Politie virus verwijderen
Written by stephan on May 19, 2012 under Internet.
Op dit moment krijg ik dagelijks wel mensen die besmet zijn met het politievirus. Ik heb al diverse varianten gezien: Een Buma Stemra-variant, Sabam-variant, Metropolitan Police-variant, Gema-variant, Guardia di Finanza-variant, Scotland Yard-variant, Bundespolizei-variant, PRS for Music-variant,Policia de Seguranca Publica Portuguese-variant, Police National Francaise-variant, Politie-variant en wellicht nog wat andere varianten. Het gaat hier om het Ukash virus.
Dit is wat ze noemen Ransomware-malware waarbij de geinfecteerde computer ontgrendeld kan worden door te betalen met een Ukash code. Deze code kan men krijgen in diverse winkels, maar zal de computer natuurlijk daadwerkelijk niet ontgrendelen. De virusbouwer is dus de lachende derde en ik had deze week ook iemand die daadwerkelijk met Ukash betaald had! Als u dus besmet bent, zult u dit meteen merken. De windows Desktop is vervangen door een alarmerende melding dat u illegaal gedownload hebt. Verder staat er een veld waarin u de Ukashcode kunt invullen en de winkels waar u Ukashcodes kunt kopen. Verder kunt u niets meer met uw computer doen. Opstarten in veilige modes werkt niet. Ik kreeg afgelopen week een PC met een variant binnen die ik niet weggekregen heb: de Sabam versie. Ik heb de computer van armoede opnieuw moeten installeren. Ik kon gelukkig de data uiteraard nog wel redden. Een andere PC heb ik als volgt op kunnen lossen.
Oplossing:
1. download MalwareBytes’ Anti-Malware en zet hem op een USB stick
2. Start de geinfecteerde PC op in veilige modes met opstart prompt
3. Zodra de opdrachtprompt verschijnt typt u in de zwarte dos box: explorer.exe
4. Je hebt nu toegang tot de drives, zoek je USB stick op en voer het gedownloade bestand uit van malwarebytes
5. Laat na de installatie malwarebytes starten en doe en snelle scan/quick scan
6. Het virus wordt nu ontdekt en zodra de scan klaar is klik je op remove selected
7. De virussen worden nu verwijderd en de PC moet opnieuw opgestart worden
Oplossing door PC Web Plus
Om dit virus te verwijderen kunt u de volgende tip volgen die door pcwebplus.nl deze week gepubliceerd is:
1. Scannen met MalwareBytes’ Anti-Malware (MBAM)
Download MalwareBytes’ Anti-Malware en sla het op je bureaublad op.
Dubbelklik op mbam-setup.exe om het programma te installeren.
Zorg dat er na de installatie een vinkje is geplaatst bij:
- Update MalwareBytes’ Anti-Malware
- Start MalwareBytes’ Anti-Malware
Klik daarna op “Voltooien”.
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.
- Zodra het programma gestart is, ga dan naar het tabblad “Instellingen”.
- Vink hier aan: “Sluit Internet Explorer tijdens verwijdering van malware”.
- Ga daarna naar het tabblad “Scanner”, kies hier voor “Snelle Scan”.
- Druk vervolgens op “Scannen” om de scan te starten.
- Het scannen kan een tijdje duren, dus wees geduldig.
- Wanneer de scan voltooid is, klik op OK, daarna “Bekijk Resultaten” om de resultaten te zien.
- Zorg ervoor dat daar alles aangevinkt is, daarna klik op: “Verwijder geselecteerde”.
- Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
Het log wordt automatisch bewaard door MalwareBytes’ Anti-Malware en kan je terugvinden door op de “Logs” tab te klikken in het programma.
Bij problemen!!! (Lees de onderstaande instructies)
2. Download DDS van sUBS van één van deze locaties en plaats het op je bureaublad:
DDS – Bleeping Computer download.
DDS – Bleeping Computer download.
DDS – Infospyware.
DDS is een diagnosetool en maakt gebruik van scripts.
Schakel je beveiligings software uit voordat je DDS uitvoert!
Dubbelklik op DDS om de tool te starten.
DDS zal 2 logfiles openen:
* DDS.txt
* Attach.txt
Een scherm vraagt je om beide logjes op te slaan omdat de logjes weg zullen zijn als je ze sluit.
Sla de logjes op bijvoorbeeld op je bureaublad of een andere plaats waar je ze makkelijk terug vind.
Post het DDS.txt logje met je volgende antwoord. De Attach.txt post je alleen wanneer hier om gevraagd wordt.
MaartenV
05/31/2012 at 12:27
voor de sabam variant heb ik een oplossing gevonden. http://www.vekens.com/index.php?option=com_content&view=article&id=6&Itemid=9
Judoman
06/08/2012 at 14:25
Beste,
Ik heb sinds vandaag het ‘politievirus’ op mijn pc. Ik heb vorige oplossing toegepast. Dit is hier mijn DDS-logje:
DDS (Ver_2011-08-26.01) – NTFSx86 NETWORK
Internet Explorer: 7.0.6000.17037
Run by Tom at 15:16:09 on 2012-06-08
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.32.1043.18.2038.1483 [GMT 2:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\helppane.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = ${URL_SEARCHPAGE}
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.aldi.com/
mDefault_Page_URL = hxxp://www.aldi.com/
mSearch Page = ${URL_SEARCHPAGE}
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} – c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} – No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} – c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: Windows Live Aanmelden – Help: {9030d464-4c02-4abf-8ecc-5164760863c6} – c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} – c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} – c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} – “c:\program files\microsoft\bingbar\BingExt.dll”
TB: !{2318C2B1-4965-11d4-9B18-009027A5CD4F} – No File
TB: !{9421DD08-935F-4701-A9CA-22DF90AC4EA6} – No File
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} – “c:\program files\microsoft\bingbar\BingExt.dll”
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} – No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} – No File
TB: RadioBar Toolbar: {5b291e6c-9a74-4034-971b-a4b007a0b315} –
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [msnmsgr] “c:\program files\windows live\messenger\MsnMsgr.Exe” /background
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “c:\program files\common files\ahead\lib\NMBgMonitor.exe”
uRun: [Spotify] “c:\users\tom\appdata\roaming\spotify\Spotify.exe” /uri spotify:autostart
uRun: [Spotify Web Helper] “c:\users\tom\appdata\roaming\spotify\data\SpotifyWebHelper.exe”
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [fhqavqhddmbauqr] c:\programdata\fhqavqhddmbauqrozopb.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] “c:\program files\intel\intel matrix storage manager\Iaanotif.exe”
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [OmniPass] c:\program files\softex\omnipass\scureapp.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [RemoteControl] “c:\program files\home cinema\powerdvd\PDVDServ.exe”
mRun: [LanguageShortcut] “c:\program files\home cinema\powerdvd\language\Language.exe”
mRun: [toolbar_eula_launcher] c:\program files\googleeula\EULALauncher.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SSBkgdUpdate] “c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe” -Embedding -boot
mRun: [OpwareSE4] “c:\program files\scansoft\omnipagese4\OpwareSE4.exe”
mRun: [QuickTime Task] “c:\program files\quicktime\QTTask.exe” -atboottime
mRun: [avgnt] “c:\program files\avira\antivir desktop\avgnt.exe” /min
mRun: [Adobe Reader Speed Launcher] “c:\program files\adobe\reader 9.0\reader\Reader_sl.exe”
mRun: [Adobe ARM] “c:\program files\common files\adobe\arm\1.0\AdobeARM.exe”
mRun: [EEventManager] “c:\program files\epson software\event manager\EEventManager.exe”
StartupFolder: c:\users\tom\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobem~1.lnk – c:\program files\adobe media player\Adobe Media Player.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hdwrit~1.lnk – c:\program files\common files\panasonic\hd writer autostart\HDWriterAutoStart.exe
IE: E&xport to Microsoft Excel – c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: E&xporteren naar Microsoft Excel – c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki… – c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} – c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} – {5F7B1267-94A9-47F5-98DB-E99415F33AEC} – c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} – {898EA8C8-E7FF-479B-8935-AEC46303B9E5} – c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} – {FF059E31-CC5A-4E2E-BF3B-96E929D65503} – c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} – hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} – hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6CD6822A-9600-4638-B3D1-4381B0767659} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8F3764A4-D57A-4772-9F5D-F3C23D93A8C2} : DhcpNameServer = 195.130.130.3 195.130.131.3
Handler: skype-ie-addon-data – {91774881-D725-4E58-B298-07617B9B86A8} – c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com – {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} – c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui – igfxdev.dll
AppInit_DLLs:
.
============= SERVICES / DRIVERS ===============
.
R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [2007-8-26 210736]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2007-8-26 13976]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-8-5 136360]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-8-5 269480]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-5 66616]
S2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-10-3 54632]
S3 fsssvc;De service Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 PhilCap;NXP service;c:\windows\system32\drivers\PhilCap.sys [2007-8-26 908896]
.
=============== Created Last 30 ================
.
2012-06-08 12:40:19 6737808 —-a-w- c:\programdata\microsoft\windows defender\definition updates\{a80c1ad6-6722-445e-a41a-dde9d7e8f128}\mpengine.dll
2012-06-08 11:22:28 ——– d—–w- c:\users\tom\appdata\roaming\Malwarebytes
2012-06-08 11:22:23 ——– d—–w- c:\programdata\Malwarebytes
2012-06-08 11:22:22 ——– d—–w- c:\program files\Malwarebytes’ Anti-Malware
2012-06-07 17:11:46 49152 —-a-w- c:\programdata\fhqavqhddmbauqrozopb.exe
2012-06-07 17:11:46 ——– d—–w- c:\programdata\qomifuqiyhyherr
2012-06-07 17:11:43 49152 —-a-w- c:\users\tom\ms.exe
2012-06-06 16:05:36 ——– d—–w- c:\program files\Fotoalbum
2012-06-06 15:22:29 ——– d—–w- c:\programdata\1D1CF
.
==================== Find3M ====================
.
2012-06-06 16:00:11 11122 —-a-w- c:\users\tom\appdata\roaming\mdbu.bin
.
============= FINISH: 15:17:36,53 ===============
Kan iemand mij helpen??
quintensmets23
06/29/2012 at 00:46
jsBDOx3Nyy65
.
DDS (Ver_2011-08-26.01) – NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421
Run by Quinten at 1:38:50 on 2012-06-29
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.3885.2945 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Quinten\Desktop\Malwarebytes’ Anti-Malware\mbam.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?AF=107847&babsrc=HP_ss&mntrId=fee6afd40000000000001a4bd6f7a72e
uSearch Page = hxxp://nl.woofi.info
uDefault_Page_URL = hxxp://asus.msn.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://nl.woofi.info
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} – C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} – C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
uURLSearchHooks: H – No File
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} – C:\Program Files (x86)\BitTorrentBar\tbBit1.dll
uURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} – C:\Program Files (x86)\Softonic-Eng7\prxtbSof0.dll
mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} – C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
mURLSearchHooks: H – No File
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} – C:\Program Files (x86)\BitTorrentBar\tbBit1.dll
mURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} – C:\Program Files (x86)\Softonic-Eng7\prxtbSof0.dll
mWinlogon: Userinit=userinit.exe,
BHO: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} – C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
BHO: QuickStores-Toolbar: {10edb994-47f8-43f7-ae96-f2ea63e9f90f} – mscoree.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} – C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} – C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} – C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: Ant.com browser helper (video detector): {346fde31-dff9-418a-90c8-ba31dc9ff2ef} – C:\Program Files (x86)\Ant.com\IE add-on\Download.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} – C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} – C:\Program Files (x86)\Softonic-Eng7\prxtbSof0.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} – C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} – C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} – C:\Program Files (x86)\BitTorrentBar\tbBit1.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} – C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} – C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} – C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} – C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} – “C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll”
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} – C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} – C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: QuickStores-Toolbar: {10edb994-47f8-43f7-ae96-f2ea63e9f90f} – mscoree.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} – C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} – C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
TB: {ba14329e-9550-4989-b3f2-9732e92d17cc} – No File
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} – C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} – C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} – C:\Program Files (x86)\BitTorrentBar\tbBit1.dll
TB: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} – C:\Program Files (x86)\Softonic-Eng7\prxtbSof0.dll
TB: Ant.com Download Toolbar: {2e924f4f-67f0-4bd8-9560-49f468e843d2} – C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} – “C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll”
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} – C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} – C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} – C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} – No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} – C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [msnmsgr] “C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe” /background
uRun: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe
uRun: [BitTorrent] “C:\Program Files (x86)\BitTorrent\BitTorrent.exe”
uRun: [Netlog 24] “C:\Program Files (x86)\Netlog 24\Notifier\Netlog24Notifier.exe”
uRun: [swg] “C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
uRun: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe –startup
uRun: [Spotify] “C:\Users\Quinten\AppData\Roaming\Spotify\Spotify.exe” /uri spotify:autostart
uRun: [Facebook Update] “C:\Users\Quinten\AppData\Local\Facebook\Update\FacebookUpdate.exe” /c /nocrashserver
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWow64\Macromed\Flash\FlashUtil10d.exe
mRun: [RemoteControl9] “C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe”
mRun: [UpdateLBPShortCut] “C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe” “C:\Program Files (x86)\CyberLink\LabelPrint” UpdateWithCreateOnce “Software\CyberLink\LabelPrint\2.5″
mRun: [UpdateP2GoShortCut] “C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe” “C:\Program Files (x86)\CyberLink\Power2Go” UpdateWithCreateOnce “SOFTWARE\CyberLink\Power2Go\6.0″
mRun: [Boingo Wi-Fi] “C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk”
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [GrooveMonitor] “C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe”
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] “C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe” -launchedbylogin
mRun: [APSDaemon] “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
mRun: [iTunesHelper] “C:\Program Files (x86)\iTunes\iTunesHelper.exe”
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRunOnce: [Malwarebytes Anti-Malware] C:\Users\Quinten\Desktop\Malwarebytes’ Anti-Malware\mbamgui.exe /install /silent
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe “C:\ProgramData\Malwarebytes\Malwarebytes’ Anti-Malware\cleanup.dll”,ProcessCleanupScript
StartupFolder: C:\Users\Quinten\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ctfmon.lnk – C:\Windows\System32\rundll32.exe
StartupFolder: C:\Users\Quinten\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK – C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK – C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK – C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
mPolicies-explorer: NoActiveDesktop = 1 (0×1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0×1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0×5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0×3)
mPolicies-system: EnableUIADesktopToggle = 0 (0×0)
IE: Add to Google Photos Screensa&ver – C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel – C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download – C:\Users\Quinten\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter – C:\Users\Quinten\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} – {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} – C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} – {5F7B1267-94A9-47F5-98DB-E99415F33AEC} – C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} – {48E73304-E1D6-4330-914C-F5F514E3486C} – C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} – {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} – C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} – {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} – C:\Windows\WindowsMobile\INetRepl.dll
IE: {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} – {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} – C:\Program Files (x86)\Ant.com\IE add-on\Download.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} – {898EA8C8-E7FF-479B-8935-AEC46303B9E5} – C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} – {FF059E31-CC5A-4E2E-BF3B-96E929D65503} – C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} – hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} – hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} – hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: DhcpNameServer = 195.130.131.132 195.130.130.4
TCP: Interfaces\{6B2D6259-CF85-45C3-A74D-D49BFAF4A292} : DhcpNameServer = 195.130.131.132 195.130.130.4
TCP: Interfaces\{6B2D6259-CF85-45C3-A74D-D49BFAF4A292}\2565541353 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{6B2D6259-CF85-45C3-A74D-D49BFAF4A292}\35455464B454D20534F5E4564777F627B6 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{6B2D6259-CF85-45C3-A74D-D49BFAF4A292}\36963736F63726 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{6B2D6259-CF85-45C3-A74D-D49BFAF4A292}\75966496F57344 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{713F8DA6-797A-4831-BA38-A86C16937FB2} : DhcpNameServer = 195.130.131.4 195.130.130.132
Handler: belarc – {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} – C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: grooveLocalGWS – {88FED34C-F0CA-4636-A375-3CB6248B04CD} – C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data – {91774881-D725-4E58-B298-07617B9B86A8} – C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com – {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} – C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} – C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} – C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{0974BA1E-64EC-11DE-B2A5-E43756D89593}
{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{2EECD738-5844-4a99-B4B6-146BF802613B}
{30F9B915-B755-4826-820B-08FBA6BD249D}
{346FDE31-DFF9-418A-90C8-BA31DC9FF2EF}
{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}
{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{872b5b88-9db5-4310-bdd0-ac189557e5f5}
{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{9FDDE16B-836F-4806-AB1F-1455CBEFF289}
{AA58ED58-01DD-4d91-8333-CF10577473F7}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{d2ce3e00-f94a-4740-988e-03dc2f38c34f}
{D4027C7F-154A-4066-A1AD-4243D8127440}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
{D4027C7F-154A-4066-A1AD-4243D8127440}
{872b5b88-9db5-4310-bdd0-ac189557e5f5}
TB-X64: {ba14329e-9550-4989-b3f2-9732e92d17cc} – No File
{30F9B915-B755-4826-820B-08FBA6BD249D}
{0974BA1E-64EC-11DE-B2A5-E43756D89593}
{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
{2E924F4F-67F0-4BD8-9560-49F468E843D2}
{8dcb7100-df86-4384-8842-8fa844297b3f}
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
{98889811-442D-49dd-99D7-DC866BE87DBC}
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} – No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} – No File
mRun-x64: [RemoteControl9] “C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe”
mRun-x64: [UpdateLBPShortCut] “C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe” “C:\Program Files (x86)\CyberLink\LabelPrint” UpdateWithCreateOnce “Software\CyberLink\LabelPrint\2.5″
mRun-x64: [UpdateP2GoShortCut] “C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe” “C:\Program Files (x86)\CyberLink\Power2Go” UpdateWithCreateOnce “SOFTWARE\CyberLink\Power2Go\6.0″
mRun-x64: [Boingo Wi-Fi] “C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk”
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [GrooveMonitor] “C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe”
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] “C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe” -launchedbylogin
mRun-x64: [APSDaemon] “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
mRun-x64: [iTunesHelper] “C:\Program Files (x86)\iTunes\iTunesHelper.exe”
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Users\Quinten\Desktop\Malwarebytes’ Anti-Malware\mbamgui.exe /install /silent
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe “C:\ProgramData\Malwarebytes\Malwarebytes’ Anti-Malware\cleanup.dll”,ProcessCleanupScript
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF – ProfilePath – C:\Users\Quinten\AppData\Roaming\Mozilla\Firefox\Profiles\370gqonu.default\
FF – prefs.js: browser.search.defaulturl – hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}
FF – prefs.js: browser.search.selectedEngine – Search the web (Babylon)
FF – prefs.js: browser.startup.homepage – hxxp://search.babylon.com/?AF=107847&babsrc=HP_ss&mntrId=fee6afd40000000000001a4bd6f7a72e
FF – prefs.js: keyword.URL – hxxp://search.babylon.com/?AF=107847&babsrc=adbartrp&mntrId=fee6afd40000000000001a4bd6f7a72e&q=
FF – prefs.js: browser.search.selectedEngine – Yahoo-Mp3Tube
FF – prefs.js: browser.search.selectedEngine – Yahoo-Mp3Tube
FF – prefs.js: network.proxy.type – 0
FF – component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF – component: C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll
FF – component: C:\Users\Quinten\AppData\Roaming\Mozilla\Firefox\Profiles\370gqonu.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
FF – component: C:\Users\Quinten\AppData\Roaming\Mozilla\Firefox\Profiles\370gqonu.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCoreGecko19.dll
FF – component: C:\Users\Quinten\AppData\Roaming\Mozilla\Firefox\Profiles\370gqonu.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF – component: C:\Users\Quinten\AppData\Roaming\Mozilla\Firefox\Profiles\370gqonu.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF – component: C:\Users\Quinten\AppData\Roaming\Mozilla\Firefox\Profiles\370gqonu.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCore.dll
FF – component: C:\Users\Quinten\AppData\Roaming\Mozilla\Firefox\Profiles\370gqonu.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
FF – component: C:\Users\Quinten\AppData\Roaming\Mozilla\Firefox\Profiles\370gqonu.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF – component: C:\Users\Quinten\AppData\Roaming\Mozilla\Firefox\Profiles\370gqonu.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF – component: C:\Users\Quinten\AppData\Roaming\Mozilla\Firefox\Profiles\370gqonu.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
FF – component: C:\Users\Quinten\AppData\Roaming\Mozilla\Firefox\Profiles\370gqonu.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF – plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF – plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF – plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF – plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF – plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF – plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_HBLiteSA.dll
FF – plugin: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
FF – plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF – plugin: C:\Users\Quinten\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF – plugin: C:\Users\Quinten\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
FF – Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} – C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF – Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} – C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF – Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} – %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF – Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} – %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF – Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} – %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF – Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} – %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
FF – Ext: Conduit Engine : engine@conduit.com – %profile%\extensions\engine@conduit.com
FF – Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} – %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
FF – Ext: MediaBar: {E84D42CA-64EB-11DE-A65F-8C3656D89593} – %profile%\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
FF – Ext: Softonic-Eng7 Community Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} – %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
.
—- FIREFOX POLICIES —-
FF – user.js: keyword.URL – hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
FF – user.js: keyword.enabled – 1
FF – user.js: extensions.BabylonToolbar_i.id – fee6afd40000000000001a4bd6f7a72e
FF – user.js: extensions.BabylonToolbar_i.hardId – fee6afd40000000000001a4bd6f7a72e
FF – user.js: extensions.BabylonToolbar_i.instlDay – 15519
FF – user.js: extensions.BabylonToolbar_i.vrsn – 1.5.3.17
FF – user.js: extensions.BabylonToolbar_i.vrsni – 1.5.3.17
FF – user.js: extensions.BabylonToolbar_i.vrsnTs – 1.5.3.171:08:03
FF – user.js: extensions.BabylonToolbar_i.prtnrId – babylon
FF – user.js: extensions.BabylonToolbar_i.prdct – BabylonToolbar
FF – user.js: extensions.BabylonToolbar_i.aflt – babsst
FF – user.js: extensions.BabylonToolbar_i.smplGrp – none
FF – user.js: extensions.BabylonToolbar_i.tlbrId – base
FF – user.js: extensions.BabylonToolbar_i.newTab – false
FF – user.js: extensions.BabylonToolbar_i.babTrack – affID=107847
FF – user.js: extensions.BabylonToolbar_i.babExt –
FF – user.js: extensions.BabylonToolbar_i.srcExt – ss
FF – user.js: extensions.BabylonToolbar_i.instlRef – sst
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys –> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys –> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys –> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys –> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys –> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys –> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys –> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
S2 AFBAgent;AFBAgent;”C:\Windows\system32\FBAgent.exe” –> C:\Windows\system32\FBAgent.exe [?]
S2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-30 135664]
S2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-12-8 373640]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-9-17 15928]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys –> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
S2 MBAMService;MBAMService;C:\Users\Quinten\Desktop\Malwarebytes’ Anti-Malware\mbamservice.exe [2012-6-29 654408]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-12-14 2019648]
S2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-7-30 2314240]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS –> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys –> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update-service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-30 135664]
S3 hwusbfake;Huawei DataCard USB Fake;C:\Windows\system32\DRIVERS\ewusbfake.sys –> C:\Windows\system32\DRIVERS\ewusbfake.sys [?]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys –> C:\Windows\system32\DRIVERS\Impcd.sys [?]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys –> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys –> C:\Windows\system32\drivers\mbam.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys –> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Netwerkinspectie;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys –> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-11-29 11856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys –> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe –> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-28 23:10:48 ——– d—–w- C:\Users\Quinten\AppData\Roaming\Malwarebytes
2012-06-28 23:10:44 24904 —-a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-28 23:10:44 ——– d—–w- C:\ProgramData\Malwarebytes
2012-06-28 23:08:04 ——– d—–w- C:\Program Files (x86)\BabylonToolbar
2012-06-28 23:07:58 ——– d—–w- C:\Users\Quinten\AppData\Local\Babylon
2012-06-28 23:07:57 ——– d—–w- C:\Users\Quinten\AppData\Roaming\Babylon
2012-06-28 23:07:57 ——– d—–w- C:\ProgramData\Babylon
2012-06-28 22:41:24 ——– d—–w- C:\Users\Quinten\AppData\Local\{6D84DE29-FE9A-48DB-9B2B-01725D177CDD}
2012-06-28 18:06:12 9013136 —-a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1EA386C3-28C1-462E-A85F-2BD58E4B59B3}\mpengine.dll
2012-06-27 17:18:45 9013136 ——w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-24 16:48:05 ——– d—–w- C:\Users\Quinten\AppData\Local\{F4380846-9199-4C51-9D53-B9FF078E260F}
2012-06-24 16:47:53 ——– d—–w- C:\Users\Quinten\AppData\Local\{EEF98573-7014-4293-8826-C6AECA5580CC}
2012-06-21 16:22:08 2622464 —-a-w- C:\Windows\System32\wucltux.dll
2012-06-21 16:21:14 36864 —-a-w- C:\Windows\System32\wuapp.exe
2012-06-21 16:21:14 186752 —-a-w- C:\Windows\System32\wuwebv.dll
2012-06-21 16:11:25 ——– d—–w- C:\Users\Quinten\AppData\Local\{7A1E2F7B-1A00-43D9-B720-28F201DA7A40}
2012-06-20 19:21:17 ——– d—–w- C:\Users\Quinten\AppData\Local\{C7DA2EC0-8E6C-475B-9156-160A5FCAC8FF}
2012-06-20 19:20:45 ——– d—–w- C:\Users\Quinten\AppData\Local\{312A7721-E296-4528-A06B-68FC62D5EE79}
2012-06-19 16:52:26 ——– d—–w- C:\Users\Quinten\AppData\Local\{0CEBFBD0-DA93-4612-85FD-5D845813762D}
2012-06-18 05:34:16 ——– d—–w- C:\Users\Quinten\AppData\Local\{D38B3BF0-7533-4065-8209-E12E8F23C1A0}
2012-06-18 01:02:04 2382848 —-a-w- C:\Windows\System32\mshtml.tlb
2012-06-18 01:02:03 2382848 —-a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-18 01:02:01 140920 —-a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2012-06-18 01:02:00 194560 —-a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2012-06-18 01:02:00 174200 —-a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2012-06-14 16:53:49 9216 —-a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-14 16:52:27 ——– d—–w- C:\Program Files (x86)\Teach2000
2012-06-13 15:20:03 ——– d—–w- C:\Users\Quinten\AppData\Local\{8DFF9A64-B9E0-448A-A8D4-95B5BA841F6D}
2012-06-13 15:19:53 ——– d—–w- C:\Users\Quinten\AppData\Local\{F31BCCF9-6A5F-4C0F-A3FA-D57C8DF3DE08}
2012-06-12 19:07:06 ——– d—–w- C:\Users\Quinten\AppData\Local\{1BC66C81-5DDF-47C8-8A93-8EDBCFB666BD}
2012-06-12 19:06:55 ——– d—–w- C:\Users\Quinten\AppData\Local\{72490566-412D-406F-BD79-3F08BD1AEF3E}
2012-06-12 19:02:26 ——– d—–w- C:\Users\Quinten\AppData\Local\{F9B17E41-8551-4A38-A313-EAA80C5FE889}
2012-06-12 19:02:15 ——– d—–w- C:\Users\Quinten\AppData\Local\{5B97E901-C2E8-4361-8DFE-16A7A0ACA393}
2012-06-12 17:17:23 927800 ——w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2B6AF265-1D3C-4723-9389-D43974E02149}\gapaengine.dll
2012-06-11 20:00:37 ——– d—–w- C:\Users\Quinten\AppData\Local\Graboid_Inc
2012-06-11 20:00:36 ——– d—–w- C:\Users\Quinten\AppData\Local\Graboid Inc
2012-06-11 20:00:36 ——– d—–w- C:\Users\Quinten\AppData\Local\Graboid
2012-06-11 20:00:36 ——– d—–w- C:\ProgramData\Graboid Inc
2012-06-11 20:00:33 ——– d—–w- C:\Users\Quinten\AppData\Local\Geckofx
2012-06-11 19:38:12 ——– d—–w- C:\Program Files (x86)\Graboid
2012-06-10 20:13:20 ——– d—–w- C:\Program Files (x86)\Research In Motion Limited
2012-06-06 15:08:07 ——– d—–w- C:\Users\Quinten\AppData\Local\Facebook
2012-06-02 11:09:08 ——– d—–w- C:\Users\Quinten\AppData\Local\{8AF40EB2-39CB-4177-813A-593CE756D1D9}
2012-06-02 11:08:57 ——– d—–w- C:\Users\Quinten\AppData\Local\{0379147C-A774-4DA3-A28B-D0904D66AF15}
.
==================== Find3M ====================
.
2012-06-03 09:43:56 45056 —-a-w- C:\Windows\System32\acovcnt.exe
2012-05-18 02:06:48 2311680 —-a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 —-a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 —-a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 —-a-w- C:\Windows\System32\ieUnatt.exe
2012-05-17 22:45:37 1800192 —-a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 —-a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 —-a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 —-a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-15 01:32:20 3144192 —-a-w- C:\Windows\System32\win32k.sys
2012-05-04 10:52:22 5505392 —-a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:08:16 3958128 —-a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08:15 3902320 —-a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-02 05:32:43 208896 —-a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:50:40 204800 —-a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:34:38 76288 —-a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:34:37 149504 —-a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-24 05:59:45 182272 —-a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:59:45 1460224 —-a-w- C:\Windows\System32\crypt32.dll
2012-04-24 05:59:45 140288 —-a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 04:47:04 139264 —-a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:47:04 103936 —-a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-24 04:47:03 1156608 —-a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-07 12:18:36 3213824 —-a-w- C:\Windows\System32\msi.dll
2012-04-07 11:34:37 2342400 —-a-w- C:\Windows\SysWow64\msi.dll
.
============= FINISH: 1:40:17,04 ===============