TechSpot

Windows 7 services.exe Patched.b.Gen.trojan..

By GeckooGuy
Jul 28, 2012
  1. Hello..

    For some reason, I got this trojan yesterday, now Eset Smart Security 5 keeps on telling me about it. But when I try to fix it, Eset fails in doing so.. It's very annoying and I'd like it to be fixed asap! Already scanned my PC using Malwarebytes antimalware, SuperAntiSpyware and Eset itself. Still not fixed. Got some pictures here:

    [​IMG]
    The report. (Sorry, but it's Dutch)
    [​IMG]
    When I click on Delete, top button in the report window. I get this error..

    Thanks for reading!
    ~GeckooGuy
     
  2. GeckooGuy

    GeckooGuy TS Rookie Topic Starter

    Sorry for another post. But I though you'd need to know that I've got an OTL report.

    Code:
    OTL logfile created on: 28-7-2012 10:07:55 - Run 1
    OTL by OldTimer - Version 3.2.53.1    Folder = C:\Users\Devin\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy
     
    5,91 Gb Total Physical Memory | 3,74 Gb Available Physical Memory | 63,24% Memory free
    11,82 Gb Paging File | 9,46 Gb Available in Paging File | 80,00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 197,55 Gb Total Space | 127,46 Gb Free Space | 64,52% Space Free | Partition Type: NTFS
    Drive D: | 243,21 Gb Total Space | 220,62 Gb Free Space | 90,71% Space Free | Partition Type: NTFS
    Drive F: | 29,82 Gb Total Space | 26,02 Gb Free Space | 87,27% Space Free | Partition Type: NTFS
     
    Computer Name: DEVIN-PC | User Name: Devin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
     
    [color=#E56717]========== Processes (SafeList) ==========[/color]
     
    PRC - [2012-07-28 10:07:09 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Devin\Downloads\OTL.exe
    PRC - [2012-07-27 21:40:09 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
    PRC - [2012-07-19 22:42:15 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2012-03-07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    PRC - [2012-01-03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011-10-15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    PRC - [2010-10-07 23:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    PRC - [2010-10-07 18:43:00 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    PRC - [2010-08-17 23:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    PRC - [2010-05-24 15:44:48 | 000,151,552 | ---- | M] (Atheros) -- C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe
    PRC - [2009-12-15 19:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    PRC - [2009-06-19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    PRC - [2009-06-19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    PRC - [2009-06-16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    PRC - [2008-12-23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    PRC - [2008-08-14 06:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    PRC - [2006-09-28 11:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
     
     
    [color=#E56717]========== Modules (No Company Name) ==========[/color]
     
    MOD - [2012-07-27 21:40:09 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
    MOD - [2012-07-19 22:42:14 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2011-06-24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011-06-24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011-03-17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
     
     
    [color=#E56717]========== Win32 Services (SafeList) ==========[/color]
     
    SRV:[b]64bit:[/b] - [2012-03-07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
    SRV:[b]64bit:[/b] - [2011-05-04 19:55:09 | 000,128,384 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
    SRV:[b]64bit:[/b] - [2010-04-17 01:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel(R)
    SRV - [2012-07-27 21:40:09 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012-07-19 22:42:15 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012-07-13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012-01-03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011-10-28 14:11:41 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
    SRV - [2011-10-15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2010-11-25 20:29:54 | 000,052,896 | ---- | M] (Atheros Commnucations) [Disabled | Stopped] -- C:\Program Files (x86)\Atheros\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
    SRV - [2010-05-24 15:44:48 | 000,151,552 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
    SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009-12-15 19:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
    SRV - [2009-06-16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
    SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2006-09-28 11:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
     
     
    [color=#E56717]========== Driver Services (SafeList) ==========[/color]
     
    DRV:[b]64bit:[/b] - [2012-04-12 18:12:56 | 000,147,248 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
    DRV:[b]64bit:[/b] - [2012-03-14 08:40:04 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
    DRV:[b]64bit:[/b] - [2012-03-14 08:40:04 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
    DRV:[b]64bit:[/b] - [2012-03-14 08:40:04 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
    DRV:[b]64bit:[/b] - [2012-03-14 08:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
    DRV:[b]64bit:[/b] - [2012-03-14 08:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
    DRV:[b]64bit:[/b] - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:[b]64bit:[/b] - [2012-02-15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:[b]64bit:[/b] - [2011-10-15 10:53:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
    DRV:[b]64bit:[/b] - [2011-04-10 11:51:08 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:[b]64bit:[/b] - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:[b]64bit:[/b] - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:[b]64bit:[/b] - [2011-01-26 11:31:28 | 000,821,888 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SmiUsbGrabber3C.sys -- (SMIGrabber3C)
    DRV:[b]64bit:[/b] - [2011-01-21 20:08:06 | 000,161,280 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc) Fresco Logic xHCI (USB3)
    DRV:[b]64bit:[/b] - [2011-01-21 20:08:06 | 000,050,176 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh) Fresco Logic xHCI (USB3)
    DRV:[b]64bit:[/b] - [2010-11-25 20:30:12 | 000,275,616 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
    DRV:[b]64bit:[/b] - [2010-11-25 20:30:12 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
    DRV:[b]64bit:[/b] - [2010-11-25 20:30:12 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
    DRV:[b]64bit:[/b] - [2010-11-25 20:30:12 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
    DRV:[b]64bit:[/b] - [2010-11-25 20:30:12 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
    DRV:[b]64bit:[/b] - [2010-11-25 20:30:12 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
    DRV:[b]64bit:[/b] - [2010-11-25 20:30:10 | 000,298,144 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
    DRV:[b]64bit:[/b] - [2010-11-25 20:30:10 | 000,051,872 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
    DRV:[b]64bit:[/b] - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:[b]64bit:[/b] - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:[b]64bit:[/b] - [2010-10-14 18:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
    DRV:[b]64bit:[/b] - [2010-09-21 19:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
    DRV:[b]64bit:[/b] - [2010-09-14 04:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:[b]64bit:[/b] - [2010-09-07 11:19:38 | 001,800,832 | ---- | M] (Sonix Technology Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
    DRV:[b]64bit:[/b] - [2010-08-24 11:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
    DRV:[b]64bit:[/b] - [2010-07-08 01:03:48 | 002,228,736 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:[b]64bit:[/b] - [2010-05-03 05:46:04 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
    DRV:[b]64bit:[/b] - [2010-04-17 01:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
    DRV:[b]64bit:[/b] - [2010-02-17 20:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:[b]64bit:[/b] - [2010-02-17 20:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:[b]64bit:[/b] - [2009-07-21 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
    DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:[b]64bit:[/b] - [2009-06-10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
    DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:[b]64bit:[/b] - [2009-05-18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:[b]64bit:[/b] - [2009-03-18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
    DRV:[b]64bit:[/b] - [2008-05-24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2010-07-26 22:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
    DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009-07-03 02:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
     
     
    [color=#E56717]========== Standard Registry (SafeList) ==========[/color]
     
     
    [color=#E56717]========== Internet Explorer ==========[/color]
     
    IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
    IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
    IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
     
     
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
     
     
    IE - HKU\S-1-5-21-1084119896-2730321402-3971664447-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
    IE - HKU\S-1-5-21-1084119896-2730321402-3971664447-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
    IE - HKU\S-1-5-21-1084119896-2730321402-3971664447-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    IE - HKU\S-1-5-21-1084119896-2730321402-3971664447-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
    IE - HKU\S-1-5-21-1084119896-2730321402-3971664447-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
     
    IE - HKU\S-1-5-21-1084119896-2730321402-3971664447-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
    IE - HKU\S-1-5-21-1084119896-2730321402-3971664447-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://elo.scholenaanzee.nl/saz-wssl.htm
    IE - HKU\S-1-5-21-1084119896-2730321402-3971664447-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-1084119896-2730321402-3971664447-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1084119896-2730321402-3971664447-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
     
    [color=#E56717]========== FireFox ==========[/color]
     
    FF - prefs.js..browser.startup.homepage: "http://www.google.nl/webhp?hl=nl"
    FF - user.js - File not found
     
    FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
    FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
    FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll File not found
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
     
    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2012-06-09 09:12:56 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-07-19 22:42:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-06-18 19:52:55 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-07-19 22:42:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-06-18 19:52:55 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-07-19 22:42:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-06-18 19:52:55 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-07-19 22:42:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-06-18 19:52:55 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-07-19 22:42:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-06-18 19:52:55 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-07-19 22:42:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-06-18 19:52:55 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-07-19 22:42:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-06-18 19:52:55 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-07-19 22:42:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-06-18 19:52:55 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-07-19 22:42:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-06-18 19:52:55 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-07-19 22:42:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-06-18 19:52:55 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-07-19 22:42:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-06-18 19:52:55 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012-04-21 20:09:56 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012-07-01 14:41:25 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012-06-09 09:12:56 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-07-19 22:42:15 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-06-18 19:52:55 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-07-19 22:42:15 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-06-18 19:52:55 | 000,000,000 | ---D | M]
     
    [2011-09-25 07:57:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Devin\AppData\Roaming\mozilla\Extensions
    [2012-05-02 08:59:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Devin\AppData\Roaming\mozilla\Firefox\Profiles\zgl0jkey.default\extensions
    [2012-03-18 09:21:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012-07-19 22:42:15 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012-06-21 15:31:44 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012-06-21 15:31:44 | 000,001,892 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bolcom-nl.xml
    [2012-06-21 15:31:44 | 000,004,558 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\marktplaats-nl.xml
    [2012-06-21 15:31:44 | 000,001,049 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-nl.xml
     
    O1 HOSTS File: ([2011-07-02 16:23:55 | 000,001,339 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1                activate.adobe.com
    O1 - Hosts: 127.0.0.1                practivate.adobe.com
    O1 - Hosts: 127.0.0.1                ereg.adobe.com
    O1 - Hosts: 127.0.0.1                activate.wip3.adobe.com
    O1 - Hosts: 127.0.0.1                wip3.adobe.com
    O1 - Hosts: 127.0.0.1                3dns-3.adobe.com
    O1 - Hosts: 127.0.0.1                3dns-2.adobe.com
    O1 - Hosts: 127.0.0.1                adobe-dns.adobe.com
    O1 - Hosts: 127.0.0.1                adobe-dns-2.adobe.com
    O1 - Hosts: 127.0.0.1                adobe-dns-3.adobe.com
    O1 - Hosts: 127.0.0.1                ereg.wip3.adobe.com
    O1 - Hosts: 127.0.0.1                activate-sea.adobe.com
    O1 - Hosts: 127.0.0.1                wwis-dubc1-vip60.adobe.com
    O1 - Hosts: 127.0.0.1                activate-sjc0.adobe.com
    O1 - Hosts: 127.0.0.1                adobe.activate.com
    O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Atheros\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (no name) - Disabled:{9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
    O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
    O4:[b]64bit:[/b] - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
    O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
    O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
    O4 - HKLM..\Run: [QuickTime Plugin Install] C:\Program Files (x86)\QuickTime\Plugins\DeleteMe1.exe ()
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1084119896-2730321402-3971664447-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler File not found
    O4 - HKU\S-1-5-21-1084119896-2730321402-3971664447-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-21-1084119896-2730321402-3971664447-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\S-1-5-21-1084119896-2730321402-3971664447-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
    O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Atheros\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13[b]64bit:[/b] - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC33669C-236E-45EE-91A0-4E72E07AEC5F}: DhcpNameServer = 192.168.0.1
    O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
    O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
    O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
    O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\ms-help - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:[b]64bit:[/b] - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
    O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
    O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
    O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
    O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
    O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
    [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
     
    [2012-07-28 09:53:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2012-07-28 09:52:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
    [2012-07-27 19:20:04 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
    [2012-07-26 11:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\Magic Bullet Looks Vegas
    [2012-07-26 11:58:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LooksBuilder
    [2012-07-26 11:46:44 | 000,000,000 | ---D | C] -- C:\temp
    [2012-07-26 11:46:34 | 000,000,000 | ---D | C] -- C:\Users\Devin\AppData\Roaming\Red Giant Link
    [2012-07-26 11:36:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Red Giant Link
    [2012-07-22 10:22:05 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack x64
    [2012-07-18 14:56:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
    [2012-06-30 19:44:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Game Capture HD MP4 Builder
    [2012-06-30 19:18:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
    [2012-06-30 17:09:55 | 000,000,000 | ---D | C] -- C:\Users\Devin\AppData\Roaming\AVS4YOU
    [2012-06-30 17:09:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
    [2012-06-30 17:09:02 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
    [2012-06-30 17:09:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
    [1 C:\Users\Devin\AppData\Local\*.tmp files -> C:\Users\Devin\AppData\Local\*.tmp -> ]
     
    [color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
     
    [2012-07-28 09:47:20 | 029,213,263 | ---- | M] () -- C:\Users\Devin\Desktop\Sir Montage Trailer Take 5.mp4
    [2012-07-28 09:40:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012-07-28 08:57:58 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012-07-28 08:57:58 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012-07-28 08:50:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012-07-28 08:50:17 | 466,702,335 | -HS- | M] () -- C:\hiberfil.sys
    [2012-07-27 22:55:55 | 015,435,892 | ---- | M] () -- C:\Users\Devin\Desktop\stukje.mp4
    [2012-07-27 12:39:47 | 058,545,594 | ---- | M] () -- C:\Users\Devin\Desktop\Sir Montage Trailer Take 4.mp4
    [2012-07-27 10:59:07 | 001,881,390 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012-07-27 10:59:07 | 000,821,138 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
    [2012-07-27 10:59:07 | 000,729,944 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012-07-27 10:59:07 | 000,181,652 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
    [2012-07-27 10:59:07 | 000,150,306 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012-07-27 09:22:10 | 002,420,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012-07-26 23:21:30 | 050,663,112 | ---- | M] () -- C:\Users\Devin\Desktop\Sir Montage Trailer Take 3.mp4
    [2012-07-26 20:49:26 | 050,651,304 | ---- | M] () -- C:\Users\Devin\Desktop\Sir Montage Trailer Take 2.mp4
    [2012-07-26 20:15:22 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
    [2012-07-26 20:15:22 | 000,001,854 | ---- | M] () -- C:\Users\Devin\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
    [2012-07-26 17:30:01 | 036,971,929 | ---- | M] () -- C:\Users\Devin\Desktop\Sir Montage Trailer.mp4
    [2012-07-20 20:00:00 | 000,127,488 | ---- | M] () -- C:\Windows\SysNative\ff_vfw.dll
    [2012-07-14 21:09:06 | 000,002,759 | ---- | M] () -- C:\Users\Devin\.recently-used.xbel
    [2012-07-03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [1 C:\Users\Devin\AppData\Local\*.tmp files -> C:\Users\Devin\AppData\Local\*.tmp -> ]
     
    [color=#E56717]========== Files Created - No Company Name ==========[/color]
     
    [2012-07-28 09:19:51 | 029,213,263 | ---- | C] () -- C:\Users\Devin\Desktop\Sir Montage Trailer Take 5.mp4
    [2012-07-27 18:20:20 | 000,023,040 | ---- | C] () -- C:\Windows\Installer\{f32117d8-bf7d-227a-a078-58d0bef78bb1}\U\800000cb.@
    [2012-07-27 18:20:20 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{f32117d8-bf7d-227a-a078-58d0bef78bb1}\U\00000001.@
    [2012-07-27 16:49:45 | 015,435,892 | ---- | C] () -- C:\Users\Devin\Desktop\stukje.mp4
    [2012-07-27 12:16:03 | 058,545,594 | ---- | C] () -- C:\Users\Devin\Desktop\Sir Montage Trailer Take 4.mp4
    [2012-07-26 22:57:24 | 050,663,112 | ---- | C] () -- C:\Users\Devin\Desktop\Sir Montage Trailer Take 3.mp4
    [2012-07-26 20:15:22 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
    [2012-07-26 20:00:33 | 050,651,304 | ---- | C] () -- C:\Users\Devin\Desktop\Sir Montage Trailer Take 2.mp4
    [2012-07-26 17:13:01 | 036,971,929 | ---- | C] () -- C:\Users\Devin\Desktop\Sir Montage Trailer.mp4
    [2012-07-22 10:22:07 | 000,206,336 | ---- | C] () -- C:\Windows\SysNative\unrar.dll
    [2012-07-22 10:22:07 | 000,148,992 | ---- | C] ( ) -- C:\Windows\SysNative\lagarith.dll
    [2012-07-22 10:22:06 | 000,127,488 | ---- | C] () -- C:\Windows\SysNative\ff_vfw.dll
    [2012-07-14 21:09:06 | 000,002,759 | ---- | C] () -- C:\Users\Devin\.recently-used.xbel
    [2012-04-30 08:58:26 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
    [2012-01-22 15:21:54 | 000,050,002 | ---- | C] () -- C:\Users\Devin\loi.png
    [2012-01-22 15:07:10 | 000,153,335 | ---- | C] () -- C:\Users\Devin\loi.xcf
    [2012-01-11 09:15:25 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{f32117d8-bf7d-227a-a078-58d0bef78bb1}\@
    [2012-01-11 09:15:25 | 000,002,048 | -HS- | C] () -- C:\Users\Devin\AppData\Local\{f32117d8-bf7d-227a-a078-58d0bef78bb1}\@
    [2011-10-28 14:12:22 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
    [2011-09-26 16:08:15 | 000,000,145 | ---- | C] () -- C:\Users\Devin\.jupload.properties
    [2011-08-04 11:52:41 | 000,004,608 | ---- | C] () -- C:\Users\Devin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011-06-04 14:08:57 | 000,007,609 | ---- | C] () -- C:\Users\Devin\AppData\Local\resmon.resmoncfg
    [2011-06-03 12:49:41 | 001,859,550 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011-06-03 11:57:24 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
    [2011-04-10 11:49:10 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011-04-10 11:49:10 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011-04-10 11:42:50 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2011-04-10 11:18:24 | 013,356,032 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
    [2011-02-12 04:19:28 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2011-01-26 12:22:43 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
    [2011-01-12 18:02:43 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
     
    [color=#E56717]========== LOP Check ==========[/color]
     
    [2012-02-27 14:06:00 | 000,000,000 | ---D | M] -- C:\Users\Devin\AppData\Roaming\.minecraft
    [2012-01-22 20:03:28 | 000,000,000 | ---D | M] -- C:\Users\Devin\AppData\Roaming\.minecraft-1.1
    [2012-04-05 20:11:17 | 000,000,000 | ---D | M] -- C:\Users\Devin\AppData\Roaming\.techniclauncher
    [2012-04-29 14:36:11 | 000,000,000 | ---D | M] -- C:\Users\Devin\AppData\Roaming\Atari
    [2012-07-27 22:43:41 | 000,000,000 | ---D | M] -- C:\Users\Devin\AppData\Roaming\Azureus
    [2012-01-10 12:54:47 | 000,000,000 | ---D | M] -- C:\Users\Devin\AppData\Roaming\ESET
    [2012-01-07 13:34:30 | 000,000,000 | ---D | M] -- C:\Users\Devin\AppData\Roaming\FileZilla
    [2012-07-14 21:09:06 | 000,000,000 | ---D | M] -- C:\Users\Devin\AppData\Roaming\gtk-2.0
    [2012-07-27 22:43:41 | 000,000,000 | ---D | M] -- C:\Users\Devin\AppData\Roaming\Notepad++
    [2012-04-08 12:14:29 | 000,000,000 | ---D | M] -- C:\Users\Devin\AppData\Roaming\Publish Providers
    [2012-07-26 11:51:05 | 000,000,000 | ---D | M] -- C:\Users\Devin\AppData\Roaming\Red Giant Link
    [2011-09-25 14:25:50 | 000,000,000 | ---D | M] -- C:\Users\Devin\AppData\Roaming\SoftGrid Client
    [2012-06-30 19:52:06 | 000,000,000 | ---D | M] -- C:\Users\Devin\AppData\Roaming\Sony
    [2012-06-20 16:24:53 | 000,000,000 | ---D | M] -- C:\Users\Devin\AppData\Roaming\Sony Creative Software Inc
    [2011-12-28 12:42:26 | 000,000,000 | ---D | M] -- C:\Users\Devin\AppData\Roaming\SystemRequirementsLab
    [2012-04-05 17:07:07 | 000,000,000 | ---D | M] -- C:\Users\Devin\AppData\Roaming\TeamViewer
    [2011-06-03 16:44:56 | 000,000,000 | ---D | M] -- C:\Users\Devin\AppData\Roaming\Thunderbird
    [2012-07-09 21:47:10 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
     
    [color=#E56717]========== Purity Check ==========[/color]
     
     
     
    [color=#E56717]========== Alternate Data Streams ==========[/color]
     
    @Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:DFC5A2B2
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:5D458568
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
     
    < End of report >
    
     
  3. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    Do NOT wrap logs in "quotes" or any other codes.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...