Regarding Tool Bar Proxy [Archive] - Safer-Networking Forums

View Full Version : Regarding Tool Bar Proxy

aasalem

2014-04-23, 17:26

Any assistant with this scan report?

SpyBot free edition.
version 2.2.18.0
update 2.2.18.91

------------------------------------------------------------------------------------/
Search results from Spybot - Search & Destroy

4/23/2014 2:30:03 PM
Scan took 00:50:19.
21 items found.

Tencent.AdressBar: [SBI $58261404] Program directory (Directory, nothing done)
C:\Program Files\Tencent\
Directory.subfile=C:\Program Files\Tencent\QQIntl\.~lock.QQWhatsnew.txt#
Directory.subfile.size=91
Directory.subfile.md5=E82A032FF69C42B6C710195E7A5C7949
Directory.subfile.filedate=1393100710
Directory.subfile.filedatetext=2014-02-22 22:25:10
Directory.subfile=C:\Program Files\Tencent\QQIntl\af.xml.txd
Directory.subfile.size=91220
Directory.subfile.md5=03FA5681DD786121C48F8A376603528C
Directory.subfile.filedate=1393100510
Directory.subfile.filedatetext=2014-02-22 22:21:50
Directory.subfile=C:\Program Files\Tencent\QQIntl\app.xml.txd
Directory.subfile.size=414100
Directory.subfile.md5=CD099B3C03426EEA720B1DC4A71B7D96
Directory.subfile.filedate=1393100511
Directory.subfile.filedatetext=2014-02-22 22:21:50
Directory.subfile=C:\Program Files\Tencent\QQIntl\common.xml.txd
Directory.subfile.md5=EEA8272955F65BF4B0493C88F491EB9F

Files\Tencent\QQIntl\I18N\1036\AFPreLoadStringBundle.xml
Directory.subfile.size=466
Directory.subfile.md5=1BD8BC24D5CB1CB66A4F0C630028923B
Directory.subfile.filedate=1393100473
Directory.subfile.filedatetext=2014-02-22 22:21:12
Directory.subfile=C:\Program Files\Tencent\QQIntl\I18N\1036\AFStringBundle.xml
Directory.subfile.size=79696
Directory.subfile.md5=3532D7828A6C613A1B30F98EBAC2FE34
Directory.subfile.filedate=1393100473
Directory.subfile.filedatetext=2014-02-22 22:21:13
Directory.subfile=C:\Program Files\Tencent\QQIntl\I18N\1036\BaseStringBundle.xml
Directory.subfile.size=21770
Directory.subfile.md5=C48BD216D73E17D11839E1187A4CC406
Directory.subfile.filedate=1393100474
Directory.subfile.filedatetext=2014-02-22 22:21:13
Directory.subfile=C:\Program Files\Tencent\QQIntl\I18N\1036\BaseUrlBundle.xml.enc
Directory.subfile.size=5112
Directory.subfile.md5=EDD511417EACBA679578942C655E4270
Directory.subfile.filedate=1393100492
Directory.subfile.filedatetext=2014-02-22 22:21:31
Directory.subfile=C:\Program Files\Tencent\QQIntl\I18N\1036\CommonString.xml
Directory.subfile.size=1129
Directory.subfile.md5=F61A00513ABB8F73C9921544BE4D1BA9
Directory.subfile.filedate=1393100474
Directory.subfile.filedatetext=2014-02-22 22:21:13
Directory.subfile=C:\Program Directory.subfile.size=513
Directory.subfile.md5=03850FC0FA789AB4B2ECF2F08F908784
Directory.subfile.filedate=1393100415
Directory.subfile.filedatetext=2014-02-22 22:20:15
Directory.subfile=C:\Program Files\Tencent\QQIntl\Misc\CSC\1033\5\1
Directory.subfile.size=4775
Directory.subfile.md5=0E4CA7E3FD77D2E12FCBFD61B9EF7EB9
Directory.subfile.filedate=1393100416
Directory.subfile.filedatetext=2014-02-22 22:20:16
Directory.subfile=C:\Program Files\Tencent\QQIntl\Misc\CSC\1033\5\2
Directory.subfile.size=974
Directory.subfile.md5=13D8A695C9CF6680B970F61497E1F85C
Directory.subfile.filedate=1393100438
Directory.subfile.filedatetext=2014-02-22 22:20:38
Directory.subfile=C:\Program Files\Tencent\QQIntl\Misc\CSC\1033\7\1
Directory.subfile.size=1849
Directory.subfile.md5=C035D876922C3EA791D6AFF4071442D0
Directory.subfile.filedate=1393100423
Directory.subfile.filedatetext=2014-02-22 22:20:22
Directory.subfile=C:\Program Files\Tencent\QQIntl\Misc\CSC\1033\7\10
Directory.subfile.size=843
Directory.subfile.md5=3E92B4368D5488D1C99BDB42AEF03DDC
Directory.subfile.filedate=1393100429
Directory.subfile.filedatetext=2014-02-22 22:20:29
Directory.subfile=C:\Program Files\Tencent\QQIntl\Misc\CSC\1033\7\11
Directory.subfile.size=366
Directory.subfile.md5=17F130F45BD0C026C625F71206D7F3B3
Directory.subfile.filedate=1393100430
Directory.subfile.filedatetext=2014-02-22 22:20:29
Directory.subfile=C:\Program Files\Tencent\QQIntl\Misc\CSC\1033\7\13
Directory.subfile.size=459
Directory.subfile.md5=499632B3BC17ACE4E768AEE2CCDD7066
Directory.subfile.filedate=1393100430
Directory.subfile.filedatetext=2014-02-22 22:20:30
Directory.subfile=C:\Program Files\Tencent\QQIntl\Misc\CSC\1033\7\14
Directory.subfile.size=1002
Directory.subfile.md5=E357511C4F7ACEA204E785461ED67B1A
Directory.subfile.filedate=1393100431
Directory.subfile.filedatetext=2014-02-22 22:20:30
Directory.subfile=C:\Program Files\Tencent\QQIntl\Misc\CSC\1033\7\15
Directory.subfile.size=450
Directory.subfile.md5=3A7BE6D9BEE4C7B582FD22FBD54AC27F
Directory.subfile.filedate=1393100433
Directory.subfile.filedatetext=2014-02-22 22:20:33
Directory.subfile=C:\Program Files\Tencent\QQIntl\Misc\CSC\1033\7\16
Directory.subfile.size=3043
Directory.subfile.md5=4F790AD4253FB91B494D6FFE98E2DA5D
Directory.subfile.filedate=1393100434
Directory.subfile.filedatetext=2014-02-22 22:20:34
Directory.subfile=C:\Program Files\Tencent\QQIntl\Misc\CSC\1033\7\17
Directory.subfile.size=5414
Directory.subfile.md5=A1533AC0F07BEB8DAC2664301DC03D0D
Directory.subfile.filedate=1393100435
Directory.subfile.filedatetext=2014-02-22 22:20:34
Directory.subfile=C:\Program Files\Tencent\QQIntl\Misc\CSC\1033\7\18
Directory.subfile.size=2124
Directory.subfile.md5=6A95E82E939CEC7B3FF31D7A8F13BAD6
Directory.subfile.filedate=1393100436
Directory.subfile.filedatetext=2014-02-22 22:20:36
Directory.subfile=C:\Program Files\Tencent\QQIntl\Misc\CSC\1033\7\2
Directory.subfile.size=2036
Directory.subfile.md5=C880F9EA9E1488C9FDF9B83B8CE344C5
Directory.subfile.filedate=1393100439
Directory.subfile.filedatetext=2014-02-22 22:20:38
Directory.subfile=C:\Program Files\Tencent\QQIntl\Misc\CSC\1033\7\20
Directory.subfile.size=3801
Directory.subfile.md5=C934224C32A432E582E5C9021F1980B5
Directory.subfile.filedate=1393100442
Directory.subfile.filedatetext=2014-02-22 22:20:41
Directory.subfile=C:\Program Files\Tencent\QQIntl\Misc\CSC\1033\7\3
Directory.subfile.size=1717
Directory.subfile.md5=6C75582C33C4484A62942117B07D49ED
Directory.subfile.filedate=1393100443
Directory.subfile.filedatetext=2014-02-22 22:20:43
Directory.subfile=C:\Program Files\Tencent\QQIntl\Misc\CSC\1033\7\5
Directory.subfile.size=8166
Directory.subfile.md5=E6362DD0D29F6A8090C72C9B52145FC7
Directory.subfile.filedate=1393100447
Directory.subfile.filedatetext=2014-02-22 22:20:46
Directory.subfile=C:\Program Files\Tencent\QQIntl\Misc\CSC\1033\7\6
Directory.subfile.size=1578
Directory.subfile.md5=687971C991F573EB6A546C48006E14DD
Directory.subfile.filedate=1393100448
Directory.subfile.filedatetext=2014-02-22 22:20:48
Directory.subfile=C:\Program Files\Tencent\QQIntl\Misc\CSC\1033\8\1
Directory.subfile.size=4366
Directory.subfile.md5=3DA5E010C9FC69F5D769D99B41ED45A1
Directory.subfile.filedate=1393100423
Directory.subfile.filedatetext=2014-02-22 22:20:23
Directory.subfile=C:\Program Files\Tencent\QQIntl\Misc\CSC\1033\8\3
Directory.subfile.size=2612
Directory.subfile.md5=BFEC212C3DA90F85D7EB8F8BF0D48010
Directory.subfile.filedate=1393100443
Directory.subfile.filedatetext=2014-02-22 22:20:43
Directory.subfile=C:\Program Files\Tencent\QQIntl\Misc\CSC\1033\8\4
Directory.subfile.size=1859
Directory.subfile.md5=6588864D4859821379DDEB8E55760F26
Directory.subfile.filedate=1393100445
Directory.subfile.filedatetext=2014-02-22 22:20:44
Directory.subfile=C:\Program Files\Tencent\QQIntl\Misc\CSC\1033\8\5
Directory.subfile.size=4340
Directory.subfile.md5=AFB8C201CD0724923A4569EFF2C7CE9F
Directory.subfile.filedate=1393100447
Directory.subfile.filedatetext=2014-02-22 22:20:46
Directory.subfile=C:\Program Files\Tencent\QQIntl\Misc\CSC\1033\8\6
Directory.subfile.size=4906
Directory.subfile.md5=4A8B4C9CE53B437BA73CA9360CFB9946
Directory.subfile.filedate=1393100448
Directory.subfile.filedatetext=2014-02-22 22:20:48
Directory.subfile=C:\Program Files\Tencent\QQIntl\Misc\CSC\1033\9\1
Directory.subfile.size=257
Directory.subfile.md5=76B6FFD0C9DFF333829D492D4614F65F
Directory.subfile.filedate=1393100423
Directory.subfile.filedatetext=2014-02-22 22:20:23
Directory.subfile=C:\Program Files\Tencent\QQIntl\Misc\CSC\1033\9\10
Directory.subfile.size=236
Directory.subfile.md5=E4171D2D6819CA0C1360EEF5527F7B81
Directory.subfile.filedate=1393100429
Directory.subfile.filedatetext=2014-02-22 22:20:29
Directory.subfile=C:\Program Files\Tencent\QQIntl\Misc\CSC\1033\9\12
Directory.subfile.size=296
Directory.subfile.md5=E14B63C43BE5A7D43AE3A2C4BFABEB34
Directory.subfile.filedate=1393100430
Directory.subfile.filedatetext=2014-02-22 22:20:30
Directory.subfile=C:\Program Files\Tencent\QQIntl\Misc\CSC\1033\9\13
Directory.subfile.size=14578
Directory.subfile.md5=AAE8882987F87A8256773CDA28D484B1
Directory.subfile.filedate=1393100430
Directory.subfile.filedatetext=2014-02-22 22:20:30
Directory.subfile=C:\Program Files\Tencent\QQIntl\Misc\CSC\1033\9\15
Directory.subfile.size=1124
Directory.subfile.md5=F59FC0772E396C6DAB6C46F1D7A6B33C
Directory.subfile.filedate=1393100434
Directory.subfile.filedatetext=2014-02-22 22:20:33
Directory.subfile=C:\Program Files\Tencent\QQIntl\Misc\CSC\1033\9\17
Directory.subfile.size=1901
Directory.subfile.md5=515FDE8445C527C2A8FE83C6A9D5F491
Directory.subfile.filedate=1393100435
Directory.subfile.filedatetext=2014-02-22 22:20:34
Directory.subfile=C:\Program Files\Tencent\QQIntl\Misc\CSC\1033\9\18
Directory.subfile.size=15059
Directory.subfile.md5=3B8DADD64280E7735B9AD1387EE14047
Directory.subfile.filedate=1393100436
Directory.subfile.filedatetext=2014-02-22 22:20:36
Directory.subfile=C:\Program Files\Tencent\QQIntl\Misc\CSC\1033\9\19
Directory.subfile.size=13952
Directory.subfile.md5=3C2D8B884250DE0BFABB6AC44832E9DF
Directory.subfile.filedate=1393100437
Directory.subfile.filedatetext=2014-02-22 22:20:37
Directory.subfile=C:\Program Files\Tencent\QQIntl\Misc\CSC\1033\9\3
Directory.subfile.size=290
Directory.subfile.md5=9DBC5012509C946799C0699C3B98748D
Directory.subfile.filedate=1393100443
Directory.subfile.filedatetext=2014-02-22 22:20:43
Directory.subfile=C:\Program Files\Tencent\QQIntl\Misc\CSC\1033\9\4
Directory.subfile.size=752
Directory.subfile.md5=2F69CEF1A630B89ED45E8F67CF4A1664
Directory.subfile.filedate=1393100446
Directory.subfile.filedatetext=2014-02-22 22:20:45
Directory.subfile=C:\Program Files\Tencent\QQIntl\Misc\CSC\1033\9\5
Directory.subfile.size=3206
Directory.subfile.md5=B296E34D1BEB8E3B40C60D5791EA93B4
Directory.subfile.filedate=1393100447
Directory.subfile.filedatetext=2014-02-22 22:20:47
Directory.subfile=C:\Program Files\Tencent\QQIntl\Misc\CSC\1033\9\6
Directory.subfile.size=6292
Directory.subfile.md5=DB5CD7B839589D01060BF7CA897665C4
Directory.subfile.filedate=1393100449
Directory.subfile.filedatetext=2014-02-22 22:20:48
Directory.subfile=C:\Program Files\Tencent\QQIntl\Misc\CSC\1033\9\7
Directory.subfile.size=411
Directory.subfile.md5=38AE07BF922AA677AD2280693AA765D2
Directory.subfile.filedate=1393100450
Directory.subfile.filedatetext=2014-02-22 22:20:49
Directory.subfile=C:\Program Files\Tencent\QQIntl\Misc\CSC\1033\9\8
Directory.subfile.size=332
Directory.subfile.md5=4C3CD33BDB57140876A0FE32731D2E7E
Directory.subfile.filedate=1393100451
Directory.subfile.filedatetext=2014-02-22 22:20:50
Directory.subfile=C:\Program Files\Tencent\QQIntl\Misc\CSC\1033\9\9
Directory.subfile.size=1312
Directory.subfile.md5=F2DD620D74636B025AD1F133CDB79E02
Directory.subfile.filedate=1393100452
Directory.subfile.filedatetext=2014-02-22 22:20:52
Directory.subfile=C:\Program Files\Tencent\QQIntl\Misc\CSC\1036\1\3
Directory.subfile.size=1992
Directory.subfile.md5=A91DA3DDF5BBF9E8C9B7976CB831A168
Directory.subfile.filedate=1393100443
Directory.subfile.filedatetext=2014-02-22 22:20:43
Directory.subfile=C:\Program Files\Tencent\QQIntl\Misc\CSC\1036\1\5
Directory.subfile.size=1174
Directory.subfile.md5=C49E8349EF65B024E865ABD0A56CA0F0
Directory.subfile.filedate=1393100447
Directory.subfile.filedatetext=2014-02-22 22:20:46
Directory.subfile=C:\Program Files\Tencent\QQIntl\Misc\CSC\1036\1\7
Directory.subfile.size=1011
Directory.subfile.md5=D3E14514760956D3536F87CC7AF74A76
Directory.subfile.filedate=1393100450
Directory.subfile.filedatetext=2014-02-22 22:20:49
Directory.subfile=C:\Program Files\Tencent\QQIntl\Misc\CSC\1036\10\1
Directory.subfile.size=4140
Directory.subfile.md5=7DB2978E940D766AA89C1F31D730AAF2
Directory.subfile.filedate=1393100423
Directory.subfile.filedatetext=2014-02-22 22:20:23
Files\Tencent\QQIntl\Plugin\Com.Tencent.Qzone\FlashPlayer\I18N\StringState.xml
Directory.subfile.size=215
Directory.subfile.md5=BA18F637E7A8EF8D67B25385DED57661
Directory.subfile.filedate=1393100479
Directory.subfile.filedatetext=2014-02-22 22:21:18
Directory.subfile=C:\Program Files\Tencent\QQIntl\Plugin\Com.Tencent.Qzone\FlashPlayer\Xtml\flashplayerwnd.xml.gmd
Directory.subfile.size=3007
Directory.subfile.md5=1D0F6F4E11B91464876D95C8F5C886B9
Directory.subfile.filedate=1393100494
Directory.subfile.filedatetext=2014-02-22 22:21:33
Directory.subfile=C:\Program Files\Tencent\QQIntl\Plugin\Com.Tencent.Qzone\Misc\qzonepackage\blog
Directory.subfile.size=39752
Directory.subfile.md5=479096D2887F5E8EEBB7FD6FA1077A57
Directory.subfile.filedate=1393100453
Directory.subfile.filedatetext=2014-02-22 22:20:53
Directory.subfile=C:\Program Files\Tencent\QQIntl\Plugin\Com.Tencent.Qzone\Misc\qzonepackage\common
Directory.subfile.size=438464
Directory.subfile.md5=0984C73320D7838E4B9601B05E3BF4C9
Directory.subfile.filedate=1393100456
Directory.subfile.filedatetext=2014-02-22 22:20:55
Directory.subfile=C:\Program Files\Tencent\QQIntl\Plugin\Com.Tencent.Qzone\Misc\qzonepackage\notepad
Directory.subfile.size=43475
Directory.subfile.md5=3C22C028B5CD1B9132F2A486790CBCF2
Directory.subfile.filedate=1393100461
Directory.subfile.filedatetext=2014-02-22 22:21:00
Directory.subfile=C:\Program Files\Tencent\QQIntl\Plugin\Com.Tencent.Qzone\Misc\qzonepackage\photo
Directory.subfile.size=38289
Directory.subfile.md5=CBBD1AF828427A69FC5FD4CF4586A8B5
Directory.subfile.filedate=1393100463
Directory.subfile.filedatetext=2014-02-22 22:21:02
Directory.subfile=C:\Program Files\Tencent\QQIntl\Plugin\Com.Tencent.Qzone\FlashPlayer\I18N\1028\GFStringBundle.xml
Directory.subfile.size=3022
Directory.subfile.md5=BA88DD8B4F799EDF6AD7ED53020DE1D7
Directory.subfile.filedate=1393100475
Directory.subfile.filedatetext=2014-02-22 22:21:14
Directory.subfile=C:\Program Files\Tencent\QQIntl\Plugin\Com.Tencent.Qzone\FlashPlayer\I18N\1028\StringBundle.xml
Directory.subfile.size=89
Directory.subfile.md5=A2B4649D5C354179CFE3218568B146CF
Directory.subfile.filedate=1393100478
Directory.subfile.filedatetext=2014-02-22 22:21:17
Directory.subfile=C:\Program Files\Tencent\QQIntl\Plugin\Com.Tencent.Qzone\FlashPlayer\I18N\1033\GFStringBundle.xml
Directory.subfile.size=2911
Directory.subfile.md5=196CA1B1FF74C7277AD7E779D338CD6F
Directory.subfile.filedate=1393100475
Directory.subfile.filedatetext=2014-02-22 22:21:15
Directory.subfile=C:\Program Files\Tencent\QQIntl\Plugin\Com.Tencent.Qzone\FlashPlayer\I18N\1033\StringBundle.xml
Directory.subfile.size=89
Directory.subfile.md5=A2B4649D5C354179CFE3218568B146CF
Directory.subfile.filedate=1393100478
Directory.subfile.filedatetext=2014-02-22 22:21:17
Directory.subfile=C:\Program Files\Tencent\QQIntl\Plugin\Com.Tencent.Qzone\FlashPlayer\I18N\2052\GFStringBundle.xml
Directory.subfile.size=3118
Directory.subfile.md5=BDEE84E4F73C6B38D0C2E616776B3C7F
Directory.subfile.filedate=1393100475
Directory.subfile.filedatetext=2014-02-22 22:21:15
Directory.subfile=C:\Program Files\Tencent\QQIntl\Plugin\Com.Tencent.Qzone\FlashPlayer\I18N\2052\StringBundle.xml
Directory.subfile.size=183
Directory.subfile.md5=50B11DFAE4946AE4580CF59EC4356E53
Directory.subfile.filedate=1393100478
Directory.subfile.filedatetext=2014-02-22 22:21:17

IronInstall.Toolbar.Amazon: [SBI $3146A941] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AlxTB2.ToolBarProxy

IronInstall.Toolbar.Amazon: [SBI $3146A941] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AlxTB2.ToolBarProxy.1

IronInstall.Toolbar.Amazon: [SBI $3146A941] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AlxTB2.ToolBarProxy.1

IronInstall.Toolbar.Amazon: [SBI $3146A941] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AlxTB2.ToolBarProxy

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Alan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LYV92WZY\kiks.yandex.ru\fuid01.sol
Properties.size=188
Properties.md5=CC6B224275AF31EDB8D61CBBCCBB1834
Properties.filedate=1398198561
Properties.filedatetext=2014-04-22 22:29:21

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Alan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LYV92WZY\s.ytimg.com\soundData.sol
Properties.size=49
Properties.md5=874FA172BA034A513BA28A20F7E85E79
Properties.filedate=1398123815
Properties.filedatetext=2014-04-22 01:43:35

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\Alan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LYV92WZY\skype.com\#ui\preferences.sol
Properties.size=216
Properties.md5=00EB036FA11C6A8F6A6D99DFFC2F6FF7
Properties.filedate=1398108573
Properties.filedatetext=2014-04-21 21:29:32

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2539571941-1062829864-63335017-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

MS Wordpad: [SBI $4C02334D] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2539571941-1062829864-63335017-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2539571941-1062829864-63335017-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2539571941-1062829864-63335017-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2539571941-1062829864-63335017-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Cookie: [SBI $49804B54] Browser: Cookie (3) (Browser: Cookie, nothing done)

Cache: [SBI $49804B54] Browser: Cache (48) (Browser: Cache, nothing done)

History: [SBI $49804B54] Browser: History (20) (Browser: History, nothing done)

History: [SBI $49804B54] Browser: History (35) (Browser: History, nothing done)

--- Spybot - Search & Destroy version: 2.1.18.131 DLL (build: 20130516) ---

2013-09-20 blindman.exe (2.2.18.151)
2013-09-20 explorer.exe (2.2.18.177)
2013-09-20 SDBootCD.exe (2.2.18.109)
2013-09-20 SDCleaner.exe (2.2.18.110)
2013-09-20 SDDelFile.exe (2.2.18.94)
2013-06-18 SDDisableProxy.exe
2013-09-20 SDFiles.exe (2.2.18.135)
2013-09-20 SDFileScanHelper.exe (2.2.16.1)
2013-10-15 SDFSSvc.exe (2.2.25.211)
2013-10-10 SDHookHelper.exe (2.3.30.2)
2013-10-10 SDHookInst32.exe (2.3.30.2)
2013-09-20 SDImmunize.exe (2.2.18.130)
2013-05-16 SDLogReport.exe (2.1.18.107)
2013-10-14 SDOnAccess.exe (2.2.25.4)
2013-09-20 SDPESetup.exe (2.2.18.3)
2013-09-20 SDPEStart.exe (2.2.18.86)
2013-09-20 SDPhoneScan.exe (2.2.18.28)
2013-09-20 SDPRE.exe (2.2.18.22)
2013-09-20 SDPrepPos.exe (2.2.18.10)
2013-09-20 SDQuarantine.exe (2.2.18.103)
2013-09-20 SDRootAlyzer.exe (2.2.18.116)
2013-09-20 SDSBIEdit.exe (2.2.18.39)
2013-09-20 SDScan.exe (2.2.18.177)
2013-09-20 SDScript.exe (2.2.18.53)
2013-10-15 SDSettings.exe (2.2.25.138)
2013-09-20 SDShell.exe (2.2.18.2)
2013-09-20 SDShred.exe (2.2.18.107)
2013-09-20 SDSysRepair.exe (2.2.18.101)
2013-09-20 SDTools.exe (2.2.18.150)
2013-07-25 SDTray.exe (2.1.21.129)
2013-09-20 SDUpdate.exe (2.2.18.91)
2013-09-20 SDUpdSvc.exe (2.2.18.76)
2013-09-20 SDWelcome.exe (2.2.21.129)
2013-09-13 SDWSCSvc.exe (2.2.22.2)
2013-06-19 spybotsd2-translation-frx.exe
2014-01-29 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
2013-05-16 SDAV.dll
2013-05-16 SDECon32.dll (2.1.18.113)
2013-04-05 SDEvents.dll (2.1.16.2)
2013-10-14 SDFileScanLibrary.dll (2.2.25.14)
2013-10-10 SDHook32.dll (2.3.30.2)
2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
2013-05-16 SDLicense.dll (2.1.18.0)
2013-05-16 SDLists.dll (2.1.18.4)
2013-05-16 SDResources.dll (2.1.18.7)
2013-05-16 SDScanLibrary.dll (2.1.18.131)
2013-05-16 SDTasks.dll (2.1.18.15)
2013-05-16 SDWinLogon.dll (2.1.18.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2013-05-16 Tools.dll (2.1.18.36)
2014-03-05 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2014-04-10 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-01-08 Includes\Dialer-000.sbi (*)
2014-01-08 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-01-08 Includes\Hijackers-000.sbi (*)
2014-01-08 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-01-08 Includes\Keyloggers-000.sbi (*)
2014-03-19 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2014-01-09 Includes\Malware-001.sbi (*)
2014-01-09 Includes\Malware-002.sbi (*)
2014-02-05 Includes\Malware-003.sbi (*)
2014-01-28 Includes\Malware-004.sbi (*)
2014-01-09 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2014-04-10 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-01-15 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2014-04-10 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2014-01-08 Includes\Spyware-000.sbi (*)
2014-01-08 Includes\Spyware-001.sbi (*)
2014-01-08 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-01-15 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2014-01-15 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-01-15 Includes\Trojans-008.sbi (*)
2014-01-15 Includes\Trojans-009.sbi (*)
2014-04-10 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)

tashi

2014-04-23, 20:10

Hello aasalem,

From my response to your original post in this thread: http://forums.spybot.info/showthread.php?69073-IronInstall-F-Ps&p=452370#post452370

Hello aasalem,

For someone to take a look at the system please start a topic in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) and a volunteer analyst will advise when available.

First see that forum's FAQ which also includes instructions in post #2 on how to provide DDS and aswMBR logs, which are used in the preliminary analysis.
http://forums.spybot.info/showthread.php?t=288

Best regards.

Please see this forum's FAQ and start a new topic providing the DDS and aswMBR logs. :)

Best regards.

aasalem

2014-04-25, 15:12

Today's Spybot scan did not find any (Macromedia.FlashPlayer.Cookies:) which use to come-up with every-day scan result. Please find below today's DDS log file.
---------------------------------------------------/
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16540 BrowserJavaVersion: 11.0.2
Run by Alan at 13:42:14 on 2014-04-25
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.307 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Outdated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Rising Antivirus *Enabled/Updated* {C0AEEC5C-BBDB-2745-3E22-21BEC65323A5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Microsoft Security Essentials *Enabled/Outdated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Rising Antivirus *Enabled/Updated* {7BCF0DB8-9DE1-28CB-0492-1ACCBDD46918}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\nvvsvc.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Rising\RSD\RsMgrSvc.exe
C:\Program Files\Rising\RAV\RavMonD.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Comodo\IceDragon\icedragon_updater.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\ProgramData\MobileBrServ\mbbservice.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Glary Utilities 4\SoftwareUpdate.exe
C:\Program Files\SlimDrivers\SlimDrivers.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Glary Utilities 4\Integrator.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Rising\RAV\RsTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Rising\RSD\popwndexe.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Users\Alan\AppData\Local\Google\Update\1.3.23.9\GoogleCrashHandler.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Microsoft\BingBar\7.3.117.0\SeaPort.exe
C:\Program Files\Maxthon\Bin\Maxthon.exe
C:\Program Files\Maxthon\Bin\Maxthon.exe
C:\Program Files\Maxthon\Bin\Maxthon.exe
C:\Program Files\Maxthon\Bin\Maxthon.exe
C:\Program Files\Maxthon\Bin\Maxthon.exe
C:\Users\Alan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Tencent\QQIntl\Bin\QQ.exe
C:\Program Files\Tencent\QQIntl\Bin\TXPlatform.exe
C:\Users\Alan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Users\Alan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Maxthon\Bin\Maxthon.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Windows\explorer.exe
C:\Users\Alan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alan\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ar.hao123.com/?tn=sft_pay_hp_01_hao123_ar
uWindow Title = Internet Explorer, optimized for Bing and MSN
uDefault_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome
mStart Page = hxxp://isearch.glarysoft.com/?src=iehome
mDefault_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.130\McAfeeMSS_IE.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\users\alan\desktop\php\htdocs\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Rising PC Doctor: {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} - c:\windows\system32\UrlFilter.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: TBSB05810 Class: {A7AF277D-1466-4A7B-93AF-B043984A5671} - c:\program files\glarysoft toolbar\tbcore3.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.3.117.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\users\alan\desktop\php\htdocs\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files\hotspot shield\hssie\HssIE.dll
BHO: CallingID BHO: {FBF2401B-7447-4727-BE5D-C19B2075CA84} - c:\program files\callingid\toolbar\CallingIDIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: CallingID: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - c:\program files\callingid\toolbar\CallingIDIE.dll
TB: Glarysoft Toolbar: {32D47EA5-9473-4CAD-805D-9999F15D5AE2} - c:\program files\glarysoft toolbar\tbcore3.dll
TB: &Rising Toolbar: {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - c:\windows\system32\KakaTool.dll
TB: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll
TB: CallingID: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - c:\program files\callingid\toolbar\CallingIDIE.dll
TB: Glarysoft Toolbar: {32D47EA5-9473-4CAD-805D-9999F15D5AE2} - c:\program files\glarysoft toolbar\tbcore3.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\microsoft\bingbar\7.3.117.0\BingExt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Google Update] "c:\users\alan\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [googletalk] "c:\program files\google\google talk\googletalk.exe" /autostart
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
uRun: [QQ2009] "c:\program files\tencent\qqintl\bin\QQ.exe" /background
mRun: [RavTRAY] "c:\program files\rising\rav\RSTRAY.EXE" -system
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [KKDelay] c:\program files\rising\antispyware\RunOnce.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\instal~1.lnk - c:\program files\common files\lpuninstall.exe
uPolicies-Explorer: NoDriveTypeAutoRun = FF
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &NeoTrace It! - c:\progra~1\neotra~1\NTXcontext.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{42FE6710-2FC3-49D9-8DD0-13683FC5546A} : NameServer = 8.8.8.8
TCP: Interfaces\{42FE6710-2FC3-49D9-8DD0-13683FC5546A} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{4DE5AC89-1E2B-4646-9D94-C2D26FBADA8A} : NameServer = 77.88.8.88
TCP: Interfaces\{4DE5AC89-1E2B-4646-9D94-C2D26FBADA8A} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{53796AF4-2832-4971-9043-C67B81BF6F59} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{53796AF4-2832-4971-9043-C67B81BF6F59} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{818B207C-E14F-4DC9-8CCB-005DD98502C3} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{E0F4C49B-7481-4C90-99CC-B60896FE65C9} : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= kmon.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\alan\appdata\roaming\mozilla\firefox\profiles\27quhgwo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://fastestwebsearch.com/search?q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&gu=f0d3c5e3241949ec88d5b8969c8795cb&tu=10GA0006w2B000v&sku=&tstsId=&ver=&&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\common files\tencent\npchrome\npchrome.dll
FF - plugin: c:\program files\common files\tencent\npqscall\npqscall.dll
FF - plugin: c:\program files\common files\tencent\txsso\1.2.2.1\bin\npSSOAxCtrlForPTLogin.dll
FF - plugin: c:\program files\google\update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\program files\mcafee security scan\3.8.130\npMcAfeeMSS.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\research in motion limited\blackberry app world browser plugin\npappworld.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\alan\appdata\local\citrix\plugins\104\npappdetector.dll
FF - plugin: c:\users\alan\appdata\local\google\update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\users\alan\appdata\roaming\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\users\alan\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\alan\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\users\alan\appdata\roaming\mozilla\plugins\nppdf32.dll
FF - plugin: c:\users\alan\appdata\roaming\mozilla\plugins\nppl3260.dll
FF - plugin: c:\users\alan\appdata\roaming\mozilla\plugins\npqtplugin.dll
FF - plugin: c:\users\alan\appdata\roaming\mozilla\plugins\npqtplugin2.dll
FF - plugin: c:\users\alan\appdata\roaming\mozilla\plugins\npqtplugin3.dll
FF - plugin: c:\users\alan\appdata\roaming\mozilla\plugins\npqtplugin4.dll
FF - plugin: c:\users\alan\appdata\roaming\mozilla\plugins\npqtplugin5.dll
FF - plugin: c:\users\alan\appdata\roaming\mozilla\plugins\npqtplugin6.dll
FF - plugin: c:\users\alan\appdata\roaming\mozilla\plugins\npqtplugin7.dll
FF - plugin: c:\users\alan\appdata\roaming\mozilla\plugins\nprjplug.dll
FF - plugin: c:\users\alan\appdata\roaming\mozilla\plugins\nprpplugin.dll
FF - plugin: c:\users\alan\desktop\php\htdocs\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\users\alan\desktop\php\htdocs\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=base2013&Lan={dfltLng}&gu=f0d3c5e3241949ec88d5b8969c8795cb&tu=10GA0006w2B000v&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - ec7cbbb6000000000000001a73e36541
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15770
FF - user.js: extensions.zonealarm.vrsn - 1.8.11.6
FF - user.js: extensions.zonealarm.vrsni - 1.8.11.6
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.11.618:37:27
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1002
FF - user.js: extensions.zonealarm.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base2013
FF - user.js: extensions.zonealarm.instlRef - ZLN117102988549993-1002
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - false
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.kw_url - hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&gu=f0d3c5e3241949ec88d5b8969c8795cb&tu=10GA0006w2B000v&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.dnsErr - true
FF - user.js: extensions.zonealarm.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 BootDefragDriver;BootDefragDriver;c:\windows\system32\drivers\BootDefragDriver.sys [2014-2-10 14528]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]
R0 pavboot;Panda Boot Driver;c:\windows\system32\drivers\pavboot.sys [2011-8-25 28552]
R1 hooksys;hooksys;c:\windows\system32\drivers\Hooksys.sys [2011-9-9 176088]
R1 HookTdi;HookTdi;c:\windows\system32\drivers\HookTdi.sys [2011-9-9 22848]
R1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\drivers\hssdrv6.sys [2012-10-25 35592]
R1 HyperVM;HyperVM;c:\windows\system32\drivers\hvm.sys [2011-9-9 31896]
R2 a2AntiMalware;Emsisoft Anti-Malware 5.1 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2011-8-28 3045688]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-12-21 137144]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-12-21 95384]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-1-25 92216]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe [2012-10-25 389488]
R2 IceDragonUpdater;COMODO IceDragon Update Service;c:\program files\comodo\icedragon\icedragon_updater.exe [2013-12-19 1821384]
R2 KSS;Kaspersky Security Scan Service;c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe [2012-4-26 202296]
R2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\programdata\mobilebrserv\mbbService.exe [2014-1-19 233344]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-21 104768]
R2 rsdsys;rsd protect;c:\windows\system32\drivers\protreg.sys [2011-9-9 21208]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.3.117.0\SeaPort.EXE [2013-11-10 240288]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2008-3-26 34128]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-10-23 280288]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.3.117.0\BBSvc.EXE [2013-11-10 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 PavPrSrv;Panda Process Protection Service;"c:\program files\common files\panda software\pavshld\pavprsrv.exe" --> c:\program files\common files\panda software\pavshld\pavprsrv.exe [?]
S3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2011-8-28 51632]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2014-1-19 103040]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.130\McCHSvc.exe [2013-9-6 235216]
S3 OXUDIDRV;OXUDIDRV;c:\windows\system32\drivers\OXUDIDRV_x32.sys [2011-7-22 24880]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2013-3-9 20080]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2012-12-26 13464]
S4 M4-Service;M4-Service;c:\users\alan\appdata\roaming\mikogo 4\M4-Service.exe [2013-1-14 1008984]
.
=============== File Associations ===============
.
FileExt: .txt: soffice.StarWriterDocument.6="c:\program files\libreoffice 4\program\swriter.exe" -o "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2014-04-12 22:38:43 -------- d-----w- c:\users\alan\appdata\local\NetBeans
2014-04-12 22:38:42 -------- d-----w- c:\users\alan\appdata\roaming\NetBeans
2014-04-12 13:32:45 -------- d-----w- c:\users\alan\.nbi
2014-04-12 10:19:11 7969936 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{495db9d0-3305-4561-992c-3ce5518a7dc1}\mpengine.dll
2014-04-10 14:39:01 7969936 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-04-10 13:34:13 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c54f4a0f-d07c-4ec7-a081-2026e106bc22}\gapaengine.dll
2014-04-02 22:07:42 194552 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2014-04-02 22:07:41 119408 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2014-04-02 22:07:40 647280 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2014-04-02 22:07:36 53360 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2014-04-02 22:07:33 5779568 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2014-04-02 22:07:32 307824 ----a-w- c:\program files\mozilla firefox\freebl3.dll
2014-04-02 22:07:31 275568 ----a-w- c:\program files\mozilla firefox\firefox.exe
2014-04-02 22:07:30 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2014-04-02 22:07:28 117360 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2014-04-02 22:07:22 46704 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
2014-04-02 22:07:21 75376 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2014-04-02 22:07:21 20080 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
.
==================== Find3M ====================
.
2014-04-25 10:03:18 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-04-12 16:17:10 96664 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-02-23 05:47:19 1806848 ----a-w- c:\windows\system32\jscript9.dll
2014-02-23 05:40:18 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-02-23 05:39:28 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-23 05:38:08 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-02-23 05:37:49 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-02-23 05:36:22 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-02-17 08:40:56 101664 ----a-w- c:\windows\system32\BootDefrag.exe
2014-02-17 08:36:18 14528 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys
2014-02-07 10:38:44 2050560 ----a-w- c:\windows\system32\win32k.sys
2014-02-03 10:37:54 505344 ----a-w- c:\windows\system32\qedit.dll
2014-01-30 07:46:58 876032 ----a-w- c:\windows\system32\wer.dll
2013-01-29 19:46:04 11004488 ----a-w- c:\program files\common files\lpuninstall.exe
2012-07-16 06:58:22 44 ---h--w- c:\program files\789343a3.tmp
.
============= FINISH: 13:47:17.47 ===============