Author Topic: [Inactive - K] MS Silverlight & Two trojans installed overnight  (Read 1519 times)

Offline apimybrowserbarf

  • Bronze Member
  • Posts: 31
Hi,

First of all, you guys rule. You saved our ass in 2012 when my dad's computer was having serious troubles. Unfortunately, we're here back again with a new problem.
Last night at ~7:20 pm, MS Silverlight along with two trojans were installed to computer.

MS Silverlight
PC Speed Up
Registry Helper

It's unknown whether anybody was on the computer at the time. It's unknown whether MS Silverlight is the actual MS program... also, for some reason (according to my dad "unexpectadly") the computer has some updates it wants to do on reboot and I told dad that we definitely shouldn't do that - I fear the trojans have infested unto Windows 7 itself.

Before I could prevent it, my dad went into panic mode and started reading internet guides... and did the following things (BEFORE I ran DDS).

Updated & Ran Malwarebytes Anti-Malware, removed 131 miscelanous and 3 actual malwares. He didn't save logs.  :D1
Uninstalled MS Silverlight from Add/Remove Programs
Ctrl Alt Del, stopped Registry Helper from running as active program.
Uninstalled Registry Helper from Add/Remove Programs
Uninstalled PC Speed Up, requested Reboot but we haven't yet.

PLEASE HELP US. My dad definitely cannot handle this, as you can see.  :h I only know to let you pros handle everything and not do anything on my own.  :b
I try to hold him off from rebooting the computer in the meanwhile.

Here are DDS logs and attachments:

--

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17689  BrowserJavaVersion: 11.31.2
Run by Pasi at 9:18:55 on 2015-03-22
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.358.1035.18.4094.2098 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
D:\Spotify\Data\SpotifyWebHelper.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Users\Pasi\AppData\Roaming\Search Protection\SP.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\CCleaner\CCleaner64.exe
C:\Program Files (x86)\Ttessab\bin\utilTtessab.exe
C:\Program Files (x86)\Ttessab\updateTtessab.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Ttessab\bin\Ttessab.BrowserAdapter.exe
C:\Program Files (x86)\Ttessab\bin\Ttessab.BrowserAdapter64.exe
C:\Users\Pasi\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.19.2\dsrlte.exe
C:\Program Files (x86)\Samsung\Easy Printer Manager\ScrPrint.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\MPC_Kromi\MPCKromi.exe
C:\Program Files (x86)\MPC_Kromi\MPCKromi.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\MPC_Kromi\MPCKromi.exe
C:\Program Files (x86)\MPC_Kromi\MPCKromi.exe
C:\Program Files (x86)\MPC_Kromi\MPCKromi.exe
C:\Program Files (x86)\MPC_Kromi\MPCKromi.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://q.search-simple.com/?affID=na
mStart Page = www.google.com
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
BHO: Windows Live ID -kirjautumisapuohjelma: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
uRun: [Spotify Web Helper] "D:\Spotify\Data\SpotifyWebHelper.exe"
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [CCleaner Monitoring] "C:\Program Files (x86)\CCleaner\CCleaner64.exe" /MONITOR
uRun: [Yahoo! Search] C:\Users\Pasi\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.19.2\dsrlte.exe
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
StartupFolder: C:\Users\Pasi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Vie Microsoft E&xceliin - C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://85.23.161.214/activex/AMC.cab
TCP: NameServer = 192.168.100.1
TCP: Interfaces\{52264589-BFE0-43E4-ADFB-8E6A0C9B55A2} : DHCPNameServer = 192.168.100.1
TCP: Interfaces\{A51398A5-CD8A-42DC-9B44-F5BEBC517C99} : DHCPNameServer = 192.168.42.129
Handler: pm - {A479F961-CC9E-11D0-A220-000000000000} - C:\Program Files (x86)\Common Files\Repro Desk\PmProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= 
x64-mStart Page = www.google.com
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Handler: pm - {A479F961-CC9E-11D0-A220-000000000000} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Pasi\AppData\Roaming\Mozilla\Firefox\Profiles\nhgo6yp4.default\
FF - prefs.js: browser.startup.homepage - hxxp://q.search-simple.com/?affID=na
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://q.search-simple.com/?q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
FF - plugin: D:\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll
FF - ExtSQL: 2015-03-05 09:44; {54FBE89E-C878-46bb-A064-AB327EE26EBC}; C:\Users\Pasi\AppData\Roaming\Mozilla\Firefox\Profiles\nhgo6yp4.default\extensions\{54FBE89E-C878-46bb-A064-AB327EE26EBC}
FF - ExtSQL: 2015-03-05 09:44; {62DD0A97-FDD4-421b-94A5-D1A9434450C7}; C:\Users\Pasi\AppData\Roaming\Mozilla\Firefox\Profiles\nhgo6yp4.default\extensions\{62DD0A97-FDD4-421b-94A5-D1A9434450C7}
FF - ExtSQL: 2015-03-05 09:44; {30B5D38F-A43B-42fd-B7E5-898BB1B71B8B}; C:\Users\Pasi\AppData\Roaming\Mozilla\Firefox\Profiles\nhgo6yp4.default\extensions\{30B5D38F-A43B-42fd-B7E5-898BB1B71B8B}
.
---- FIREFOX POLICIES ----
user_pref(extensidial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0DtA0BtN1H1B1QyCtB&cr=956731694&ir=);
.
FF - user.js: extensions.mysearchdial.srchPrvdr - N2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0DtA0BtN1H1ial.tlbrSrchUrl, hxxp://start.mysearchdial.com/?f=3&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0DtA0BtN1H1B1QyCtB&cr=956731694&ir=&q=
FF - user.js: extensions.mysearchdial.id - 00199973BDB3ED3B
FF - user.js: extensions.mysearchdial.instlDay - 15869
FF - user.js: extensions.mysearchdial.vrsn -
FF - user.js: extensions.mysearchdial.vrsni -
FF - user.js: extensions.mysearchdial_i.vrsnTs - 8:19:33
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - irmsd62
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef -
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial_i.hmpg - true
FF - user.js: extensions.mysearchdial.cr - 956731694
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0DtA0BtN1H1B1QyCtB
.
.
FF - user.js: extensions.irmysearch.cr - 956731694
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0DtA0BtN1H1B1QyCtB
.
user_pref(extensions.autoDisableScopes,14);
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-11-15 274696]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/12/21 13:59:20];C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [2009-5-7 146928]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 124560]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-4-19 1615192]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-4-19 20541216]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.sys [2011-3-14 11576]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-6-21 413472]
R3 NisSrv;Microsoftin verkon tarkastus;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-1-30 366512]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-4-19 40392]
R3 SNXPCAMD;SUNIX Mulit-I/O Card Driver;C:\Windows\System32\drivers\snxpcamd.sys [2010-11-22 62464]
R3 SNXPPAMD;SUNIX Parallel Port Driver;C:\Windows\System32\drivers\snxppamd.sys [2010-11-22 133632]
RUnknown {dea9585d-ddcc-4dcd-a648-a859594f3da0}w64;{dea9585d-ddcc-4dcd-a648-a859594f3da0}w64;

RUnknown Update Ttessab;Update Ttessab;

RUnknown Util Ttessab;Util Ttessab;

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-3-11 114688]
S3 MHIKEY10;MHIKEY10;C:\Windows\System32\drivers\MHIKEY10x64.sys [2010-9-15 60288]
S3 nmwcdcx64;Nokia USB Generic;C:\Windows\System32\drivers\ccdcmbox64.sys [2011-8-17 27136]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\System32\drivers\nmwcdnsucx64.sys [2010-2-26 12288]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\drivers\nmwcdnsux64.sys [2010-2-26 173056]
S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\System32\drivers\ccdcmbx64.sys [2011-8-17 19968]
S3 PVUSB;CESG502 64bit USB Driver;C:\Windows\System32\drivers\CESG64.sys [2007-2-19 63808]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-4-15 59392]
S3 usbrndis6;USB RNDIS6 -sovitin;C:\Windows\System32\drivers\usb80236.sys [2013-3-21 19968]
S3 WatAdminSvc;Windowsin aktivointitekniikoiden palvelu;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-9 1255736]
.
=============== Created Last 30 ================
.
2015-03-22 06:43:29   48824   ----a-w-   C:\Windows\System32\drivers\{dea9585d-ddcc-4dcd-a648-a859594f3da0}w64.sys
2015-03-22 06:29:00   79064   ----a-w-   C:\Windows\System32\drivers\layepsj.sys
2015-03-21 17:25:22   11910896   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{63295003-87C4-49EC-937C-E743FB250800}\mpengine.dll
2015-03-21 17:22:46   --------   d-----w-   C:\Users\Pasi\AppData\Local\Pay-By-Ads
2015-03-21 17:21:18   --------   d-----w-   C:\Program Files (x86)\Ttessab
2015-03-21 17:21:00   --------   d-----w-   C:\Users\Pasi\AppData\Roaming\SIEMENS GIGASET M170 C CX user guide
2015-03-20 16:44:06   11910896   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-03-11 05:16:11   215552   ----a-w-   C:\Windows\System32\ubpm.dll
2015-03-11 05:15:50   1067520   ----a-w-   C:\Windows\System32\msctf.dll
2015-03-11 05:13:52   465920   ----a-w-   C:\Windows\System32\WMPhoto.dll
2015-03-11 05:13:52   417792   ----a-w-   C:\Windows\SysWow64\WMPhoto.dll
2015-03-09 15:30:12   --------   d-----w-   C:\GOG Games
2015-03-05 07:43:33   --------   d-----w-   C:\Users\Pasi\AppData\Roaming\Search Protection
2015-03-04 05:10:56   950272   ----a-w-   C:\Windows\System32\perftrack.dll
2015-03-04 05:10:56   91136   ----a-w-   C:\Windows\System32\wdi.dll
2015-03-04 05:10:56   76800   ----a-w-   C:\Windows\SysWow64\wdi.dll
2015-03-04 05:10:56   29696   ----a-w-   C:\Windows\System32\powertracker.dll
2015-02-22 06:38:44   1188440   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C26AE72D-5F74-487F-9770-7E5E804DA396}\gapaengine.dll
.
==================== Find3M  ====================
.
2015-03-22 05:57:47   129752   ----a-w-   C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-03-06 05:56:10   95680   ----a-w-   C:\Windows\System32\drivers\ksecdd.sys
2015-03-06 05:56:10   155576   ----a-w-   C:\Windows\System32\drivers\ksecpkg.sys
2015-03-06 05:42:39   210944   ----a-w-   C:\Windows\System32\wdigest.dll
2015-03-06 05:42:36   86528   ----a-w-   C:\Windows\System32\TSpkg.dll
2015-03-06 05:42:35   29184   ----a-w-   C:\Windows\System32\sspisrv.dll
2015-03-06 05:42:35   136192   ----a-w-   C:\Windows\System32\sspicli.dll
2015-03-06 05:42:33   341504   ----a-w-   C:\Windows\System32\schannel.dll
2015-03-06 05:42:33   28160   ----a-w-   C:\Windows\System32\secur32.dll
2015-03-06 05:42:29   314880   ----a-w-   C:\Windows\System32\msv1_0.dll
2015-03-06 05:42:29   309760   ----a-w-   C:\Windows\System32\ncrypt.dll
2015-03-06 05:42:27   728064   ----a-w-   C:\Windows\System32\kerberos.dll
2015-03-06 05:42:27   1461760   ----a-w-   C:\Windows\System32\lsasrv.dll
2015-03-06 05:42:20   22016   ----a-w-   C:\Windows\System32\credssp.dll
2015-03-06 05:41:46   31232   ----a-w-   C:\Windows\System32\lsass.exe
2015-03-06 05:41:31   64000   ----a-w-   C:\Windows\System32\auditpol.exe
2015-03-06 05:39:16   60416   ----a-w-   C:\Windows\System32\msobjs.dll
2015-03-06 05:38:57   146432   ----a-w-   C:\Windows\System32\msaudite.dll
2015-03-06 05:36:56   686080   ----a-w-   C:\Windows\System32\adtschema.dll
2015-03-06 05:10:34   172032   ----a-w-   C:\Windows\SysWow64\wdigest.dll
2015-03-06 05:10:30   65536   ----a-w-   C:\Windows\SysWow64\TSpkg.dll
2015-03-06 05:10:26   248832   ----a-w-   C:\Windows\SysWow64\schannel.dll
2015-03-06 05:10:26   22016   ----a-w-   C:\Windows\SysWow64\secur32.dll
2015-03-06 05:10:22   259584   ----a-w-   C:\Windows\SysWow64\msv1_0.dll
2015-03-06 05:10:22   221184   ----a-w-   C:\Windows\SysWow64\ncrypt.dll
2015-03-06 05:10:18   550912   ----a-w-   C:\Windows\SysWow64\kerberos.dll
2015-03-06 05:10:11   17408   ----a-w-   C:\Windows\SysWow64\credssp.dll
2015-03-06 05:09:31   50176   ----a-w-   C:\Windows\SysWow64\auditpol.exe
2015-03-06 05:09:19   96768   ----a-w-   C:\Windows\SysWow64\sspicli.dll
2015-03-06 05:07:50   60416   ----a-w-   C:\Windows\SysWow64\msobjs.dll
2015-03-06 05:07:43   146432   ----a-w-   C:\Windows\SysWow64\msaudite.dll
2015-03-06 05:06:20   686080   ----a-w-   C:\Windows\SysWow64\adtschema.dll
2015-03-03 13:17:35   295552   ------w-   C:\Windows\System32\MpSigStub.exe
2015-02-26 03:25:44   3204096   ----a-w-   C:\Windows\System32\win32k.sys
2015-02-20 04:41:01   41984   ----a-w-   C:\Windows\System32\lpk.dll
2015-02-20 04:40:59   100864   ----a-w-   C:\Windows\System32\fontsub.dll
2015-02-20 04:40:56   14336   ----a-w-   C:\Windows\System32\dciman32.dll
2015-02-20 04:40:55   46080   ----a-w-   C:\Windows\System32\atmlib.dll
2015-02-20 04:13:49   70656   ----a-w-   C:\Windows\SysWow64\fontsub.dll
2015-02-20 04:13:46   10240   ----a-w-   C:\Windows\SysWow64\dciman32.dll
2015-02-20 04:13:43   34304   ----a-w-   C:\Windows\SysWow64\atmlib.dll
2015-02-20 04:12:51   25600   ----a-w-   C:\Windows\SysWow64\lpk.dll
2015-02-20 03:29:16   372224   ----a-w-   C:\Windows\System32\atmfd.dll
2015-02-20 03:09:16   299008   ----a-w-   C:\Windows\SysWow64\atmfd.dll
2015-02-20 03:06:02   2724864   ----a-w-   C:\Windows\System32\mshtml.tlb
2015-02-20 03:05:49   4096   ----a-w-   C:\Windows\System32\ieetwcollectorres.dll
2015-02-20 02:50:14   66560   ----a-w-   C:\Windows\System32\iesetup.dll
2015-02-20 02:49:29   48640   ----a-w-   C:\Windows\System32\ieetwproxystub.dll
2015-02-20 02:49:19   584192   ----a-w-   C:\Windows\System32\vbscript.dll
2015-02-20 02:47:56   88064   ----a-w-   C:\Windows\System32\MshtmlDac.dll
2015-02-20 02:35:17   144384   ----a-w-   C:\Windows\System32\ieUnatt.exe
2015-02-20 02:35:05   114688   ----a-w-   C:\Windows\System32\ieetwcollector.exe
2015-02-20 02:34:24   814080   ----a-w-   C:\Windows\System32\jscript9diag.dll
2015-02-20 02:32:34   6035456   ----a-w-   C:\Windows\System32\jscript9.dll
2015-02-20 02:26:12   968704   ----a-w-   C:\Windows\System32\MsSpellCheckingFacility.exe
2015-02-20 02:22:35   2724864   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2015-02-20 02:13:57   77824   ----a-w-   C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-02-20 02:09:08   503296   ----a-w-   C:\Windows\SysWow64\vbscript.dll
2015-02-20 02:08:59   62464   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2015-02-20 02:08:13   47616   ----a-w-   C:\Windows\SysWow64\ieetwproxystub.dll
2015-02-20 02:06:44   64000   ----a-w-   C:\Windows\SysWow64\MshtmlDac.dll
2015-02-20 01:56:54   115712   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2015-02-20 01:56:07   620032   ----a-w-   C:\Windows\SysWow64\jscript9diag.dll
2015-02-20 01:47:06   1359360   ----a-w-   C:\Windows\System32\mshtmlmedia.dll
2015-02-20 01:46:45   2125824   ----a-w-   C:\Windows\System32\inetcpl.cpl
2015-02-20 01:41:52   60416   ----a-w-   C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-02-20 01:30:39   4300288   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2015-02-20 01:28:25   2358784   ----a-w-   C:\Windows\System32\wininet.dll
2015-02-20 01:24:21   2052608   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2015-02-20 01:23:19   1155072   ----a-w-   C:\Windows\SysWow64\mshtmlmedia.dll
2015-02-20 01:01:25   1888256   ----a-w-   C:\Windows\SysWow64\wininet.dll
2015-02-06 06:37:55   71344   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-06 06:37:55   701616   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2015-02-04 03:16:29   609280   ----a-w-   C:\Windows\System32\generaltel.dll
2015-02-04 03:16:20   762368   ----a-w-   C:\Windows\System32\invagent.dll
2015-02-04 03:16:16   414720   ----a-w-   C:\Windows\System32\devinv.dll
2015-02-04 03:16:14   894976   ----a-w-   C:\Windows\System32\appraiser.dll
2015-02-04 03:16:13   227328   ----a-w-   C:\Windows\System32\aepdu.dll
2015-02-04 03:16:13   192000   ----a-w-   C:\Windows\System32\aepic.dll
2015-02-04 03:13:28   1098752   ----a-w-   C:\Windows\System32\aeinv.dll
2015-02-03 03:34:39   693176   ----a-w-   C:\Windows\System32\winload.efi
2015-02-03 03:34:38   5554104   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2015-02-03 03:34:36   94656   ----a-w-   C:\Windows\System32\drivers\mountmgr.sys
2015-02-03 03:33:29   616360   ----a-w-   C:\Windows\System32\winresume.efi
2015-02-03 03:30:58   631808   ----a-w-   C:\Windows\System32\evr.dll
2015-02-03 03:29:19   8704   ----a-w-   C:\Windows\System32\pcaevts.dll
2015-02-03 03:28:49   2048   ----a-w-   C:\Windows\System32\mferror.dll
2015-02-03 03:28:14   6656   ----a-w-   C:\Windows\System32\apisetschema.dll
2015-02-03 03:19:12   663552   ----a-w-   C:\Windows\System32\drivers\PEAuth.sys
2015-02-03 03:16:31   3973048   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2015-02-03 03:16:31   3917760   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2015-02-03 03:11:55   50176   ----a-w-   C:\Windows\SysWow64\rrinstaller.exe
2015-02-03 03:11:48   23040   ----a-w-   C:\Windows\SysWow64\mfpmp.exe
2015-02-03 03:11:18   12625408   ----a-w-   C:\Windows\SysWow64\wmploc.DLL
2015-02-03 03:09:03   2048   ----a-w-   C:\Windows\SysWow64\mferror.dll
2015-02-03 03:08:07   6656   ----a-w-   C:\Windows\SysWow64\apisetschema.dll
2015-02-03 02:32:25   61440   ----a-w-   C:\Windows\System32\drivers\appid.sys
2015-01-30 23:56:51   459336   ----a-w-   C:\Windows\System32\drivers\cng.sys
2015-01-27 23:36:21   1239720   ----a-w-   C:\Windows\System32\aitstatic.exe
2015-01-22 15:06:17   111016   ----a-w-   C:\Windows\System32\WindowsAccessBridge-64.dll
.
============= FINISH:  9:20:11,37 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 21.12.2009 14:01:10
System Uptime: 22.3.2015 7:38:03 (2 hours ago)
.
Motherboard: FUJITSU                          |  | D2950-A1
Processor: Intel(R) Core(TM)2 Quad CPU    Q8300  @ 2.50GHz | CPU | 1974/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 450 GiB total, 350,6 GiB free.
D: is FIXED (NTFS) - 480 GiB total, 312,102 GiB free.
E: is CDROM ()
F: is CDROM ()
H: is Removable
I: is Removable
J: is Removable
K: is CDROM ()
L: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo -tunnelointisovitin
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: ZoneAlarm Toolbar ISWKL
Device ID: ROOT\LEGACY_ISWKL\0000
Manufacturer:
Name: ZoneAlarm Toolbar ISWKL
PNP Device ID: ROOT\LEGACY_ISWKL\0000
Service: ISWKL
.
==== System Restore Points ===================
.
RP746: 12.2.2015 9:13:31 - Windows Update
RP747: 16.2.2015 15:43:28 - Windows Update
RP748: 20.2.2015 16:17:49 - Windows Update
RP749: 23.2.2015 16:23:10 - Windows Update
RP750: 25.2.2015 8:59:00 - Windows Update
RP751: 1.3.2015 8:43:17 - Windows Update
RP752: 4.3.2015 7:51:08 - Windows Update
RP753: 7.3.2015 8:55:42 - Windows Update
RP754: 10.3.2015 10:39:25 - Windows Update
RP755: 11.3.2015 9:25:36 - Windows Update
RP756: 15.3.2015 12:54:07 - Windows Update
RP757: 19.3.2015 7:32:25 - Windows Update
RP758: 22.3.2015 8:45:02 - Removed Microsoft Silverlight
.
==== Installed Programs ======================
.
2007 Office Systemin yhteensopivuuspaketti
7-Zip 9.20
Activation Assistant for the 2007 Microsoft Office suites
Adobe Audition 1.5
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 16 ActiveX
Adobe Flash Player 16 NPAPI
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader XI (11.0.10)
Adobe Refresh Manager
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
Apple Software Update
Applen ohjelmatuki
AXIS Media Control Embedded
CamStudio 2.7.2
CASIO FA-124
CCleaner
CDBurnerXP
Common Desktop Agent
Counter-Strike: Source
CutePDF Writer 2.8
CyberLink PowerDVD 9
D3DX10
Day of Defeat
DOFix
Dota 2
Euroword 2004 Pro
Euroword 2004 Pro (C:\Program Files (x86)\Euroword2004\)
Extended Asian Language font pack for Adobe Reader XI
Facebook Video Calling 3.1.0.521
Fallout
Fallout: New Vegas
FileHippo.com Update Checker
FileZilla Client 3.10.2
Foldit
Free PDF to Word Doc Converter v1.1
Fujitsu Screensaver
fx-9860G OS Update
GameBiz 2 Uninstall
Garena Plus
Google Toolbar for Internet Explorer
Google Update Helper
Guitar Pro 5.0
Guitar Pro 6
Half-Life 2: Lost Coast
Jagged Alliance 2 Gold
Java 8 Update 31
Java 8 Update 31 (64-bit)
Java Auto Updater
JavaFX 2.1.1
LAME v3.99.3 (for Windows)
Malwarebytes Anti-Malware versio 2.0.4.1028
MATLAB Family of Products Release 14
Microsoft .NET Framework 4.5.1
Microsoft .NET Framework 4.5.1 (FIN)
Microsoft .NET Framework 4.5.1 (suomi)
Microsoft Application Error Reporting
Microsoft Office XP Professional ja FrontPage
Microsoft Security Client
Microsoft Security Essentials
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 30.0 (x86 fi)
Mozilla Maintenance Service
MPC Kromi -selain v.29.0.1547.66 build 220848
MPC Kromi -selain v.38.0.2125.101 build 290379
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nimo Codecs Pack v5.0 (Remove Only)
Nokia Connectivity Cable Driver
Nokia Software Updater
NVIDIA-ohjauspaneeli 320.49
NVIDIA-päivitykset 12.4.55
NVIDIA 3D Vision -ohjain 320.49
NVIDIA Drivers
NVIDIA GeForce Experience 2.0
NVIDIA Grafiikkaohjain 320.49
NVIDIA HD-ääniohjain 1.3.24.2
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA PhysX
NVIDIA PhysX-järjestelmäohjelmisto 9.13.0604
NVIDIA Stereoscopic 3D Driver
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.22
NWZ-B170 WALKMAN Guide
OpenAL
OpenOffice.org 3.2
PC Connectivity Solution
PDFCreator
Pistonsoft BPM Detector 1.0
PunkBuster Services
QuickTime 7
Railroad Tycoon 3
Realtek High Definition Audio Driver
Repro Desk Server 1.6
ResidualVM
Samsung Easy Printer Manager
Samsung Kies
Samsung Printer Live Update
Samsung Scan Assistant
Samsung SCX-3400 Series
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
SHIELD Streaming
Sid Meier's Alpha Centauri
Sid Meier's Alpha Centauri 2000/XP Compatibility Update
Sid Meier's Civilization 4
SimCity 4 Deluxe
Spotify
Steam
SystemDiagnostics
Tilitin
TinyCAD 2.70.03
Tone Stack Calculator
Trillian
Tropico 2: Pirate Cove
Warcraft III
VC 9.0 Runtime
Windows Live Communications Platform
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Liven asennustyökalu
Windows Liven valokuvavalikoima
Windowsin ohjainpaketti - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
WinRAR archiver
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Yahoo! Search
YTD Video Downloader 4.8.9
.
==== End Of File ===========================
« Last Edit: April 06, 2015, 02:38:48 PM by kevinf80 »



Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Inactive - K] MS Silverlight & Two trojans installed overnight
« Reply #1 on: March 22, 2015, 03:42:26 AM »
Hello apimybrowserbarf and welcome,

Follow the instructions in the following link to show hidden files:

http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

Next,

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

In most cases, a restart will be required.

Wait for the prompt to restart the computer to appear, then click on Yes.

When the scan is completed from the main GUI click on History > Application Logs. Find your Scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"

Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to  your reply.

Next,

Download AdwCleaner by Xplode onto your Desktop.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Scan
  • Once the scan is done, click on the Clean button. <<<--- Ensure this option is completed
  • You will get a prompt asking to close all programs. Click OK.
  • Click OK again to reboot your computer.
  • A text file will open after the restart. Please post the content of that logfile in your reply.
  • You can also find the logfile at C:\AdwCleaner[Sn].txt. Where n in the scan reference number
Next,

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.

  • Press Scan button.

  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Let me see those logs in your reply...

Thank you,

Kevin..

Offline apimybrowserbarf

  • Bronze Member
  • Posts: 31
Re: [Inactive - K] MS Silverlight & Two trojans installed overnight
« Reply #2 on: March 22, 2015, 05:20:01 AM »
Hi Kevin,

Thank you so much for your precious weekend time. Here are all the logs as requested!

---

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 22.3.2015
Scan Time: 11:57:02
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.22.03
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Pasi

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 568464
Time Elapsed: 29 min, 48 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.PayByAds.A, C:\Users\Pasi\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.19.2\dsrlte.exe, 120, Delete-on-Reboot, [b5f4f82ad9b17eb8e39cec762ed2ed13]

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.Ttessab.A, HKLM\SOFTWARE\WOW6432NODE\Ttessab, Quarantined, [3673071bfc8efd39c93c895ff50e35cb],
PUP.Optional.Ttessab.A, HKU\S-1-5-21-1415641805-828064493-1863220564-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Ttessab, Quarantined, [8821cc56c8c24aece521e8004bb8be42],
PUP.Optional.PayByAds.A, HKU\S-1-5-21-1415641805-828064493-1863220564-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Yahoo! Search, Quarantined, [a4058b97e3a7c76f61efa4e6946fa45c],

Registry Values: 1
PUP.Optional.PayByAds.A, HKU\S-1-5-21-1415641805-828064493-1863220564-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Yahoo! Search, C:\Users\Pasi\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.19.2\dsrlte.exe, Quarantined, [b5f4f82ad9b17eb8e39cec762ed2ed13]

Registry Data: 0
(No malicious items detected)

Folders: 3
PUP.Optional.PayByAds.A, C:\Users\Pasi\AppData\Local\Pay-By-Ads, Delete-on-Reboot, [a4058b97e3a7c76f61efa4e6946fa45c],
PUP.Optional.PayByAds.A, C:\Users\Pasi\AppData\Local\Pay-By-Ads\Yahoo! Search, Delete-on-Reboot, [a4058b97e3a7c76f61efa4e6946fa45c],
PUP.Optional.PayByAds.A, C:\Users\Pasi\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.19.2, Delete-on-Reboot, [a4058b97e3a7c76f61efa4e6946fa45c],

Files: 169
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{dea9585d-ddcc-4dcd-a648-a859594f3da0}w64.sys, Delete-on-Reboot, [e1b5f0975185cb0198ef3c121a6f9f02],
PUP.Optional.PayByAds.A, C:\Users\Pasi\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.19.2\dsrlte.exe, Delete-on-Reboot, [b5f4f82ad9b17eb8e39cec762ed2ed13],
PUP.Optional.Dsrlte.A, C:\Users\Pasi\AppData\Roaming\Mozilla\Firefox\Profiles\nhgo6yp4.default\searchplugins\dsrlte.xml, Quarantined, [604965bdf3970333c10aef4ee71e58a8],
PUP.Optional.YahooSearch.A, C:\Windows\System32\Tasks\Yahoo! Search, Quarantined, [e9c02ef4afdb6dc96a5a043d3ec7c53b],
PUP.Optional.YahooSearch.A, C:\Windows\System32\Tasks\Yahoo! Search Updater, Quarantined, [5c4d3be72b5f55e1c9fbaf9234d123dd],
PUP.Optional.PayByAds.A, C:\Users\Pasi\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.19.2\app.ini, Quarantined, [a4058b97e3a7c76f61efa4e6946fa45c],
PUP.Optional.PayByAds.A, C:\Users\Pasi\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.19.2\bJmalBzd.dll, Delete-on-Reboot, [a4058b97e3a7c76f61efa4e6946fa45c],
PUP.Optional.PayByAds.A, C:\Users\Pasi\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.19.2\chromext64.dll, Quarantined, [a4058b97e3a7c76f61efa4e6946fa45c],
PUP.Optional.PayByAds.A, C:\Users\Pasi\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.19.2\dsrsetup.exe, Quarantined, [a4058b97e3a7c76f61efa4e6946fa45c],
PUP.Optional.PayByAds.A, C:\Users\Pasi\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.19.2\hlpr64.exe, Quarantined, [a4058b97e3a7c76f61efa4e6946fa45c],
PUP.Optional.PayByAds.A, C:\Users\Pasi\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.19.2\ieds.xml, Quarantined, [a4058b97e3a7c76f61efa4e6946fa45c],
PUP.Optional.PayByAds.A, C:\Users\Pasi\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.19.2\mekVeoMi.dll, Quarantined, [a4058b97e3a7c76f61efa4e6946fa45c],
PUP.Optional.PayByAds.A, C:\Users\Pasi\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.19.2\res.dll, Quarantined, [a4058b97e3a7c76f61efa4e6946fa45c],
PUP.Optional.PayByAds.A, C:\Users\Pasi\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.19.2\serp.js, Quarantined, [a4058b97e3a7c76f61efa4e6946fa45c],
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0DtA0BtN0D0Tzu0SyDtBzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB");), Replaced,[a900fc26ccbe989e75cf4ce4d4324ab6]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\prefs.js, Good: (), Bad: (date-timer", 1376291704);
user_pref("app.update.), Replaced,[a207ee343c4e2c0a3b09ad83d234f30d]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\prefs.js, Good: (), Bad: (efer application is ruhe applicationimer", 1376291224), Replaced,[ffaa8c96a0ea40f683c1e24e2ed8d927]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\prefs.js, Good: (), Bad: ( application is ruhe applicationimer", 1376291224), Replaced,[9b0eaf736228f14562e2b67a0ff79769]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\prefs.js, Good: (), Bad: (efer application is ruhe applicationimer", 137629122), Replaced,[8e1b50d2d2b81a1c9da7e749b84e7d83]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\prefs.js, Good: (), Bad: (r application is ruhe applicationimer", 1376291224), Replaced,[4465160cf8921f174bf9cc644bbb10f0]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\prefs.js, Good: (), Bad: (fer application is ruhe applicationimer", 1376291224);
user_pref("app.update.lastUpdateTime.background-update-timer", 1376291704);
user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1376291344);
user_pref(s", 1376291464);
user_pref("app.update.lastUpdateTime.microsummary-generator-update-timer", 1309288515);
user_pref("app.update.lastUpdateTime.search-engine-update-timer", 1376291584);
user_prf("browser.cache.disk.smart_size.first_run", false);
user_pref("browser.cache.disk.smart_size.use_old_max", false);
user_pref("browser.cache.disk.smart_size_cached_value", 358400);
user_pref("browser.dow), Replaced,[4168ea383555bb7b1f2556da996d649c]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\prefs.js, Good: (), Bad: (ze_cached_value", 358400);
user_pref("browser.downl), Replaced,[2782d84a4d3dcb6bde66062a60a6817f]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\prefs.js, Good: (), Bad: (r application is ruhe applicationimer", 1376291224);
user_pref("app.update.last), Replaced,[e1c82002d4b6bf7762e282aec442be42]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\prefs.js, Good: (), Bad: (ationimer", 1376291224);
user_pref("app.update.), Replaced,[0e9b160cbecc1620c87c18187e88d12f]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\prefs.js, Good: (), Bad: (refer application is ruhe applicationimer", 1376291224);
user_pref("app.update.lastUpdateTime.background-update-timer", 1376291704);
user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1376291344);
user), Replaced,[9316e93989018ea82b191a16e521f10f]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\prefs.js, Good: (), Bad: (ist-background-update-timer", 1376291344);
user_pref(s", 13), Replaced,[931664bec3c71125ed57072912f44eb2]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\prefs.js, Good: (), Bad: (ation is ruhe applicationimer", 1376291224);
user_pref), Replaced,[d1d8041e355556e03b0939f77f874fb1]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\prefs.js, Good: (), Bad: (pplication is ruhe applicationimer", 1376291224);
), Replaced,[68411111e4a68da9c084a789b0566b95]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\prefs.js, Good: (), Bad: (fer application is ruhe applicationimer", 1376291224);
user_pref("app.update.lastUpdateTime.background-update-timer", 1376291704);
user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1376291344);
user), Replaced,[179267bb42485adce55f2e0221e5a35d]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\prefs.js, Good: (), Bad: (klist-background-update-timer", 1376291344);
user_pref(s",), Replaced,[b5f4180a444696a09da70e22fd098779]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\prefs.js, Good: (), Bad: (cation is ruhe applicationimer", 1376291224);
user_pref("app.update.lastUpdateTime.background-update-timer", 1376291704);
user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1376291344);
user_pref(s", 137), Replaced,[8128938ff09aa98d48fcda56967036ca]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\prefs.js, Good: (), Bad: (t-background-update-timer", 1376291344);
user_pref(s", 1376291464);
user_pref("app.update.lastUpdateTime.microsummary-generator-update-timer", 1309288515);
user_pref("app.update.last), Replaced,[9613f0320981de58192b71bf7b8bc739]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\prefs.js, Good: (), Bad: (er_pref("app.update.lastUpdateTime.blocklist-background-upd), Replaced,[7435ce5482089b9b0b39e34dfc0a738d]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\prefs.js, Good: (), Bad: (cation is ruhe applicationimer", 1376291224);
user_pref("app), Replaced,[1495ae740e7c7db9370dd65a57afdd23]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\prefs.js, Good: (), Bad: (tion is ruhe applicationimer", 1376291224);
use), Replaced,[36730022b5d50f27dd67e050b3530000]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\prefs.js, Good: (), Bad: (refer application is ruhe applicationimer", 1376291224);
user_), Replaced,[2881f9294b3fb284172dba7683836b95]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\prefs.js, Good: (), Bad: (on is ruhe applicationimer", 1376291224);
user_pref), Replaced,[9613c85af09ac472d0746dc3917539c7]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\prefs.js, Good: (), Bad: (r application is ruhe applicationimer", 1376291224);
user_pref("app.update.lastUpdateTime.background-update-timer", 1376291704);
user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1376291344);
user_pref(s", 1), Replaced,[16938d958a00003602421a168e789a66]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\prefs.js, Good: (), Bad: (kground-update-timer", 1376291344);
user_pref), Replaced,[7336e141642611250b392010778fa15f]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\prefs.js, Good: (), Bad: ( Prefer application is ruhe applicationimer", 1), Replaced,[07a22ff3365470c6ea5ad45c7f87f40c]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\prefs.js, Good: (), Bad: (Prefer application is ruhe applicationimer", 13762), Replaced,[decb180a92f85bdb58ec08281de9c33d]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\prefs.js, Good: (), Bad: (fer application is ruhe applicationimer", 1376291224)), Replaced,[9a0fa082e4a64beb2321290727df867a]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\prefs.js, Good: (), Bad: ( application is ruhe applicationimer", 1376291224);
us), Replaced,[fbaeae741b6fa690360ec66a8e78936d]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\prefs.js, Good: (), Bad: (pplication is ruhe applicationimer", 1376291224);
user_p), Replaced,[efba0a18612980b64df765cbef17d32d]
PUP.Optional.MySearch.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\user.js, Good: (), Bad: (user_pref("extensions.irmysearch.cr", "956731694");), Replaced,[8623e240385287afa09c33fd29dd18e8]
PUP.Optional.MySearch.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\user.js, Good: (), Bad: (l.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0DtA0BtN1H1B1QyCtB&cr=956731694&ir="), Replaced,[8d1c21016c1e06309aa2250b848207f9]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.srchPrvdr", N2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0DtA0BtN1H1ial.tlbrSrchUrl", "http://start.mysearchdial.com/?f=3&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0DtA0BtN1H1B1QyCtB&cr=956731694&ir=&q=");), Replaced,[affa69b92c5ecd694afb1b153cca817f]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\user.js, Good: (), Bad: (0DtA0BtN1H1ial.tlbrSrchUrl", "http://start.mysearchdial.com/), Replaced,[edbc2ef4f397a78ffe4732fe01057888]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\user.js, Good: (), Bad: (f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0D0B), Replaced,[a405101296f457dffa4b0e221cea669a]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\user.js, Good: (), Bad: (com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzy), Replaced,[dfcaaf73a5e5cf67f64ff33d07ffe51b]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\user.js, Good: (), Bad: (ensidial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1Qzu), Replaced,[c1e80d158cfe2a0c88bd50e0699d45bb]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\user.js, Good: (), Bad: (nsidial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyz), Replaced,[9a0fab77bdcdc571df6679b7f1151ce4]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\user.js, Good: (), Bad: (m/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0), Replaced,[27824ad8771386b0c48131ff23e3aa56]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\user.js, Good: (), Bad: (=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0), Replaced,[c9e0bd654446f343e065f937e1259967]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\user.js, Good: (), Bad: (?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0), Replaced,[02a79c86f694a393dd684ce4de28f60a]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\user.js, Good: (), Bad: (l.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBt), Replaced,[2a7f71b1cbbf69cd4203a18fbc4a7789]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\user.js, Good: (), Bad: (com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyB), Replaced,[aaffcf5395f5f5414ef7210f96704eb2]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\user.js, Good: (), Bad: (al.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyz), Replaced,[2c7dc16118720e28073efc34ab5b16ea]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\user.js, Good: (), Bad: (dial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtC), Replaced,[78316bb7fc8e33030b3ab080cf3725db]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\user.js, Good: (), Bad: (idial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0DtA0BtN1H1B1Qy), Replaced,[5059e83a9ded71c5dd6851df699d1be5]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\user.js, Good: (), Bad: (2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0DtA0BtN1H1B1QyCtB), Replaced,[decbdc46622872c471d437f97c8a7888]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\user.js, Good: (), Bad: (dial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzy), Replaced,[d8d1f230a9e18fa7fa4b64cc06007888]
PUP.Optional.MySearchDial.A, C:\Users\Nelli\AppData\Roaming\Mozilla\Firefox\Profiles\57a7cam1.default\user.js, Good: (), Bad: (l.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0DtA0BtN1H1B1QyCtB&cr=956731694&ir=");), Replaced,[7732de442a60ce68fd4863cdc93daf51]
PUP.Optional.MySearch.A, C:\Users\Pasi\AppData\Roaming\Mozilla\Firefox\Profiles\nhgo6yp4.default\user.js, Good: (), Bad: (user_pref("extensions.irmysearch.cr", "956731694");), Replaced,[eabfb66c7d0dc2740a32e848b254837d]
PUP.Optional.MySearch.A, C:\Users\Pasi\AppData\Roaming\Mozilla\Firefox\Profiles\nhgo6yp4.default\user.js, Good: (), Bad: (l.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0DtA0BtN1H1B1QyCtB&cr=956731694&ir="), Replaced,[04a542e09febe94d0636c7698d792ed2]
PUP.Optional.MySearchDial.A, C:\Users\Pasi\AppData\Roaming\Mozilla\Firefox\Profiles\nhgo6yp4.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.srchPrvdr", N2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0DtA0BtN1H1ial.tlbrSrchUrl", "http://start.mysearchdial.com/?f=3&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0DtA0BtN1H1B1QyCtB&cr=956731694&ir=&q=");), Replaced,[6b3e6ab8c6c42c0aff46eb456b9b31cf]
PUP.Optional.MySearchDial.A, C:\Users\Pasi\AppData\Roaming\Mozilla\Firefox\Profiles\nhgo6yp4.default\user.js, Good: (), Bad: (0DtA0BtN1H1ial.tlbrSrchUrl", "http://start.mysearchdial.com/), Replaced,[a40547dbc3c7b87e4bfa31ffde2803fd]
PUP.Optional.MySearchDial.A, C:\Users\Pasi\AppData\Roaming\Mozilla\Firefox\Profiles\nhgo6yp4.default\user.js, Good: (), Bad: (f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0D0B), Replaced,[9d0cbd650d7d67cf1431f23e7393b34d]
PUP.Optional.MySearchDial.A, C:\Users\Pasi\AppData\Roaming\Mozilla\Firefox\Profiles\nhgo6yp4.default\user.js, Good: (), Bad: (com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzy), Replaced,[34757ba7e5a5cf67ee5782aee2242bd5]
PUP.Optional.MySearchDial.A, C:\Users\Pasi\AppData\Roaming\Mozilla\Firefox\Profiles\nhgo6yp4.default\user.js, Good: (), Bad: (ensidial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1Qzu), Replaced,[08a142e0f79392a47acb8ca4e91d15eb]
PUP.Optional.MySearchDial.A, C:\Users\Pasi\AppData\Roaming\Mozilla\Firefox\Profiles\nhgo6yp4.default\user.js, Good: (), Bad: (nsidial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyz), Replaced,[aaff7da592f859ddfc4983ada165946c]
PUP.Optional.MySearchDial.A, C:\Users\Pasi\AppData\Roaming\Mozilla\Firefox\Profiles\nhgo6yp4.default\user.js, Good: (), Bad: (m/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0), Replaced,[5158aa7834563cfacf7650e08284718f]
PUP.Optional.MySearchDial.A, C:\Users\Pasi\AppData\Roaming\Mozilla\Firefox\Profiles\nhgo6yp4.default\user.js, Good: (), Bad: (=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0), Replaced,[7534e33fbdcd9b9b12339898cc3a8878]
PUP.Optional.MySearchDial.A, C:\Users\Pasi\AppData\Roaming\Mozilla\Firefox\Profiles\nhgo6yp4.default\user.js, Good: (), Bad: (?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0), Replaced,[2c7d978b93f7e0565de8c46c42c438c8]
PUP.Optional.MySearchDial.A, C:\Users\Pasi\AppData\Roaming\Mozilla\Firefox\Profiles\nhgo6yp4.default\user.js, Good: (), Bad: (l.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBt), Replaced,[5b4ec85a870357dfae97aa8619ed6a96]
PUP.Optional.MySearchDial.A, C:\Users\Pasi\AppData\Roaming\Mozilla\Firefox\Profiles\nhgo6yp4.default\user.js, Good: (), Bad: (com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyB), Replaced,[a10856cc098142f4ba8b230d54b215eb]
PUP.Optional.MySearchDial.A, C:\Users\Pasi\AppData\Roaming\Mozilla\Firefox\Profiles\nhgo6yp4.default\user.js, Good: (), Bad: (al.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyz), Replaced,[2386160cabdfe1552c1989a7b6501be5]
PUP.Optional.MySearchDial.A, C:\Users\Pasi\AppData\Roaming\Mozilla\Firefox\Profiles\nhgo6yp4.default\user.js, Good: (), Bad: (dial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtC), Replaced,[dccd5bc78ffb78bedd68141c12f44cb4]
PUP.Optional.MySearchDial.A, C:\Users\Pasi\AppData\Roaming\Mozilla\Firefox\Profiles\nhgo6yp4.default\user.js, Good: (), Bad: (idial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0DtA0BtN1H1B1Qy), Replaced,[5f4a28fa07830d29a0a575bba75f0bf5]
PUP.Optional.MySearchDial.A, C:\Users\Pasi\AppData\Roaming\Mozilla\Firefox\Profiles\nhgo6yp4.default\user.js, Good: (), Bad: (2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0DtA0BtN1H1B1QyCtB), Replaced,[a9001e045e2c55e187bef33ded197090]
PUP.Optional.MySearchDial.A, C:\Users\Pasi\AppData\Roaming\Mozilla\Firefox\Profiles\nhgo6yp4.default\user.js, Good: (), Bad: (dial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzy), Replaced,[bdecba68a0ea37ff3b0a5ed230d6b14f]
PUP.Optional.MySearchDial.A, C:\Users\Pasi\AppData\Roaming\Mozilla\Firefox\Profiles\nhgo6yp4.default\user.js, Good: (), Bad: (l.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0DtA0BtN1H1B1QyCtB&cr=956731694&ir=");), Replaced,[03a68e943d4d72c4db6afa3657af4db3]
PUP.Optional.MySearch.A, C:\Users\Rami\AppData\Roaming\Mozilla\Firefox\Profiles\42qvam22.default\user.js, Good: (), Bad: (user_pref("extensions.irmysearch.cr", "956731694");), Replaced,[6e3b3ce6335723131a22cc64d23450b0]
PUP.Optional.MySearch.A, C:\Users\Rami\AppData\Roaming\Mozilla\Firefox\Profiles\42qvam22.default\user.js, Good: (), Bad: (l.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0DtA0BtN1H1B1QyCtB&cr=956731694&ir="), Replaced,[f0b9bb673a50a492a09cca6625e1e719]
PUP.Optional.MySearchDial.A, C:\Users\Rami\AppData\Roaming\Mozilla\Firefox\Profiles\42qvam22.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.srchPrvdr", N2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0DtA0BtN1H1ial.tlbrSrchUrl", "http://start.mysearchdial.com/?f=3&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0DtA0BtN1H1B1QyCtB&cr=956731694&ir=&q=");), Replaced,[6445170bc8c272c4c67fae82937319e7]
PUP.Optional.MySearchDial.A, C:\Users\Rami\AppData\Roaming\Mozilla\Firefox\Profiles\42qvam22.default\user.js, Good: (), Bad: (0DtA0BtN1H1ial.tlbrSrchUrl", "http://start.mysearchdial.com/), Replaced,[5d4c909267232511c283af81a95d817f]
PUP.Optional.MySearchDial.A, C:\Users\Rami\AppData\Roaming\Mozilla\Firefox\Profiles\42qvam22.default\user.js, Good: (), Bad: (f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0D0B), Replaced,[7930da487f0bf4420342032d08fe57a9]
PUP.Optional.MySearchDial.A, C:\Users\Rami\AppData\Roaming\Mozilla\Firefox\Profiles\42qvam22.default\user.js, Good: (), Bad: (com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzy), Replaced,[d2d7bc66107a0e284afbc16f8a7c11ef]
PUP.Optional.MySearchDial.A, C:\Users\Rami\AppData\Roaming\Mozilla\Firefox\Profiles\42qvam22.default\user.js, Good: (), Bad: (ensidial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1Qzu), Replaced,[5554121092f89d999ca91d13e323738d]
PUP.Optional.MySearchDial.A, C:\Users\Rami\AppData\Roaming\Mozilla\Firefox\Profiles\42qvam22.default\user.js, Good: (), Bad: (nsidial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyz), Replaced,[674231f1424801355de85fd13dc947b9]
PUP.Optional.MySearchDial.A, C:\Users\Rami\AppData\Roaming\Mozilla\Firefox\Profiles\42qvam22.default\user.js, Good: (), Bad: (m/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0), Replaced,[159448da8604bf7796af82ae14f23dc3]
PUP.Optional.MySearchDial.A, C:\Users\Rami\AppData\Roaming\Mozilla\Firefox\Profiles\42qvam22.default\user.js, Good: (), Bad: (=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0), Replaced,[4861d54d6b1f1b1b6bdaf23eef1712ee]
PUP.Optional.MySearchDial.A, C:\Users\Rami\AppData\Roaming\Mozilla\Firefox\Profiles\42qvam22.default\user.js, Good: (), Bad: (?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0), Replaced,[d7d225fd1e6cea4cbb8aff313cca8e72]
PUP.Optional.MySearchDial.A, C:\Users\Rami\AppData\Roaming\Mozilla\Firefox\Profiles\42qvam22.default\user.js, Good: (), Bad: (l.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBt), Replaced,[bceddb47a6e46fc7ce77949cb35332ce]
PUP.Optional.MySearchDial.A, C:\Users\Rami\AppData\Roaming\Mozilla\Firefox\Profiles\42qvam22.default\user.js, Good: (), Bad: (com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyB), Replaced,[2089b072444632047fc6c46c699d2cd4]
PUP.Optional.MySearchDial.A, C:\Users\Rami\AppData\Roaming\Mozilla\Firefox\Profiles\42qvam22.default\user.js, Good: (), Bad: (al.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyz), Replaced,[1297948ec2c854e224216dc351b54bb5]
PUP.Optional.MySearchDial.A, C:\Users\Rami\AppData\Roaming\Mozilla\Firefox\Profiles\42qvam22.default\user.js, Good: (), Bad: (dial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtC), Replaced,[d6d32af8ed9db68079ccae8239cdf10f]
PUP.Optional.MySearchDial.A, C:\Users\Rami\AppData\Roaming\Mozilla\Firefox\Profiles\42qvam22.default\user.js, Good: (), Bad: (idial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0DtA0BtN1H1B1Qy), Replaced,[2584071b2763c86e1e27d55be1258779]
PUP.Optional.MySearchDial.A, C:\Users\Rami\AppData\Roaming\Mozilla\Firefox\Profiles\42qvam22.default\user.js, Good: (), Bad: (2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0DtA0BtN1H1B1QyCtB), Replaced,[575223ffff8bd2640a3bfa3693733ac6]
PUP.Optional.MySearchDial.A, C:\Users\Rami\AppData\Roaming\Mozilla\Firefox\Profiles\42qvam22.default\user.js, Good: (), Bad: (dial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzy), Replaced,[436634eeadddf442e461e84835d1936d]
PUP.Optional.MySearchDial.A, C:\Users\Rami\AppData\Roaming\Mozilla\Firefox\Profiles\42qvam22.default\user.js, Good: (), Bad: (l.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0DtA0BtN1H1B1QyCtB&cr=956731694&ir=");), Replaced,[b0f981a156345fd76adb46ead92d748c]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0DtA0BtN0D0Tzu0SyDtBzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB");), Replaced,[5c4dd64c9ded7db9a2a2220ebb4b0000]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\prefs.js, Good: (), Bad: (date-timer", 1376029887);
user_pref("app.update.), Replaced,[327780a241491c1a75cf1e12db2b09f7]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\prefs.js, Good: (), Bad: (efer application is ruhe applicationimer", 1375964379), Replaced,[614829f9e3a75ed86ed6f33d43c32dd3]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\prefs.js, Good: (), Bad: ( application is ruhe applicationimer", 1375964379), Replaced,[1c8d53cf2a60ce6885bf022e9b6b619f]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\prefs.js, Good: (), Bad: (efer application is ruhe applicationimer", 137596437), Replaced,[9712b86ab5d5f83e4df7fb35c64012ee]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\prefs.js, Good: (), Bad: (r application is ruhe applicationimer", 1375964379), Replaced,[00a982a0f29862d4de66939d8c7a8977]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\prefs.js, Good: (), Bad: (fer application is ruhe applicationimer", 1375964379);
user_pref("app.update.lastUpdateTime.background-update-timer", 1376029887);
user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1375964499);
user_pref(s", 1376030127);
user_pref("app.update.lastUpdateTime.microsummary-generator-update-timer", 1309715972);
user_pref("app.update.lastUpdateTime.search-engine-update-timer", 1376030007);
user_prlse);
user_pref("browser.cache.disk.capacity", 358400);
user_pref("browser.cache.disk.smart_size.first_run", false);
user_pref("browser.cache.disk.smart_size.use_old_max", false);
user_pref("browser.cac), Replaced,[81288c96f49680b6e064f23e778f20e0]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\prefs.js, Good: (), Bad: (size.use_old_max", false);
user_pref("browser.cache), Replaced,[575257cbe2a860d6d47050e010f6748c]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\prefs.js, Good: (), Bad: (r application is ruhe applicationimer", 1375964379);
user_pref("app.update.last), Replaced,[f4b563bfa6e458de9ca800300600f60a]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\prefs.js, Good: (), Bad: (ationimer", 1375964379);
user_pref("app.update.), Replaced,[9019180a9af00135291ba18fe026b749]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\prefs.js, Good: (), Bad: (refer application is ruhe applicationimer", 1375964379);
user_pref("app.update.lastUpdateTime.background-update-timer", 1376029887);
user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1375964499);
user), Replaced,[28810919b6d4c76f50f47db37a8c8878]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\prefs.js, Good: (), Bad: (ist-background-update-timer", 1375964499);
user_pref(s", 13), Replaced,[00a9f929f4961521ce76f43c35d1a15f]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\prefs.js, Good: (), Bad: (ation is ruhe applicationimer", 1375964379);
user_pref), Replaced,[4861d151008a1a1c8fb52b0540c6f60a]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\prefs.js, Good: (), Bad: (pplication is ruhe applicationimer", 1375964379);
), Replaced,[07a21f034a40fc3a2e1652deb05631cf]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\prefs.js, Good: (), Bad: (fer application is ruhe applicationimer", 1375964379);
user_pref("app.update.lastUpdateTime.background-update-timer", 1376029887);
user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1375964499);
user), Replaced,[d2d761c113771323f94ba18f937330d0]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\prefs.js, Good: (), Bad: (klist-background-update-timer", 1375964499);
user_pref(s",), Replaced,[e9c0cc560e7c2115d86c4fe156b051af]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\prefs.js, Good: (), Bad: (cation is ruhe applicationimer", 1375964379);
user_pref("app.update.lastUpdateTime.background-update-timer", 1376029887);
user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1375964499);
user_pref(s", 137), Replaced,[21884bd7cac0092d6ada4ae6a561fe02]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\prefs.js, Good: (), Bad: (t-background-update-timer", 1375964499);
user_pref(s", 1376030127);
user_pref("app.update.lastUpdateTime.microsummary-generator-update-timer", 1309715972);
user_pref("app.update.last), Replaced,[6a3f33efa2e80c2af252d55b9e68c937]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\prefs.js, Good: (), Bad: (er_pref("app.update.lastUpdateTime.blocklist-background-upd), Replaced,[06a3041e3159b5817bc95fd148be43bd]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\prefs.js, Good: (), Bad: (cation is ruhe applicationimer", 1375964379);
user_pref("app), Replaced,[3772c55dcfbb56e085bf44ece81e23dd]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\prefs.js, Good: (), Bad: (tion is ruhe applicationimer", 1375964379);
use), Replaced,[c6e3ac76b4d6082e4400ce62b1556f91]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\prefs.js, Good: (), Bad: (refer application is ruhe applicationimer", 1375964379);
user_), Replaced,[98119b873456bd79370d38f89e68ba46]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\prefs.js, Good: (), Bad: (on is ruhe applicationimer", 1375964379);
user_pref), Replaced,[6049e141622849ed83c1a8888f77ec14]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\prefs.js, Good: (), Bad: (r application is ruhe applicationimer", 1375964379);
user_pref("app.update.lastUpdateTime.background-update-timer", 1376029887);
user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1375964499);
user_pref(s", 1), Replaced,[fbae91914b3fd6601a2a032d996d9d63]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\prefs.js, Good: (), Bad: (kground-update-timer", 1375964499);
user_pref), Replaced,[6148ea382c5e5adcd371cf619b6b6e92]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\prefs.js, Good: (), Bad: ( Prefer application is ruhe applicationimer", 1), Replaced,[f4b5ff23c5c51521291b51df32d4f20e]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\prefs.js, Good: (), Bad: (Prefer application is ruhe applicationimer", 13759), Replaced,[9316a87ad7b351e53c082d0357af827e]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\prefs.js, Good: (), Bad: (fer application is ruhe applicationimer", 1375964379)), Replaced,[50598d951b6f2d0990b4003045c1d32d]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\prefs.js, Good: (), Bad: ( application is ruhe applicationimer", 1375964379);
us), Replaced,[98116eb40b7f280e192bab8554b202fe]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\prefs.js, Good: (), Bad: (pplication is ruhe applicationimer", 1375964379);
user_p), Replaced,[eebbae743d4d40f670d4de52bc4ad32d]
PUP.Optional.MySearch.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\user.js, Good: (), Bad: (user_pref("extensions.irmysearch.cr", "956731694");), Replaced,[832640e2e5a564d255e7161a1ceafd03]
PUP.Optional.MySearch.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\user.js, Good: (), Bad: (l.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0DtA0BtN1H1B1QyCtB&cr=956731694&ir="), Replaced,[ccdd58ca0486191dab9178b808fe758b]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.srchPrvdr", N2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0DtA0BtN1H1ial.tlbrSrchUrl", "http://start.mysearchdial.com/?f=3&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0DtA0BtN1H1B1QyCtB&cr=956731694&ir=&q=");), Replaced,[1495160c0288bf77c77e2c04eb1bc33d]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\user.js, Good: (), Bad: (0DtA0BtN1H1ial.tlbrSrchUrl", "http://start.mysearchdial.com/), Replaced,[7336948e4743ed49eb5a1f11aa5cdc24]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\user.js, Good: (), Bad: (f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0D0B), Replaced,[01a878aa18729a9c96afda56b0568779]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\user.js, Good: (), Bad: (com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzy), Replaced,[6643cd55dfab6acc4cf95bd5c73f1de3]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\user.js, Good: (), Bad: (ensidial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1Qzu), Replaced,[8e1bfc26345689ade65fb37dab5bee12]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\user.js, Good: (), Bad: (nsidial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyz), Replaced,[3c6d170b28622a0cda6bbb7533d31ce4]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\user.js, Good: (), Bad: (m/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0), Replaced,[268375ad2a608fa76dd8d65a0402bd43]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\user.js, Good: (), Bad: (=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0), Replaced,[97126bb7c0cacd69a99c43ed1aecfc04]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\user.js, Good: (), Bad: (?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0), Replaced,[46631f03fb8f2313f352e44c798d21df]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\user.js, Good: (), Bad: (l.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBt), Replaced,[5d4c71b17c0e46f03312d65ad531a65a]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\user.js, Good: (), Bad: (com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyB), Replaced,[8623ce547911053156efc56b9670d12f]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\user.js, Good: (), Bad: (al.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyz), Replaced,[93162ff3ef9bac8af3529f913ccaea16]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\user.js, Good: (), Bad: (dial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtC), Replaced,[0e9b0b174c3e9c9a4cf989a78680e51b]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\user.js, Good: (), Bad: (idial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0DtA0BtN1H1B1Qy), Replaced,[7435180ac9c1fc3a94b12a060006f20e]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\user.js, Good: (), Bad: (2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0DtA0BtN1H1B1QyCtB), Replaced,[c2e744debfcb270fb095022e32d43ac6]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\user.js, Good: (), Bad: (dial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzy), Replaced,[efbae63c7614d85e2c19e34de125db25]
PUP.Optional.MySearchDial.A, C:\Users\Tatu\AppData\Roaming\Mozilla\Firefox\Profiles\g8ww6ue8.default\user.js, Good: (), Bad: (l.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0DtA0BtN1H1B1QyCtB&cr=956731694&ir=");), Replaced,[b2f7ae74008a43f32a1b1c14a660ad53]
PUP.Optional.MySearch.A, C:\Users\Tillu\AppData\Roaming\Mozilla\Firefox\Profiles\n1b9g5k1.default\user.js, Good: (), Bad: (user_pref("extensions.irmysearch.cr", "956731694");), Replaced,[6a3f28faaddd8fa780bca78952b4e51b]
PUP.Optional.MySearch.A, C:\Users\Tillu\AppData\Roaming\Mozilla\Firefox\Profiles\n1b9g5k1.default\user.js, Good: (), Bad: (l.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0DtA0BtN1H1B1QyCtB&cr=956731694&ir="), Replaced,[68419a881e6cf73f4fed80b02fd7738d]
PUP.Optional.MySearchDial.A, C:\Users\Tillu\AppData\Roaming\Mozilla\Firefox\Profiles\n1b9g5k1.default\user.js, Good: (), Bad: (user_pref("extensions.mysearchdial.srchPrvdr", N2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0DtA0BtN1H1ial.tlbrSrchUrl", "http://start.mysearchdial.com/?f=3&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0DtA0BtN1H1B1QyCtB&cr=956731694&ir=&q=");), Replaced,[bbee4ad8c0ca2c0a252036faed19ec14]
PUP.Optional.MySearchDial.A, C:\Users\Tillu\AppData\Roaming\Mozilla\Firefox\Profiles\n1b9g5k1.default\user.js, Good: (), Bad: (0DtA0BtN1H1ial.tlbrSrchUrl", "http://start.mysearchdial.com/), Replaced,[89207ea498f2ba7c76cf989822e422de]
PUP.Optional.MySearchDial.A, C:\Users\Tillu\AppData\Roaming\Mozilla\Firefox\Profiles\n1b9g5k1.default\user.js, Good: (), Bad: (f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0D0B), Replaced,[e5c4968c1278e452024390a046c0f10f]
PUP.Optional.MySearchDial.A, C:\Users\Tillu\AppData\Roaming\Mozilla\Firefox\Profiles\n1b9g5k1.default\user.js, Good: (), Bad: (com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzy), Replaced,[9f0a071b375310267acb3df37c8aa35d]
PUP.Optional.MySearchDial.A, C:\Users\Tillu\AppData\Roaming\Mozilla\Firefox\Profiles\n1b9g5k1.default\user.js, Good: (), Bad: (ensidial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1Qzu), Replaced,[d6d31b07a3e754e25beafb352fd76d93]
PUP.Optional.MySearchDial.A, C:\Users\Tillu\AppData\Roaming\Mozilla\Firefox\Profiles\n1b9g5k1.default\user.js, Good: (), Bad: (nsidial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyz), Replaced,[5c4db46e8dfd2e088cb942ee5caaed13]
PUP.Optional.MySearchDial.A, C:\Users\Tillu\AppData\Roaming\Mozilla\Firefox\Profiles\n1b9g5k1.default\user.js, Good: (), Bad: (m/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0), Replaced,[bbeef52d55353303cc79ab8580861fe1]
PUP.Optional.MySearchDial.A, C:\Users\Tillu\AppData\Roaming\Mozilla\Firefox\Profiles\n1b9g5k1.default\user.js, Good: (), Bad: (=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0), Replaced,[ecbd25fd57330234e85d9a9649bda858]
PUP.Optional.MySearchDial.A, C:\Users\Tillu\AppData\Roaming\Mozilla\Firefox\Profiles\n1b9g5k1.default\user.js, Good: (), Bad: (?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0), Replaced,[c8e1859df59538fe1e271d136d99966a]
PUP.Optional.MySearchDial.A, C:\Users\Tillu\AppData\Roaming\Mozilla\Firefox\Profiles\n1b9g5k1.default\user.js, Good: (), Bad: (l.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBt), Replaced,[2683f72b4e3c9b9b9ca999978c7a659b]
PUP.Optional.MySearchDial.A, C:\Users\Tillu\AppData\Roaming\Mozilla\Firefox\Profiles\n1b9g5k1.default\user.js, Good: (), Bad: (com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyB), Replaced,[0e9bb86af49677bf172eec443cca6e92]
PUP.Optional.MySearchDial.A, C:\Users\Tillu\AppData\Roaming\Mozilla\Firefox\Profiles\n1b9g5k1.default\user.js, Good: (), Bad: (al.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyz), Replaced,[2f7ad0526921280ea89d1c1413f3a858]
PUP.Optional.MySearchDial.A, C:\Users\Tillu\AppData\Roaming\Mozilla\Firefox\Profiles\n1b9g5k1.default\user.js, Good: (), Bad: (dial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtC), Replaced,[c1e8041ea9e15fd785c064cc6a9c14ec]
PUP.Optional.MySearchDial.A, C:\Users\Tillu\AppData\Roaming\Mozilla\Firefox\Profiles\n1b9g5k1.default\user.js, Good: (), Bad: (idial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0DtA0BtN1H1B1Qy), Replaced,[1693b86a2d5df44260e5c967ab5b9070]
PUP.Optional.MySearchDial.A, C:\Users\Tillu\AppData\Roaming\Mozilla\Firefox\Profiles\n1b9g5k1.default\user.js, Good: (), Bad: (2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0DtA0BtN1H1B1QyCtB), Replaced,[7d2cd64caae0d561a1a486aaaa5cbc44]
PUP.Optional.MySearchDial.A, C:\Users\Tillu\AppData\Roaming\Mozilla\Firefox\Profiles\n1b9g5k1.default\user.js, Good: (), Bad: (dial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzy), Replaced,[f3b6889a16740a2c093c5cd4b2548e72]
PUP.Optional.MySearchDial.A, C:\Users\Tillu\AppData\Roaming\Mozilla\Firefox\Profiles\n1b9g5k1.default\user.js, Good: (), Bad: (l.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0DtA0BtN1H1B1QyCtB&cr=956731694&ir=");), Replaced,[b7f2e1416624082eba8bc967c442e21e]

Physical Sectors: 0
(No malicious items detected)


(end)



# AdwCleaner v4.112 - Logfile created 22/03/2015 at 12:49:18
# Updated 09/03/2015 by Xplode
# Database : 2015-03-22.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Pasi - GUNNERS
# Running from : C:\Users\Pasi\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\SecTaskMan
Folder Deleted : C:\ProgramData\ytd video downloader
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Users\Pasi\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\Pasi\Documents\Updater
Folder Deleted : C:\Users\Tatu\AppData\Local\Conduit
Folder Deleted : C:\Users\Tatu\AppData\Local\PackageAware
Folder Deleted : C:\Users\Tatu\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Tatu\AppData\Roaming\Uniblue
Folder Deleted : C:\Users\Tatu\Documents\Updater
Folder Deleted : C:\Users\Tillu\Documents\Updater
Folder Deleted : C:\Users\Pasi\AppData\Roaming\Mozilla\Firefox\Profiles\nhgo6yp4.default\Extensions\{30B5D38F-A43B-42fd-B7E5-898BB1B71B8B}
Folder Deleted : C:\Users\Tatu\AppData\Local\Chromium\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff
File Deleted : C:\Windows\SysWOW64\RegistryHelperLM.ocx
File Deleted : C:\Users\Pasi\AppData\Roaming\Mozilla\Firefox\Profiles\nhgo6yp4.default\invalidprefs.js
File Deleted : C:\Users\Rami\AppData\Roaming\Mozilla\Firefox\Profiles\42qvam22.default\invalidprefs.js
File Deleted : C:\Users\Nelli\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\Nelli\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Deleted : C:\Users\Nelli\AppData\Local\Chromium\User Data\Default\Local Storage\chrome-devtools_devtools_0.localstorage
File Deleted : C:\Users\Pasi\AppData\Local\Chromium\User Data\Default\Local Storage\chrome-devtools_devtools_0.localstorage
File Deleted : C:\Users\Rami\AppData\Local\Chromium\User Data\Default\Local Storage\chrome-devtools_devtools_0.localstorage
File Deleted : C:\Users\Tatu\AppData\Local\Chromium\User Data\Default\Local Storage\chrome-devtools_devtools_0.localstorage
File Deleted : C:\Users\Tillu\AppData\Local\Chromium\User Data\Default\Local Storage\chrome-devtools_devtools_0.localstorage
File Deleted : C:\Users\Nelli\AppData\Local\Chromium\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage
File Deleted : C:\Users\Rami\AppData\Local\Chromium\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage
File Deleted : C:\Users\Tillu\AppData\Local\Chromium\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage
File Deleted : C:\Users\Nelli\AppData\Local\Chromium\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage-journal

***** [ Scheduled tasks ] *****

Task Deleted : Yahoo! Search
Task Deleted : Yahoo! Search Updater

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKCU\Software\Classes\keepmysearch
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DEBCB08B-7901-44F2-9EA2-B7E82257F1D3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6402F9C5-45CA-43C3-A8BF-F1C509F0873F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{03B96CF5-A296-4879-A6E6-33CFC9B08DB9}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\B696D3C37BD0D6C33A65D38BEC459181
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\B696D3C37BD0D6C33A65D38BEC459181
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B696D3C37BD0D6C33A65D38BEC459181

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v30.0 (fi)

[nhgo6yp4.default\prefs.js] - Line Deleted : user_pref("extensionsns.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0DtA0BtN1H1B1QyCtB&cr=956731694&ir=");
[42qvam22.default\prefs.js] - Line Deleted : user_pref("extensionsns.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0DtA0BtN1H1B1QyCtB&cr=956731694&ir=");
[n1b9g5k1.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");
[n1b9g5k1.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");

-\\ Google Chrome v

[C:\Users\Pasi\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0DtA0BtN0D0Tzu0SyDtBzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=956731694&ir=

-\\ Chromium v

[C:\Users\Pasi\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd62&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyyBtA0B0D0BtA0E0DtA0BtN0D0Tzu0SyDtBzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=956731694&ir=

*************************

AdwCleaner[R0].txt - [11776 bytes] - [22/03/2015 12:40:04]
AdwCleaner[S0].txt - [11889 bytes] - [22/03/2015 12:49:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11949  bytes] ##########



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.5 (03.17.2015:1)
OS: Windows 7 Home Premium x64
Ran by Pasi on su 22.03.2015 at 13:00:43,72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update smarterpower
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update ttessab
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util smarterpower
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util ttessab



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Pasi\appdata\local\{23C602B4-A24F-453B-935C-3DE60AAA2085}
Successfully deleted: [Empty Folder] C:\Users\Pasi\appdata\local\{42B535A6-CED9-4B68-9699-A3A8656A1718}
Successfully deleted: [Empty Folder] C:\Users\Pasi\appdata\local\{4C52168C-2FD9-4ABF-BA01-A505D9D9C284}
Successfully deleted: [Empty Folder] C:\Users\Pasi\appdata\local\{74DAD2DA-F8E7-4F40-98C9-8B31FF1B9B83}
Successfully deleted: [Empty Folder] C:\Users\Pasi\appdata\local\{8568B45D-80F0-4DD9-A3C6-952970987B8B}
Successfully deleted: [Empty Folder] C:\Users\Pasi\appdata\local\{A8161C02-DE47-4A37-BBBC-8FD1619C97AF}
Successfully deleted: [Empty Folder] C:\Users\Pasi\appdata\local\{AA951341-DBC4-4B84-BC1E-F1887562A66E}
Successfully deleted: [Empty Folder] C:\Users\Pasi\appdata\local\{C25EA451-DD99-4166-8547-C24947FCD519}
Successfully deleted: [Empty Folder] C:\Users\Pasi\appdata\local\{CA4B5E6D-6E1B-4F4A-9F4D-B7655A3A9302}
Successfully deleted: [Empty Folder] C:\Users\Pasi\appdata\local\{D0726B44-D447-4062-BF81-8B89E2901E4C}
Successfully deleted: [Empty Folder] C:\Users\Pasi\appdata\local\{DC647406-160F-4143-890C-15AC3632C7DA}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on su 22.03.2015 at 13:04:20,98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Offline apimybrowserbarf

  • Bronze Member
  • Posts: 31
Re: [Inactive - K] MS Silverlight & Two trojans installed overnight
« Reply #3 on: March 22, 2015, 05:23:47 AM »
The character limit was exceeded  :D1, so I post the second half here, along with addition.txt in attachments.


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Pasi (administrator) on GUNNERS on 22-03-2015 13:11:27
Running from C:\Users\Pasi\Desktop
Loaded Profiles: Pasi (Available profiles: Pasi & Tatu & Tillu & Nelli & Rami)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: suomi (Suomi)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Fujitsu Technology Solutions) C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Printer Manager\ScrPrint.exe
(FileHippo.com) C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
(Spotify Ltd) D:\Spotify\Data\SpotifyWebHelper.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Piriform Ltd) C:\Program Files (x86)\CCleaner\CCleaner64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-05] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [438784 2010-12-17] ()
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-04-27] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2009-04-27] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2009-05-07] (cyberlink)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-15] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-1415641805-828064493-1863220564-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-12-21] (Google Inc.)
HKU\S-1-5-21-1415641805-828064493-1863220564-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [306688 2012-03-26] (FileHippo.com)
HKU\S-1-5-21-1415641805-828064493-1863220564-1001\...\Run: [Spotify Web Helper] => D:\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-06-23] (Spotify Ltd)
HKU\S-1-5-21-1415641805-828064493-1863220564-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564016 2013-07-15] (Samsung)
HKU\S-1-5-21-1415641805-828064493-1863220564-1001\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-07-18] (Samsung Electronics)
HKU\S-1-5-21-1415641805-828064493-1863220564-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-15] (Samsung)
HKU\S-1-5-21-1415641805-828064493-1863220564-1001\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\FUJITS~1.SCR [205312 2009-12-21] (ScreenTime Media)
AppInit_DLLs-x32:  => "" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Nelli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Pasi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Rami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Tatu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Tillu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1415641805-828064493-1863220564-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1415641805-828064493-1863220564-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1415641805-828064493-1863220564-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.ts.fujitsu.com/index2
HKU\S-1-5-21-1415641805-828064493-1863220564-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://q.search-simple.com/?affID=na
www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1415641805-828064493-1863220564-1001 -> {03B96CF5-A296-4879-A6E6-33CFC9B08DB9} URL =
SearchScopes: HKU\S-1-5-21-1415641805-828064493-1863220564-1001 -> {65408769-9FAF-4AB0-9742-560698BB3147} URL = https://fi.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1415641805-828064493-1863220564-1001 -> {7DB63696-B2E1-8638-5CEC-6DBC0C2CD0BE} URL = http://q.search-simple.com/?affID=na&q={searchTerms}&r=627
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
BHO-x32: Windows Live ID -kirjautumisapuohjelma -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
Toolbar: HKLM - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKLM-x32 - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKU\S-1-5-21-1415641805-828064493-1863220564-1001 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {DE625294-70E6-45ED-B895-CFFA13AEB044} http://85.23.161.214/activex/AMC.cab
Handler-x32: pm - {A479F961-CC9E-11D0-A220-000000000000} - C:\Program Files (x86)\Common Files\Repro Desk\PmProtocol.dll [2004-08-27] (Océ)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1

FireFox:
========
FF ProfilePath: C:\Users\Pasi\AppData\Roaming\Mozilla\Firefox\Profiles\nhgo6yp4.default
FF NewTab: hxxp://q.search-simple.com/?m=tab&affID=na
FF Homepage: hxxp://q.search-simple.com/?affID=na
FF NewTab: hxxp://fi.search.yahoo.com/?fr=hp-ddc-bd-tab&type=246_pr__alt__ddc_dsssyctab_bd_com
FF DefaultSearchEngine: Yahoo! Search
FF SelectedSearchEngine: Yahoo! Search
FF Keyword.URL: hxxp://q.search-simple.com/?q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2013-05-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-06-21] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-06-21] (NVIDIA Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> D:\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2013-02-25] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Pasi\AppData\Roaming\Mozilla\Firefox\Profiles\nhgo6yp4.default\searchplugins\search-simple.xml [2015-03-21]
FF Extension: Test Pilot - C:\Users\Pasi\AppData\Roaming\Mozilla\Firefox\Profiles\nhgo6yp4.default\Extensions\testpilot@labs.mozilla.com.xpi [2011-02-13]
FF Extension: Ttessab 1.0.1 - C:\Users\Pasi\AppData\Roaming\Mozilla\Firefox\Profiles\nhgo6yp4.default\Extensions\{dea9585d-ddcc-4dcd-a648-a859594f3da0}.xpi [2015-03-21]
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\firefox.exe

Chrome:
=======
CHR Profile: C:\Users\Pasi\AppData\Local\Google\Chrome\User Data\Default

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2010-10-24] (Adobe Systems) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20541216 2014-04-02] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2011-09-03] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [271760 2009-04-27] ()
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [615936 2010-06-14] (Nokia) [File not signed]
R2 TestHandler; C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [341264 2009-02-19] (Fujitsu Technology Solutions)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir3.sys [32768 2009-08-24] (Hauppauge Computer Works, Inc.)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [27136 2011-08-17] (Nokia)
S3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [19968 2011-08-17] (Nokia)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation)
S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [10368 2004-04-01] (Padus, Inc.) [File not signed]
S3 PVUSB; C:\Windows\System32\DRIVERS\CESG64.sys [63808 2007-02-19] (CASIO COMPUTER CO.,LTD.)
R3 SNXPCAMD; C:\Windows\System32\DRIVERS\snxpcamd.sys [62464 2009-06-25] (SUNIX Co., Ltd.)
R3 SNXPPAMD; C:\Windows\System32\DRIVERS\snxppamd.sys [133632 2009-06-25] (SUNIX Co., Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [828912 2011-06-22] () [File not signed]
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2009-05-07] (CyberLink Corp.)
U3 a3cwmg81; C:\Windows\System32\Drivers\a3cwmg81.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
S3 catchme; \??\C:\username321\catchme.sys [X]
S3 GGSAFERDriver; \??\D:\Garena Plus\Room\safedrv.sys [X]
S2 ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-22 13:11 - 2015-03-22 13:11 - 00019261 _____ () C:\Users\Pasi\Desktop\FRST.txt
2015-03-22 13:11 - 2015-03-22 13:11 - 00000000 ____D () C:\FRST
2015-03-22 13:10 - 2015-03-22 13:10 - 02095616 _____ (Farbar) C:\Users\Pasi\Desktop\FRST64.exe
2015-03-22 13:06 - 2015-03-22 13:06 - 00000000 ___RD () C:\Users\Pasi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9
2015-03-22 13:04 - 2015-03-22 13:04 - 00002303 _____ () C:\Users\Pasi\Desktop\JRT.txt
2015-03-22 12:53 - 2015-03-22 12:53 - 01388672 _____ (Thisisu) C:\Users\Pasi\Desktop\JRT.exe
2015-03-22 12:52 - 2015-03-22 12:52 - 00012114 _____ () C:\Users\Pasi\Desktop\AdwCleaner[S0].txt
2015-03-22 12:39 - 2015-03-22 12:49 - 00000000 ____D () C:\AdwCleaner
2015-03-22 12:39 - 2015-03-22 12:39 - 02171392 _____ () C:\Users\Pasi\Desktop\AdwCleaner.exe
2015-03-22 12:32 - 2015-03-22 12:51 - 00037116 _____ () C:\Windows\PFRO.log
2015-03-22 09:21 - 2015-03-22 09:21 - 00003060 _____ () C:\Users\Pasi\Desktop\attach.zip
2015-03-22 09:20 - 2015-03-22 09:20 - 00025299 _____ () C:\Users\Pasi\Desktop\dds.txt
2015-03-22 09:20 - 2015-03-22 09:20 - 00007249 _____ () C:\Users\Pasi\Desktop\attach.txt
2015-03-22 09:19 - 2015-03-22 13:00 - 00000239 _____ () C:\Users\Pasi\Desktop\SPYYWARE MITA TEHNYT.txt
2015-03-22 08:52 - 2015-03-22 08:52 - 00064031 _____ () C:\Users\Pasi\Desktop\PC Speed Up or PCSpeedUp Removal Report.html
2015-03-22 08:52 - 2015-03-22 08:52 - 00000000 ____D () C:\Users\Pasi\Desktop\PC Speed Up or PCSpeedUp Removal Report_files
2015-03-22 08:49 - 2015-03-22 08:49 - 00055287 _____ () C:\Users\Pasi\Desktop\Remove PC Speed Up (Uninstall Guide).html
2015-03-22 08:49 - 2015-03-22 08:49 - 00000000 ____D () C:\Users\Pasi\Desktop\Remove PC Speed Up (Uninstall Guide)_files
2015-03-21 19:21 - 2015-03-21 19:21 - 00000000 ____D () C:\Users\Pasi\AppData\Roaming\SIEMENS GIGASET M170 C CX user guide
2015-03-21 19:13 - 2015-03-22 13:06 - 00000840 _____ () C:\Windows\setupact.log
2015-03-21 19:13 - 2015-03-21 19:13 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-21 12:53 - 2015-03-21 12:53 - 00000000 ____D () C:\Users\Pasi\Downloads\Buena Vista Social Club - At Carnegie Hall
2015-03-21 12:52 - 2015-03-21 12:52 - 116718398 _____ () C:\Users\Pasi\Downloads\Buena Vista Social Club - At Carnegie Hall.rar
2015-03-20 09:13 - 2015-03-20 09:41 - 00000000 ____D () C:\Users\Pasi\Desktop\BV5000Service_1.2.6
2015-03-20 08:55 - 2015-03-20 08:55 - 00022486 _____ () C:\Users\Pasi\Desktop\IM puhelinluettelo 20140615.xlsx
2015-03-20 08:47 - 2015-03-20 08:47 - 06208736 _____ (Tim Kosse) C:\Users\Pasi\Downloads\FileZilla_3.10.2_win32-setup.exe
2015-03-19 19:44 - 2015-03-19 19:44 - 00000000 ___RD () C:\Users\Tillu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9
2015-03-13 13:11 - 2015-03-13 13:11 - 00000000 ___RD () C:\Users\Rami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9
2015-03-11 07:17 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 07:17 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 07:17 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 07:17 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 07:17 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 07:17 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 07:17 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 07:17 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 07:17 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 07:17 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 07:17 - 2015-02-03 05:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 07:17 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 07:17 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 07:17 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 07:17 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 07:17 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 07:17 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 07:17 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 07:17 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 07:17 - 2015-02-03 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 07:17 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 07:17 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 07:17 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 07:17 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 07:17 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 07:17 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 07:17 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 07:17 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 07:17 - 2015-02-03 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 07:17 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 07:17 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 07:17 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 07:17 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 07:17 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 07:17 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 07:17 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 07:17 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 07:17 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 07:17 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 07:17 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 07:17 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 07:17 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 07:17 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 07:17 - 2015-02-03 05:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 07:17 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 07:17 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 07:17 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 07:17 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 07:17 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 07:17 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 07:17 - 2015-02-03 05:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 07:17 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 07:17 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 07:17 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 07:17 - 2015-02-03 05:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 07:17 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 07:17 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 07:17 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 07:17 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 07:17 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 07:17 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 07:17 - 2015-02-03 05:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 07:17 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 07:17 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 07:17 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 07:17 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 07:17 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 07:17 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 07:17 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 07:17 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 07:17 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 07:17 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 07:17 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 07:17 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 07:17 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 07:17 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 07:17 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 07:17 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 07:17 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 07:17 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 07:17 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 07:17 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 07:17 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 07:17 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 07:17 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 07:17 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 07:17 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 07:17 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 07:17 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 07:17 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 07:17 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 07:17 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 07:17 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 07:17 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 07:17 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 07:17 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 07:17 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 07:17 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 07:17 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 07:17 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 07:17 - 2014-06-28 02:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 07:17 - 2014-06-28 02:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-11 07:16 - 2015-03-06 07:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 07:16 - 2015-03-06 07:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 07:16 - 2015-03-06 07:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 07:16 - 2015-03-06 07:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 07:16 - 2015-03-06 07:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 07:16 - 2015-03-06 07:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 07:16 - 2015-03-06 07:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 07:16 - 2015-03-06 07:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 07:16 - 2015-03-06 07:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 07:16 - 2015-03-06 07:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 07:16 - 2015-03-06 07:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 07:16 - 2015-03-06 07:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 07:16 - 2015-03-06 07:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 07:16 - 2015-03-06 07:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 07:16 - 2015-03-06 07:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 07:16 - 2015-03-06 07:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 07:16 - 2015-03-06 07:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 07:16 - 2015-03-06 07:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 07:16 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 07:16 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 07:16 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 07:16 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 07:16 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 07:16 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 07:16 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 07:16 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 07:16 - 2015-03-06 07:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 07:16 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 07:16 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 07:16 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 07:16 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 07:16 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 07:16 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 07:16 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 07:16 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 07:16 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 07:15 - 2015-02-26 05:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 07:15 - 2015-02-24 05:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 07:15 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 07:15 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 07:15 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 07:15 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 07:15 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 07:15 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 07:15 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 07:15 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 07:15 - 2015-02-20 05:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 07:15 - 2015-02-20 05:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 07:15 - 2015-02-20 04:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 07:15 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 07:15 - 2015-02-20 04:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 07:15 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 07:15 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 07:15 - 2015-02-20 04:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 07:15 - 2015-02-20 04:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 07:15 - 2015-02-20 04:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 07:15 - 2015-02-20 04:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 07:15 - 2015-02-20 04:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 07:15 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 07:15 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 07:15 - 2015-02-20 04:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 07:15 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 07:15 - 2015-02-20 04:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 07:15 - 2015-02-20 04:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 07:15 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 07:15 - 2015-02-20 04:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 07:15 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 07:15 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 07:15 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 07:15 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 07:15 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 07:15 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 07:15 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 07:15 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 07:15 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 07:15 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 07:15 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 07:15 - 2015-02-20 03:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 07:15 - 2015-02-20 03:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 07:15 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 07:15 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 07:15 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 07:15 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 07:15 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 07:15 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 07:15 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 07:15 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 07:15 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 07:15 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 07:15 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 07:15 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 07:15 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 07:15 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 07:15 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 07:15 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 07:15 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 07:15 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 07:13 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 07:13 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-09 17:30 - 2015-03-11 13:46 - 00000000 ____D () C:\GOG Games
2015-03-06 18:29 - 2015-03-07 15:28 - 00000524 _____ () C:\Users\Pasi\Desktop\Bluesia Pieksämäen asemalla.txt
2015-03-06 09:43 - 2015-03-06 09:44 - 63291928 _____ (PortableApps.com) C:\Users\Pasi\Downloads\GIMPPortable_2.8.14-fix.paf.exe
2015-03-05 09:46 - 2015-03-05 09:46 - 86655646 _____ () C:\Users\Pasi\Documents\Juice Leskinen - Bluesia pieksämäen asemalla(Koko Biisi).mp4
2015-03-04 07:10 - 2015-01-09 05:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-04 07:10 - 2015-01-09 05:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-04 07:10 - 2015-01-09 05:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-04 07:10 - 2015-01-09 04:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-25 08:59 - 2015-01-09 01:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 08:59 - 2015-01-09 01:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-23 18:45 - 2015-02-23 18:45 - 00000000 ___RD () C:\Users\Nelli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-22 13:11 - 2009-07-14 06:45 - 00018736 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-22 13:11 - 2009-07-14 06:45 - 00018736 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-22 13:09 - 2014-11-06 16:35 - 01138003 _____ () C:\Windows\WindowsUpdate.log
2015-03-22 13:06 - 2010-02-05 00:26 - 00001004 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-22 13:06 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-22 13:05 - 2009-12-21 21:47 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-22 13:02 - 2012-12-08 00:57 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1415641805-828064493-1863220564-1006UA.job
2015-03-22 12:55 - 2011-02-04 12:09 - 00000000 ____D () C:\Users\Pasi\AppData\Local\CutePDF Writer
2015-03-22 12:42 - 2010-02-05 00:26 - 00001008 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-22 12:40 - 2013-03-16 10:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-22 12:35 - 2014-11-06 16:53 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-22 12:32 - 2010-08-08 17:28 - 00000000 ____D () C:\Windows\pss
2015-03-22 12:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Branding
2015-03-22 09:18 - 2010-01-10 16:44 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{EFB600D9-78CD-4224-A9CB-759BBC2B04AF}
2015-03-22 08:43 - 2009-07-14 04:34 - 00000601 _____ () C:\Windows\win.ini
2015-03-22 08:28 - 2014-09-21 09:42 - 00000000 ____D () C:\Program Files\CamStudio 2.7
2015-03-21 19:14 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-20 18:36 - 2012-10-26 19:59 - 00000000 ____D () C:\Users\Pasi\Desktop\2G_TIKKU
2015-03-20 09:48 - 2014-08-23 09:21 - 00000000 ____D () C:\Users\Pasi\AppData\Roaming\FileZilla
2015-03-20 09:28 - 2012-12-05 18:41 - 00000099 _____ () C:\Users\Public\LMDebug.log
2015-03-20 09:08 - 2012-11-03 10:44 - 00000000 ____D () C:\Users\Pasi\Desktop\OTH
2015-03-20 08:51 - 2015-02-10 16:20 - 00002006 _____ () C:\Users\Pasi\Desktop\FileZilla Client.lnk
2015-03-20 08:51 - 2015-02-10 16:20 - 00000000 ____D () C:\Users\Pasi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-03-20 08:51 - 2014-12-04 07:56 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2015-03-20 06:52 - 2012-12-08 00:57 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1415641805-828064493-1863220564-1006Core.job
2015-03-19 19:47 - 2013-12-20 19:03 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{AAE4B78C-2034-445E-9899-2C4E67181E43}
2015-03-15 14:04 - 2010-01-12 18:08 - 00000000 ____D () C:\Users\Tillu\AppData\Local\Google
2015-03-13 13:16 - 2014-01-05 13:44 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{59B58BD7-2036-4218-85BA-65F69E28F1E1}
2015-03-13 09:45 - 2012-08-06 13:46 - 00002782 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-03-12 15:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-03-11 13:46 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-11 10:53 - 2009-07-14 06:45 - 00436504 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 10:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-11 10:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 09:35 - 2013-08-15 06:34 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 09:27 - 2009-12-21 14:12 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-08 15:58 - 2012-09-20 09:51 - 00000000 ____D () C:\Users\Pasi\AppData\Roaming\Tilitin
2015-03-06 09:49 - 2009-12-21 14:01 - 00000000 ____D () C:\Users\Pasi
2015-03-05 09:42 - 2014-01-11 10:12 - 00001295 _____ () C:\Users\Public\Desktop\YTD Video Downloader.lnk
2015-03-04 10:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2015-03-03 15:17 - 2009-12-21 14:07 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2012-07-15 06:53 - 2012-07-15 06:53 - 4024320 _____ () C:\Program Files (x86)\GUTBF6F.tmp
2014-09-21 09:45 - 2014-09-21 11:10 - 0000096 _____ () C:\Users\Pasi\AppData\Roaming\Camdata.ini
2014-09-21 09:45 - 2014-09-21 11:10 - 0000408 _____ () C:\Users\Pasi\AppData\Roaming\CamLayout.ini
2014-09-21 09:45 - 2014-09-21 11:10 - 0000408 _____ () C:\Users\Pasi\AppData\Roaming\CamShapes.ini
2014-09-21 09:45 - 2014-09-21 10:47 - 0004535 _____ () C:\Users\Pasi\AppData\Roaming\CamStudio.cfg
2014-09-21 10:00 - 2014-09-21 10:00 - 0000000 _____ () C:\Users\Pasi\AppData\Roaming\CamStudio.Producer.Data.ini
2014-09-21 10:00 - 2014-09-21 10:00 - 0001206 _____ () C:\Users\Pasi\AppData\Roaming\CamStudio.Producer.ini
2014-09-21 09:44 - 2014-09-21 10:35 - 0000096 _____ () C:\Users\Pasi\AppData\Roaming\version2.xml
2012-11-25 09:02 - 2014-11-13 12:47 - 0007605 _____ () C:\Users\Pasi\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\Pasi\AppData\Local\Temp\Quarantine.exe
C:\Users\Pasi\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-19 20:15

==================== End Of Log ============================



Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Inactive - K] MS Silverlight & Two trojans installed overnight
« Reply #4 on: March 22, 2015, 10:59:23 AM »
Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.

Click there Run ESET Online Scanner.

If using Internet Explorer:

  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.
If using Mozilla Firefox or Google Chrome:
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.
To perform the scan:
  • Make sure that Remove found threats is unchecked.
  • Scan archives is checked.
  • In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
  • Under “Enable Stealth Technology select “Change” select any extra drives in that window.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
Please include this logfile in your next reply.

Don't forget to re-enable protection software!

Let me see those logs, also give an update on any remaining issues or concerns....

Thanks,

Kevin..



Offline apimybrowserbarf

  • Bronze Member
  • Posts: 31
Re: [Inactive - K] MS Silverlight & Two trojans installed overnight
« Reply #5 on: March 25, 2015, 01:08:57 PM »
Hey,

Sorry it took a while. Here are the results. I know the GENS stuff are Genesis emulator stuff, so that doesn't SEEM harmless but I have no idea what the Freesounddownloader is. I'm gonna see to it that the useless stuff gets deleted... though I wonder Adwcleaner guarantine item and FSD has any connection.

As for problems, so good so far... Dad hasn't said anything is off. Here's hoping it stays and you don't spot anything off from the Farbar logs... thanks a TON in advance, Kevin!!  :p  :t


--------------------------------------------------------------------------------------------

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Pasi at 2015-03-23 19:26:01 Run:1
Running from C:\Users\Pasi\Desktop
Loaded Profiles: Pasi (Available profiles: Pasi & Tatu & Tillu & Nelli & Rami)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1415641805-828064493-1863220564-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKLM - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKLM-x32 - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKU\S-1-5-21-1415641805-828064493-1863220564-1001 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
U3 a3cwmg81; C:\Windows\System32\Drivers\a3cwmg81.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
C:\Windows\System32\Drivers\a3cwmg81.sys
S3 catchme; \??\C:\username321\catchme.sys [X]
S3 GGSAFERDriver; \??\D:\Garena Plus\Room\safedrv.sys [X]
S2 ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
2012-07-15 06:53 - 2012-07-15 06:53 - 4024320 _____ () C:\Program Files (x86)\GUTBF6F.tmp
2014-09-21 09:45 - 2014-09-21 11:10 - 0000096 _____ () C:\Users\Pasi\AppData\Roaming\Camdata.ini
2014-09-21 09:45 - 2014-09-21 11:10 - 0000408 _____ () C:\Users\Pasi\AppData\Roaming\CamLayout.ini
2014-09-21 09:45 - 2014-09-21 11:10 - 0000408 _____ () C:\Users\Pasi\AppData\Roaming\CamShapes.ini
2014-09-21 09:45 - 2014-09-21 10:47 - 0004535 _____ () C:\Users\Pasi\AppData\Roaming\CamStudio.cfg
2014-09-21 10:00 - 2014-09-21 10:00 - 0000000 _____ () C:\Users\Pasi\AppData\Roaming\CamStudio.Producer.Data.ini
2014-09-21 10:00 - 2014-09-21 10:00 - 0001206 _____ () C:\Users\Pasi\AppData\Roaming\CamStudio.Producer.ini
C:\Users\Pasi\AppData\Local\Temp\Quarantine.exe
C:\Users\Pasi\AppData\Local\Temp\sqlite3.dll
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
EmptyTemp:
end



*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-1415641805-828064493-1863220564-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => value deleted successfully.
HKCR\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => value deleted successfully.
HKCR\Wow6432Node\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => Key not found.
HKU\S-1-5-21-1415641805-828064493-1863220564-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => value deleted successfully.
HKCR\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => Key not found.
a3cwmg81 => Service deleted successfully.
Could not move "C:\Windows\System32\Drivers\a3cwmg81.sys" => Scheduled to move on reboot.
catchme => Service deleted successfully.
GGSAFERDriver => Service deleted successfully.
ISWKL => Service deleted successfully.
Lavasoft Kernexplorer => Service deleted successfully.
Lbd => Service deleted successfully.
C:\Program Files (x86)\GUTBF6F.tmp => Moved successfully.
C:\Users\Pasi\AppData\Roaming\Camdata.ini => Moved successfully.
C:\Users\Pasi\AppData\Roaming\CamLayout.ini => Moved successfully.
C:\Users\Pasi\AppData\Roaming\CamShapes.ini => Moved successfully.
C:\Users\Pasi\AppData\Roaming\CamStudio.cfg => Moved successfully.
C:\Users\Pasi\AppData\Roaming\CamStudio.Producer.Data.ini => Moved successfully.
C:\Users\Pasi\AppData\Roaming\CamStudio.Producer.ini => Moved successfully.
C:\Users\Pasi\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Pasi\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\ProgramData\Temp => ":D1B5B4F1" ADS removed successfully.
EmptyTemp: => Removed 142.2 MB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-03-23 19:37:11)<=

C:\Windows\System32\Drivers\a3cwmg81.sys => Is moved successfully.

==== End of Fixlog 19:37:11 ====


--
ESET results:

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir   Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Users\Tatu\Downloads\FreeSoundRecorder.exe   Win32/Toolbar.Conduit potentially unwanted application
C:\Users\Tatu\Downloads\zaSetupWeb_101_065_000.exe   Win32/Toolbar.Conduit potentially unwanted application
D:\Genesis\Tools\AT32 Hack\MoonWalker\AT32_MoonWalker.zip   Win32/HackTool.Patcher.BN potentially unsafe application
D:\Ladattu sheibe\Gens32_Surreal_v1_86_HD.zip   Win32/HackTool.Patcher.BN potentially unsafe application


Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Inactive - K] MS Silverlight & Two trojans installed overnight
« Reply #6 on: March 25, 2015, 02:36:11 PM »
Thanks for those logs, ESET log contains no malware or infected entries per se, probably the two entries that have adware bundled (Conduit) should be treated with caution if you intend to use them, do not use the default installation procedure. If an advanced install option is available use that and uncheck any optional extras...
The zip files in D:\ drive is up to you, delete or keep as you see fit.....

Next,

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

Go to http://java.com/en/ and click on "Do I have Java"
It will check your current version and then offer to update to the latest version
Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them. <<-- Very Important

Next,

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:


  • Remove disinfection tools
  • Purge System Restore <--- this will remove all previous restore points and create a fresh point relative to system status at present.
  • Reset system settings

Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following link to fully understand PC security and best practices, you may find it useful....

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

Let me know if we can close out....

Thanks,

Kevin...



Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Inactive - K] MS Silverlight & Two trojans installed overnight
« Reply #7 on: April 06, 2015, 02:38:00 PM »
Due to the lack of feedback this topic is closed. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!