Jump to content


Photo

[RESOLVED] TBhostsupport Conduit problem


  • You cannot start a new topic
  • Please log in to reply
47 replies to this topic

#1 TripleTripe

TripleTripe

    Member

  • Members
  • 54 posts
  • 4 topics
    • Time Online: 1d 4h 38m 22s
  • Joined December 03, 2013
  • Age: 23
  • Local time: 02:48 PM
  • Zodiac:Aquarius
  • Gender:Male
  • Location:Be'er Sheva
  • OS:Windows 7
  • Country:
Offline

Posted 03 December 2013 - 01:37 PM

Hey all im new here, had a very annoying PUP. Optional. Conduit as Registry key and a File that when PC Re-boot to delete it, is coming back some how :(

Malwarebytes says that fire come as "Memory Module" too :\

the file folder name: TBhostsupport  - is placed on: C:\Users\name\AppData\Local\TBhostsupport/TBhostsupport.dll

the problem, is delete them, but they back... why is it

had a "Security.Hijack" in Quarantine too.

 

Some Scan Logs:

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.02.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
name ::NAME-PC [administrator]

Protection: Enabled

03/12/2013 03:53:38
mbam-log-2013-12-03 (03-53-38).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 439328
Time elapsed: 52 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Users\name\AppData\Local\TBHostSupport\TBHostSupport.dll (PUP.Optional.Conduit) -> Delete on reboot.

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoUpdate.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TBHostSupport (PUP.Optional.Conduit) -> Data: "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\name\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\name\AppData\Local\TBHostSupport (PUP.Optional.Conduit) -> Delete on reboot.

Files Detected: 1
C:\Users\name\AppData\Local\TBHostSupport\TBHostSupport.dll (PUP.Optional.Conduit) -> Delete on reboot.

 

(end)

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.03.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
name:: Name-PC [administrator]

Protection: Enabled

03/12/2013 13:33:33
mbam-log-2013-12-03 (13-33-33).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 441331
Time elapsed: 47 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Users\name\AppData\Local\TBHostSupport\TBHostSupport.dll (PUP.Optional.Conduit) -> Delete on reboot.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TBHostSupport (PUP.Optional.Conduit) -> Data: "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Name\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\Name\AppData\Local\TBHostSupport (PUP.Optional.Conduit) -> Delete on reboot.

Files Detected: 1
C:\Users\Name\AppData\Local\TBHostSupport\TBHostSupport.dll (PUP.Optional.Conduit) -> Delete on reboot.

 

(end)

 

 

and had a question please, is safe to remove a Quarantine Viruses, Malware ?

Thanks to help.



#2 Broni Re: [RESOLVED] TBhostsupport Conduit problem

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 35,213 posts
  • 2,049 topics
    • Time Online: 209d 1h 10m 21s
  • Joined October 04, 2004
  • Age: 60
  • Skin: Smartest wide
  • Local time: 04:48 AM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Offline

Posted 03 December 2013 - 07:31 PM

Welcome aboard p22002758.gif

 

Please, observe following rules:

  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

==================================

 

is safe to remove a Quarantine Viruses, Malware ?

 

Usually it's a good idea to leave them alone for couple of days just in case (rare) if there is some false positive.

If you see no ill effects after couple of days you can empty quarantine folder.

 

Complete all steps listed here: http://www.smartestc...ease-read-this/
 


p22003266.jpg  p22003279.jpgp4279089.jpg


#3 TripleTripe Re: [RESOLVED] TBhostsupport Conduit problem

TripleTripe

    Member

  • Topic Starter
  • Members
  • 54 posts
  • 4 topics
    • Time Online: 1d 4h 38m 22s
  • Joined December 03, 2013
  • Age: 23
  • Local time: 02:48 PM
  • Zodiac:Aquarius
  • Gender:Male
  • Location:Be'er Sheva
  • OS:Windows 7
  • Country:
Offline

Posted 03 December 2013 - 09:47 PM

ok thanks for answer, I try to follow:

 

1) I sure windows firewall is - on.

 

2) yes, I had Anti-Virus free name: Avira antivir - full update, full scan, and not found :\

 

Step 1-

 

I added 2x Full scan Malwarebytes Log files, as you want make a quick one:

the program is full updated.

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.03.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
name :: NAME-PC [administrator]

Protection: Enabled

03/12/2013 23:12:20
MBAM-log-2013-12-03 (23-17-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205387
Time elapsed: 4 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Users\name\AppData\Local\TBHostSupport\TBHostSupport.dll (PUP.Optional.Conduit) -> No action taken.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TBHostSupport (PUP.Optional.Conduit) -> Data: "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\name\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\name\AppData\Local\TBHostSupport (PUP.Optional.Conduit) -> No action taken.

Files Detected: 1
C:\Users\name\AppData\Local\TBHostSupport\TBHostSupport.dll (PUP.Optional.Conduit) -> No action taken.

(end)

 

that TBHostSupport.dll not leaving, I didnt wanna ignore them, the PC allways want to Reboot to remove it..

how much Reboots per a day...  is been removed, but allways back :(

 

Step 2-

 

I can't download from Mirror 1..

Mirror 2 is in language that I dont understand...

 

I did a scan with a TDSSKiller is so long, I put it in both posts, here a half:

Didnt had to use it, sorry- edited for short topic read.

 

 

 

 

 

 


Edited by TripleTripe, 05 December 2013 - 10:13 PM.


#4 TripleTripe Re: [RESOLVED] TBhostsupport Conduit problem

TripleTripe

    Member

  • Topic Starter
  • Members
  • 54 posts
  • 4 topics
    • Time Online: 1d 4h 38m 22s
  • Joined December 03, 2013
  • Age: 23
  • Local time: 02:48 PM
  • Zodiac:Aquarius
  • Gender:Male
  • Location:Be'er Sheva
  • OS:Windows 7
  • Country:
Offline

Posted 03 December 2013 - 09:54 PM

2nd of the half:

is didnt suppost to use, sorry- edited for short topic read.

 

 

as you see is didnt found anything :\

 

how much time is couple of days?

I had Malware party there, so many names, didnt like how is look ^^

wanna delete them all, some of them more than 2.1M , is a waste of space -]

just that TBHhostsupport.dll coming when removed after Reboot, is safe do 100 Reboots on a day ?

 

Thanks to you, as you see, Im trying...


Edited by TripleTripe, 05 December 2013 - 10:15 PM.


#5 Broni Re: [RESOLVED] TBhostsupport Conduit problem

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 35,213 posts
  • 2,049 topics
    • Time Online: 209d 1h 10m 21s
  • Joined October 04, 2004
  • Age: 60
  • Skin: Smartest wide
  • Local time: 04:48 AM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Offline

Posted 03 December 2013 - 09:57 PM

Please re-read my rules I posted above.

One of them says:

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

 

 

Now....

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.


p22003266.jpg  p22003279.jpgp4279089.jpg


#6 TripleTripe Re: [RESOLVED] TBhostsupport Conduit problem

TripleTripe

    Member

  • Topic Starter
  • Members
  • 54 posts
  • 4 topics
    • Time Online: 1d 4h 38m 22s
  • Joined December 03, 2013
  • Age: 23
  • Local time: 02:48 PM
  • Zodiac:Aquarius
  • Gender:Male
  • Location:Be'er Sheva
  • OS:Windows 7
  • Country:
Offline

Posted 04 December 2013 - 02:33 PM

first, the PC say the FRST64.exe - can Harm the PC is it really safe?

I did the Scan any way- reports:

 

FAST.txt -

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2013 02
Ran by name (administrator) on NAME-PC on 04-12-2013 16:23:28
Running from C:\Users\name\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\ProgramData\Yes Streamer\MediaServer.exe
(The Chromium Authors) C:\ProgramData\Yes Streamer\berkelium.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Abine Inc.) C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(CallingID Ltd.) C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDGlobalLight.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_9_900_152_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKCU\...\Run: [TBHostSupport] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\name\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
MountPoints2: {46473585-0f20-11e3-80bc-bcaec5df2d4c} - F:\Startme.exe
HKLM-x32\...\Run: [BCU] - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [411864 2010-03-05] (DeviceVM, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
IFEO\ActionCenterDownloader.exe: [Debugger] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe"
IFEO\Deployer.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\DriverBooster.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\Promote.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\Scheduler.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\SDInit.exe: [Debugger] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe"
IFEO\SmartDefrag.exe: [Debugger] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe"
IFEO\UpdateDB.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
Startup: C:\Users\name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.lnk
ShortcutTarget: .lnk -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.il/
URLSearchHook: HKLM-x32 - NCH EN Toolbar - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll (DeviceVM, Inc.)
URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
SearchScopes: HKLM - DefaultScope {30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} URL = http://www.searchya....E&cr=1361127720
SearchScopes: HKLM - {30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} URL = http://www.searchya....E&cr=1361127720
SearchScopes: HKLM-x32 - DefaultScope {30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} URL = http://www.searchya....E&cr=1361127720
SearchScopes: HKLM-x32 - {30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} URL = http://www.searchya....E&cr=1361127720
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT2801948
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylo...000bcaec5df2d4c
SearchScopes: HKCU - {30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} URL = http://www.searchya....E&cr=1361127720
SearchScopes: HKCU - {54DD8777-8136-465F-A8AA-87D4960AA018} URL = http://search.yahoo....&p={searchTerms}
SearchScopes: HKCU - {5911340E-4E3B-480a-81D0-0376EC395497} URL = http://uk.search.yah...icevm&type=EGMB
SearchScopes: HKCU - {5F96FD55-6512-417C-93B3-317933C105FC} URL = http://websearch.ask...40-834D4A36C2F0
SearchScopes: HKCU - {98D0C22A-6095-48DC-A630-CED97A7F603B} URL = http://search.condui...648475932843724
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL =
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: No Name - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -  No File
BHO-x32: NCH EN Toolbar - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
BHO-x32: AccelerateTab - {48A789BF-F6D6-4930-9C8B-77855A63EDE1} - C:\Program Files (x86)\Secure Speed Dial\IE\SpeedDial.dll (Secure Speed Dial)
BHO-x32: . - {5adefb9e-b824-45e6-86e2-2b7941f5d6a3} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - NCH EN Toolbar - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {37483B40-C254-4A72-BDA4-22EE90182C1E} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield....er_1.0.80.2.cab
DPF: HKLM-x32 {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.26.0.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

Chrome:
=======


CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Java Deployment Toolkit 6.0.330.3) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Extension: (Avira Toolbar) - C:\Users\huber\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl\7.15.28.54987_0
CHR Extension: (YouTube) - C:\Users\huber\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\name\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AccelerateTab) - C:\Users\name\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0
CHR Extension: (!\u05D5\u05D5\u05D0\u05DC\u05D4) - C:\Users\huber\AppData\Local\Google\Chrome\User Data\Default\Extensions\hifljmdhcpanibegopehdlcpjknfnbpm\1.6_0
CHR Extension: (Walla) - C:\Users\name\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfjhiccppafcjicfalobggnophliocpp\10.22.5.510_0
CHR Extension: (Google Wallet) - C:\Users\name\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (AD Block) - C:\Users\name\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojkdcodhlkmiakbangobnmdhieapagic\1.0.0_0
CHR Extension: (Gmail) - C:\Users\name\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\huber\AppData\Local\speeddial.crx
CHR HKLM-x32\...\Chrome\Extension: [aaaaabfjnbeinlpljodiajipidiompfl] - C:\Users\huber\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.18.0.crx
CHR HKLM-x32\...\Chrome\Extension: [hifljmdhcpanibegopehdlcpjknfnbpm] - C:\Users\huber\AppData\Local\walla_app.crx
CHR HKLM-x32\...\Chrome\Extension: [jfjhiccppafcjicfalobggnophliocpp] - C:\Users\huber\AppData\Local\CRE\jfjhiccppafcjicfalobggnophliocpp.crx
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [878368 2013-10-25] (IObit)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-10-25] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-06-29] ()
S2 SecureUpdateSvc; C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe [2473296 2013-10-30] ()
R2 YesMediaServer; C:\ProgramData\Yes Streamer\MediaServer.exe [5480232 2011-10-15] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-12-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [203888 2012-03-20] (Microsoft Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2013-05-22] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2011-08-20] ()
U3 axldb4vz; C:\Windows\System32\Drivers\axldb4vz.sys [0 ] (Microsoft Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-04 16:23 - 2013-12-04 16:23 - 00016542 _____ C:\Users\name\Downloads\FRST.txt
2013-12-04 16:23 - 2013-12-04 16:23 - 00000000 ____D C:\FRST
2013-12-04 16:20 - 2013-12-04 16:20 - 01959614 _____ (Farbar) C:\Users\name\Downloads\FRST64.exe
2013-12-03 17:09 - 2013-12-03 17:09 - 00000000 ____D C:\Users\name\AppData\Local\TBHostSupport
2013-12-02 06:02 - 2013-12-03 04:57 - 00064512 ___SH C:\Users\name\Downloads\Thumbs.db
2013-11-21 23:42 - 2013-11-23 16:29 - 00000000 ____D C:\Program Files\Google
2013-11-15 19:55 - 2013-11-16 20:04 - 00000284 _____ C:\Windows\Tasks\Driver Booster Update.job
2013-11-15 19:55 - 2013-11-15 19:58 - 00003216 _____ C:\Windows\System32\Tasks\Driver Booster Scan
2013-11-15 19:55 - 2013-11-15 19:58 - 00002560 _____ C:\Windows\System32\Tasks\Driver Booster Update
2013-11-15 19:55 - 2013-11-15 19:55 - 00001180 _____ C:\Users\Public\Desktop\Driver Booster.lnk
2013-11-14 12:58 - 2013-11-14 12:58 - 00000000 ____D C:\Users\huber\AppData\Local\WhiteListing
2013-11-13 15:38 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-13 15:37 - 2013-11-13 15:37 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-13 15:37 - 2013-11-13 15:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-13 15:37 - 2013-11-13 15:37 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-13 15:37 - 2013-11-13 15:37 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-13 15:37 - 2013-11-13 15:37 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-13 15:37 - 2013-11-13 15:37 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-13 15:37 - 2013-11-13 15:37 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-13 15:37 - 2013-11-13 15:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-13 15:37 - 2013-11-13 15:37 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-13 15:37 - 2013-11-13 15:37 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-13 15:37 - 2013-11-13 15:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-13 15:14 - 2013-12-03 05:13 - 00000000 ____D C:\ProgramData\ProductData
2013-11-13 15:14 - 2013-11-13 15:14 - 00003094 _____ C:\Windows\System32\Tasks\ASC7_PerformanceMonitor
2013-11-13 15:14 - 2013-11-13 15:14 - 00001237 _____ C:\Users\name\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2013-11-13 15:14 - 2013-11-13 15:14 - 00000000 ____D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-11-13 15:13 - 2013-12-04 15:13 - 00002205 _____ C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2013-11-13 15:13 - 2013-11-13 15:13 - 00002850 _____ C:\Windows\System32\Tasks\ASC7_SkipUac_huber
2013-11-13 13:54 - 2013-11-13 13:54 - 00000000 ____D C:\Users\Default\AppData\Roaming\IObit
2013-11-13 13:54 - 2013-11-13 13:54 - 00000000 ____D C:\Users\Default User\AppData\Roaming\IObit
2013-11-13 09:52 - 2013-11-13 09:52 - 00010411 _____ C:\Users\name\Downloads\fNEM1D81pmha_soCZ9qkE6W1pxF7ImkiOiAiKjU3MzQ0QzZGRUIxOCIsICJjIjogImltYWdlL3RpZmYiLCAidiI6IDEsICJuIjogImh1YmVyNTk5In0=.tif
2013-11-13 04:37 - 2013-10-12 04:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 04:37 - 2013-10-12 04:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 04:37 - 2013-10-12 04:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 04:37 - 2013-10-12 04:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 04:37 - 2013-10-12 04:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 04:37 - 2013-10-05 22:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 04:37 - 2013-10-05 21:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 04:37 - 2013-10-04 04:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 04:37 - 2013-10-04 04:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 04:37 - 2013-10-04 04:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 04:37 - 2013-10-04 03:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 04:37 - 2013-10-04 03:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 04:37 - 2013-10-04 03:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 04:37 - 2013-10-03 04:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 04:37 - 2013-10-03 04:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 04:37 - 2013-09-28 03:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 04:37 - 2013-09-25 04:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 04:37 - 2013-09-25 04:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 04:37 - 2013-09-25 04:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 04:37 - 2013-09-25 04:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 04:37 - 2013-09-25 04:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 04:37 - 2013-09-25 04:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 04:37 - 2013-09-25 04:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 04:37 - 2013-09-25 04:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 04:37 - 2013-09-25 03:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 04:37 - 2013-09-25 03:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 04:37 - 2013-09-25 03:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 04:37 - 2013-09-25 03:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 04:37 - 2013-09-25 03:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 04:37 - 2013-07-04 14:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-10 18:54 - 2013-11-10 18:55 - 03628032 _____ C:\Users\name\Downloads\un-noBio.pps
2013-11-09 13:54 - 2013-12-02 12:47 - 00003168 _____ C:\Windows\System32\Tasks\SmartDefrag_Startup
2013-11-09 13:54 - 2013-12-02 12:47 - 00003166 _____ C:\Windows\System32\Tasks\SmartDefragUpdate
2013-11-09 13:54 - 2013-05-22 18:49 - 00032600 _____ (IObit) C:\Windows\system32\SmartDefragBootTime.exe
2013-11-09 13:52 - 2013-11-09 13:52 - 00001170 _____ C:\Users\Public\Desktop\Smart Defrag 2.lnk
2013-11-09 13:52 - 2013-05-22 18:49 - 00017720 _____ C:\Windows\system32\Drivers\SmartDefragDriver.sys
2013-11-04 13:29 - 2013-11-04 13:29 - 00000000 ____D C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}

==================== One Month Modified Files and Folders =======

2013-12-04 16:24 - 2011-12-18 21:56 - 08168998 _____ C:\Windows\SysWOW64\YesMediaShare.log
2013-12-04 16:23 - 2013-12-04 16:23 - 00016542 _____ C:\Users\name\Downloads\FRST.txt
2013-12-04 16:23 - 2013-12-04 16:23 - 00000000 ____D C:\FRST
2013-12-04 16:23 - 2012-04-07 19:37 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-04 16:20 - 2013-12-04 16:20 - 01959614 _____ (Farbar) C:\Users\name\Downloads\FRST64.exe
2013-12-04 15:47 - 2013-06-27 15:41 - 01558747 _____ C:\Windows\WindowsUpdate.log
2013-12-04 15:34 - 2011-10-02 16:06 - 00000926 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-04 15:13 - 2013-11-13 15:13 - 00002205 _____ C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2013-12-04 08:34 - 2011-10-02 16:06 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-04 04:45 - 2013-03-04 20:02 - 00000000 ____D C:\Users\name\AppData\Local\DoNotTrackPlus
2013-12-04 00:05 - 2011-12-18 21:56 - 10240103 _____ C:\Windows\SysWOW64\YesMediaShare.log.1
2013-12-03 17:09 - 2013-12-03 17:09 - 00000000 ____D C:\Users\name\AppData\Local\TBHostSupport
2013-12-03 15:38 - 2013-10-28 01:27 - 00006003 _____ C:\Users\name\Desktop\עד לרמה 27 בזומבים.txt
2013-12-03 15:21 - 2009-07-14 06:45 - 00023904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-03 15:21 - 2009-07-14 06:45 - 00023904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-03 15:18 - 2009-07-14 07:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-03 15:13 - 2011-12-18 21:56 - 00000000 _____ C:\Windows\SysWOW64\chrome.log
2013-12-03 15:13 - 2011-12-18 21:55 - 00000000 ____D C:\ProgramData\Yes Streamer
2013-12-03 15:13 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-03 11:19 - 2013-03-28 22:06 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-03 05:13 - 2013-11-13 15:14 - 00000000 ____D C:\ProgramData\ProductData
2013-12-03 04:57 - 2013-12-02 06:02 - 00064512 ___SH C:\Users\name\Downloads\Thumbs.db
2013-12-03 01:34 - 2011-12-18 21:56 - 10240113 _____ C:\Windows\SysWOW64\YesMediaShare.log.2
2013-12-02 12:47 - 2013-11-09 13:54 - 00003168 _____ C:\Windows\System32\Tasks\SmartDefrag_Startup
2013-12-02 12:47 - 2013-11-09 13:54 - 00003166 _____ C:\Windows\System32\Tasks\SmartDefragUpdate
2013-12-02 10:17 - 2011-12-18 21:56 - 10240031 _____ C:\Windows\SysWOW64\YesMediaShare.log.3
2013-12-02 06:32 - 2011-08-20 09:04 - 00000000 ____D C:\Program Files (x86)\Steam
2013-12-01 19:20 - 2011-12-18 21:56 - 10240422 _____ C:\Windows\SysWOW64\YesMediaShare.log.4
2013-11-30 23:27 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-30 18:56 - 2011-12-18 21:56 - 10240026 _____ C:\Windows\SysWOW64\YesMediaShare.log.5
2013-11-27 14:39 - 2011-12-02 17:00 - 00000000 ____D C:\Users\name\AppData\Local\Apache
2013-11-24 08:29 - 2011-10-02 16:06 - 00003922 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-24 08:29 - 2011-10-02 16:06 - 00003670 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-23 16:29 - 2013-11-21 23:42 - 00000000 ____D C:\Program Files\Google
2013-11-23 16:29 - 2011-10-02 16:06 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-22 18:59 - 2011-08-20 09:09 - 00000000 ____D C:\Users\name\AppData\Roaming\IObit
2013-11-22 00:36 - 2011-08-25 23:33 - 00000000 ____D C:\Users\name\AppData\Local\Google
2013-11-21 23:47 - 2012-12-16 22:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-11-21 23:44 - 2013-01-13 22:40 - 00000000 ____D C:\Users\name\AppData\Local\Adobe
2013-11-21 23:42 - 2012-04-07 19:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-21 23:42 - 2012-04-07 19:37 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-21 23:42 - 2011-08-20 09:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-21 23:36 - 2013-09-16 18:29 - 00000000 ____D C:\Program Files (x86)\Secure Speed Dial
2013-11-18 00:42 - 2012-11-30 03:38 - 00007675 _____ C:\Users\name\Desktop\automate missins - update.txt
2013-11-16 20:04 - 2013-11-15 19:55 - 00000284 _____ C:\Windows\Tasks\Driver Booster Update.job
2013-11-15 19:58 - 2013-11-15 19:55 - 00003216 _____ C:\Windows\System32\Tasks\Driver Booster Scan
2013-11-15 19:58 - 2013-11-15 19:55 - 00002560 _____ C:\Windows\System32\Tasks\Driver Booster Update
2013-11-15 19:55 - 2013-11-15 19:55 - 00001180 _____ C:\Users\Public\Desktop\Driver Booster.lnk
2013-11-15 19:55 - 2011-08-20 09:09 - 00000000 ____D C:\Program Files (x86)\IObit
2013-11-15 19:51 - 2011-08-20 08:15 - 00000000 ____D C:\Users\name
2013-11-14 12:58 - 2013-11-14 12:58 - 00000000 ____D C:\Users\name\AppData\Local\WhiteListing
2013-11-14 12:36 - 2013-03-28 22:06 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-14 05:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-11-13 16:12 - 2011-08-20 09:05 - 00000000 ____D C:\Windows\Panther
2013-11-13 15:48 - 2011-08-20 08:16 - 00001413 _____ C:\Users\name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-13 15:44 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-13 15:37 - 2013-11-13 15:37 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-13 15:37 - 2013-11-13 15:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-13 15:37 - 2013-11-13 15:37 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-13 15:37 - 2013-11-13 15:37 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-13 15:37 - 2013-11-13 15:37 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-13 15:37 - 2013-11-13 15:37 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-13 15:37 - 2013-11-13 15:37 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-13 15:37 - 2013-11-13 15:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-13 15:37 - 2013-11-13 15:37 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-13 15:37 - 2013-11-13 15:37 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-13 15:37 - 2013-11-13 15:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-13 15:37 - 2013-11-13 15:37 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-13 15:37 - 2013-11-13 15:37 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-13 15:35 - 2009-07-14 04:34 - 00000499 _____ C:\Windows\win.ini
2013-11-13 15:34 - 2013-07-26 21:29 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 15:33 - 2011-08-23 04:10 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 15:14 - 2013-11-13 15:14 - 00003094 _____ C:\Windows\System32\Tasks\ASC7_PerformanceMonitor
2013-11-13 15:14 - 2013-11-13 15:14 - 00001237 _____ C:\Users\name\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2013-11-13 15:14 - 2013-11-13 15:14 - 00000000 ____D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-11-13 15:13 - 2013-11-13 15:13 - 00002850 _____ C:\Windows\System32\Tasks\ASC7_SkipUac_huber
2013-11-13 15:13 - 2011-09-16 16:34 - 00000000 ____D C:\ProgramData\IObit
2013-11-13 13:54 - 2013-11-13 13:54 - 00000000 ____D C:\Users\Default\AppData\Roaming\IObit
2013-11-13 13:54 - 2013-11-13 13:54 - 00000000 ____D C:\Users\Default User\AppData\Roaming\IObit
2013-11-13 09:52 - 2013-11-13 09:52 - 00010411 _____ C:\Users\name\Downloads\fNEM1D81pmha_soCZ9qkE6W1pxF7ImkiOiAiKjU3MzQ0QzZGRUIxOCIsICJjIjogImltYWdlL3RpZmYiLCAidiI6IDEsICJuIjogImh1YmVyNTk5In0=.tif
2013-11-11 05:50 - 2010-11-21 05:27 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-10 18:55 - 2013-11-10 18:54 - 03628032 _____ C:\Users\name\Downloads\un-noBio.pps
2013-11-09 13:52 - 2013-11-09 13:52 - 00001170 _____ C:\Users\Public\Desktop\Smart Defrag 2.lnk
2013-11-04 13:29 - 2013-11-04 13:29 - 00000000 ____D C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}

Some content of TEMP:
====================
C:\Users\name\AppData\Local\Temp\avgnt.exe
C:\Users\name\AppData\Local\Temp\setup.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-11-30 11:35

==================== End Of Log ============================

 

 

Addition.txt -

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2013 02
Ran by huber at 2013-12-04 16:24:09
Running from C:\Users\name\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

AccelerateTab (x32 Version: 1.4)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.152)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.0.112)
Advanced SystemCare 7 (x32 Version: 7.0.5)
Advertising Center (x32 Version: 0.0.0.1)
Air Conflicts Secret Wars (HKCU)
Air Conflicts: Vietnam (x32 Version: 1)
Alien Swarm (x32)
Aliens: Colonial Marines (x32)
AMD Accelerated Video Transcoding (Version: 13.15.100.31008)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Control Center (x32 Version: 2013.1008.932.15229)
AMD Catalyst Install Manager (Version: 8.0.915.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.81008.0920)
Apache: Air Assault (x32 Version: 1.0.0.1)
Ask Toolbar (x32 Version: 1.15.26.0)
Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.4.5.0)
ATI AVIVO64 Codecs (Version: 11.6.0.50930)
ATI Problem Report Wizard (Version: 3.0.795.0)
Avira Free Antivirus (x32 Version: 14.0.1.759)
Battlefield Play4Free (HKCU)
BitTorrent (x32 Version: 7.2.1)
Browser Configuration Utility (x32 Version: 1.0.12.1)
BSPlayer (x32)
Call of Duty: Black Ops - Multiplayer (x32)
Call of Duty: Black Ops (x32)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1008.932.15229)
Catalyst Control Center InstallProxy (x32 Version: 2013.1008.932.15229)
Catalyst Control Center Localization All (x32 Version: 2013.1008.932.15229)
CCC Help Chinese Standard (x32 Version: 2013.1008.0931.15229)
CCC Help Chinese Traditional (x32 Version: 2013.1008.0931.15229)
CCC Help Czech (x32 Version: 2013.1008.0931.15229)
CCC Help Danish (x32 Version: 2013.1008.0931.15229)
CCC Help Dutch (x32 Version: 2013.1008.0931.15229)
CCC Help English (x32 Version: 2013.1008.0931.15229)
CCC Help Finnish (x32 Version: 2013.1008.0931.15229)
CCC Help French (x32 Version: 2013.1008.0931.15229)
CCC Help German (x32 Version: 2013.1008.0931.15229)
CCC Help Greek (x32 Version: 2013.1008.0931.15229)
CCC Help Hungarian (x32 Version: 2013.1008.0931.15229)
CCC Help Italian (x32 Version: 2013.1008.0931.15229)
CCC Help Japanese (x32 Version: 2013.1008.0931.15229)
CCC Help Korean (x32 Version: 2013.1008.0931.15229)
CCC Help Norwegian (x32 Version: 2013.1008.0931.15229)
CCC Help Polish (x32 Version: 2013.1008.0931.15229)
CCC Help Portuguese (x32 Version: 2013.1008.0931.15229)
CCC Help Russian (x32 Version: 2013.1008.0931.15229)
CCC Help Spanish (x32 Version: 2013.1008.0931.15229)
CCC Help Swedish (x32 Version: 2013.1008.0931.15229)
CCC Help Thai (x32 Version: 2013.1008.0931.15229)
CCC Help Turkish (x32 Version: 2013.1008.0931.15229)
ccc-utility64 (Version: 2013.1008.932.15229)
CCleaner (Version: 3.22)
Driver Booster (x32 Version: 1.0)
Foxit Reader (x32 Version: 5.4.5.124)
Google Chrome (x32 Version: 31.0.1650.57)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.22.3)
HydraVision (x32 Version: 4.2.180.0)
IObit Uninstaller (x32 Version: 3.0.3.1064)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Jurassic Park The Game (x32 Version: 1.0.0.15)
K-Lite Codec Pack 7.2.0 (Full) (x32 Version: 7.2.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (x32 Version: 3.5.30730.0)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
NCH EN Toolbar (x32 Version: 6.8.2.0)
Nero ControlCenter (x32 Version: 9.0.0.1)
Nero Installer (x32 Version: 4.4.9.0)
Nero Online Upgrade (x32 Version: 1.3.0.0)
Nero StartSmart OEM (x32 Version: 9.4.10.100)
neroxml (x32 Version: 1.0.0)
PunkBuster Services (x32 Version: 0.990)
Realtek Ethernet Controller Driver (x32 Version: 7.37.1229.2010)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6251)
Smart Defrag 2 (x32 Version: 2.9)
SpeedFan (remove only) (x32)
Steam (x32 Version: 1.0.0.0)
Surfing Protection (x32 Version: 1.0)
swMSM (x32 Version: 12.0.0.1)
System Requirements Lab CYRI (x32 Version: 4.4.26.0)
Tom Clancy's H.A.W.X (x32 Version: 1.02.00000)
TVersity Codec Pack 1.7 (x32 Version: 1.7)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)
WinRAR 4.00 (64-bit) (Version: 4.00.0)
World of Tanks v.0.7.0 (x32)
Xiph.Org Open Codecs 0.85.17777 (x32 Version: 0.85.17777)
Yes Streamer 1.3Beta (x32 Version: 1.3Beta)

==================== Restore Points  =========================

19-11-2013 12:41:50 Windows Update
21-11-2013 21:47:33 Windows Update
21-11-2013 22:35:57 Before uninstalling Google Toolbar for Internet Explorer
23-11-2013 01:00:14 Windows Update
26-11-2013 19:23:27 Windows Update
03-12-2013 13:09:07 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {2512B675-C250-4BF5-9992-544E293BB874} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-02] (Google Inc.)
Task: {42C7BF62-1D35-480D-ABE8-F07D27E5E26A} - System32\Tasks\ASC7_SkipUac_huber => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2013-10-28] (IObit)
Task: {61476729-A89A-407C-A471-E4854CA90120} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-02-08] ()
Task: {924C4FC2-2FBA-4FA1-9992-AE2CD2B6280B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {A109D3BD-5D7D-4AF0-8C51-A744FDAF4C1D} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe [2013-09-13] (IObit)
Task: {A5BAB2DC-6A7C-4B56-849E-57B7BF44923D} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2013-09-08] (IObit)
Task: {BABF7A62-9BA9-407A-8B29-69BEA46C4A9B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-02] (Google Inc.)
Task: {BDEB45C5-9D2C-47C5-BCEC-0AA74A42E48D} - System32\Tasks\{CFE84E0E-4C51-4F70-B18D-4E3F35569D3B} => C:\Program Files (x86)\Steam\steamapps\common\call of duty black ops\BlackOps.exe [2013-05-25] ()
Task: {C9752871-B796-4531-9B5A-8A4E306DA3A5} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {CB5126C0-CFA9-48F2-B97B-FB84623E05E6} - System32\Tasks\SmartDefragUpdate => C:\Program Files (x86)\IObit\Smart Defrag 2\AutoUpdate.exe [2013-05-22] (IObit)
Task: {D3B270FE-DCAE-4005-9114-551CED198105} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2013-09-08] (IObit)
Task: {E9792658-1D26-4F67-9943-FEEB7737A633} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-08-22] (Piriform Ltd)
Task: {F36AAB2A-075C-4D2F-BB9F-52199B9FBAAF} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe [2013-10-25] (IObit)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Driver Booster Update.job => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-08-20 08:49 - 2011-03-02 21:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2013-11-13 15:13 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\sqlite3.dll
2013-02-23 18:09 - 2013-02-23 18:02 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2011-08-19 18:02 - 2011-08-19 18:02 - 00102184 _____ () C:\ProgramData\Yes Streamer\EasyHook32.dll
2011-08-19 18:02 - 2011-08-19 18:02 - 00081704 _____ () C:\ProgramData\Yes Streamer\portaudio_x86.dll
2011-08-19 18:02 - 2011-08-19 18:02 - 00556840 _____ () C:\ProgramData\Yes Streamer\taglib.dll
2011-08-19 18:02 - 2011-08-19 18:02 - 00225064 _____ () C:\ProgramData\Yes Streamer\CORE_RL_lcms_.dll
2011-08-19 18:02 - 2011-08-19 18:02 - 00031528 _____ () C:\ProgramData\Yes Streamer\CORE_RL_xlib_.dll
2011-08-19 18:02 - 2011-08-19 18:02 - 00716584 _____ () C:\ProgramData\Yes Streamer\log4cxx.dll
2011-08-19 18:01 - 2011-08-19 18:01 - 04534072 _____ () C:\ProgramData\Yes Streamer\avcodec-52.dll
2011-08-19 18:01 - 2011-08-19 18:01 - 00083768 _____ () C:\ProgramData\Yes Streamer\avutil-50.dll
2011-08-19 18:02 - 2011-08-19 18:02 - 00313640 _____ () C:\ProgramData\Yes Streamer\libmp3lame-0.dll
2011-08-19 18:01 - 2011-08-19 18:01 - 00795448 _____ () C:\ProgramData\Yes Streamer\avformat-52.dll
2011-08-19 18:02 - 2011-08-19 18:02 - 00203064 _____ () C:\ProgramData\Yes Streamer\swscale-0.dll
2011-09-05 16:28 - 2011-09-05 16:28 - 00562072 _____ () C:\ProgramData\Yes Streamer\sqlite3.dll
2011-08-19 18:02 - 2011-08-19 18:02 - 00143144 _____ () C:\ProgramData\Yes Streamer\fribidi.dll
2009-08-01 06:39 - 2009-08-01 06:39 - 00503202 _____ () C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
2013-03-10 23:39 - 2013-03-10 23:39 - 00227192 _____ () C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPButton.dll
2013-03-10 23:39 - 2013-03-10 23:39 - 00597880 _____ () C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPContentFilter.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/04/2013 05:50:08 AM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x00038e19
Faulting process id: 0x1fa8
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (12/03/2013 10:51:38 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: ASCUrlScanner.dll_unloaded, version: 0.0.0.0, time stamp: 0x5237ff12
Exception code: 0xc0000005
Fault offset: 0x07ba0537
Faulting process id: 0x21e0
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (12/03/2013 10:21:03 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x80000002
Fault offset: 0x771fd7e8
Faulting process id: 0xf5c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (12/03/2013 03:38:28 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000374
Fault offset: 0x000ce753
Faulting process id: 0xdf4
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (12/03/2013 03:14:54 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/03/2013 03:11:19 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xa7e67c6b
Faulting process id: 0x2dc
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (12/03/2013 02:27:03 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: ASCUrlScanner.dll_unloaded, version: 0.0.0.0, time stamp: 0x5237ff12
Exception code: 0xc0000005
Fault offset: 0x07f60537
Faulting process id: 0x119c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (12/03/2013 05:15:46 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (12/03/2013 05:08:55 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/03/2013 05:08:35 AM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

System errors:
=============
Error: (12/03/2013 03:14:47 PM) (Source: Service Control Manager) (User: )
Description: The SecureUpdate service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/03/2013 01:22:47 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the YesMediaServer service.

Error: (12/03/2013 01:22:12 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the YesMediaServer service.

Error: (12/03/2013 11:56:21 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the YesMediaServer service.

Error: (12/03/2013 05:09:05 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (12/03/2013 05:08:53 AM) (Source: Service Control Manager) (User: )
Description: The SecureUpdate service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/03/2013 05:08:35 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/03/2013 05:08:35 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (12/02/2013 07:18:53 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (12/02/2013 07:18:29 AM) (Source: Service Control Manager) (User: )
Description: The SecureUpdate service terminated unexpectedly.  It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (12/04/2013 05:50:08 AM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.16428525b664cntdll.dll6.1.7601.18247521ea8e7c000000500038e191fa801cef09ae64f432eC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dll2ad5e3c0-5c97-11e3-8db4-bcaec5df2d4c

Error: (12/03/2013 10:51:38 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.16428525b664cASCUrlScanner.dll_unloaded0.0.0.05237ff12c000000507ba053721e001cef065442b9874C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEASCUrlScanner.dllb3e2dae8-5c5c-11e3-8db4-bcaec5df2d4c

Error: (12/03/2013 10:21:03 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.16428525b664cunknown0.0.0.00000000080000002771fd7e8f5c01cef060fd528474C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown6e4572b4-5c58-11e3-8db4-bcaec5df2d4c

Error: (12/03/2013 03:38:28 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.16428525b664cntdll.dll6.1.7601.18247521ea8e7c0000374000ce753df401cef02a3a454dbeC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dll30980058-5c20-11e3-8db4-bcaec5df2d4c

Error: (12/03/2013 03:14:54 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/03/2013 03:11:19 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.16428525b664cunknown0.0.0.000000000c0000005a7e67c6b2dc01cef0259e30dea6C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown65d88b12-5c1c-11e3-8922-bcaec5df2d4c

Error: (12/03/2013 02:27:03 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.16428525b664cASCUrlScanner.dll_unloaded0.0.0.05237ff12c000000507f60537119c01cef01a8ee2c703C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEASCUrlScanner.dll36c146c1-5c16-11e3-8922-bcaec5df2d4c

Error: (12/03/2013 05:15:46 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\ATI Technologies\PRW\amdprw.exe

Error: (12/03/2013 05:08:55 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/03/2013 05:08:35 AM) (Source: Windows Search Service)(User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

==================== Memory info ===========================

Percentage of memory in use: 34%
Total physical RAM: 4077.26 MB
Available physical RAM: 2674.25 MB
Total Pagefile: 10190.44 MB
Available Pagefile: 7839.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.21 GB) (Free:59.95 GB) NTFS
Drive d: () (Fixed) (Total:270.45 GB) (Free:214.61 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 4FE04FDF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=270 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

can delete those files 2x logs? thx

and how much time is couple of days that ok to delete quarantine malware???

please help with this thanks.


Edited by TripleTripe, 04 December 2013 - 03:11 PM.


#7 Broni Re: [RESOLVED] TBhostsupport Conduit problem

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 35,213 posts
  • 2,049 topics
    • Time Online: 209d 1h 10m 21s
  • Joined October 04, 2004
  • Age: 60
  • Skin: Smartest wide
  • Local time: 04:48 AM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Offline

Posted 04 December 2013 - 04:30 PM

p22002970.gif Uninstall Advanced SystemCare 7.

Registry cleaners/optimizers are not recommended for several reasons:
 

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes.  If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.
 

 

 

p22002970.gif Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attached Files


p22003266.jpg  p22003279.jpgp4279089.jpg


#8 TripleTripe Re: [RESOLVED] TBhostsupport Conduit problem

TripleTripe

    Member

  • Topic Starter
  • Members
  • 54 posts
  • 4 topics
    • Time Online: 1d 4h 38m 22s
  • Joined December 03, 2013
  • Age: 23
  • Local time: 02:48 PM
  • Zodiac:Aquarius
  • Gender:Male
  • Location:Be'er Sheva
  • OS:Windows 7
  • Country:
Offline

Posted 04 December 2013 - 07:08 PM

questions- so remove the program for ever?

do you use registry cleaner sometimes? if recomend TuneUp 2014 ?

 

I downloaded the fixlist.txt - please tell me if i do the right way-

 

1) first delete Advance system care 7

2) I open new folder name: FAST64 (for it's own) - put there both 4 files- (Additional.txt- FAST64.exe - fixlist.txt - FAST.txt )

placed on: C:\Users\name\Downloads\FAST

 

now I need to open the FAST.txt and Run (start) the FAST64 , than I pressing Fix and waiting, and bring the Fixlog.txt ?

sorry didnt want to do some worng. thx for help.


Edited by TripleTripe, 04 December 2013 - 07:13 PM.


#9 Broni Re: [RESOLVED] TBhostsupport Conduit problem

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 35,213 posts
  • 2,049 topics
    • Time Online: 209d 1h 10m 21s
  • Joined October 04, 2004
  • Age: 60
  • Skin: Smartest wide
  • Local time: 04:48 AM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Offline

Posted 04 December 2013 - 07:30 PM

do you use registry cleaner sometimes?

 

Never and  I posted above why.

 

You just run FRST64 and press "Fix" button. No need to open anything else.

 

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.


p22003266.jpg  p22003279.jpgp4279089.jpg


#10 TripleTripe Re: [RESOLVED] TBhostsupport Conduit problem

TripleTripe

    Member

  • Topic Starter
  • Members
  • 54 posts
  • 4 topics
    • Time Online: 1d 4h 38m 22s
  • Joined December 03, 2013
  • Age: 23
  • Local time: 02:48 PM
  • Zodiac:Aquarius
  • Gender:Male
  • Location:Be'er Sheva
  • OS:Windows 7
  • Country:
Offline

Posted 04 December 2013 - 07:56 PM

roger my friend, here is the Fixlog.txt -

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-12-2013
Ran by huber at 2013-12-04 21:54:19 Run:1
Running from C:\Users\huber\Downloads\FAST
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKCU\...\Run: [TBHostSupport] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\huber\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
C:\Users\huber\AppData\Local\TBHostSupport
MountPoints2: {46473585-0f20-11e3-80bc-bcaec5df2d4c} - F:\Startme.exe
URLSearchHook: HKLM-x32 - NCH EN Toolbar - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
C:\Program Files (x86)\NCH_EN
SearchScopes: HKLM - DefaultScope {30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} URL = http://www.searchya....E&cr=1361127720
SearchScopes: HKLM - {30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} URL = http://www.searchya....E&cr=1361127720
SearchScopes: HKLM-x32 - DefaultScope {30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} URL = http://www.searchya....E&cr=1361127720
SearchScopes: HKLM-x32 - {30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} URL = http://www.searchya....E&cr=1361127720
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT2801948
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylo...000bcaec5df2d4c
SearchScopes: HKCU - {30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} URL = http://www.searchya....E&cr=1361127720
SearchScopes: HKCU - {98D0C22A-6095-48DC-A630-CED97A7F603B} URL = http://search.condui...648475932843724
BHO: No Name - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -  No File
BHO-x32: NCH EN Toolbar - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - NCH EN Toolbar - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {37483B40-C254-4A72-BDA4-22EE90182C1E} -  No File
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.330.3) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2013-12-03 17:09 - 2013-12-03 17:09 - 00000000 ____D C:\Users\huber\AppData\Local\TBHostSupport
C:\Users\huber\AppData\Local\Temp\avgnt.exe
C:\Users\huber\AppData\Local\Temp\setup.exe
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51

*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\TBHostSupport => Value deleted successfully.
C:\Users\huber\AppData\Local\TBHostSupport => Moved successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46473585-0f20-11e3-80bc-bcaec5df2d4c} => Key deleted successfully.
HKCR\CLSID\{46473585-0f20-11e3-80bc-bcaec5df2d4c} => Key not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{37483b40-c254-4a72-bda4-22ee90182c1e} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{37483b40-c254-4a72-bda4-22ee90182c1e} => Key deleted successfully.
C:\Program Files (x86)\NCH_EN => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} => Key deleted successfully.
HKCR\CLSID\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} => Key deleted successfully.
HKCR\CLSID\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{98D0C22A-6095-48DC-A630-CED97A7F603B} => Key deleted successfully.
HKCR\CLSID\{98D0C22A-6095-48DC-A630-CED97A7F603B} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} => Key deleted successfully.
HKCR\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37483b40-c254-4a72-bda4-22ee90182c1e} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{37483b40-c254-4a72-bda4-22ee90182c1e} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{37483b40-c254-4a72-bda4-22ee90182c1e} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{37483b40-c254-4a72-bda4-22ee90182c1e} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{37483B40-C254-4A72-BDA4-22EE90182C1E} => Value deleted successfully.
HKCR\CLSID\{37483B40-C254-4A72-BDA4-22EE90182C1E} => Key not found.
HKCR\PROTOCOLS\Filter\text/xml => Key deleted successfully.
HKCR\CLSID\{807553E5-5146-11D5-A672-00B0D022E945} => Key not found.
C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll not found.
C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\gcswf32.dll not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll not found.
C:\Windows\SysWOW64\npdeployJava1.dll not found.
C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
C:\Windows\system32\Adobe\Director\np32dsw.dll not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
"C:\Users\huber\AppData\Local\TBHostSupport" => File/Directory not found.
C:\Users\huber\AppData\Local\Temp\avgnt.exe => Moved successfully.
C:\Users\huber\AppData\Local\Temp\setup.exe => Moved successfully.
C:\ProgramData\TEMP => ":1CE11B51" ADS removed successfully.

==== End of Fixlog ====

 

just many thanks for your help.

questions: do I can delete the quarantine malware? as I said is party names over there ^^

- the NCH EN toolbar deleted :) do I can remove all it's registry or reboot?

im waiting your order, dont do what didnt need to.


Edited by TripleTripe, 04 December 2013 - 08:13 PM.


#11 Broni Re: [RESOLVED] TBhostsupport Conduit problem

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 35,213 posts
  • 2,049 topics
    • Time Online: 209d 1h 10m 21s
  • Joined October 04, 2004
  • Age: 60
  • Skin: Smartest wide
  • Local time: 04:48 AM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Offline

Posted 04 December 2013 - 09:58 PM

Leave everything alone for now.

 

p22002970.gif Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.

  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

 

p22002970.gif Create new restore point before proceeding with the next step....
How to: http://www.smartestc...nt-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt


p22003266.jpg  p22003279.jpgp4279089.jpg


#12 TripleTripe Re: [RESOLVED] TBhostsupport Conduit problem

TripleTripe

    Member

  • Topic Starter
  • Members
  • 54 posts
  • 4 topics
    • Time Online: 1d 4h 38m 22s
  • Joined December 03, 2013
  • Age: 23
  • Local time: 02:48 PM
  • Zodiac:Aquarius
  • Gender:Male
  • Location:Be'er Sheva
  • OS:Windows 7
  • Country:
Offline

Posted 05 December 2013 - 01:04 AM

roger than mate, doing.

RogueKiller found 7 bad registry, they are in new folder name: RK_Quarantine ,now showing log files:

 

RogueKiller V8.7.11 _x64_ [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : huber [Admin rights]
Mode : Remove -- Date : 12/05/2013 02:57:09
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] berkelium.exe -- C:\ProgramData\Yes Streamer\berkelium.exe [-] -> KILLED [TermProc]
[SUSP PATH][DLL] rundll32.exe -- C:\Users\huber\AppData\Local\TBHostSupport\TBHostSupport.dll [x] -> rundll32.exe KILLED [TermProc]

¤¤¤ Registry Entries : 10 ¤¤¤
[IFEO] HKLM\[...]\ActionCenterDownloader.exe : Debugger ("C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe" [7]) -> DELETED
[IFEO] HKLM\[...]\Deployer.exe : Debugger (C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe [7]) -> DELETED
[IFEO] HKLM\[...]\DriverBooster.exe : Debugger (C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe [7]) -> DELETED
[IFEO] HKLM\[...]\Promote.exe : Debugger (C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe [7]) -> DELETED
[IFEO] HKLM\[...]\Scheduler.exe : Debugger (C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe [7]) -> DELETED
[IFEO] HKLM\[...]\SDInit.exe : Debugger ("C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe" [7]) -> DELETED
[IFEO] HKLM\[...]\SmartDefrag.exe : Debugger ("C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe" [7]) -> DELETED
[IFEO] HKLM\[...]\UpdateDB.exe : Debugger (C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe [7]) -> DELETED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HD502HJ ATA Device +++++
--- User ---
[MBR] 12893a4cfc106895ccf256a23ee1c433
[BSP] dca6e48254042917010fe0ccc5df1bc5 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 199900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409602048 | Size: 276938 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_12052013_025709.txt >>
RKreport[0]_S_12052013_025544.txt

 

--- I will edit for Malwarebytes Anti-Rootkit - report. = need create restore as said.

+ damn I love you are saving life human! thx you my hero! - will add reports Malware anti rookit mate.

 

Edit- can't download it= Internal Server Error :( I do again

again- Service Temporarily Unavailable :(

"The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later."

 

got it, there he is:

 

System-log.txt

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.16428

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.110000 GHz
Memory total: 4275318784, free: 2276229120

Downloaded database version: v2013.12.04.10
Downloaded database version: v2013.10.11.02
=======================================
Initializing...
------------ Kernel report ------------
     12/05/2013 03:23:19
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\spkq.sys
\SystemRoot\System32\Drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\SysWOW64\speedfan.sys
\SystemRoot\System32\Drivers\SmartDefragDriver.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\asmtxhci.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\System32\Drivers\axldb4vz.SYS
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\asmthub3.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\ATMFD.DLL
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\comdlg32.dll
\Windows\System32\kernel32.dll
\Windows\System32\msctf.dll
\Windows\System32\wininet.dll
\Windows\System32\user32.dll
\Windows\System32\nsi.dll
\Windows\System32\urlmon.dll
\Windows\System32\normaliz.dll
\Windows\System32\psapi.dll
\Windows\System32\shlwapi.dll
\Windows\System32\setupapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\lpk.dll
\Windows\System32\ws2_32.dll
\Windows\System32\advapi32.dll
\Windows\System32\imm32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\difxapi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\ole32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\iertutil.dll
\Windows\System32\gdi32.dll
\Windows\System32\usp10.dll
\Windows\System32\shell32.dll
\Windows\System32\sechost.dll
\Windows\System32\clbcatq.dll
\Windows\System32\wintrust.dll
\Windows\System32\comctl32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004dd4060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T1L0-8\
Lower Device Object: 0xfffffa8004b03060
Lower Device Driver Name: \Driver\atapi\
IRP handler 0 of \Driver\atapi points to an unknown module
Unhooking enabled.
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004dd4060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T1L0-8\
Lower Device Object: 0xfffffa8004b03060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004dd4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004c629b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004dd4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004ae4d10, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8004b03060, DeviceName: \Device\Ide\IdeDeviceP3T1L0-8\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a012690740, 0xfffffa8004dd4060, 0xfffffa8007a5d790
Lower DeviceData: 0xfffff8a00f5bc8e0, 0xfffffa8004b03060, 0xfffffa8004010a70
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sptd.sys (0x00000020)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4FE04FDF

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 409395200

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409602048  Numsec = 567169024

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished

 

 

 

mbar-log-2013-12-05 (03-23-23)

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org

Database version: v2013.12.04.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
huber :: HUBER-PC [administrator]

05/12/2013 03:23:23
mbar-log-2013-12-05 (03-23-23).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 224758
Time elapsed: 12 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

 

No had to restart, found 0 ? im ready man ^^


Edited by TripleTripe, 05 December 2013 - 01:42 AM.


#13 Broni Re: [RESOLVED] TBhostsupport Conduit problem

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 35,213 posts
  • 2,049 topics
    • Time Online: 209d 1h 10m 21s
  • Joined October 04, 2004
  • Age: 60
  • Skin: Smartest wide
  • Local time: 04:48 AM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Offline

Posted 05 December 2013 - 01:32 AM

Uploaded it for you here: http://www.sendspace.com/file/3v4arf


p22003266.jpg  p22003279.jpgp4279089.jpg


#14 TripleTripe Re: [RESOLVED] TBhostsupport Conduit problem

TripleTripe

    Member

  • Topic Starter
  • Members
  • 54 posts
  • 4 topics
    • Time Online: 1d 4h 38m 22s
  • Joined December 03, 2013
  • Age: 23
  • Local time: 02:48 PM
  • Zodiac:Aquarius
  • Gender:Male
  • Location:Be'er Sheva
  • OS:Windows 7
  • Country:
Offline

Posted 05 December 2013 - 05:41 AM

srange, again:

 

mbar-log-2013-12-05 (07-26-35)

 

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org

Database version: v2013.12.05.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
huber :: HUBER-PC [administrator]

05/12/2013 07:26:35
mbar-log-2013-12-05 (07-26-35).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 224585
Time elapsed: 12 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

 

system-log

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.16428

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.110000 GHz
Memory total: 4275318784, free: 2276229120

Downloaded database version: v2013.12.04.10
Downloaded database version: v2013.10.11.02
=======================================
Initializing...
------------ Kernel report ------------
     12/05/2013 03:23:19
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\spkq.sys
\SystemRoot\System32\Drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\SysWOW64\speedfan.sys
\SystemRoot\System32\Drivers\SmartDefragDriver.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\asmtxhci.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\System32\Drivers\axldb4vz.SYS
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\asmthub3.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\ATMFD.DLL
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\comdlg32.dll
\Windows\System32\kernel32.dll
\Windows\System32\msctf.dll
\Windows\System32\wininet.dll
\Windows\System32\user32.dll
\Windows\System32\nsi.dll
\Windows\System32\urlmon.dll
\Windows\System32\normaliz.dll
\Windows\System32\psapi.dll
\Windows\System32\shlwapi.dll
\Windows\System32\setupapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\lpk.dll
\Windows\System32\ws2_32.dll
\Windows\System32\advapi32.dll
\Windows\System32\imm32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\difxapi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\ole32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\iertutil.dll
\Windows\System32\gdi32.dll
\Windows\System32\usp10.dll
\Windows\System32\shell32.dll
\Windows\System32\sechost.dll
\Windows\System32\clbcatq.dll
\Windows\System32\wintrust.dll
\Windows\System32\comctl32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004dd4060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T1L0-8\
Lower Device Object: 0xfffffa8004b03060
Lower Device Driver Name: \Driver\atapi\
IRP handler 0 of \Driver\atapi points to an unknown module
Unhooking enabled.
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004dd4060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T1L0-8\
Lower Device Object: 0xfffffa8004b03060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004dd4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004c629b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004dd4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004ae4d10, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8004b03060, DeviceName: \Device\Ide\IdeDeviceP3T1L0-8\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a012690740, 0xfffffa8004dd4060, 0xfffffa8007a5d790
Lower DeviceData: 0xfffff8a00f5bc8e0, 0xfffffa8004b03060, 0xfffffa8004010a70
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sptd.sys (0x00000020)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4FE04FDF

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 409395200

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409602048  Numsec = 567169024

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.16428

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.110000 GHz
Memory total: 4275318784, free: 2505039872

Downloaded database version: v2013.12.05.01
Downloaded database version: v2013.12.05.02
Initializing...
======================
------------ Kernel report ------------
     12/05/2013 07:26:32
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\spkq.sys
\SystemRoot\System32\Drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\SysWOW64\speedfan.sys
\SystemRoot\System32\Drivers\SmartDefragDriver.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\asmtxhci.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\System32\Drivers\axldb4vz.SYS
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\asmthub3.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\comdlg32.dll
\Windows\System32\kernel32.dll
\Windows\System32\msctf.dll
\Windows\System32\wininet.dll
\Windows\System32\user32.dll
\Windows\System32\nsi.dll
\Windows\System32\urlmon.dll
\Windows\System32\normaliz.dll
\Windows\System32\psapi.dll
\Windows\System32\shlwapi.dll
\Windows\System32\setupapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\lpk.dll
\Windows\System32\ws2_32.dll
\Windows\System32\advapi32.dll
\Windows\System32\imm32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\difxapi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\ole32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\iertutil.dll
\Windows\System32\gdi32.dll
\Windows\System32\usp10.dll
\Windows\System32\shell32.dll
\Windows\System32\sechost.dll
\Windows\System32\clbcatq.dll
\Windows\System32\wintrust.dll
\Windows\System32\comctl32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004dd4060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T1L0-8\
Lower Device Object: 0xfffffa8004b03060
Lower Device Driver Name: \Driver\atapi\
IRP handler 0 of \Driver\atapi points to an unknown module
Unhooking enabled.
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004dd4060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T1L0-8\
Lower Device Object: 0xfffffa8004b03060
Lower Device Driver Name: \Driver\atapi\
Device already Exists: 0xfffffa8004010a70
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004dd4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004c629b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004dd4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004ae4d10, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8004b03060, DeviceName: \Device\Ide\IdeDeviceP3T1L0-8\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a00e04b660, 0xfffffa8004dd4060, 0xfffffa8007a5d790
Lower DeviceData: 0xfffff8a00cfe87f0, 0xfffffa8004b03060, 0xfffffa8004010a70
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sptd.sys (0x00000020)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4FE04FDF

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 409395200

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409602048  Numsec = 567169024

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished

 

 



#15 TripleTripe Re: [RESOLVED] TBhostsupport Conduit problem

TripleTripe

    Member

  • Topic Starter
  • Members
  • 54 posts
  • 4 topics
    • Time Online: 1d 4h 38m 22s
  • Joined December 03, 2013
  • Age: 23
  • Local time: 02:48 PM
  • Zodiac:Aquarius
  • Gender:Male
  • Location:Be'er Sheva
  • OS:Windows 7
  • Country:
Offline

Posted 05 December 2013 - 03:49 PM

-bad new- the TBhostsupport folder + file are back some how.. he moved succesfull to quarantine, but is back ? :(

 

do this page can be right? http://greatis.com/a...support.dll.htm - saw that tbhostsupport.dll is dangerus :\

and how to remove it safety? thx m8

 

if you didnt want enter the site, is safe I hope, copy paste from there, you will know:

 

Manual removal instructions:

 

Antivirus Report of %TEMP%\SCOPED_DIR_2560_5282\CRX_INSTALL\TBHOSTSUPPORT\TBHOSTSUPPORT.DLL: %TEMP%\SCOPED_DIR_2560_5282\CRX_INSTALL\TBHOSTSUPPORT\TBHOSTSUPPORT.DLL Conduit (fs) %TEMP%\SCOPED_DIR_2560_5282\CRX_INSTALL\TBHOSTSUPPORT\TBHOSTSUPPORT.DLL Dangerous %TEMP%\SCOPED_DIR_2560_5282\CRX_INSTALL\TBHOSTSUPPORT\TBHOSTSUPPORT.DLL High Risk %temp%\scoped_dir_2560_5282\crx_install\tbhostsupport\tbhostsupport.dll We suggest you to remove TBHOSTSUPPORT.DLL from your computer as soon as possible.
TBHOSTSUPPORT.DLL is known as: Conduit (fs)
MD5 of TBHOSTSUPPORT.DLL = 9fd16d3cc543eb20f067dd6537432082
TBHOSTSUPPORT.DLL size is 458016 bytes.
Full path on a computer: %TEMP%\SCOPED_DIR_2560_5282\CRX_INSTALL\TBHOSTSUPPORT\TBHOSTSUPPORT.DLL
Related Files:
%Temp%\scoped_dir_2560_5282\CRX_INSTALL\tb\sl\serviceLayer.js
%Temp%\scoped_dir_2560_5282\CRX_INSTALL\tb\version.txt
%Temp%\scoped_dir_2560_5282\CRX_INSTALL\TBHostSupport\TBHostSupport.dll
%Temp%\scoped_dir_2560_5282\CRX_INSTALL\_locales\en\messages.json
%Temp%\scoped_dir_792_5037\CRX_INSTALL\Search\html\SearchBackground.html

 

 

Remove TBHOSTSUPPORT.DLL now!

Reviewed by:

by NightWatcher

TBHOSTSUPPORT.DLL Dangerous Rating: 5 out of 5     ---- they right, "TBHOSTSUPPORT.DLL size is 458016 bytes" :-(

 

 

--- 2x log files from RogueKiller, pasted up there 1, here they both:

 

1)

RogueKiller V8.7.11 _x64_ [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : huber [Admin rights]
Mode : Remove -- Date : 12/05/2013 02:57:09
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] berkelium.exe -- C:\ProgramData\Yes Streamer\berkelium.exe [-] -> KILLED [TermProc]
[SUSP PATH][DLL] rundll32.exe -- C:\Users\huber\AppData\Local\TBHostSupport\TBHostSupport.dll [x] -> rundll32.exe KILLED [TermProc]

¤¤¤ Registry Entries : 10 ¤¤¤
[IFEO] HKLM\[...]\ActionCenterDownloader.exe : Debugger ("C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe" [7]) -> DELETED
[IFEO] HKLM\[...]\Deployer.exe : Debugger (C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe [7]) -> DELETED
[IFEO] HKLM\[...]\DriverBooster.exe : Debugger (C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe [7]) -> DELETED
[IFEO] HKLM\[...]\Promote.exe : Debugger (C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe [7]) -> DELETED
[IFEO] HKLM\[...]\Scheduler.exe : Debugger (C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe [7]) -> DELETED
[IFEO] HKLM\[...]\SDInit.exe : Debugger ("C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe" [7]) -> DELETED
[IFEO] HKLM\[...]\SmartDefrag.exe : Debugger ("C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe" [7]) -> DELETED
[IFEO] HKLM\[...]\UpdateDB.exe : Debugger (C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe [7]) -> DELETED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HD502HJ ATA Device +++++
--- User ---
[MBR] 12893a4cfc106895ccf256a23ee1c433
[BSP] dca6e48254042917010fe0ccc5df1bc5 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 199900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409602048 | Size: 276938 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_12052013_025709.txt >>
RKreport[0]_S_12052013_025544.txt

 

 

2)

RogueKiller V8.7.11 _x64_ [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : huber [Admin rights]
Mode : Scan -- Date : 12/05/2013 02:55:44
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] berkelium.exe -- C:\ProgramData\Yes Streamer\berkelium.exe [-] -> KILLED [TermProc]
[SUSP PATH][DLL] rundll32.exe -- C:\Users\huber\AppData\Local\TBHostSupport\TBHostSupport.dll [x] -> rundll32.exe KILLED [TermProc]

¤¤¤ Registry Entries : 10 ¤¤¤
[IFEO] HKLM\[...]\ActionCenterDownloader.exe : Debugger ("C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe" [7]) -> FOUND
[IFEO] HKLM\[...]\Deployer.exe : Debugger (C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe [7]) -> FOUND
[IFEO] HKLM\[...]\DriverBooster.exe : Debugger (C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe [7]) -> FOUND
[IFEO] HKLM\[...]\Promote.exe : Debugger (C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe [7]) -> FOUND
[IFEO] HKLM\[...]\Scheduler.exe : Debugger (C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe [7]) -> FOUND
[IFEO] HKLM\[...]\SDInit.exe : Debugger ("C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe" [7]) -> FOUND
[IFEO] HKLM\[...]\SmartDefrag.exe : Debugger ("C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe" [7]) -> FOUND
[IFEO] HKLM\[...]\UpdateDB.exe : Debugger (C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe [7]) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HD502HJ ATA Device +++++
--- User ---
[MBR] 12893a4cfc106895ccf256a23ee1c433
[BSP] dca6e48254042917010fe0ccc5df1bc5 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 199900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409602048 | Size: 276938 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_12052013_025544.txt >>

 

 

sorry, they are looking so much simillar, but they not, pasted they both.

 


Edited by TripleTripe, 05 December 2013 - 04:22 PM.


#16 Broni Re: [RESOLVED] TBhostsupport Conduit problem

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 35,213 posts
  • 2,049 topics
    • Time Online: 209d 1h 10m 21s
  • Joined October 04, 2004
  • Age: 60
  • Skin: Smartest wide
  • Local time: 04:48 AM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Offline

Posted 05 December 2013 - 09:00 PM

p22002970.gif Create new restore point before proceeding with the next step....
How to: http://www.smartestc...nt-all-windows/

 

p22002970.gif Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.


NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingc...ad/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingc...ad/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.


p22003266.jpg  p22003279.jpgp4279089.jpg


#17 TripleTripe Re: [RESOLVED] TBhostsupport Conduit problem

TripleTripe

    Member

  • Topic Starter
  • Members
  • 54 posts
  • 4 topics
    • Time Online: 1d 4h 38m 22s
  • Joined December 03, 2013
  • Age: 23
  • Local time: 02:48 PM
  • Zodiac:Aquarius
  • Gender:Male
  • Location:Be'er Sheva
  • OS:Windows 7
  • Country:
Offline

Posted 05 December 2013 - 10:10 PM

asking m8, the NOTE -  just If, for some reason, Combofix refuses to run? and how to Restart computer in safe mode ?

I hope not get to that part.. hope the first work fine with disable and disconncetion.

so from the NOTE part, didnt do if work well right?

 

copy, hope work well..



#18 Broni Re: [RESOLVED] TBhostsupport Conduit problem

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 35,213 posts
  • 2,049 topics
    • Time Online: 209d 1h 10m 21s
  • Joined October 04, 2004
  • Age: 60
  • Skin: Smartest wide
  • Local time: 04:48 AM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Offline

Posted 05 December 2013 - 10:13 PM

Yes.


p22003266.jpg  p22003279.jpgp4279089.jpg


#19 TripleTripe Re: [RESOLVED] TBhostsupport Conduit problem

TripleTripe

    Member

  • Topic Starter
  • Members
  • 54 posts
  • 4 topics
    • Time Online: 1d 4h 38m 22s
  • Joined December 03, 2013
  • Age: 23
  • Local time: 02:48 PM
  • Zodiac:Aquarius
  • Gender:Male
  • Location:Be'er Sheva
  • OS:Windows 7
  • Country:
Offline

Posted 05 December 2013 - 10:38 PM

:( disconnected internet before so no up-date ? I think modem will self alone want to connect :\

need stay connect to internet when didnt got security?

 

the ComboFix icon dissapier after question without internet connection and all security off: start with REDUCE MODE - something, with number in start little log window

 

I get this in local disk C:/COMBOFIX = NircmdB.exe ???

 

sorry im idiot :(

 

- do make a restore before using combofix or is fine with this?


Edited by TripleTripe, 05 December 2013 - 10:43 PM.


#20 Broni Re: [RESOLVED] TBhostsupport Conduit problem

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 35,213 posts
  • 2,049 topics
    • Time Online: 209d 1h 10m 21s
  • Joined October 04, 2004
  • Age: 60
  • Skin: Smartest wide
  • Local time: 04:48 AM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Offline

Posted 05 December 2013 - 10:41 PM

Don't disconnect from the internet manually.

My instructions don't ask for it.

 

Restart computer, make sure internet connection is on and run Combofix.

Don't overthink it...lol


p22003266.jpg  p22003279.jpgp4279089.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users