Jump to content

grayedout

Members
  • Posts

    5
  • Joined

  • Last visited

Posts posted by grayedout

  1. Thanks for the info on the Group Policy Restrictions. I will put them back when we are all done.

    Here is the checkup.txt output file. It's not clear if both the Windows Firewall and Kaspersky Firewall are enabled. Again, I thought Kaspersky takes over the firewall and disables the Windows Firewall. Maybe not a critical as not running two anti-virus programs at the same time.

     

    I am actually running Postbox 3.0.9. Since it is Mozilla based it must have confused SecurityCheck.

     Results of screen317's Security Check version 0.99.81 
     Windows 7 Service Pack 1 x64 (UAC is enabled) 
     Internet Explorer 11 
    ``````````````Antivirus/Firewall Check:``````````````
     Windows Firewall Enabled! 
    Kaspersky Internet Security  
     Antivirus up to date!  
    `````````Anti-malware/Other Utilities Check:`````````
     Adobe Flash Player 12.0.0.77 
     Mozilla Firefox (28.0)
     Mozilla Thunderbird (2.0.0 Thunderbird out of Date! 
    ````````Process Check: objlist.exe by Laurent```````` 
     Malwarebytes Anti-Malware mbamservice.exe 
     Malwarebytes Anti-Malware mbam.exe 
     Malwarebytes Anti-Malware mbamscheduler.exe  
     Kaspersky Lab Kaspersky Internet Security 14.0.0 avp.exe 
     Kaspersky Lab Kaspersky Internet Security 14.0.0 avpui.exe 
    `````````````````System Health check`````````````````
     Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
     

  2. Many thanks again for all your efforts.!!

    Windows Defender Disabled. (I thought Kaspersky did this automatically during the install)

    FRST.exe run with fixlist.txt. Results follow.

    Malwarebytes Threat Scan run with no problems reported.

    Reboot and it seems ok.

    Malwarebytes Threat Scan run again after reboot with no problems reported.

    I do have a question about the deletion of the Group Policy restriction on software, in the fixlist log.
    I entered them there after reading this page:
    http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information#prevent

    They seemed a rather safe thing to prevent any executable from running from data space.

    Are they a problem to be there?

    Many thanks again.!!

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
    Ran by Sherron at 2014-04-08 08:09:10 Run:1
    Running from C:\Users\Sherron\Portable Aps\Farbar Recovery Scan Tool
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    HKLM-x32\...\Run: [] - [X]
    HKLM Group Policy restriction on software: %LocalAppData%\Temp\wz*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %LocalAppData%\Temp\*.zip\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %AppData%\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %LocalAppData%\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %LocalAppData%\Temp\Rar*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %LocalAppData%\Temp\7z*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %AppData%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %LocalAppData%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
    HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
    C:\Users\Sherron\AppData\Roaming\CamLayout.ini
    C:\Users\Sherron\AppData\Roaming\CamShapes.ini



    *****************

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
    C:\Users\Sherron\AppData\Roaming\CamLayout.ini => Moved successfully.
    C:\Users\Sherron\AppData\Roaming\CamShapes.ini => Moved successfully.

    ==== End of Fixlog ====

  3. Thanks again for your efforts!!

     

    RogueKiller - two registry items marked and deleted

    AdwCleaner - no files in log AdwCleaner[R0].txt were saved

    TFC - finished without any error, many temp files were deleted.

     

    Files you requested are attached or inline.

     

    # AdwCleaner v3.023 - Report created 07/04/2014 at 16:47:06
    # Updated 01/04/2014 by Xplode
    # Operating System : Windows 7 Professional Service Pack 1 (64 bits)
    # Username : Sherron - STITCH
    # Running from : C:\Users\Sherron\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
    Folder Deleted : C:\ProgramData\DeviceVM
    Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
    Folder Deleted : C:\Program Files (x86)\openit
    Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
    Folder Deleted : C:\Users\Sherron\AppData\Local\AVG SafeGuard toolbar
    Folder Deleted : C:\Users\Sherron\AppData\Local\AVG Secure Search
    Folder Deleted : C:\Users\Sherron\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
    Folder Deleted : C:\Users\Sherron\AppData\Roaming\DeviceVM
    Folder Deleted : C:\Users\Sherron\AppData\Roaming\DSite
    Folder Deleted : C:\Users\Dennis\AppData\Local\AVG SafeGuard toolbar
    Folder Deleted : C:\Users\Dennis\AppData\Local\AVG Secure Search
    Folder Deleted : C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Conduit
    File Deleted : C:\Users\Sherron\AppData\Local\Temp\Uninstall.exe
    File Deleted : C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\searchplugins\Conduit.xml
    File Deleted : C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\searchplugins\SweetIm.xml

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKCU\Software\AVG SafeGuard toolbar
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\dsiteproducts
    Key Deleted : HKLM\Software\AVG Security Toolbar
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DSite
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.16521


    -\\ Mozilla Firefox v28.0 (en-US)

    [ File : C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\2nfr7k7t.Sherron\prefs.js ]

    Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
    Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

    [ File : C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis\prefs.js ]

    Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
    Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

    [ File : C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\prefs.js ]

    Line Deleted : user_pref("CT2786678..clientLogIsEnabled", true);



    Line Deleted : user_pref("CT2786678.CTID", "CT2786678");
    Line Deleted : user_pref("CT2786678.CurrentServerDate", "19-12-2010");
    Line Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR");
    Line Deleted : user_pref("CT2786678.DownloadReferralCookieData", "");
    Line Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Sat Dec 18 2010 23:15:52 GMT-1000 (Hawaiian Standard Time)");
    Line Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 523);
    Line Deleted : user_pref("CT2786678.FeedPollDate129301619375443753", "Sat Dec 18 2010 22:30:50 GMT-1000 (Hawaiian Standard Time)");
    Line Deleted : user_pref("CT2786678.FeedPollDate129301619375443759", "Sat Dec 18 2010 22:30:50 GMT-1000 (Hawaiian Standard Time)");
    Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444699", "Sat Dec 18 2010 22:30:47 GMT-1000 (Hawaiian Standard Time)");
    Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444705", "Sat Dec 18 2010 22:30:47 GMT-1000 (Hawaiian Standard Time)");
    Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444711", "Sat Dec 18 2010 22:30:47 GMT-1000 (Hawaiian Standard Time)");
    Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444717", "Sat Dec 18 2010 22:30:47 GMT-1000 (Hawaiian Standard Time)");
    Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444723", "Sat Dec 18 2010 22:30:47 GMT-1000 (Hawaiian Standard Time)");
    Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444729", "Sat Dec 18 2010 22:30:47 GMT-1000 (Hawaiian Standard Time)");
    Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444735", "Sat Dec 18 2010 22:30:49 GMT-1000 (Hawaiian Standard Time)");
    Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444741", "Sat Dec 18 2010 22:30:49 GMT-1000 (Hawaiian Standard Time)");
    Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444747", "Sat Dec 18 2010 22:30:49 GMT-1000 (Hawaiian Standard Time)");
    Line Deleted : user_pref("CT2786678.FeedTTL129301619375444699", 10);
    Line Deleted : user_pref("CT2786678.FeedTTL129301619375444723", 15);
    Line Deleted : user_pref("CT2786678.FeedTTL129301619375444735", 5);
    Line Deleted : user_pref("CT2786678.FeedTTL129301619375444747", 5);
    Line Deleted : user_pref("CT2786678.FirstServerDate", "16-12-2010");
    Line Deleted : user_pref("CT2786678.FirstTime", true);
    Line Deleted : user_pref("CT2786678.FirstTimeFF3", true);
    Line Deleted : user_pref("CT2786678.FixPageNotFoundErrors", false);
    Line Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440);

    Line Deleted : user_pref("CT2786678.HasUserGlobalKeys", true);
    Line Deleted : user_pref("CT2786678.Initialize", true);
    Line Deleted : user_pref("CT2786678.InitializeCommonPrefs", true);
    Line Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
    Line Deleted : user_pref("CT2786678.InstallationType", "UnknownIntegration");
    Line Deleted : user_pref("CT2786678.InstalledDate", "Thu Dec 16 2010 09:43:34 GMT-1000 (Hawaiian Standard Time)");
    Line Deleted : user_pref("CT2786678.IsGrouping", false);
    Line Deleted : user_pref("CT2786678.IsMulticommunity", false);
    Line Deleted : user_pref("CT2786678.IsOpenThankYouPage", true);
    Line Deleted : user_pref("CT2786678.IsOpenUninstallPage", false);
    Line Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Sat Dec 18 2010 09:43:37 GMT-1000 (Hawaiian Standard Time)");
    Line Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);

    Line Deleted : user_pref("CT2786678.LastLogin_3.2.5.2", "Sat Dec 18 2010 20:30:45 GMT-1000 (Hawaiian Standard Time)");
    Line Deleted : user_pref("CT2786678.LatestVersion", "3.2.3.3");
    Line Deleted : user_pref("CT2786678.Locale", "en");
    Line Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83");

    Line Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295");

    Line Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true);

    Line Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true);
    Line Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
    Line Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Sat Dec 18 2010 09:43:36 GMT-1000 (Hawaiian Standard Time)");


    Line Deleted : user_pref("CT2786678.ServiceMapLastCheckTime", "Sat Dec 18 2010 09:43:20 GMT-1000 (Hawaiian Standard Time)");
    Line Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Sat Dec 18 2010 17:12:48 GMT-1000 (Hawaiian Standard Time)");
    Line Deleted : user_pref("CT2786678.SettingsLastUpdate", "1291825117");
    Line Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
    Line Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Thu Dec 16 2010 09:43:20 GMT-1000 (Hawaiian Standard Time)");
    Line Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1246790578");

    Line Deleted : user_pref("CT2786678.UserID", "UN49238619971737285");
    Line Deleted : user_pref("CT2786678.ValidationData_Toolbar", 2);
    Line Deleted : user_pref("CT2786678.WeatherNetwork", "");
    Line Deleted : user_pref("CT2786678.WeatherPollDate", "Sat Dec 18 2010 23:01:50 GMT-1000 (Hawaiian Standard Time)");
    Line Deleted : user_pref("CT2786678.WeatherUnit", "C");
    Line Deleted : user_pref("CT2786678.alertChannelId", "1178763");
    Line Deleted : user_pref("CT2786678.components.129315411424256896", false);
    Line Deleted : user_pref("CT2786678.myStuffEnabled", true);
    Line Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400);

    Line Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);

    Line Deleted : user_pref("CT2786678.testingCtid", "");
    Line Deleted : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Sat Dec 18 2010 09:43:35 GMT-1000 (Hawaiian Standard Time)");
    Line Deleted : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Thu Dec 16 2010 09:43:38 GMT-1000 (Hawaiian Standard Time)");
    Line Deleted : user_pref("CT2786678.usagesFlag", 2);















    Line Deleted : user_pref("CommunityToolbar.EngineOwner", "");
    Line Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "");
    Line Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "");
    Line Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);

    Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "");
    Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "");
    Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "");

    Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2786678");
    Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2786678");
    Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
    Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Jan 05 2011 13:43:31 GMT-1000 (Hawaiian Standard Time)");

    Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");
    Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
    Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Jan 05 2011 11:08:45 GMT-1000 (Hawaiian Standard Time)");
    Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");
    Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);

    Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
    Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
    Line Deleted : user_pref("CommunityToolbar.alert.userId", "fb55273f-30af-4ba6-baf2-38beb682f50d");
    Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Dec 18 2010 09:43:41 GMT-1000 (Hawaiian Standard Time)");
    Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2786678");

    Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");

    Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
    Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");

    [ File : C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\epq7sfbg.default\prefs.js ]


    [ File : C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\olft3jwu.Dennis\prefs.js ]


    [ File : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\twxi73es.default\prefs.js ]


    *************************

    AdwCleaner[R0].txt - [17634 octets] - [07/04/2014 16:14:49]
    AdwCleaner[s0].txt - [17783 octets] - [07/04/2014 16:47:06]

    ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [17844 octets] ##########
     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
    Ran by Sherron (administrator) on STITCH on 07-04-2014 17:05:10
    Running from C:\Users\Sherron\Portable Aps\Farbar Recovery Scan Tool
    Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (UltraVNC) C:\Program Files\UltraVNC\WinVNC.exe
    (Silicondust USA Inc) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (UltraVNC) C:\Program Files\UltraVNC\WinVNC.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    (Microsoft Corporation) C:\Windows\ehome\ehRecvr.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
    (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (SEC) C:\Program Files\MagicTune Premium\MagicTune.exe
    (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    (OldTimer Tools) C:\Users\Sherron\Desktop\TFC.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11464296 2010-09-02] (Realtek Semiconductor)
    HKLM\...\Run: [MagicTuneEngine] - C:\Program Files\MagicTune Premium\MagicTuneLauncher.exe [53760 2011-01-17] ()
    HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-26] (Renesas Electronics Corporation)
    HKLM-x32\...\Run: [] - [X]
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2903448 2011-06-06] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976832 2009-12-17] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [FUFAXSTM] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [bCWipeTM Startup] - C:\Program Files (x86)\Jetico\BCWipe\BCWipeTM.exe [311296 2004-11-29] (Jetico, Inc.)
    HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
    HKLM Group Policy restriction on software: %LocalAppData%\Temp\wz*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %LocalAppData%\Temp\*.zip\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %AppData%\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %LocalAppData%\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %LocalAppData%\Temp\Rar*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %LocalAppData%\Temp\7z*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %AppData%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %LocalAppData%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
    HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-1805509027-3728083206-3070611810-1000\...\Run: [Adobe Acrobat Synchronizer] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1240992 2011-06-06] (Adobe Systems Incorporated)
    HKU\S-1-5-21-1805509027-3728083206-3070611810-1000\...\Run: [PeerBlock] - C:\Program Files\PeerBlock\peerblock.exe [2513992 2014-01-14] (PeerBlock, LLC)
    Startup: C:\Users\Sherron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PeerBlock (2).lnk
    ShortcutTarget: PeerBlock (2).lnk -> C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
    Startup: C:\Users\Sherron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SCHDPL32.EXE - Shortcut.lnk
    ShortcutTarget: SCHDPL32.EXE - Shortcut.lnk -> I:\Documents and Settings\All Users\Documents\!My portable apps\MS Schedule Plus\SCHDPL32.EXE (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6BED53DAA406CC01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    SearchScopes: HKCU - {056B05FD-3F3A-4535-83A7-D89ADEF79DA9} URL = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=4183257091&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms}
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
    BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
    BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
    BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
    BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
    BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
    BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
    BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Tcpip\..\Interfaces\{A5787263-A0C8-45E9-A3DE-95D33C5A3CC9}: [NameServer]192.168.15.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP
    FF SelectedSearchEngine: Google

    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Extension: CheckPlaces - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\checkplaces@andyhalford.com [2014-01-07]
    FF Extension: Facebook Translate - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\facebook-translate@oliver.schloebe.de [2014-04-05]
    FF Extension: Fast Translation - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\fasttrans@kemot [2014-01-07]
    FF Extension: JSONView - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\jsonview@brh.numbera.com [2014-01-07]
    FF Extension: Link Gopher - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\linkgopher@oooninja.com [2014-01-07]
    FF Extension: Long URL Please - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\longurlplease@darragh.curran [2014-01-07]
    FF Extension: Print pages to PDF - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\printPages2Pdf@reinhold.ripper [2014-01-07]
    FF Extension: Nuke Anything Enhanced - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace} [2014-01-07]
    FF Extension: EPUBReader - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2014-01-07]
    FF Extension: Live HTTP Headers - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2014-01-07]
    FF Extension: CookieCuller - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460} [2014-01-07]
    FF Extension: DictionarySearch - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{a0faa0a4-f1a7-4098-9a74-21efc3a92372} [2014-01-07]
    FF Extension: BBCodeXtra - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{af79f858-4b25-4ca4-822b-b5db1be628fc} [2014-01-07]
    FF Extension: DownloadHelper - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-26]
    FF Extension: FoxClocks - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2014-01-23]
    FF Extension: CSHelper - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{d91a2be6-3b56-4dfb-97f5-5e48fe3ed473} [2014-03-06]
    FF Extension: Torbutton - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} [2014-01-07]
    FF Extension: Exif Viewer - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\exif_viewer@mozilla.doslash.org.xpi [2014-01-07]
    FF Extension: Ghostery - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\firefox@ghostery.com.xpi [2014-03-18]
    FF Extension: i2Symbol (Emoticons, Smileys, Symbols) - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\i2symbol@sciweavers.org.xpi [2014-01-07]
    FF Extension: Lightbeam - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2014-01-07]
    FF Extension: Print Edit - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\printedit@DW-dev.xpi [2014-01-07]
    FF Extension: Tab Counter - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\tabcounter@morac.xpi [2014-01-07]
    FF Extension: Session Manager - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-01-07]
    FF Extension: Image Zoom - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2014-01-07]
    FF Extension: RefControl - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [2014-01-07]
    FF Extension: NoScript - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-01-07]
    FF Extension: Adblock Plus - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-07]
    FF Extension: BetterPrivacy - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-01-07]
    FF Extension: DownThemAll! - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-01-07]
    FF Extension: Greasemonkey - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-01-07]
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-04-13]
    FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
    FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-01-06]
    FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
    FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-06]
    FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
    FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-01-06]
    FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
    FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-01-06]
    FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
    FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-01-06]

    ==================== Services (Whitelisted) =================

    S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
    R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-08] (Kaspersky Lab ZAO)
    R2 HDHomeRun Service; C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe [18432 2013-03-28] (Silicondust USA Inc)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
    R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-08-08] ()
    R2 uvnc_service; C:\Program Files\UltraVNC\WinVNC.exe [2169592 2011-05-18] (UltraVNC)
    S2 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [X]

    ==================== Drivers (Whitelisted) ====================

    R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
    R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-08-25] (AVG Technologies)
    S4 BCSWAP; C:\Windows\SysWow64\Drivers\BCSWAP.sys [98452 2001-10-28] (Jetico, Inc.)
    R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37392 2010-01-17] (Paragon Software Group)
    R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-01-06] (Kaspersky Lab ZAO)
    S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-20] (Kaspersky Lab ZAO)
    R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-20] (Kaspersky Lab ZAO)
    R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-08] (Kaspersky Lab ZAO)
    R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-24] (Kaspersky Lab ZAO)
    R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-08] (Kaspersky Lab ZAO)
    R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
    R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
    R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-01-06] (Kaspersky Lab ZAO)
    R1 MagicTune; C:\Windows\system32\drivers\MTiCtwl.sys [23096 2008-11-04] (Samsung Electronics, Inc. )
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-07] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
    R3 mv2; C:\Windows\System32\DRIVERS\mv2.sys [12904 2011-05-06] (UVNC BVBA)
    R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
    R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [768680 2013-06-26] (Microsoft Corporation)
    R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2013-06-26] (Microsoft Corporation)
    R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29352 2013-06-26] (Microsoft Corporation)
    R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2013-06-26] (Microsoft Corporation)
    R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [48144 2010-01-17] (Windows ® 2000 DDK provider)
    R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [158736 2010-01-17] (Paragon)
    S1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-10-18] (Paragon)
    S3 gdrv; \??\C:\Windows\gdrv.sys [X]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-04-07 17:05 - 2014-04-07 17:05 - 00000000 ____D () C:\FRST
    2014-04-07 16:54 - 2014-04-07 16:54 - 00448512 _____ (OldTimer Tools) C:\Users\Sherron\Desktop\TFC.exe
    2014-04-07 16:14 - 2014-04-07 16:47 - 00000000 ____D () C:\AdwCleaner
    2014-04-07 16:13 - 2014-04-07 16:13 - 01426178 _____ () C:\Users\Sherron\Desktop\AdwCleaner.exe
    2014-04-07 16:12 - 2014-04-07 16:12 - 00005916 _____ () C:\Users\Sherron\Desktop\RKreport[0]_D_04072014_161232.txt
    2014-04-07 16:09 - 2014-04-07 16:09 - 00005855 _____ () C:\Users\Sherron\Desktop\RKreport[0]_S_04072014_160911.txt
    2014-04-07 16:00 - 2014-04-07 16:00 - 00001771 _____ () C:\Users\Sherron\Desktop\RKreport[0]_S_04052014_155734.7z
    2014-04-07 15:59 - 2014-04-07 15:59 - 00005223 _____ () C:\Users\Sherron\Desktop\dds.7z
    2014-04-07 15:59 - 2014-04-07 15:59 - 00001901 _____ () C:\Users\Sherron\Desktop\attach.7z
    2014-04-07 15:48 - 2014-04-07 15:48 - 00000000 ____D () C:\Program Files (x86)\7-Zip
    2014-04-06 15:21 - 2014-04-06 15:43 - 00014188 __RSH () C:\ProgramData\ntuser.pol
    2014-04-06 08:41 - 2014-04-07 01:32 - 00000000 ____D () C:\Users\Sherron\AppData\Local\CrashDumps
    2014-04-05 15:57 - 2014-04-05 15:57 - 00005926 _____ () C:\Users\Sherron\Desktop\RKreport[0]_S_04052014_155734.txt
    2014-04-05 15:12 - 2014-04-05 15:15 - 00000000 ____D () C:\Users\Dennis\Hostess Contest
    2014-04-04 20:09 - 2014-04-04 20:09 - 00005893 _____ () C:\Users\Sherron\Desktop\RKreport[0]_S_04042014_200918-OLD01.txt
    2014-04-04 20:04 - 2014-04-04 20:15 - 00000000 ____D () C:\Users\Sherron\Desktop\RK_Quarantine
    2014-04-04 20:02 - 2014-04-04 20:02 - 04527616 _____ () C:\Users\Sherron\Desktop\RogueKillerX64.exe
    2014-04-04 12:41 - 2014-04-05 15:22 - 00020241 _____ () C:\Users\Sherron\Desktop\dds.txt
    2014-04-04 12:41 - 2014-04-05 15:22 - 00003942 _____ () C:\Users\Sherron\Desktop\attach.txt
    2014-04-04 12:37 - 2014-04-04 12:37 - 00688992 ____R (Swearware) C:\Users\Sherron\Desktop\dds.com
    2014-04-04 12:36 - 2014-04-04 12:36 - 00688992 _____ (Swearware) C:\Users\Sherron\Desktop\dds.scr
    2014-04-04 12:36 - 2014-04-04 12:34 - 00000824 _____ () C:\Users\Sherron\Desktop\newhosts.txt
    2014-04-04 12:34 - 2014-04-04 12:34 - 00000824 _____ () C:\Users\Sherron\Documents\newhosts.txt
    2014-04-03 21:20 - 2014-04-03 21:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-04-03 16:56 - 2013-10-01 16:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
    2014-04-03 16:56 - 2013-10-01 16:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
    2014-04-03 16:56 - 2013-10-01 16:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
    2014-04-03 16:56 - 2013-10-01 15:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
    2014-04-03 16:56 - 2013-10-01 15:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
    2014-04-03 16:56 - 2013-10-01 15:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
    2014-04-03 16:56 - 2013-10-01 15:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
    2014-04-03 16:56 - 2013-10-01 14:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
    2014-04-03 16:56 - 2013-10-01 14:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
    2014-04-03 16:56 - 2013-10-01 14:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
    2014-04-03 16:56 - 2013-10-01 14:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2014-04-03 16:56 - 2013-10-01 14:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
    2014-04-03 16:56 - 2013-10-01 13:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
    2014-04-03 16:56 - 2013-10-01 13:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
    2014-04-03 16:56 - 2013-10-01 13:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
    2014-04-03 16:56 - 2013-10-01 12:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
    2014-04-03 16:56 - 2013-10-01 10:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2014-04-03 16:56 - 2013-10-01 10:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2014-04-03 16:53 - 2014-02-28 20:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-04-03 16:53 - 2014-02-28 19:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-04-03 16:53 - 2014-02-28 19:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-04-03 16:53 - 2014-02-28 18:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-04-03 16:53 - 2014-02-28 18:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-04-03 16:53 - 2014-02-28 18:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-04-03 16:53 - 2014-02-28 18:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-04-03 16:53 - 2014-02-28 18:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-04-03 16:53 - 2014-02-28 18:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-04-03 16:53 - 2014-02-28 18:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-04-03 16:53 - 2014-02-28 18:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-04-03 16:53 - 2014-02-28 18:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-04-03 16:53 - 2014-02-28 18:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-04-03 16:53 - 2014-02-28 18:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-04-03 16:53 - 2014-02-28 18:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-04-03 16:53 - 2014-02-28 18:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-04-03 16:53 - 2014-02-28 18:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-04-03 16:53 - 2014-02-28 17:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-04-03 16:53 - 2014-02-28 17:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-04-03 16:53 - 2014-02-28 17:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-04-03 16:53 - 2014-02-28 17:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-04-03 16:53 - 2014-02-28 17:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-04-03 16:53 - 2014-02-28 17:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-04-03 16:53 - 2014-02-28 17:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-04-03 16:53 - 2014-02-28 17:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-04-03 16:53 - 2014-02-28 17:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-04-03 16:53 - 2014-02-28 17:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-04-03 16:53 - 2014-02-28 17:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-04-03 16:53 - 2014-02-28 17:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-04-03 16:53 - 2014-02-28 17:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-04-03 16:53 - 2014-02-28 17:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-04-03 16:53 - 2014-02-28 17:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-04-03 16:53 - 2014-02-28 17:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-04-03 16:53 - 2014-02-28 17:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-04-03 16:53 - 2014-02-28 16:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-04-03 16:53 - 2014-02-28 16:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-04-03 16:53 - 2014-02-28 16:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-04-03 16:53 - 2014-02-28 16:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-04-03 16:53 - 2014-02-28 16:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-04-03 16:53 - 2014-02-28 16:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-04-03 16:52 - 2014-02-06 15:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-04-03 16:52 - 2014-02-03 16:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2014-04-03 16:52 - 2014-02-03 16:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2014-04-03 16:52 - 2014-02-03 16:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2014-04-03 16:52 - 2014-02-03 16:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
    2014-04-03 16:52 - 2014-01-28 16:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
    2014-04-03 16:52 - 2014-01-28 16:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
    2014-04-03 16:52 - 2014-01-27 16:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
    2014-04-03 16:52 - 2013-09-24 16:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
    2014-04-03 16:52 - 2013-09-24 15:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
    2014-04-02 18:22 - 2014-04-07 16:52 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-04-02 18:21 - 2014-04-05 21:03 - 00001140 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-04-02 18:21 - 2014-04-05 21:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-04-02 18:21 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-04-02 18:21 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-03-27 08:36 - 2014-03-27 08:36 - 00001448 _____ () C:\Users\Sherron\Desktop\photome.exe - Shortcut.lnk
    2014-03-19 12:04 - 2014-03-19 12:04 - 00000000 ____D () C:\Users\Sherron\AppData\Local\Apple Computer
    2014-03-16 09:56 - 2014-03-16 10:03 - 00000741 _____ () C:\Users\Sherron\Desktop\Majjong - GameMenu.exe - Shortcut.lnk
    2014-03-09 16:03 - 2014-03-09 16:03 - 00001175 _____ () C:\Users\Sherron\Desktop\TrueCrypt.exe - Shortcut.lnk

    ==================== One Month Modified Files and Folders =======

    2014-04-07 17:05 - 2014-04-07 17:05 - 00000000 ____D () C:\FRST
    2014-04-07 17:01 - 2011-06-20 23:59 - 00000000 ____D () C:\Users\Sherron\Portable Aps
    2014-04-07 16:57 - 2009-07-13 18:45 - 00015376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-04-07 16:57 - 2009-07-13 18:45 - 00015376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-04-07 16:54 - 2014-04-07 16:54 - 00448512 _____ (OldTimer Tools) C:\Users\Sherron\Desktop\TFC.exe
    2014-04-07 16:53 - 2011-03-31 05:39 - 02014156 _____ () C:\Windows\WindowsUpdate.log
    2014-04-07 16:52 - 2014-04-02 18:22 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-04-07 16:52 - 2014-01-06 15:18 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
    2014-04-07 16:49 - 2009-07-13 19:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-04-07 16:49 - 2009-07-13 18:51 - 00036628 _____ () C:\Windows\setupact.log
    2014-04-07 16:48 - 2012-05-04 13:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-04-07 16:47 - 2014-04-07 16:14 - 00000000 ____D () C:\AdwCleaner
    2014-04-07 16:37 - 2014-03-03 21:09 - 00000378 _____ () C:\Windows\Tasks\WpsNotifyTask_Sherron.job
    2014-04-07 16:35 - 2013-05-26 20:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-04-07 16:34 - 2014-03-03 21:09 - 00000378 _____ () C:\Windows\Tasks\WpsUpdateTask_Sherron.job
    2014-04-07 16:13 - 2014-04-07 16:13 - 01426178 _____ () C:\Users\Sherron\Desktop\AdwCleaner.exe
    2014-04-07 16:12 - 2014-04-07 16:12 - 00005916 _____ () C:\Users\Sherron\Desktop\RKreport[0]_D_04072014_161232.txt
    2014-04-07 16:09 - 2014-04-07 16:09 - 00005855 _____ () C:\Users\Sherron\Desktop\RKreport[0]_S_04072014_160911.txt
    2014-04-07 16:08 - 2011-11-20 23:58 - 00000000 ____D () C:\Program Files\PeerBlock
    2014-04-07 16:07 - 2014-01-07 23:22 - 00000000 ____D () C:\Users\Sherron\AppData\Local\PasswordSafe
    2014-04-07 16:06 - 2014-02-08 21:11 - 00000000 ____D () C:\Users\Sherron\AppData\Roaming\uTorrent
    2014-04-07 16:00 - 2014-04-07 16:00 - 00001771 _____ () C:\Users\Sherron\Desktop\RKreport[0]_S_04052014_155734.7z
    2014-04-07 15:59 - 2014-04-07 15:59 - 00005223 _____ () C:\Users\Sherron\Desktop\dds.7z
    2014-04-07 15:59 - 2014-04-07 15:59 - 00001901 _____ () C:\Users\Sherron\Desktop\attach.7z
    2014-04-07 15:48 - 2014-04-07 15:48 - 00000000 ____D () C:\Program Files (x86)\7-Zip
    2014-04-07 01:32 - 2014-04-06 08:41 - 00000000 ____D () C:\Users\Sherron\AppData\Local\CrashDumps
    2014-04-07 01:00 - 2013-12-01 12:15 - 00000510 _____ () C:\Windows\Tasks\Malwarebytes' Scheduled Update for Sherron.job
    2014-04-06 15:43 - 2014-04-06 15:21 - 00014188 __RSH () C:\ProgramData\ntuser.pol
    2014-04-06 11:38 - 2011-04-12 18:15 - 00000000 ____D () C:\Users\Sherron\AppData\Roaming\vlc
    2014-04-05 21:03 - 2014-04-02 18:21 - 00001140 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-04-05 21:03 - 2014-04-02 18:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-04-05 15:57 - 2014-04-05 15:57 - 00005926 _____ () C:\Users\Sherron\Desktop\RKreport[0]_S_04052014_155734.txt
    2014-04-05 15:22 - 2014-04-04 12:41 - 00020241 _____ () C:\Users\Sherron\Desktop\dds.txt
    2014-04-05 15:22 - 2014-04-04 12:41 - 00003942 _____ () C:\Users\Sherron\Desktop\attach.txt
    2014-04-05 15:15 - 2014-04-05 15:12 - 00000000 ____D () C:\Users\Dennis\Hostess Contest
    2014-04-05 15:13 - 2013-11-02 20:54 - 00000000 ____D () C:\Users\Dennis
    2014-04-04 20:15 - 2014-04-04 20:04 - 00000000 ____D () C:\Users\Sherron\Desktop\RK_Quarantine
    2014-04-04 20:09 - 2014-04-04 20:09 - 00005893 _____ () C:\Users\Sherron\Desktop\RKreport[0]_S_04042014_200918-OLD01.txt
    2014-04-04 20:02 - 2014-04-04 20:02 - 04527616 _____ () C:\Users\Sherron\Desktop\RogueKillerX64.exe
    2014-04-04 12:37 - 2014-04-04 12:37 - 00688992 ____R (Swearware) C:\Users\Sherron\Desktop\dds.com
    2014-04-04 12:36 - 2014-04-04 12:36 - 00688992 _____ (Swearware) C:\Users\Sherron\Desktop\dds.scr
    2014-04-04 12:34 - 2014-04-04 12:36 - 00000824 _____ () C:\Users\Sherron\Desktop\newhosts.txt
    2014-04-04 12:34 - 2014-04-04 12:34 - 00000824 _____ () C:\Users\Sherron\Documents\newhosts.txt
    2014-04-03 21:20 - 2014-04-03 21:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-04-03 18:27 - 2009-07-13 17:20 - 00000000 ____D () C:\Windows\rescache
    2014-04-03 17:16 - 2011-04-12 15:59 - 00218378 _____ () C:\Windows\PFRO.log
    2014-04-03 17:16 - 2009-07-13 18:45 - 00294968 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-04-03 16:55 - 2013-08-06 17:01 - 00000000 ____D () C:\Windows\system32\MRT
    2014-04-03 16:54 - 2011-04-10 11:57 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-04-03 09:51 - 2014-04-02 18:21 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-04-03 09:51 - 2014-04-02 18:21 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-04-03 09:50 - 2013-12-01 11:57 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-04-02 18:21 - 2013-12-01 11:57 - 00000000 ____D () C:\Users\Sherron\AppData\Roaming\Malwarebytes
    2014-04-02 18:21 - 2013-12-01 11:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-04-02 18:19 - 2011-04-13 17:04 - 00000000 ____D () C:\Users\Public\Documents\Stitch configuration
    2014-03-27 08:36 - 2014-03-27 08:36 - 00001448 _____ () C:\Users\Sherron\Desktop\photome.exe - Shortcut.lnk
    2014-03-23 12:26 - 2013-06-01 12:40 - 00000000 ____D () C:\Users\Sherron\Documents\My PSP8 Files
    2014-03-20 00:36 - 2014-01-06 15:18 - 00625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
    2014-03-20 00:36 - 2014-01-06 15:18 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
    2014-03-19 12:04 - 2014-03-19 12:04 - 00000000 ____D () C:\Users\Sherron\AppData\Local\Apple Computer
    2014-03-16 10:03 - 2014-03-16 09:56 - 00000741 _____ () C:\Users\Sherron\Desktop\Majjong - GameMenu.exe - Shortcut.lnk
    2014-03-12 07:35 - 2013-05-26 20:32 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-03-12 07:35 - 2012-06-04 23:59 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-03-12 07:35 - 2011-06-02 14:28 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-03-09 16:03 - 2014-03-09 16:03 - 00001175 _____ () C:\Users\Sherron\Desktop\TrueCrypt.exe - Shortcut.lnk
    2014-03-09 11:47 - 2014-03-06 14:02 - 00004416 _____ () C:\Users\Sherron\AppData\Roaming\CamStudio.cfg
    2014-03-09 11:47 - 2014-03-06 14:02 - 00000408 _____ () C:\Users\Sherron\AppData\Roaming\CamShapes.ini
    2014-03-09 11:47 - 2014-03-06 14:02 - 00000408 _____ () C:\Users\Sherron\AppData\Roaming\CamLayout.ini
    2014-03-09 11:47 - 2014-03-06 14:02 - 00000120 _____ () C:\Users\Sherron\AppData\Roaming\Camdata.ini

    Files to move or delete:
    ====================
    C:\Users\Sherron\AppData\Roaming\CamLayout.ini
    C:\Users\Sherron\AppData\Roaming\CamShapes.ini
    C:\Users\Public\Adobe Acrobat X (10.0.2) Pro.exe


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-03-30 00:12

    ==================== End Of Log ============================

     

     

     

     

    Addition.txt

  4. Thanks for your assistance.  The attach.txt and dds.txt files follow inline.

     

    I had some problem with the RogueKiller program. The first time I ran it it reported 5, (I think 5), items. I clicked the report button and exited by pressing the X in the upper right hand corner of the dialog box. Then, reading your instructions again, I closed running programs and ran RogueKiller again but this time no items were reported. Both times I did not ask it to fix anything. So all I have is the log from running it the first time and it follows attach.txt and dds.txt.

     

    Thanks again!!

     

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/31/2011 8:40:54 PM
    System Uptime: 4/3/2014 5:15:09 PM (46 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. |  | H67A-UD3H-B3
    Processor: Intel® Core i5-2500K CPU @ 3.30GHz | Socket 1155 | 3601/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 596 GiB total, 274.917 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 932 GiB total, 159.595 GiB free.
    F: is FIXED (NTFS) - 69 GiB total, 21.739 GiB free.
    I: is FIXED (NTFS) - 260 GiB total, 118.066 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP204: 2/21/2014 5:50:14 AM - Windows Update
    RP205: 2/24/2014 2:55:41 PM - Restore Operation
    RP206: 2/24/2014 3:53:39 PM - Windows Update
    RP207: 2/24/2014 4:26:38 PM - Windows Update
    RP208: 2/26/2014 8:48:29 AM - Windows Update
    RP209: 3/2/2014 11:35:41 AM - pre-Kingsoft Office install
    RP210: 3/4/2014 2:27:44 AM - Windows Update
    RP211: 3/7/2014 2:37:42 AM - Windows Update
    RP212: 3/11/2014 4:25:07 AM - Windows Update
    RP213: 3/18/2014 5:29:39 AM - Windows Update
    RP214: 3/25/2014 2:38:45 AM - Windows Update
    RP215: 3/28/2014 4:51:16 AM - Windows Update
    RP216: 4/1/2014 2:39:58 AM - Windows Update
    RP217: 4/3/2014 4:53:37 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    µTorrent
    7-Zip 9.22beta
    Adobe Acrobat X Pro - English, Français, Deutsch
    Adobe Flash Player 12 ActiveX
    Adobe Flash Player 12 Plugin
    Adobe Photoshop Lightroom 3.6 64-bit
    AnswerWorks 5.0 English Runtime
    Apple Application Support
    Apple Software Update
    BCWipe 3.0
    CyberLink PowerDirector 12
    Easy Duplicate Finder v. 3.2
    Epson Event Manager
    Epson FAX Utility
    Epson PC-FAX Driver
    EPSON Scan
    EPSON WorkForce 840 Series Printer Uninstall
    EpsonNet Print
    EpsonNet Setup 3.3
    GIMP 2.8.6
    HandBrake 0.9.9.1
    HD Tune Pro 5.50
    HDHomeRun
    Intel® Processor Graphics
    Jasc Paint Shop Pro 8
    K-Lite Codec Pack 10.0.0 Full
    Kaspersky Internet Security
    Kingsoft Office 2013 (9.1.0.4480)
    MagicTunePremium
    Malwarebytes Anti-Malware version 2.00.0.1000
    Microsoft .NET Framework 4.5.1
    Microsoft Application Error Reporting
    Microsoft Mouse and Keyboard Center
    Microsoft Office Click-to-Run 2010
    Microsoft Office Home and Student 2010 - English
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
    Mozilla Firefox 28.0 (x86 en-US)
    Mozilla Maintenance Service
    Mozilla Thunderbird (2.0.0.23)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NewBlue Video Essentials for PowerDirector
    ON_OFF Charge B10.0427.1
    Paragon Hard Disk Manager™ 2010 Professional
    Password Safe
    PeerBlock 1.2 (r693)
    PFPortChecker 1.0.39
    PhotoME
    PlayReady PC Runtime amd64
    Postbox (3.0.9)
    Quicken 2011
    QuickTime
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Renesas Electronics USB 3.0 Host Controller Driver
    SeaTools for Windows
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    SILKYPIX Developer Studio 3.1 SE
    TurboTax 2010
    TurboTax 2010 whiiper
    TurboTax 2010 WinPerFedFormset
    TurboTax 2010 WinPerReleaseEngine
    TurboTax 2010 WinPerTaxSupport
    TurboTax 2010 wrapper
    TurboTax 2011
    TurboTax 2011 WinPerFedFormset
    TurboTax 2011 WinPerReleaseEngine
    TurboTax 2011 WinPerTaxSupport
    TurboTax 2011 wrapper
    UFRaw 0.18
    UltraVnc
    Update for Zip Opener
    VLC media player 2.1.2
    WinRAR archiver
    XXConsole: Super Console Generator  ver 0.96
    Zip Opener Packages
    .
    ==== End Of File ===========================
     

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.16521
    Run by Sherron at 15:22:13 on 2014-04-05
    Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8109.2578 [GMT -10:00]
    .
    AV: Kaspersky Internet Security *Enabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
    SP: Kaspersky Internet Security *Enabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Kaspersky Internet Security *Enabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
    C:\Windows\SysWow64\IntelCpHeciSvc.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\UltraVNC\WinVNC.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe
    C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe
    C:\Program Files\UltraVNC\WinVNC.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\ehome\ehRecvr.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\system32\taskeng.exe
    c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\MagicTune Premium\GammaTray.exe
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    I:\Documents and Settings\All Users\Documents\!My portable apps\MS Schedule Plus\SCHDPL32.EXE
    C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
    C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Postbox\postbox.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
    C:\Program Files (x86)\Password Safe\pwsafe.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\taskmgr.exe
    C:\Program Files\PeerBlock\peerblock.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\vssvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:Tabs
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
    BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
    BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    uRun: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
    uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
    mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
    mRun: [bCWipeTM Startup] "C:\Program Files (x86)\Jetico\BCWipe\BCWipeTM.exe" startup
    mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    StartupFolder: C:\Users\Sherron\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PEERBL~1.LNK - C:\Program Files\PeerBlock\peerblock.exe
    StartupFolder: C:\Users\Sherron\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SCHDPL~1.LNK - I:\Documents and Settings\All Users\Documents\!My portable apps\MS Schedule Plus\SCHDPL32.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMMAT~1.LNK - C:\Program Files\MagicTune Premium\GammaTray.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll

    TCP: Interfaces\{A5787263-A0C8-45E9-A3DE-95D33C5A3CC9} : NameServer = 192.168.15.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
    x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
    x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [MagicTuneEngine] C:\Program Files\MagicTune Premium\MagicTuneLauncher.exe
    x64-Run: [igfxTray] "C:\Windows\System32\igfxtray.exe"
    x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
    x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
    x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\
    FF - prefs.js: browser.search.defaulturl -
    FF - prefs.js: browser.search.selectedEngine - Google


    FF - component: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru\components\abhelperxpcom.dll
    FF - component: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
    FF - component: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru\components\ffvkplugin.dll
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\npsitesafety.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 hotcore3;hc3ServiceName;C:\Windows\System32\drivers\hotcore3.sys [2012-6-20 37392]
    R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2011-4-7 21544]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-8-24 45856]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2013-10-8 29792]
    R1 klpd;klpd;C:\Windows\System32\drivers\klpd.sys [2013-4-12 15456]
    R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-5-14 55904]
    R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2013-6-6 178272]
    R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [2013-10-8 214512]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
    R2 HDHomeRun Service;HDHomeRun Service;C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe [2013-3-28 18432]
    R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-2 1809720]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-2 857912]
    R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2013-12-18 390672]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
    R2 uvnc_service;uvnc_service;C:\Program Files\UltraVNC\winvnc.exe [2011-11-16 2169592]
    R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [2013-8-25 1643184]
    R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-4-1 317440]
    R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2013-10-8 29280]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2013-10-8 29280]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-1 25816]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-2 119512]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-4-2 63192]
    R3 mv2;mv2;C:\Windows\System32\drivers\mv2.sys [2011-5-6 12904]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-7-26 78848]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-7-26 180224]
    R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2011-11-20 22600]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-4-1 349800]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfswin7.sys [2013-6-26 768680]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaywin7.sys [2013-6-26 273576]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirwin7.sys [2013-6-26 29352]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvolwin7.sys [2013-6-26 23208]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
    S1 Uim_VIM;UIM Virtual Image Plugin;C:\Windows\System32\drivers\uim_vimx64.sys [2011-10-18 352816]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-3 111616]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-20 19456]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-4-3 56832]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-2 1255736]
    S4 klflt;klflt;C:\Windows\System32\drivers\klflt.sys [2014-1-6 115296]
    .
    =============== Created Last 30 ================
    .
    2014-04-04 12:14:15    75888    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{863379CB-7E31-4417-94F2-69651656773E}\offreg.dll
    2014-04-04 12:13:36    10521840    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{863379CB-7E31-4417-94F2-69651656773E}\mpengine.dll
    2014-04-04 02:56:04    44544    ----a-w-    C:\Windows\System32\TsUsbGDCoInstaller.dll
    2014-04-04 02:53:15    999936    ----a-w-    C:\Program Files (x86)\Internet Explorer\networkinspection.dll
    2014-04-04 02:52:43    792576    ----a-w-    C:\Windows\SysWow64\TSWorkspace.dll
    2014-04-04 02:52:43    1030144    ----a-w-    C:\Windows\System32\TSWorkspace.dll
    2014-04-04 02:52:42    3156480    ----a-w-    C:\Windows\System32\win32k.sys
    2014-04-04 02:52:42    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
    2014-04-04 02:52:41    484864    ----a-w-    C:\Windows\System32\wer.dll
    2014-04-04 02:52:41    381440    ----a-w-    C:\Windows\SysWow64\wer.dll
    2014-04-04 02:52:41    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
    2014-04-04 02:52:40    624128    ----a-w-    C:\Windows\System32\qedit.dll
    2014-04-04 02:52:40    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
    2014-04-04 02:52:40    228864    ----a-w-    C:\Windows\System32\wwansvc.dll
    2014-04-03 04:22:20    119512    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-04-03 04:21:42    88280    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
    2014-04-03 04:21:42    63192    ----a-w-    C:\Windows\System32\drivers\mwac.sys
    2014-04-03 04:21:42    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-03-19 22:04:58    --------    d-----w-    C:\Users\Sherron\AppData\Local\Apple Computer
    2014-03-09 00:35:49    --------    d-----w-    C:\Portable programs
    .
    ==================== Find3M  ====================
    .
    2014-03-20 10:36:02    115296    ----a-w-    C:\Windows\System32\drivers\klflt.sys
    2014-03-12 17:35:10    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-03-12 17:35:10    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-03-05 19:26:04    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
    2014-03-01 05:17:02    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
    2014-03-01 05:16:26    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
    2014-03-01 04:52:55    66048    ----a-w-    C:\Windows\System32\iesetup.dll
    2014-03-01 04:51:59    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
    2014-03-01 04:33:52    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
    2014-03-01 04:33:34    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
    2014-03-01 04:32:59    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
    2014-03-01 04:23:49    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-03-01 04:11:20    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
    2014-03-01 03:54:33    5768704    ----a-w-    C:\Windows\System32\jscript9.dll
    2014-03-01 03:52:43    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
    2014-03-01 03:51:53    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
    2014-03-01 03:38:26    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
    2014-03-01 03:37:35    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
    2014-03-01 03:35:11    2041856    ----a-w-    C:\Windows\System32\inetcpl.cpl
    2014-03-01 03:14:15    4244480    ----a-w-    C:\Windows\SysWow64\jscript9.dll
    2014-03-01 03:10:28    2334208    ----a-w-    C:\Windows\System32\wininet.dll
    2014-03-01 03:00:08    1964032    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
    2014-03-01 02:32:16    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
    2014-02-25 01:40:28    29280    ----a-w-    C:\Windows\System32\drivers\klkbdflt.sys
    2014-01-07 02:14:50    178272    ----a-w-    C:\Windows\System32\drivers\kneps.sys
    2014-01-07 02:14:47    458336    ----a-w-    C:\Windows\System32\drivers\kl1.sys
    2011-05-30 03:20:34    1138397    ----a-w-    C:\Program Files (x86)\7z922.exe
    .
    ============= FINISH: 15:22:23.45 ===============
     

    RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Sherron [Admin rights]
    Mode : Scan -- Date : 04/04/2014 20:09:18
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 3 ¤¤¤
    [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Scheduled tasks : 2 ¤¤¤
    [V1][sUSP PATH] DSite.job : C:\Users\Sherron\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND
    [V2][sUSP PATH] DSite : C:\Users\Sherron\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Browser Addons : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
    [Address] EAT @firefox.exe (FREEBL_GetVector) : MSACM32.dll -> HOOKED (C:\Program Files (x86)\Mozilla Firefox\freebl3.dll @ 0x59071000)

    ¤¤¤ External Hives: ¤¤¤
    -> F:\Documents and Settings\All Users\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - NOT_FOUND]
    -> F:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - FOUND]
    -> F:\Documents and Settings\Guest\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - FOUND]
    -> F:\Documents and Settings\LocalService\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - FOUND]
    -> F:\Documents and Settings\NetworkService\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - FOUND]
    -> F:\Documents and Settings\Sherron\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - FOUND]
    -> I:\windows\system32\config\SYSTEM | DRVINFO [Drv - I:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
    -> I:\windows\system32\config\SOFTWARE | DRVINFO [Drv - I:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
    -> I:\windows\system32\config\SECURITY | DRVINFO [Drv - I:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
    -> I:\Documents and Settings\Admin\NTUSER.DAT | DRVINFO [Drv - I:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
    -> I:\Documents and Settings\Admin.PUKA\NTUSER.DAT | DRVINFO [Drv - I:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
    -> I:\Documents and Settings\All Users\NTUSER.DAT | DRVINFO [Drv - I:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
    -> I:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - I:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
    -> I:\Documents and Settings\Dennis\NTUSER.DAT | DRVINFO [Drv - I:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
    -> I:\Documents and Settings\LocalService\NTUSER.DAT | DRVINFO [Drv - I:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
    -> I:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT | DRVINFO [Drv - I:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
    -> I:\Documents and Settings\NetworkService\NTUSER.DAT | DRVINFO [Drv - I:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
    -> I:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT | DRVINFO [Drv - I:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
    -> I:\Documents and Settings\Sherron\NTUSER.DAT | DRVINFO [Drv - I:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
    -> I:\Documents and Settings\Sherron.PUKA\NTUSER.DAT | DRVINFO [Drv - I:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]

    ¤¤¤ Infection :  ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts




    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD6402AAEX-00Y9A0 ATA Device +++++
    --- User ---
    [MBR] 5222cb3cf068a270a2330725d5df92bc
    [bSP] 0f0b753d2273e02330f8eb18fcf2d8b9 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 610378 MB
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) WDC WD7500BPKT-22PK4T0 ATA Device +++++
    --- User ---
    [MBR] b8d566b31e31b9e9c9eeb12a9ef61782
    [bSP] 7521e845b2ee2dc88ff9b5855e9d383c : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 266248 MB
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) SAMSUNG HD103UJ ATA Device +++++
    --- User ---
    [MBR] c6a95c712fa17a2d9c008f601ac5119e
    [bSP] e6b816a9dbfaa97bf660783b81709c4a : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1 | Size: 953867 MB
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ IDE) WDC WD740GD-00FLA0 ATA Device +++++
    --- User ---
    [MBR] 8ba46bce50eea54586df68fcd73ef8a7
    [bSP] 36ed6f5a28abfef4842269d842d81288 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 70896 MB
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_S_04042014_200918.txt >>



     

  5. My latest scan reported 2 PUPs that are apparently related to a "sweetpacks" tool bar.
    I don't have a toolbar on my Firefox but would like to get rid of these. Problem is one of them is in my Firefox prefs.js and I don't want to just delete that if I might loose something that Firefox needs. prefs.js is just a text file and I can see activity related to conduit. Can that just be edited out?
    Would appreciate guidance on how to resolve this. I checked the Self Help Guides, 24 pages!, but did not see anything that applied to this issue.
    Follows is the "copy to clipboard" data from the threat report dialoge box.
    ===============================================================
    Scan Date: 4/4/2014
    Scan Time: 8:46:13 AM
    Logfile:
    Administrator: Yes

    Version: 2.00.0.1000
    Malware Database: v2014.04.04.03
    Rootkit Database: v2014.03.27.01
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Chameleon: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Sherron

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 340788
    Time Elapsed: 5 hr, 15 min, 22 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Shuriken: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 2
    PUP.Optional.Conduit.A, C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\searchplugins\conduit.xml, , [8cc7f036700b70c6e850f36fb44ed030],
    PUP.Optional.SweetPacks.A, C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "http://start.sweetpacks.com/?src=2&st=12&barid={934084FD-B2CE-11E2-B4AB-00188BCBE562}&q=") ;), ,[57fc0e180279e94d8c77f04eeb190af6]

    Physical Sectors: 0
    (No malicious items detected)


    (end)

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.