00 -------- d-----w- c:\program files\iPod
2012-05-11 21:32:59 -------- d-----w- c:\program files\iTunes
2012-05-11 21:21:36 -------- d-----w- c:\program files\Bonjour
2012-05-06 15:21:10 -------- d-----w- c:\users\0317\appdata\local\Eushully
2012-05-06 14:57:29 -------- d-----w- c:\program files\Eushully
.
==================== Find3M ====================
.
2012-04-09 18:59:35 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2010-09-23 04:16:00 456664 ----a-w- c:\program files\common files\AutoCompleteInstaller-VD.exe
.
============= FINISH: 18:01:23.69 ===============

 

[Bobbye]

Okay, the system is full of third party toolbars(TB) and browser helper objects. (BHO) The main 2 sources of these can be prevented:

1. Pre-checked boxes on download screen. A way of getting 'junk' on systems is to have a check on a download screen for another product. If the check remains and you do the download, you will then also get the TB and/or BHO.
2. Do a Custom Install instead of Standard Install when you go to run the proram. This will allow you to leave out other software that may be bundled/
=================================================
There are quite a few entries that need to be removed. And be aware of the following:

blocked access to a potentially malicious website...

Consider tht you are running 2 file sharing programs:
P2P or 'file sharing Warning':
Note: Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest that you uninstall Frostwire and BitTorrentfor the following reasons:

• As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
• Malware writers use these program to include malicious content.
• File sharing is usually unmonitored and there is a danger that your private files might be accessed.
• The 'sharing' also includes malware that the shared system has on it.
• Files that are illegal can be spread through file sharing.

Please read the information on P2P Warning to help you better understand these dangers.
===================================================
You may be interested to note that my security blocked access to several sites I was going to, to try and identify some of the processes you have running!
=================================================

Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------

• 
  Download Combofix from HERE or HEREand save to the desktop
  • Double click combofix.exe
    
    & follow the prompts.
  • If prompted for Recovery Console, please allow.
  • Once installed, you should see a blue screen prompt that says:
    

    The Recovery Console was successfully installed.

  • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
  • Note: No query will be made if the Recovery Console is already on the system.
• Close any open browsers.
• Before you run the Combofix scan, please disable any security software you have running.
  (If you need help with this, please see HERE)
• Click on Yes, to continue scanning for malware
• If Combofix asks you to update the program, allow
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.
Note 1o not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficultyand terminates prematurely, the connection can be manually restored by restarting your machine.
============================================
To run the Eset Online Virus Scan:
If you use Internet Explorer:

1. Open the ESETOnlineScan
2. Skip to #4 to "Continue with the directions"
   
   If you are using a browser other than Internet Explorer
3. Open Eset Smart Installer
   [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
   [o] Double click on the desktop icon to run.
   [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
4. Continue with the directions.
5. Check 'Yes I accept terms of use.'
6. Click Start button
7. Accept any security warnings from your browser.
   
   
8. Uncheck 'Remove found threats'
9. Check 'Scan archives/
10. Leave remaining settings as is.
11. Press the Start button.
12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
13. When the scan completes, press List of found threats
14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
15. Push the Back button, then Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

 

[flarux]

I removed frostwire and bittorent and I will scan my computer again later but I dont understand this part:

``Okay, the system is full of third party toolbars(TB) and browser helper objects. (BHO) The main 2 sources of these can be prevented:

1. Pre-checked boxes on download screen. A way of getting 'junk' on systems is to have a check on a download screen for another product. If the check remains and you do the download, you will then also get the TB and/or BHO.
2. Do a Custom Install instead of Standard Install when you go to run the proram. This will allow you to leave out other software that may be bundled/````

Thanks again

 

[Bobbye]

What don't you understand?

 

[flarux]

the Toolbar and browser helper stuff and when I click on combofix , a box appear and show me a list of delete and extraction really fast and after nothing happens

 

[Bobbye]

Regarding Toolbars (TB) and Browser Helper Objects(BHO):
Some download screen will show a box already checked to get one of these bundled with the program you are downloading. These TB and BHO may have nothing at all to do with the download. The boxes should be unchecked before you do the download.

I don't know what you're referring to in Combofix.
Please follow the directions line by line:

• 
  Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe
    
    & follow the prompts.
  • If prompted for Recovery Console, please allow.
  • Once installed, you should see a blue screen prompt that says:
    

    The Recovery Console was successfully installed.

  • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
  • Note: No query will be made if the Recovery Console is already on the system.
• Close any open browsers.
• Before you run the Combofix scan, please disable any security software you have running.
  (If you need help with this, please see HERE)
• Click on Yes, to continue scanning for malware
• If Combofix asks you to update the program, allow
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.
Note 1o not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficultyand terminates prematurely, the connection can be manually restored by restarting your machine.