Jump to content

Trojan.Zaccess/Zeroaccess. Please help.


Sym7
 Share

Recommended Posts

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Hello. Thank you.

 

Attach:

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 12/16/2010 1:25:09 PM
System Uptime: 9/1/2013 3:18:31 AM (6 hours ago)
.
Motherboard: Acer |  | Aspire M5910
Processor: Intel® Core i5 CPU         650  @ 3.20GHz | CPU 1 | 3201/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 911 GiB total, 785.528 GiB free.
D: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&DC382E&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&DC382E&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP137: 8/8/2013 2:17:06 PM - Scheduled Checkpoint
RP138: 8/9/2013 10:53:50 AM - Avg Update
RP139: 8/19/2013 11:16:45 PM - Scheduled Checkpoint
RP140: 8/27/2013 12:47:56 AM - Scheduled Checkpoint
RP141: 8/28/2013 6:31:27 PM - Installed WModem_Installer
RP142: 8/30/2013 7:21:16 PM - Avg Update
RP143: 9/1/2013 2:43:50 AM - Removed Babylon Chrome Toolbar
RP144: 9/1/2013 2:56:00 AM - Removed Safari
.
==== Installed Programs ======================
.
7-Zip 9.20
ACDSee Pro
Acer Arcade Deluxe
Acer Arcade Movie
Acer eRecovery Management
Acer Game Console
Acer Games
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.1 MUI
Advertising Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG Free 9.0
AVG Security Toolbar
Babylon Chrome Toolbar
Bejeweled 2 Deluxe
Blackhawk Striker 2
Bob the Builder Can-Do-Zoo
Bonjour
Build-a-lot 2
BuzzSocialPoints_DNS version 1.0
BuzzSocialPoints_DNS_IE
Canon MX310 series
Canon MX310 series User Registration
Canon My Printer
CCleaner
Combat Arms
Compatibility Pack for the 2007 Office system
D3DX10
DealScout for FireFox
Diablo III
Escape Rosecliff Island
eSobi v2
Faerie Solitaire
FATE - The Traitor Soul
FreeOnlineRadioPlayerRecorder Toolbar
Google Drive
Google Toolbar for Internet Explorer
Google Update Helper
Haali Media Splitter
Hotkey Utility
HTC Driver Installer
HTC Sync Manager
IB Updater Service
iCloud
Identity Card
IHA_MessageCenter
ImagXpress
InfoAtoms [uninstall]
InstallIQ Updater
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Rapid Storage Technology
IPTInstaller
iTunes
Java 7 Update 25
Java Auto Updater
Jewel Quest Solitaire 3
Junk Mail filter update
League of Legends
Malwarebytes Anti-Malware version 1.75.0.1300
MapleStory
MediaShow Espresso
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2000 Professional
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft Works
MobileMe Control Panel
Monopoly
Movie Maker
Mozilla Firefox (3.6.15)
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - Lost in Los Angeles
MyWinLocker
MyWinLocker Suite
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
Nexon Game Manager
Pando Media Booster
PDFCreator
Penguins!
Photo Common
Photo Gallery
Plants vs. Zombies
Polar Bowler
Polar Golfer
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
REALTEK Wireless LAN Driver
Safari
Scrabble Plus
Sendori
Shredder
Skype Click to Call
Skype™ 6.6
The Price is Right
Virtual Families
Virtual Villagers - A New Home
Visual C++ 8.0 Runtime Setup Package (x64)
Vz In-Home Agent
Vz In Home Agent
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WModem Driver Installer
Yahoo! Toolbar
Yahtzee
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
9/1/2013 8:58:02 AM, Error: Service Control Manager [7031]  - The Service Sendori service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/1/2013 3:18:55 AM, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
9/1/2013 3:18:55 AM, Error: Service Control Manager [7003]  - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
9/1/2013 3:18:40 AM, Error: Application Popup [1060]  - \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
9/1/2013 2:52:10 AM, Error: Service Control Manager [7034]  - The sndappv2 service terminated unexpectedly.  It has done this 1 time(s).
9/1/2013 2:52:10 AM, Error: Service Control Manager [7022]  - The Service Sendori service hung on starting.
8/30/2013 10:42:51 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
8/28/2013 7:01:49 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the IHA_MessageCenter service to connect.
8/28/2013 7:01:49 PM, Error: Service Control Manager [7000]  - The IHA_MessageCenter service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/28/2013 7:01:19 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000007e (0xffffffff80000003, 0xfffff80002e73600, 0xfffff880009e9578, 0xfffff880009e8de0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 082813-50060-01.
8/27/2013 7:43:48 PM, Error: bowser [8003]  - The master browser has received a server announcement from the computer PETER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F118797A-7FB8-48E4-B6F4-6C641CC22348}. The master browser is stopping or an election is being forced.
8/26/2013 3:30:16 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk6\DR6.
.
==== End Of File ===========================
 
 
DDS
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7600.16839  BrowserJavaVersion: 10.25.2
Run by Peter Feng at 9:01:00 on 2013-09-01
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.6071.4449 [GMT -7:00]
.
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe
C:\Program Files (x86)\Sendori\sndappv2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\OEM\USBDECTION\USBS3S4Detection.exe
C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Sendori\SendoriTray.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe
C:\Program Files (x86)\Sendori\SendoriSvc.exe
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Sendori\SendoriUp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Bob Feng\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bob Feng\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bob Feng\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bob Feng\Downloads\RogueKiller.exe
C:\Users\Bob Feng\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Sendori\Sendori.Service.exe
C:\Users\Bob Feng\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
uURLSearchHooks: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
mURLSearchHooks: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: BuzzSocialPoints_DNS_IE: {8BD7501A-5166-4036-BB01-5FC63C68EFEB} - C:\Program Files (x86)\BuzzSocialPoints_DNS_IE\ScriptHost.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: FreeOnlineRadioPlayerRecorder Toolbar: {F999A48B-1950-4D81-9971-79018F807B4B} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll
TB: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [AVG-Secure-Search-Update_JUNE2013_TB] "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWow64\Macromed\Flash\FlashUtil10c.exe
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
dRun: [searchProtect] \SearchProtect\bin\cltmng.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: C:\Windows\System32\Sendori.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0B2E6D0B-F517-4659-B266-077FA53F474D} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F118797A-7FB8-48E4-B6F4-6C641CC22348} : DHCPNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe -k -rq
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Peter Feng\AppData\Roaming\Mozilla\Firefox\Profiles\t9p5z273.default\
FF - prefs.js: browser.search.selectedEngine - Mixi.DJ Search
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.id - f673195200000000000070f1a196bcf0
FF - user.js: extensions.incredibar_i.instlDay - 15687
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1417:05:27
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef - 
FF - user.js: extensions.incredibar_i.dfltLng - 
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id - 
FF - user.js: extensions.incredibar_i.upn2 - 6R8O445ARH
FF - user.js: extensions.incredibar_i.upn2n - 92825561527179689
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10678
FF - user.js: extensions.incredibar_i.ppd - 111
FF - user.js: extensions.mixidj.tlbrSrchUrl - 
FF - user.js: extensions.mixidj.id - f673195200000000000070f1a196bcf0
FF - user.js: extensions.mixidj.appId - {A2773ED4-83BD-488A-A186-73590706C916}
FF - user.js: extensions.mixidj.instlDay - 15837
FF - user.js: extensions.mixidj.vrsn - 1.8.18.8
FF - user.js: extensions.mixidj.vrsni - 1.8.18.8
FF - user.js: extensions.mixidj.vrsnTs - 1.8.18.821:01:15
FF - user.js: extensions.mixidj.prtnrId - mixidj
FF - user.js: extensions.mixidj.prdct - mixidj
FF - user.js: extensions.mixidj.aflt - babsst
FF - user.js: extensions.mixidj.smplGrp - none
FF - user.js: extensions.mixidj.tlbrId - base
FF - user.js: extensions.mixidj.instlRef - sst
FF - user.js: extensions.mixidj.dfltLng - en
FF - user.js: extensions.mixidj.excTlbr - false
FF - user.js: extensions.mixidj.ffxUnstlRst - false
FF - user.js: extensions.mixidj.admin - false
FF - user.js: extensions.mixidj.autoRvrt - false
FF - user.js: extensions.mixidj.rvrt - false
FF - user.js: extensions.mixidj.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2010-12-16 282976]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2010-12-16 35664]
R1 AvgTdiA;AVG Free Network Redirector x64;C:\Windows\System32\drivers\avgtdia.sys [2010-12-16 317520]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-3 45856]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-2 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-2 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-2 60464]
R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2013-7-1 119072]
R2 avg9emc;AVG Free E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2010-12-16 921952]
R2 avg9wd;AVG Free WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-12-16 308136]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 HTCMonitorService;HTCMonitorService;C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-4-12 87368]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-4-6 13336]
R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-12-12 346696]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-4 418376]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-7 167424]
R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2013-7-1 22304]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-8-14 3291008]
R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2013-7-1 3623200]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-4-6 243232]
R2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2009-12-13 76320]
R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [2013-8-15 1643184]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-2-4 25928]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2010-4-6 712704]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-4-6 346144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-4 701512]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe [2011-5-9 167264]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-5-19 57840]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2013-2-5 1512448]
S3 Gun;Gun;C:\Game\SoftnyxGame\GunboundIS\Gun64.sys [2011-11-11 45176]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2012-12-7 36928]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-2-1 305520]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-16 1255736]
.
=============== Created Last 30 ================
.
2013-08-29 23:10:40 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2013-08-29 01:33:31 -------- d-----w- C:\ProgramData\Motorola
2013-08-29 01:33:04 -------- d-----w- C:\Program Files (x86)\Spirent Communications
2013-08-29 01:32:26 -------- d-----w- C:\Users\Peter Feng\AppData\Local\Downloaded Installations
2013-08-29 01:32:24 -------- d-----w- C:\Program Files\HTC
2013-08-29 01:31:51 -------- d-----w- C:\Program Files (x86)\HTC
2013-08-29 01:31:09 -------- d-----w- C:\ProgramData\HTC
2013-08-29 01:31:00 -------- d-----w- C:\Temp
2013-08-14 18:11:04 4774272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-08-14 18:11:04 4774272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
==================== Find3M  ====================
.
2013-08-21 00:41:11 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-21 00:41:11 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-21 00:41:07 17737608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-08-15 08:45:50 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-07-10 00:04:27 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-10 00:04:26 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-07-10 00:04:26 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-07-01 19:28:10 325920 ----a-w- C:\Windows\SysWow64\Sendori.dll
.
============= FINISH:  9:01:20.04 ===============
 
ROGUEKILLER:
 
RogueKiller V8.6.7 [Aug 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Peter Feng [Admin rights]
Mode : Scan -- Date : 09/01/2013 03:35:22
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 1 ¤¤¤
[ZeroAccess][sERVICE] ???etadpug -- "C:\Program Files (x86)\Google\Desktop\Install\{2c18011c-6ab5-ef46-4b5c-b07a1b0c505e}\   \...\???๛\{2c18011c-6ab5-ef46-4b5c-b07a1b0c505e}\GoogleUpdate.exe" < [x] -> STOPPED
 
¤¤¤ Registry Entries : 13 ¤¤¤
[RUN][ZeroAccess] HKUS\.DEFAULT\[...]\Run : Google Update ("C:\Windows\system32\config\systemprofile\AppData\Local\Google\Desktop\Install\{2c18011c-6ab5-ef46-4b5c-b07a1b0c505e}\???\???\???๛\{2c18011c-6ab5-ef46-4b5c-b07a1b0c505e}\GoogleUpdate.exe" >) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-3225524269-368955587-3553265919-1002\[...]\Run : Google Update ("C:\Users\Bob Feng\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND
[RUN][ZeroAccess] HKUS\S-1-5-18\[...]\Run : Google Update ("C:\Windows\system32\config\systemprofile\AppData\Local\Google\Desktop\Install\{2c18011c-6ab5-ef46-4b5c-b07a1b0c505e}\???\???\???๛\{2c18011c-6ab5-ef46-4b5c-b07a1b0c505e}\GoogleUpdate.exe" >) -> FOUND
[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : Malwarebytes Anti-Malware (cleanup) (rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x][7][x]) -> FOUND
[sHELL][sUSP PATH] HKUS\[...]\Winlogon : shell (C:\Windows\explorer.exe, C:\Users\Bob Feng\AppData\Local\Temp\cmiadapter.exe [-][x][x]) -> FOUND
[sERVICE][ZeroAccess] HKLM\[...]\CCSet\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{2c18011c-6ab5-ef46-4b5c-b07a1b0c505e}\   \...\???๛\{2c18011c-6ab5-ef46-4b5c-b07a1b0c505e}\GoogleUpdate.exe" < [x]) -> FOUND
[sERVICE][ZeroAccess] HKLM\[...]\CS001\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{2c18011c-6ab5-ef46-4b5c-b07a1b0c505e}\   \...\???๛\{2c18011c-6ab5-ef46-4b5c-b07a1b0c505e}\GoogleUpdate.exe" < [x]) -> FOUND
[sERVICE][ZeroAccess] HKLM\[...]\CS002\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{2c18011c-6ab5-ef46-4b5c-b07a1b0c505e}\   \...\???๛\{2c18011c-6ab5-ef46-4b5c-b07a1b0c505e}\GoogleUpdate.exe" < [x]) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HID SVC][Hidden from API] HKLM\[...]\CCSet\[...]\Services : . e () -> FOUND
[HID SVC][Hidden from API] HKLM\[...]\CS001\[...]\Services : . e () -> FOUND
[HID SVC][Hidden from API] HKLM\[...]\CS002\[...]\Services : . e () -> FOUND
 
¤¤¤ Scheduled tasks : 8 ¤¤¤
[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3225524269-368955587-3553265919-1002UA.job : C:\Users\Bob Feng\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND
[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3225524269-368955587-3553265919-1002Core.job : C:\Users\Bob Feng\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND
[V1][sUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job : C:\Windows\TEMP\{A15D4C74-E655-4DE1-97C3-163611BB8586}.exe - --uninstall=1 [x] -> FOUND
[V2][sUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv : C:\Windows\TEMP\{A15D4C74-E655-4DE1-97C3-163611BB8586}.exe - --uninstall=1 [x] -> FOUND
[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3225524269-368955587-3553265919-1002Core : C:\Users\Bob Feng\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND
[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3225524269-368955587-3553265919-1002UA : C:\Users\Bob Feng\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND
[V2][sUSP PATH] RunAsStdUser Task : "C:\Users\Peter Feng\AppData\Local\teeveewatchSA\bin\1.0.8.0\TeeveeWatchSA.exe" [x] -> FOUND
[V2][sUSP PATH] WavePadDowngrade : C:\Users\Bob Feng\AppData\Roaming\NCH Software\Program Files\WavePad\wavepad.exe - -downgrade [x] -> FOUND
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][Junction] en-US : C:\Program Files\Windows Defender\en-US >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpAsDesc.dll : C:\Program Files\Windows Defender\MpAsDesc.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpCmdRun.exe : C:\Program Files\Windows Defender\MpCmdRun.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpCommu.dll : C:\Program Files\Windows Defender\MpCommu.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpEvMsg.dll : C:\Program Files\Windows Defender\MpEvMsg.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpOAV.dll : C:\Program Files\Windows Defender\MpOAV.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpRTP.dll : C:\Program Files\Windows Defender\MpRTP.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MSASCui.exe : C:\Program Files\Windows Defender\MSASCui.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpCom.dll : C:\Program Files\Windows Defender\MsMpCom.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpLics.dll : C:\Program Files\Windows Defender\MsMpLics.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpRes.dll : C:\Program Files\Windows Defender\MsMpRes.dll >> \systemroot\system32\config [-] --> FOUND
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection : ZeroAccess ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: WDC WD10EADS-22M2B0 +++++
--- User ---
[MBR] dceac8d33fcd7d8cfe0c9bd16f12ec00
[bSP] 9a184a33e64ac7aedc3b2bda91ace6fc : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 20480 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 41945088 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 42149888 | Size: 933287 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_09012013_033522.txt >>
 
 
 
Is this it?
 
 
Link to post
Share on other sites

Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

I would change all my passwords and keep a close eye on all your sensitive accounts.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system)

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
MrC
Link to post
Share on other sites

Hi again. I would definitely prefer to reinstall the complete OS. I don't use this computer for anything business/important, but I plan to.

 

Also, along with the FRST download, I received a multitude of errors about saving/downloading.....

 

 

here are the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-09-2013
Ran by Bob Feng (ATTENTION: The logged in user is not administrator) on PETERFENG-PC on 01-09-2013 10:01:46
Running from C:\Users\Bob Feng\Downloads
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe
(W3i, LLC) C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgtray.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Users\Bob Feng\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bob Feng\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bob Feng\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9642528 2010-02-24] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1840720 2007-04-03] (CANON INC.)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-13] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [Google Update] - C:\Users\Bob Feng\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-01-21] (Google Inc.)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-04-06] (Google Inc.)
HKCU\...\Run: [iFunBoxConnector] - C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe [812544 2012-11-20] ()
HKCU\...\Run: [installIQUpdater] - C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe [1179648 2011-10-11] (W3i, LLC)
HKCU\...\RunOnce: [uninstall C:\Users\Bob Feng\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Bob Feng\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" [344576 2009-07-13] (Microsoft Corporation)
HKCU\...\RunOnce: [uninstall C:\Users\Bob Feng\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Bob Feng\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64" [344576 2009-07-13] (Microsoft Corporation)
HKCU\...\Winlogon: [shell] C:\Windows\explorer.exe, C:\Users\Bob Feng\AppData\Local\Temp\cmiadapter.exe <==== ATTENTION 
MountPoints2: {928b4ef6-097d-11e0-ba50-4487fca65424} - E:\LaunchU3.exe -a
MountPoints2: {c21b98ef-762b-11df-9a25-806e6f6e6963} - D:\highlands.exe
MountPoints2: {e11a7e05-103f-11e3-86ce-4487fca65424} - E:\TL-Bootstrap.exe
MountPoints2: {e11a7ed4-103f-11e3-86ce-4487fca65424} - K:\TL-Bootstrap.exe
MountPoints2: {f7ed975c-c0a5-11e2-9834-4487fca65424} - E:\iStudio.exe
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [AVG9_TRAY] - C:\PROGRA~2\AVG\AVG9\avgtray.exe [2077536 2012-01-26] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2314416 2013-08-15] ()
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [sendori Tray] - C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2013-07-01] (Sendori, Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [VMM Mode Selection] - C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [83448 2013-05-02] ()
AppInit_DLLs: avgrssta.dll [13048 2010-12-16] (AVG Technologies CZ, s.r.o.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.20searchengines.com/?opts=yes&hp=G1&c=5&d=072311
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_m5910&r=17361210c916p0455v125w46j1u25q
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.20searchengines.com/?opts=no&hp=G1&c=5&d=072311
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_m5910&r=17361210c916p0455v125w46j1u25q
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_m5910&r=17361210c916p0455v125w46j1u25q
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_m5910&r=17361210c916p0455v125w46j1u25q
URLSearchHook: (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {E3E7953F-B7EB-40D4-8E4F-243569D5F52B} URL = 
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3279141&CUI=UN62295139961882007&SSPV=SP_IEWSP06
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={EB04DD7E-6E2C-4221-AF93-A16CFCA59B4A}&mid=f0722d22243c39bf524e9b08d9d30a5f-77813d437687c8c9763e6155a97cc73fe43a1d39〈=us&ds=AVG&pr=fr&d=2011-12-13 15:48:42&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={EB04DD7E-6E2C-4221-AF93-A16CFCA59B4A}&mid=f0722d22243c39bf524e9b08d9d30a5f-77813d437687c8c9763e6155a97cc73fe43a1d39〈=us&ds=AVG&pr=fr&d=2011-12-13 15:48:42&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: BuzzSocialPoints_DNS_IE - {8BD7501A-5166-4036-BB01-5FC63C68EFEB} - C:\Program Files (x86)\BuzzSocialPoints_DNS_IE\ScriptHost.dll (BuzzSocialPoints)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: FreeOnlineRadioPlayerRecorder Toolbar - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - FreeOnlineRadioPlayerRecorder Toolbar - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU - No Name - {F0E59437-6148-4A98-B0A6-60D557EF57F4} -  No File
Toolbar: HKCU - No Name - {F999A48B-1950-4D81-9971-79018F807B4B} -  No File
Handler: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog9 01 C:\Windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 02 C:\Windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 03 C:\Windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 04 C:\Windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 15 C:\Windows\system32\Sendori.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Bob Feng\AppData\Roaming\Mozilla\Firefox\Profiles\ytcoz3of.default
FF DefaultSearchEngine: AVG Secure Search
FF SelectedSearchEngine: AVG Secure Search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Bob Feng\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Bob Feng\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: buzzsocial_lidns - C:\Program Files (x86)\Mozilla Firefox\extensions\buzzsocial_lidns@buzzsocialpoints.com.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [crossriderapp498@crossrider.com] C:\Users\Peter Feng\AppData\Local\RewardsArcade\498\Firefox
FF HKLM-x32\...\Firefox\Extensions: [dealscout@deal-scout.net] C:\Program Files (x86)\DealScout\FireFox
FF Extension: DealScout - C:\Program Files (x86)\DealScout\FireFox
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] C:\ProgramData\AVG Secure Search\FireFoxExt\15.5.0.2
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\15.5.0.2
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\IB Updater\Firefox
 
Chrome: 
=======
CHR Extension: (Google Drive) - C:\Users\BOBFEN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\BOBFEN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx
CHR HKLM-x32\...\Chrome\Extension: [dcmagccbogebndpoodhhhafmofelpffh] - C:\Users\Peter Feng\AppData\Local\RewardsArcade\498\Chrome\rewardsarcade.crx
CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Users\Peter Feng\AppData\Roaming\BabSolution\CR\BabylonChrome1.crx
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx
CHR HKLM-x32\...\Chrome\Extension: [jifflliplgeajjdhmkcfnngfpgbjonjg] - C:\Program Files (x86)\Perion\NewTab\newTab.crx
CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\Peter Feng\AppData\Local\Wajam\Chrome\wajam.crx
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\15.5.0.2\avg.crx
CHR HKLM-x32\...\Chrome\Extension: [peaihlgfkkhnflpijnnbhkmkcpjhnpel] - C:\Program Files (x86)\BuzzSocialPoints_DNS\chrome.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Bob Feng\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
R2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [119072 2013-07-01] (Sendori, Inc.)
S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
R2 avg9emc; C:\Program Files (x86)\AVG\AVG9\avgemc.exe [921952 2010-12-16] (AVG Technologies CZ, s.r.o.)
R2 avg9wd; C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [308136 2010-12-16] (AVG Technologies CZ, s.r.o.)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-04-12] (Nero AG)
R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [346696 2013-07-30] (Verizon)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] ()
R2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2013-07-01] (sendori)
R2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2013-07-01] (Sendori)
R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
R2 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [1643184 2013-08-15] (AVG Secure Search)
R2 Skype C2C Service; "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [x]
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{2c18011c-6ab5-ef46-4b5c-b07a1b0c505e}\   \...\???\{2c18011c-6ab5-ef46-4b5c-b07a1b0c505e}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
 
==================== Drivers (Whitelisted) ====================
 
R1 AvgLdx64; C:\Windows\System32\Drivers\avgldx64.sys [282976 2013-01-15] (AVG Technologies CZ, s.r.o.)
R1 AvgMfx64; C:\Windows\System32\Drivers\avgmfx64.sys [35664 2011-09-14] (AVG Technologies CZ, s.r.o.)
R1 AvgTdiA; C:\Windows\System32\Drivers\avgtdia.sys [317520 2011-05-05] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-08-15] (AVG Technologies)
S3 Gun; C:\Game\SoftnyxGame\GunBoundIS\Gun64.sys [45176 2011-11-11] ()
S3 Gun; C:\Game\SoftnyxGame\GunBoundIS\Gun64.sys [45176 2011-11-11] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 pfc; C:\Windows\SysWow64\drivers\pfc.sys [10368 2013-03-09] (Padus, Inc.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 pfc; system32\drivers\pfc.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-09-01 10:01 - 2013-09-01 10:01 - 00000000 ____D C:\FRST
2013-09-01 10:00 - 2013-09-01 10:00 - 01085571 _____ (Farbar) C:\Users\Bob Feng\Downloads\FRST.exe
2013-09-01 08:59 - 2013-09-01 08:59 - 00688992 ____R (Swearware) C:\Users\Bob Feng\Downloads\dds.com
2013-09-01 03:31 - 2013-09-01 03:31 - 00913408 _____ C:\Users\Bob Feng\Downloads\RogueKiller.exe
2013-09-01 03:05 - 2013-09-01 03:05 - 00066908 _____ C:\Users\Bob Feng\Documents\cc_20130901_030525.reg
2013-09-01 02:41 - 2013-09-01 02:49 - 00028746 _____ C:\Windows\PFRO.log
2013-09-01 02:33 - 2013-09-01 02:33 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Bob Feng\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-29 16:10 - 2013-08-29 16:10 - 00000000 __SHD C:\Windows\system32\%APPDATA%
2013-08-28 18:35 - 2013-08-28 18:35 - 00000000 ____D C:\Users\Bob Feng\AppData\Roaming\HTC Sync
2013-08-28 18:35 - 2013-08-28 18:35 - 00000000 ____D C:\Users\Bob Feng\AppData\Roaming\HTC
2013-08-28 18:33 - 2013-09-01 09:38 - 00000000 ____D C:\Users\BOBFEN~1\AppData\Local\HTC MediaHub
2013-08-28 18:33 - 2013-08-28 18:35 - 00000000 ____D C:\Users\Bob Feng\Documents\HTC
2013-08-28 18:33 - 2013-08-28 18:33 - 00002035 _____ C:\Users\Public\Desktop\HTC Sync Manager.lnk
2013-08-28 18:33 - 2013-08-28 18:33 - 00000000 ____D C:\Users\Bob Feng\.android
2013-08-28 18:33 - 2013-08-28 18:33 - 00000000 ____D C:\ProgramData\Motorola
2013-08-28 18:33 - 2013-08-28 18:33 - 00000000 ____D C:\Program Files (x86)\Spirent Communications
2013-08-28 18:32 - 2013-08-28 18:32 - 00000000 ____D C:\Users\Peter Feng\AppData\Local\Downloaded Installations
2013-08-28 18:32 - 2013-08-28 18:32 - 00000000 ____D C:\Program Files\HTC
2013-08-28 18:31 - 2013-08-28 18:33 - 00030828 _____ C:\Windows\DPINST.LOG
2013-08-28 18:31 - 2013-08-28 18:33 - 00000000 ____D C:\Program Files (x86)\HTC
2013-08-28 18:31 - 2013-08-28 18:31 - 00000000 ____D C:\ProgramData\HTC
2013-08-26 23:57 - 2013-08-26 11:17 - 01289504 _____ C:\Users\Bob Feng\Documents\20130826 111308.m4a
2013-08-23 23:50 - 2013-08-23 23:50 - 00001121 _____ C:\Users\Public\Desktop\Vz  In-Home Agent.lnk
2013-08-19 15:31 - 2013-08-19 15:31 - 06319645 _____ C:\Users\Bob Feng\Downloads\4-(U1)An Introduction to Metabolism(ch.8).pptx
2013-08-12 17:25 - 2013-09-01 09:38 - 00005474 _____ C:\Windows\setupact.log
2013-08-12 17:25 - 2013-08-12 17:25 - 00000000 _____ C:\Windows\setuperr.log
2013-08-09 11:07 - 2013-08-09 11:07 - 03541899 _____ C:\Users\Bob Feng\Downloads\facebook-bobthebuilderI.zip
 
==================== One Month Modified Files and Folders =======
 
2013-09-01 10:01 - 2013-09-01 10:01 - 01590206 _____ (Farbar) C:\Users\Bob Feng\Downloads\FRST64.exe
2013-09-01 10:01 - 2013-09-01 10:01 - 00000000 ____D C:\FRST
2013-09-01 10:01 - 2012-01-21 12:15 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3225524269-368955587-3553265919-1002UA.job
2013-09-01 10:00 - 2013-09-01 10:00 - 01085571 _____ (Farbar) C:\Users\Bob Feng\Downloads\FRST.exe
2013-09-01 09:45 - 2009-07-13 21:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-01 09:45 - 2009-07-13 21:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-01 09:42 - 2009-07-13 22:13 - 00720298 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-01 09:41 - 2013-05-11 21:13 - 01880005 _____ C:\Windows\WindowsUpdate.log
2013-09-01 09:41 - 2013-01-13 22:35 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-01 09:38 - 2013-08-28 18:33 - 00000000 ____D C:\Users\BOBFEN~1\AppData\Local\HTC MediaHub
2013-09-01 09:38 - 2013-08-12 17:25 - 00005474 _____ C:\Windows\setupact.log
2013-09-01 09:38 - 2013-06-03 00:08 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-09-01 09:38 - 2010-12-16 19:17 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-01 09:38 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-01 09:28 - 2010-12-16 19:17 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-01 09:05 - 2010-12-16 14:26 - 00089440 _____ C:\Users\Peter Feng\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-01 08:59 - 2013-09-01 08:59 - 00688992 ____R (Swearware) C:\Users\Bob Feng\Downloads\dds.com
2013-09-01 03:31 - 2013-09-01 03:31 - 00913408 _____ C:\Users\Bob Feng\Downloads\RogueKiller.exe
2013-09-01 03:20 - 2013-02-04 18:10 - 00000000 ____D C:\Users\Peter Feng\AppData\Local\Conduit
2013-09-01 03:13 - 2010-12-19 16:45 - 00000000 ____D C:\Users\BOBFEN~1\AppData\Local\Google
2013-09-01 03:06 - 2013-04-18 00:30 - 00000000 ____D C:\Users\Bob Feng\AppData\Roaming\NCH Software
2013-09-01 03:05 - 2013-09-01 03:05 - 00066908 _____ C:\Users\Bob Feng\Documents\cc_20130901_030525.reg
2013-09-01 03:01 - 2010-12-16 14:25 - 00000000 ____D C:\Users\Peter Feng
2013-09-01 02:49 - 2013-09-01 02:41 - 00028746 _____ C:\Windows\PFRO.log
2013-09-01 02:41 - 2013-02-04 21:33 - 00000000 ____D C:\Users\Bob Feng\AppData\Roaming\SearchProtect
2013-09-01 02:41 - 2013-02-04 18:10 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-09-01 02:40 - 2013-02-04 18:08 - 00000000 ____D C:\Users\Peter Feng\AppData\Roaming\SearchProtect
2013-09-01 02:33 - 2013-09-01 02:33 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Bob Feng\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-01 02:33 - 2013-02-04 21:25 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-01 02:33 - 2013-02-04 21:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-01 02:08 - 2010-12-16 19:06 - 00000000 ____D C:\Windows\system32\Drivers\Avg
2013-09-01 02:02 - 2010-12-20 14:24 - 00000000 ____D C:\Users\Bob Feng\AppData\Roaming\Skype
2013-08-31 19:01 - 2012-01-21 12:15 - 00000868 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3225524269-368955587-3553265919-1002Core.job
2013-08-29 22:03 - 2012-01-21 12:16 - 00002387 _____ C:\Users\Bob Feng\Desktop\Google Chrome.lnk
2013-08-29 18:20 - 2010-12-16 20:29 - 00000000 ____D C:\Users\PETERbk
2013-08-29 16:10 - 2013-08-29 16:10 - 00000000 __SHD C:\Windows\system32\%APPDATA%
2013-08-29 15:20 - 2012-12-12 18:05 - 00000000 ____D C:\ProgramData\Sendori
2013-08-29 15:20 - 2010-04-06 14:52 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-28 19:01 - 2013-06-26 18:12 - 00000000 ____D C:\Windows\Minidump
2013-08-28 19:01 - 2009-07-13 21:45 - 00364864 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-28 19:00 - 2013-06-26 18:12 - 874347068 _____ C:\Windows\MEMORY.DMP
2013-08-28 18:35 - 2013-08-28 18:35 - 00000000 ____D C:\Users\Bob Feng\AppData\Roaming\HTC Sync
2013-08-28 18:35 - 2013-08-28 18:35 - 00000000 ____D C:\Users\Bob Feng\AppData\Roaming\HTC
2013-08-28 18:35 - 2013-08-28 18:33 - 00000000 ____D C:\Users\Bob Feng\Documents\HTC
2013-08-28 18:35 - 2010-12-16 20:32 - 00089440 _____ C:\Users\BOBFEN~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-28 18:33 - 2013-08-28 18:33 - 00002035 _____ C:\Users\Public\Desktop\HTC Sync Manager.lnk
2013-08-28 18:33 - 2013-08-28 18:33 - 00000000 ____D C:\Users\Bob Feng\.android
2013-08-28 18:33 - 2013-08-28 18:33 - 00000000 ____D C:\ProgramData\Motorola
2013-08-28 18:33 - 2013-08-28 18:33 - 00000000 ____D C:\Program Files (x86)\Spirent Communications
2013-08-28 18:33 - 2013-08-28 18:31 - 00030828 _____ C:\Windows\DPINST.LOG
2013-08-28 18:33 - 2013-08-28 18:31 - 00000000 ____D C:\Program Files (x86)\HTC
2013-08-28 18:33 - 2010-12-31 18:23 - 00000000 ____D C:\Users\BOBFEN~1\AppData\Local\Apple Computer
2013-08-28 18:33 - 2010-12-31 18:23 - 00000000 ____D C:\Users\Bob Feng\AppData\Roaming\Apple Computer
2013-08-28 18:33 - 2010-12-16 20:32 - 00000000 ____D C:\Users\Bob Feng
2013-08-28 18:32 - 2013-08-28 18:32 - 00000000 ____D C:\Users\Peter Feng\AppData\Local\Downloaded Installations
2013-08-28 18:32 - 2013-08-28 18:32 - 00000000 ____D C:\Program Files\HTC
2013-08-28 18:31 - 2013-08-28 18:31 - 00000000 ____D C:\ProgramData\HTC
2013-08-28 18:31 - 2010-04-06 14:31 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-28 17:14 - 2012-12-12 18:05 - 00000000 ____D C:\Program Files (x86)\Sendori
2013-08-26 11:17 - 2013-08-26 23:57 - 01289504 _____ C:\Users\Bob Feng\Documents\20130826 111308.m4a
2013-08-23 23:50 - 2013-08-23 23:50 - 00001121 _____ C:\Users\Public\Desktop\Vz  In-Home Agent.lnk
2013-08-23 23:50 - 2011-12-27 18:26 - 00000000 ____D C:\Program Files (x86)\Verizon
2013-08-22 17:37 - 2013-03-04 23:32 - 00000000 _____ C:\END
2013-08-21 22:19 - 2013-05-23 18:56 - 00000000 ____D C:\Users\Bob Feng\AppData\Roaming\U3
2013-08-21 22:19 - 2010-12-16 20:32 - 00000000 ____D C:\Users\BOBFEN~1\AppData\Local\VirtualStore
2013-08-20 17:41 - 2013-02-08 01:41 - 17737608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-08-20 17:41 - 2013-01-13 22:35 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-20 17:41 - 2013-01-13 22:35 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-19 15:31 - 2013-08-19 15:31 - 06319645 _____ C:\Users\Bob Feng\Downloads\4-(U1)An Introduction to Metabolism(ch.8).pptx
2013-08-18 08:03 - 2010-12-16 20:14 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-15 01:45 - 2012-09-03 22:34 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-08-15 01:45 - 2011-12-13 16:49 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-08-12 17:25 - 2013-08-12 17:25 - 00000000 _____ C:\Windows\setuperr.log
2013-08-09 22:23 - 2010-12-16 20:14 - 00002515 _____ C:\Users\Public\Desktop\Skype.lnk
2013-08-09 22:23 - 2010-12-16 20:14 - 00000000 ____D C:\Users\Peter Feng\AppData\Roaming\Skype
2013-08-09 22:23 - 2010-12-16 20:14 - 00000000 ____D C:\ProgramData\Skype
2013-08-09 11:07 - 2013-08-09 11:07 - 03541899 _____ C:\Users\Bob Feng\Downloads\facebook-bobthebuilderI.zip
 
Files to move or delete:
====================
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install\{2c18011c-6ab5-ef46-4b5c-b07a1b0c505e}
C:\Users\Bob Feng\jagex_cl_runescape_LIVE.dat
C:\Users\Bob Feng\random.dat
C:\Users\Peter Feng\AppData\Local\Temp\Lucky-SavingsV5.exe
C:\Users\Peter Feng\AppData\Local\Temp\nsa6EF.exe
C:\Users\Peter Feng\AppData\Local\Temp\nsaFE61.exe
C:\Users\Peter Feng\AppData\Local\Temp\nsk8BC1.exe
C:\Users\Peter Feng\AppData\Local\Temp\nsuE374.exe
C:\Users\Peter Feng\AppData\Local\Temp\Strongvault.exe
C:\Users\Peter Feng\AppData\Local\Temp\tbWhi0.dll
C:\Users\Peter Feng\AppData\Local\Temp\uninst1.exe
C:\Users\Peter Feng\AppData\Local\Temp\{4E1581DA-B182-43FD-9B33-8F6FCA192ABC}\ISBEW64.exe
C:\Users\Peter Feng\AppData\Local\Temp\nsr6A6A.tmp\md5dll.dll
C:\Users\Peter Feng\AppData\Local\Temp\nsr6A6A.tmp\nsExec.dll
C:\Users\Peter Feng\AppData\Local\Temp\nsr6A6A.tmp\nsJSON.dll
C:\Users\Peter Feng\AppData\Local\Temp\nsr6A6A.tmp\System.dll
C:\Users\Peter Feng\AppData\Local\Temp\nsr6A6A.tmp\UAC.dll
C:\Users\Peter Feng\AppData\Local\Temp\MSS\3.0.318.3\mcbrwsr2.dll
C:\Users\Peter Feng\AppData\Local\Temp\MSS\3.0.318.3\McInstallerRes.dll
C:\Users\Peter Feng\AppData\Local\Temp\MSS\3.0.318.3\McInstallerRes_LD.dll
C:\Users\Peter Feng\AppData\Local\Temp\MSS\3.0.318.3\McInstallerStartup.dll
C:\Users\Peter Feng\AppData\Local\Temp\MSS\3.0.318.3\McUICnt.exe
C:\Users\Peter Feng\AppData\Local\Temp\MSS\3.0.318.3\SecurityScanner.dll
C:\Users\Peter Feng\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\Setup.exe
C:\Users\Peter Feng\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupEngine.dll
C:\Users\Peter Feng\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupUi.dll
C:\Users\Peter Feng\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupUtility.exe
C:\Users\Peter Feng\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\sqmapi.dll
C:\Users\Peter Feng\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\3082\SetupResources.dll
C:\Users\Peter Feng\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\3076\SetupResources.dll
C:\Users\Peter Feng\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\2070\SetupResources.dll
C:\Users\Peter Feng\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\2052\SetupResources.dll
C:\Users\Peter Feng\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1055\SetupResources.dll
C:\Users\Peter Feng\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1053\SetupResources.dll
C:\Users\Peter Feng\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1049\SetupResources.dll
C:\Users\Peter Feng\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1046\SetupResources.dll
C:\Users\Peter Feng\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1045\SetupResources.dll
C:\Users\Peter Feng\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1044\SetupResources.dll
C:\Users\Peter Feng\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1043\SetupResources.dll
C:\Users\Peter Feng\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1042\SetupResources.dll
C:\Users\Peter Feng\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1041\SetupResources.dll
C:\Users\Peter Feng\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1040\SetupResources.dll
C:\Users\Peter Feng\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1038\SetupResources.dll
C:\Users\Peter Feng\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1037\SetupResources.dll
C:\Users\Peter Feng\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1036\SetupResources.dll
C:\Users\Peter Feng\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1035\SetupResources.dll
C:\Users\Peter Feng\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1033\SetupResources.dll
C:\Users\Peter Feng\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1032\SetupResources.dll
C:\Users\Peter Feng\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1031\SetupResources.dll
C:\Users\Peter Feng\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1030\SetupResources.dll
C:\Users\Peter Feng\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1029\SetupResources.dll
C:\Users\Peter Feng\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1028\SetupResources.dll
C:\Users\Peter Feng\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1025\SetupResources.dll
C:\Users\Peter Feng\AppData\Local\Temp\4404B204-BAB0-7891-9EBD-DF79C3DAC994\Latest\sqlite3.dll
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
 
==================== End Of Log ============================
 
 
 
ADDITION
 
a Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-09-2013
Ran by Bob Feng at 2013-09-01 10:02:25
Running from C:\Users\Bob Feng\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
   
7-Zip 9.20 (x32)
ACDSee Pro (x32 Version: 8.1.99)
Acer Arcade Deluxe (x32 Version: 4.1.7405)
Acer Arcade Movie (x32 Version: 9.0.6205)
Acer eRecovery Management (x32 Version: 4.05.3007)
Acer Game Console (x32)
Acer Games (x32 Version: 1.0.0.80)
Acer Registration (x32 Version: 1.02.3006)
Acer ScreenSaver (x32 Version: 1.1.0318.2010)
Acer Updater (x32 Version: 1.02.3001)
Acrobat.com (x32 Version: 1.6.65)
Adobe AIR (x32 Version: 1.5.0.7220)
Adobe Flash Player 10 ActiveX (x32 Version: 10.0.32.18)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader 9.1 MUI (x32 Version: 9.1.0)
Advertising Center (x32 Version: 0.0.0.2)
Apple Application Support (x32 Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
AVG Free 9.0 (x32)
AVG Security Toolbar (x32 Version: 15.5.0.2)
Babylon Chrome Toolbar (x32 Version: 2.0.0.7)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82)
Blackhawk Striker 2 (x32 Version: 2.2.0.82)
Bob the Builder Can-Do-Zoo (x32 Version: 2.2.0.82)
Bonjour (Version: 3.0.0.10)
Build-a-lot 2 (x32 Version: 2.2.0.82)
BuzzSocialPoints_DNS version 1.0 (x32 Version: 1.0)
BuzzSocialPoints_DNS_IE (x32 Version: 1.0.0.0)
Canon MX310 series
Canon MX310 series User Registration (x32)
CCleaner (Version: 3.01)
Combat Arms (x32)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.4518.1014)
D3DX10 (x32 Version: 15.4.2368.0902)
DealScout for FireFox (x32 Version: 2.0.79.0)
Diablo III (x32 Version: 1.0.8.16603)
Escape Rosecliff Island (x32 Version: 2.2.0.82)
eSobi v2 (x32 Version: 2.0.4.000274)
Faerie Solitaire (x32 Version: 2.2.0.82)
FATE - The Traitor Soul (x32 Version: 2.2.0.82)
FreeOnlineRadioPlayerRecorder Toolbar (x32 Version: 6.12.0.11)
Google Chrome (HKCU Version: 29.0.1547.62)
Google Drive (x32 Version: 1.11.4865.2530)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4413.1752)
Google Update Helper (x32 Version: 1.3.21.153)
Haali Media Splitter (x32)
Hotkey Utility (x32 Version: 2.05.3003)
HTC Driver Installer (x32 Version: 4.3.0.001)
HTC Sync Manager (x32 Version: 2.1.54.0)
IB Updater Service (Version: 2.0.0.3)
iCloud (Version: 2.1.1.3)
Identity Card (x32 Version: 1.00.3003)
IHA_MessageCenter (x32 Version: 1.8.17)
ImagXpress (x32 Version: 7.0.74.0)
InfoAtoms [uninstall] (x32 Version: 1.5.0.0)
InstallIQ Updater (x32 Version: 1.4.3.0)
Intel® Control Center (x32 Version: 1.2.0.1006)
Intel® Graphics Media Accelerator Driver (x32 Version: 8.15.10.2008)
Intel® Rapid Storage Technology (x32 Version: 9.5.0.1037)
IPTInstaller (x32 Version: 4.0.8)
iTunes (Version: 11.0.2.26)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Jewel Quest Solitaire 3 (x32 Version: 2.2.0.82)
Junk Mail filter update (x32 Version: 16.4.3508.0205)
League of Legends (x32 Version: 1.3)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MapleStory (x32)
MediaShow Espresso (x32 Version: 5.5.1403_23691)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2000 Professional (x32 Version: 9.00.2720)
Microsoft Silverlight (x32 Version: 3.0.40624.0)
Microsoft SkyDrive (HKCU Version: 17.0.2011.0627)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft Works (x32 Version: 9.7.0621)
MobileMe Control Panel (Version: 3.1.8.0)
Monopoly (x32 Version: 2.2.0.82)
Movie Maker (x32 Version: 16.4.3508.0205)
Mozilla Firefox (3.6.15) (x32 Version: 3.6.15 (en-US))
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Mystery P.I. - Lost in Los Angeles (x32 Version: 2.2.0.82)
MyWinLocker (x32 Version: 3.1.206.0)
MyWinLocker Suite (x32 Version: 3.1.206.0)
Nero 9 Essentials (x32)
Nero ControlCenter (x32 Version: 9.0.0.1)
Nero DiscSpeed (x32 Version: 5.4.13.100)
Nero DiscSpeed Help (x32 Version: 5.4.4.100)
Nero DriveSpeed (x32 Version: 4.4.12.100)
Nero DriveSpeed Help (x32 Version: 4.4.4.100)
Nero Express Help (x32 Version: 9.6.2.101)
Nero InfoTool (x32 Version: 6.4.12.100)
Nero InfoTool Help (x32 Version: 6.4.4.100)
Nero Installer (x32 Version: 4.4.9.0)
Nero Online Upgrade (x32 Version: 1.3.0.0)
Nero StartSmart (x32 Version: 9.4.37.100)
Nero StartSmart Help (x32 Version: 9.4.27.100)
Nero StartSmart OEM (x32 Version: 9.16.0.100)
NeroExpress (x32 Version: 9.4.33.100)
neroxml (x32 Version: 1.0.0)
Nexon Game Manager (x32)
on My Printer
Pando Media Booster (x32 Version: 2.6.0.8)
PDFCreator (x32 Version: 1.2.0)
Penguins! (x32 Version: 2.2.0.82)
Photo Gallery (x32 Version: 16.4.3508.0205)
Plants vs. Zombies (x32 Version: 2.2.0.82)
Polar Bowler (x32 Version: 2.2.0.82)
Polar Golfer (x32 Version: 2.2.0.82)
QuickTime (x32 Version: 7.73.80.64)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.17.304.2010)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5995)
REALTEK Wireless LAN Driver (x32 Version: 1.01.0094)
Safari (x32 Version: 5.34.57.2)
Scrabble Plus (x32 Version: 2.2.0.82)
Sendori (x32 Version: 2.0.15)
Shredder (Version: 2.0.5.0)
Shredder (x32 Version: 2.0.5.0)
Skype Click to Call (x32 Version: 6.11.13348)
Skype™ 6.6 (x32 Version: 6.6.106)
The Price is Right (x32 Version: 2.2.0.82)
Virtual Families (x32 Version: 2.2.0.82)
Virtual Villagers - A New Home (x32 Version: 2.2.0.82)
Visual C++ 8.0 Runtime Setup Package (x64) (x32 Version: 9.0.0.623)
Vz In Home Agent (x32 Version: 8.03.54)
Vz In-Home Agent (x32 Version: 9.0.35.0)
Welcome Center (x32 Version: 1.00.3013)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live Family Safety (Version: 16.4.3508.0205)
Windows Live Family Safety (x32 Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Mail (x32 Version: 16.4.3508.0205)
Windows Live Messenger (x32 Version: 16.4.3508.0205)
Windows Live MIME IFilter (Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)
Windows Live Writer (x32 Version: 16.4.3508.0205)
Windows Live Writer Resources (x32 Version: 16.4.3508.0205)
WModem Driver Installer (x32 Version: 3.0.2.0)
Yahoo! Toolbar (x32)
Yahtzee (x32 Version: 2.2.0.82)
Zuma Deluxe (x32 Version: 2.2.0.82)
 
==================== Restore Points  =========================
 
Could not list Restore Points.
 
 
==================== Hosts content: ==========================
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3225524269-368955587-3553265919-1002Core.job => C:\Users\Bob Feng\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3225524269-368955587-3553265919-1002UA.job => C:\Users\Bob Feng\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-12-16 19:06 - 2010-12-16 19:06 - 00013048 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgrssta.dll
2010-04-06 15:19 - 2010-08-25 20:26 - 04720128 _____ (Intel Corporation) C:\Windows\system32\igd10umd64.dll
2013-07-06 23:35 - 2013-07-06 23:35 - 00261744 _____ (Microsoft Corporation) C:\Users\Bob Feng\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll
2013-07-06 23:35 - 2013-07-06 23:35 - 00661448 _____ (Microsoft Corporation) C:\Users\Bob Feng\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\MSVCP110.dll
2013-07-06 23:35 - 2013-07-06 23:35 - 00828872 _____ (Microsoft Corporation) C:\Users\Bob Feng\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\MSVCR110.dll
2010-02-01 11:06 - 2010-02-01 11:06 - 00137584 _____ (Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll
2010-02-01 11:06 - 2010-02-01 11:06 - 00277360 _____ (Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x64\sysenv.dll
2009-07-13 16:53 - 2009-07-13 18:41 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\NETAPI32.dll
2013-06-27 16:11 - 2013-06-27 16:11 - 00778704 _____ (Google) C:\Program Files (x86)\Google\Drive\googledrivesync64.dll
2013-04-16 15:56 - 2013-04-16 15:56 - 00853328 _____ (Microsoft Corporation) C:\Program Files (x86)\Google\Drive\Microsoft.VC90.CRT\MSVCP90.dll
2013-04-16 15:56 - 2013-04-16 15:56 - 00641360 _____ (Microsoft Corporation) C:\Program Files (x86)\Google\Drive\Microsoft.VC90.CRT\MSVCR90.dll
2013-02-20 13:35 - 2013-02-20 13:35 - 00137544 _____ (Apple Inc.) C:\Program Files\iTunes\iTunesMiniPlayer.dll
2013-02-20 13:35 - 2013-02-20 13:35 - 00045896 _____ (Apple Inc.) C:\Program Files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
2013-02-20 13:35 - 2013-02-20 13:35 - 00142152 _____ (Apple Inc.) C:\Program Files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
2009-07-13 16:56 - 2009-07-13 18:40 - 00549888 _____ (Microsoft Corporation) C:\Windows\System32\ActionCenterCPL.dll
2009-07-13 16:55 - 2009-07-13 18:41 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\shgina.dll
2009-07-13 16:58 - 2009-07-13 18:40 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCenter.dll
2009-07-13 17:17 - 2009-07-13 18:40 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\drprov.dll
2009-07-13 16:48 - 2009-07-13 18:41 - 00129536 _____ (Microsoft Corporation) C:\Windows\System32\ntlanman.dll
2011-03-09 22:56 - 2010-12-20 23:10 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\davclnt.dll
2010-04-06 15:19 - 2010-08-25 20:04 - 00061952 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll
2010-08-25 20:03 - 2010-08-25 20:03 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrENU.lrc
2009-07-13 17:08 - 2009-07-13 18:40 - 00934912 _____ (Microsoft Corporation) C:\Windows\System32\FirewallControlPanel.dll
2009-07-13 17:08 - 2009-07-13 18:40 - 00748032 _____ (Microsoft Corporation) C:\Windows\System32\FirewallAPI.dll
2009-07-13 16:55 - 2009-07-13 18:41 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\shpafact.dll
2012-12-17 18:14 - 2012-12-17 18:14 - 00954848 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2010-01-20 21:20 - 2010-01-20 21:20 - 00058736 _____ (Egis Technology Inc.) C:\Program Files (x86)\EgisTec Shredder\x64\ShredderContextMenu.dll
2010-04-06 14:53 - 2010-04-06 14:53 - 00179704 _____ (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.21022.8_none_7644f34b9721eccf\ATL90.DLL
2013-04-16 16:10 - 2013-04-16 16:10 - 00747472 _____ (Google) C:\Program Files (x86)\Google\Drive\contextmenu64.dll
2013-04-16 15:56 - 2013-04-16 15:56 - 00176456 _____ (Microsoft Corporation) C:\Program Files (x86)\Google\Drive\Microsoft.VC90.ATL\ATL90.DLL
2010-02-01 11:06 - 2010-02-01 11:06 - 00376688 _____ (Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x64\mwlshellext.dll
2010-12-16 19:06 - 2010-12-16 19:06 - 00187232 _____ (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgsea.dll
2009-07-13 17:30 - 2009-07-13 18:41 - 00779264 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2009-07-13 17:29 - 2009-07-13 18:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\MAPI32.dll
2010-12-19 16:39 - 2007-04-03 18:50 - 00104448 _____ (CANON INC.) C:\Program Files\Canon\MyPrinter\cnmpu.dll
2010-12-19 16:39 - 2007-04-03 18:50 - 00082944 _____ (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMyRes.dll
2010-04-06 15:19 - 2010-08-25 20:04 - 00108032 _____ (Intel Corporation) C:\Windows\System32\hccutils.DLL
2010-12-16 19:06 - 2010-12-16 19:06 - 00013048 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\avgrssta.dll
2010-04-06 15:19 - 2010-08-25 20:03 - 00830464 _____ (Intel Corporation) C:\Windows\System32\igfxress.dll
2009-07-13 16:19 - 2009-07-13 18:41 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\ktmw32.dll
2009-07-13 16:46 - 2009-07-13 18:41 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\tschannel.dll
2011-08-30 23:05 - 2011-08-30 23:05 - 00132968 _____ (Apple Inc.) C:\Program Files\Bonjour\mdnsNSP.dll
 
==================== Alternate Data Streams (whitelisted) ==========
 
 
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/01/2013 09:38:36 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/01/2013 04:06:54 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14087
 
Error: (09/01/2013 04:06:54 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14087
 
Error: (09/01/2013 04:06:54 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/01/2013 04:06:53 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13026
 
Error: (09/01/2013 04:06:53 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13026
 
Error: (09/01/2013 04:06:53 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/01/2013 04:06:52 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12028
 
Error: (09/01/2013 04:06:52 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12028
 
Error: (09/01/2013 04:06:52 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (09/01/2013 09:38:14 AM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
 
Error: (09/01/2013 09:38:13 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error: 
%%1060
 
Error: (09/01/2013 09:37:55 AM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (09/01/2013 08:58:02 AM) (Source: Service Control Manager) (User: )
Description: The Service Sendori service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (09/01/2013 03:18:55 AM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
 
Error: (09/01/2013 03:18:55 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error: 
%%1060
 
Error: (09/01/2013 03:18:40 AM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (09/01/2013 03:00:12 AM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
 
Error: (09/01/2013 03:00:05 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error: 
%%1060
 
Error: (09/01/2013 02:59:57 AM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
 
Microsoft Office Sessions:
=========================
Error: (09/01/2013 09:38:36 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
 
Error: (09/01/2013 04:06:54 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14087
 
Error: (09/01/2013 04:06:54 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14087
 
Error: (09/01/2013 04:06:54 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/01/2013 04:06:53 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13026
 
Error: (09/01/2013 04:06:53 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13026
 
Error: (09/01/2013 04:06:53 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/01/2013 04:06:52 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12028
 
Error: (09/01/2013 04:06:52 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12028
 
Error: (09/01/2013 04:06:52 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 32%
Total physical RAM: 6071.07 MB
Available physical RAM: 4113.03 MB
Total Pagefile: 12140.29 MB
Available Pagefile: 9748.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:911.41 GB) (Free:785.48 GB) NTFS
Drive d: (HLAbilityBattery) (CDROM) (Total:0.27 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
==================== End Of Log ============================
Link to post
Share on other sites

Download the attached fixlist.txt to the same folder as FRST.

Run FRST and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then......

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-09-2013

Ran by Bob Feng at 2013-09-01 11:01:20 Run:1

Running from C:\Users\Bob Feng\Downloads

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-13] (Microsoft Corporation)

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)

HKCU\...\RunOnce: [uninstall C:\Users\Bob Feng\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Bob Feng\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" [344576 2009-07-13] (Microsoft Corporation)

HKCU\...\RunOnce: [uninstall C:\Users\Bob Feng\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Bob Feng\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64" [344576 2009-07-13] (Microsoft Corporation)

HKCU\...\Winlogon: [shell] C:\Windows\explorer.exe, C:\Users\Bob Feng\AppData\Local\Temp\cmiadapter.exe 

U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{2c18011c-6ab5-ef46-4b5c-b07a1b0c505e}\   \...\???\{2c18011c-6ab5-ef46-4b5c-b07a1b0c505e}\GoogleUpdate.exe" 

URLSearchHook: (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} -  No File

Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File

Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File

Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File

Toolbar: HKCU - No Name - {F0E59437-6148-4A98-B0A6-60D557EF57F4} -  No File

Toolbar: HKCU - No Name - {F999A48B-1950-4D81-9971-79018F807B4B} -  No File

Handler: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File

Handler: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} -  No File

Handler: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File

Handler: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} -  No File

Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File

Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File

Handler: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} -  No File

C:\Program Files (x86)\Google\Desktop\Install\{2c18011c-6ab5-ef46-4b5c-b07a1b0c505e}

C:\Users\Bob Feng\AppData\Local\Temp\cmiadapter.exe 

DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

*****************

 

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*WerKernelReporting => Value not found.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Malwarebytes Anti-Malware => Value not found.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Malwarebytes Anti-Malware (cleanup) => Value not found.

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Bob Feng\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64 => Value deleted successfully.

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Bob Feng\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64 => Value deleted successfully.

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.

*etadpug => Unable to delete service

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{A3BC75A2-1F87-4686-AA43-5347D756017C} => Value deleted successfully.

HKCR\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Value not found.

HKCR\Wow6432Node\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Value deleted successfully.

HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value deleted successfully.

HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F0E59437-6148-4A98-B0A6-60D557EF57F4} => Value deleted successfully.

HKCR\CLSID\{F0E59437-6148-4A98-B0A6-60D557EF57F4} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F999A48B-1950-4D81-9971-79018F807B4B} => Value deleted successfully.

HKCR\CLSID\{F999A48B-1950-4D81-9971-79018F807B4B} => Key not found.

HKCR\PROTOCOLS\Handler\http\0x00000001 => Key not found.

HKCR\CLSID\{E1D2BF42-A96B-11D1-9C6B-0000F875AC61} => Key not found.

HKCR\PROTOCOLS\Handler\http\oledb => Key not found.

HKCR\CLSID\{E1D2BF40-A96B-11D1-9C6B-0000F875AC61} => Key not found.

HKCR\PROTOCOLS\Handler\https\0x00000001 => Key not found.

HKCR\CLSID\{E1D2BF42-A96B-11D1-9C6B-0000F875AC61} => Key not found.

HKCR\PROTOCOLS\Handler\https\oledb => Key not found.

HKCR\CLSID\{E1D2BF40-A96B-11D1-9C6B-0000F875AC61} => Key not found.

HKCR\PROTOCOLS\Handler\ipp\0x00000001 => Key not found.

HKCR\CLSID\{E1D2BF42-A96B-11D1-9C6B-0000F875AC61} => Key not found.

HKCR\PROTOCOLS\Handler\msdaipp\0x00000001 => Key not found.

HKCR\CLSID\{E1D2BF42-A96B-11D1-9C6B-0000F875AC61} => Key not found.

HKCR\PROTOCOLS\Handler\msdaipp\oledb => Key not found.

HKCR\CLSID\{E1D2BF40-A96B-11D1-9C6B-0000F875AC61} => Key not found.

 

 

I cannot seem to find the mbar-log.txt file....

system-log.txt

Link to post
Share on other sites

While running FRST I got several errors.

 

Error saving file

C:\FRST\HIVES\BCD !

 

Continue with the next file?

 

[ RegCreateKeyEx: 5 - Access is denied ]

 

 

and many more about unsaveable files.

 

HERE IS THE FIXLOG I GOT FROM A NEW DOWNLOADED FRST 64

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-09-2013
Ran by Bob Feng at 2013-09-01 12:16:20 Run:2
Running from C:\Users\Bob Feng\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-13] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKCU\...\RunOnce: [uninstall C:\Users\Bob Feng\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Bob Feng\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" [344576 2009-07-13] (Microsoft Corporation)
HKCU\...\RunOnce: [uninstall C:\Users\Bob Feng\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Bob Feng\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64" [344576 2009-07-13] (Microsoft Corporation)
HKCU\...\Winlogon: [shell] C:\Windows\explorer.exe, C:\Users\Bob Feng\AppData\Local\Temp\cmiadapter.exe 
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{2c18011c-6ab5-ef46-4b5c-b07a1b0c505e}\   \...\???\{2c18011c-6ab5-ef46-4b5c-b07a1b0c505e}\GoogleUpdate.exe" 
URLSearchHook: (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} -  No File
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU - No Name - {F0E59437-6148-4A98-B0A6-60D557EF57F4} -  No File
Toolbar: HKCU - No Name - {F999A48B-1950-4D81-9971-79018F807B4B} -  No File
Handler: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} -  No File
C:\Program Files (x86)\Google\Desktop\Install\{2c18011c-6ab5-ef46-4b5c-b07a1b0c505e}
C:\Users\Bob Feng\AppData\Local\Temp\cmiadapter.exe 
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*WerKernelReporting => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Malwarebytes Anti-Malware => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Malwarebytes Anti-Malware (cleanup) => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Bob Feng\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64 => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Bob Feng\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64 => Value not found.
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found.
*etadpug => Service not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{A3BC75A2-1F87-4686-AA43-5347D756017C} => Value not found.
HKCR\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Value not found.
HKCR\Wow6432Node\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Value not found.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value deleted successfully.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F0E59437-6148-4A98-B0A6-60D557EF57F4} => Value not found.
HKCR\CLSID\{F0E59437-6148-4A98-B0A6-60D557EF57F4} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F999A48B-1950-4D81-9971-79018F807B4B} => Value deleted successfully.
HKCR\CLSID\{F999A48B-1950-4D81-9971-79018F807B4B} => Key not found.
HKCR\PROTOCOLS\Handler\http\0x00000001 => Key not found.
HKCR\CLSID\{E1D2BF42-A96B-11D1-9C6B-0000F875AC61} => Key not found.
HKCR\PROTOCOLS\Handler\http\oledb => Key not found.
Link to post
Share on other sites

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-13] (Microsoft Corporation)

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)

HKCU\...\RunOnce: [uninstall C:\Users\Bob Feng\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Bob Feng\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" [344576 2009-07-13] (Microsoft Corporation)

HKCU\...\RunOnce: [uninstall C:\Users\Bob Feng\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Bob Feng\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64" [344576 2009-07-13] (Microsoft Corporation)

HKCU\...\Winlogon: [shell] C:\Windows\explorer.exe, C:\Users\Bob Feng\AppData\Local\Temp\cmiadapter.exe 

U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{2c18011c-6ab5-ef46-4b5c-b07a1b0c505e}\   \...\???\{2c18011c-6ab5-ef46-4b5c-b07a1b0c505e}\GoogleUpdate.exe" 

URLSearchHook: (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} -  No File

Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File

Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File

Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File

Toolbar: HKCU - No Name - {F0E59437-6148-4A98-B0A6-60D557EF57F4} -  No File

Toolbar: HKCU - No Name - {F999A48B-1950-4D81-9971-79018F807B4B} -  No File

Handler: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File

Handler: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} -  No File

Handler: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File

Handler: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} -  No File

Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File

Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File

Handler: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} -  No File

C:\Program Files (x86)\Google\Desktop\Install\{2c18011c-6ab5-ef46-4b5c-b07a1b0c505e}

C:\Users\Bob Feng\AppData\Local\Temp\cmiadapter.exe 

DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

*****************

 

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*WerKernelReporting => Value not found.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Malwarebytes Anti-Malware => Value not found.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Malwarebytes Anti-Malware (cleanup) => Value not found.

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Bob Feng\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64 => Value not found.

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Bob Feng\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64 => Value not found.

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found.

*etadpug => Service not found.

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{A3BC75A2-1F87-4686-AA43-5347D756017C} => Value not found.

HKCR\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Value not found.

HKCR\Wow6432Node\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Value not found.

HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value not found.

HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F0E59437-6148-4A98-B0A6-60D557EF57F4} => Value not found.

HKCR\CLSID\{F0E59437-6148-4A98-B0A6-60D557EF57F4} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F999A48B-1950-4D81-9971-79018F807B4B} => Value not found.

HKCR\CLSID\{F999A48B-1950-4D81-9971-79018F807B4B} => Key not found.

HKCR\PROTOCOLS\Handler\http\0x00000001 => Key not found.

HKCR\CLSID\{E1D2BF42-A96B-11D1-9C6B-0000F875AC61} => Key not found.

HKCR\PROTOCOLS\Handler\http\oledb => Key not found.

HKCR\CLSID\{E1D2BF40-A96B-11D1-9C6B-0000F875AC61} => Key not found.

HKCR\PROTOCOLS\Handler\https\0x00000001 => Key not found.

HKCR\CLSID\{E1D2BF42-A96B-11D1-9C6B-0000F875AC61} => Key not found.

HKCR\PROTOCOLS\Handler\https\oledb => Key not found.

HKCR\CLSID\{E1D2BF40-A96B-11D1-9C6B-0000F875AC61} => Key not found.

HKCR\PROTOCOLS\Handler\ipp\0x00000001 => Key not found.

HKCR\CLSID\{E1D2BF42-A96B-11D1-9C6B-0000F875AC61} => Key not found.

HKCR\PROTOCOLS\Handler\msdaipp\0x00000001 => Key not found.

HKCR\CLSID\{E1D2BF42-A96B-11D1-9C6B-0000F875AC61} => Key not found.

HKCR\PROTOCOLS\Handler\msdaipp\oledb => Key not found.

HKCR\CLSID\{E1D2BF40-A96B-11D1-9C6B-0000F875AC61} => Key not found.

"C:\Program Files (x86)\Google\Desktop\Install\{2c18011c-6ab5-ef46-4b5c-b07a1b0c505e}" => File/Directory not found.

"C:\Users\Bob Feng\AppData\Local\Temp\cmiadapter.exe " => File/Directory not found.

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.

 

==== End of Fixlog ====

 

Here is the fixlog that I ran again exactly as before. I am still getting the errors about "unable to save files" or whatnot.

I am currently running Fixdamage. Should I post the scan for Mbar?

Link to post
Share on other sites

 RogueKiller V8.6.7 _x64_ [Aug 28 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Peter Feng [Admin rights]
Mode : Scan -- Date : 09/01/2013 12:55:55
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 1 ¤¤¤
[sUSP PATH] mbar.exe -- C:\Users\Peter Feng\Desktop\mbar\mbar.exe [7] -> ERROR [5]
 
¤¤¤ Registry Entries : 8 ¤¤¤
[RUN][ZeroAccess] HKUS\.DEFAULT\[...]\Run : Google Update ("C:\Windows\system32\config\systemprofile\AppData\Local\Google\Desktop\Install\{2c18011c-6ab5-ef46-4b5c-b07a1b0c505e}\?��?��?��\?��?��?��\???ﯹ๛\{2c18011c-6ab5-ef46-4b5c-b07a1b0c505e}\GoogleUpdate.exe" >) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-3225524269-368955587-3553265919-1002\[...]\Run : Google Update ("C:\Users\Bob Feng\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND
[RUN][ZeroAccess] HKUS\S-1-5-18\[...]\Run : Google Update ("C:\Windows\system32\config\systemprofile\AppData\Local\Google\Desktop\Install\{2c18011c-6ab5-ef46-4b5c-b07a1b0c505e}\?��?��?��\?��?��?��\???ﯹ๛\{2c18011c-6ab5-ef46-4b5c-b07a1b0c505e}\GoogleUpdate.exe" >) -> FOUND
[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : Malwarebytes Anti-Malware (cleanup) (rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x][7][x]) -> FOUND
[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : Malwarebytes Anti-Rootkit (cleanup) (rundll32.exe "C:\ProgramData\Malwarebytes' Anti-Malware (portable)\cleanup.dll",ProcessCleanupScript "C:\ProgramData\Malwarebytes' Anti-Malware (portable)" [x][7][x][-]) -> FOUND
[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce :  (A0) (cmd /c "C:\Users\Peter Feng\Desktop\mbar\mbar.exe" /rdv /s [7]) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 8 ¤¤¤
[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3225524269-368955587-3553265919-1002UA.job : C:\Users\Bob Feng\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND
[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3225524269-368955587-3553265919-1002Core.job : C:\Users\Bob Feng\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND
[V1][sUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job : C:\Windows\TEMP\{A15D4C74-E655-4DE1-97C3-163611BB8586}.exe - --uninstall=1 [x] -> FOUND
[V2][sUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv : C:\Windows\TEMP\{A15D4C74-E655-4DE1-97C3-163611BB8586}.exe - --uninstall=1 [x] -> FOUND
[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3225524269-368955587-3553265919-1002Core : C:\Users\Bob Feng\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND
[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3225524269-368955587-3553265919-1002UA : C:\Users\Bob Feng\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND
[V2][sUSP PATH] RunAsStdUser Task : "C:\Users\Peter Feng\AppData\Local\teeveewatchSA\bin\1.0.8.0\TeeveeWatchSA.exe" [x] -> FOUND
[V2][sUSP PATH] WavePadDowngrade : C:\Users\Bob Feng\AppData\Roaming\NCH Software\Program Files\WavePad\wavepad.exe - -downgrade [x] -> FOUND
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection : ZeroAccess ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: WDC WD10EADS-22M2B0 +++++
--- User ---
[MBR] dceac8d33fcd7d8cfe0c9bd16f12ec00
[bSP] 9a184a33e64ac7aedc3b2bda91ace6fc : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 20480 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 41945088 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 42149888 | Size: 933287 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_09012013_125555.txt >>
RKreport[0]_S_09012013_033522.txt
 
 
Here is the report I got from RogueKiller. Still waiting on mbar
Link to post
Share on other sites

Yes, post the log from MBAR.

Run RogueKiller again and click Scan
When the scan completes > click on the Registry tab
Put a check next to all of these and uncheck the rest: (if found)
 

[RUN][ZeroAccess] HKUS\.DEFAULT\[...]\Run : Google Update ("C:\Windows\system32\config\systemprofile\AppData\Local\Google\Desktop\Install\{2c18011c-6ab5-ef46-4b5c-b07a1b0c505e}\?��?��?��\?��?��?��\???ﯹ๛\{2c18011c-6ab5-ef46-4b5c-b07a1b0c505e}\GoogleUpdate.exe" >) -> FOUND

[RUN][ZeroAccess] HKUS\S-1-5-18\[...]\Run : Google Update ("C:\Windows\system32\config\systemprofile\AppData\Local\Google\Desktop\Install\{2c18011c-6ab5-ef46-4b5c-b07a1b0c505e}\?��?��?��\?��?��?��\???ﯹ๛\{2c18011c-6ab5-ef46-4b5c-b07a1b0c505e}\GoogleUpdate.exe" >) -> FOUND


Now click Delete on the right hand column under Options

-------------

Run another scan to ensure they're gone.

MrC

Link to post
Share on other sites

HIya again. The mbar scan shows 0 viruses detected. I can't find a log for it...

Yes I have deleted them and it shows that they are gone.

 

There are some files in the AVG resident shield that can't seem to be deleted. Only remoived from the list. Any ideas?

 

Thanks.

Link to post
Share on other sites

There are some files in the AVG resident shield that can't seem to be deleted. Only remoived from the list. Any ideas?

I'm not familiar with AVG, as log as they're quarantined they should be OK.

---------------------------------------------

Next..........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.
 

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites


ComboFix 13-09-01.02 - Peter Feng 09/01/2013  13:40:37.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.6071.4205 [GMT -7:00]

Running from: c:\users\Bob Feng\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\DealScout

c:\program files (x86)\DealScout\FireFox\chrome.manifest

c:\program files (x86)\DealScout\FireFox\chrome\content\boater.xul

c:\program files (x86)\DealScout\FireFox\chrome\content\browserevents.js

c:\program files (x86)\DealScout\FireFox\chrome\content\configuration.js

c:\program files (x86)\DealScout\FireFox\chrome\content\consts.js

c:\program files (x86)\DealScout\FireFox\chrome\content\diagnostics.js

c:\program files (x86)\DealScout\FireFox\chrome\content\jquery-1.4.4.min.js

c:\program files (x86)\DealScout\FireFox\chrome\content\main.js

c:\program files (x86)\DealScout\FireFox\chrome\content\request.js

c:\program files (x86)\DealScout\FireFox\chrome\content\script.js

c:\program files (x86)\DealScout\FireFox\chrome\content\stats.js

c:\program files (x86)\DealScout\FireFox\chrome\content\storage.js

c:\program files (x86)\DealScout\FireFox\chrome\skin\boater_16x16.png

c:\program files (x86)\DealScout\FireFox\chrome\skin\boater_24x24.png

c:\program files (x86)\DealScout\FireFox\chrome\skin\boater_24x24_off.png

c:\program files (x86)\DealScout\FireFox\chrome\skin\toolbar-button.css

c:\program files (x86)\DealScout\FireFox\install.rdf

c:\program files (x86)\DealScout\installer.ico

c:\program files (x86)\DealScout\uninstall.exe

c:\users\Bob Feng\AppData\Roaming\SearchProtect

c:\users\Bob Feng\AppData\Roaming\SearchProtect\ffprotect\abstraction.js

c:\users\Bob Feng\AppData\Roaming\SearchProtect\ffprotect\application.js

c:\users\Bob Feng\AppData\Roaming\SearchProtect\ffprotect\Dialogs\dialogsApi.js

c:\users\Bob Feng\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib\jquery.min.js

c:\users\Bob Feng\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib\json2.js

c:\users\Bob Feng\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.css

c:\users\Bob Feng\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.js

c:\users\Bob Feng\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\information.png

c:\users\Bob Feng\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-LTR.png

c:\users\Bob Feng\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-RTL.png

c:\users\Bob Feng\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-LTR.png

c:\users\Bob Feng\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-RTL.png

c:\users\Bob Feng\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\main.html

c:\users\Bob Feng\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\ok-button.png

c:\users\Bob Feng\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\separation-line.png

c:\users\Bob Feng\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\warning.png

c:\users\Bob Feng\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\main.html

c:\users\Bob Feng\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\SearchProtector.css

c:\users\Bob Feng\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\settings.js

c:\users\Bob Feng\AppData\Roaming\SearchProtect\ffprotect\popupTransparent.xul

c:\users\Bob Feng\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\EN

c:\users\Peter Feng\AppData\Roaming\SearchProtect

c:\users\Peter Feng\AppData\Roaming\SearchProtect\ffprotect\abstraction.js

c:\users\Peter Feng\AppData\Roaming\SearchProtect\ffprotect\application.js

c:\users\Peter Feng\AppData\Roaming\SearchProtect\ffprotect\Dialogs\dialogsApi.js

c:\users\Peter Feng\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib\jquery.min.js

c:\users\Peter Feng\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib\json2.js

c:\users\Peter Feng\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.css

c:\users\Peter Feng\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.js

c:\users\Peter Feng\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\information.png

c:\users\Peter Feng\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-LTR.png

c:\users\Peter Feng\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-RTL.png

c:\users\Peter Feng\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-LTR.png

c:\users\Peter Feng\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-RTL.png

c:\users\Peter Feng\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\main.html

c:\users\Peter Feng\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\ok-button.png

c:\users\Peter Feng\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\separation-line.png

c:\users\Peter Feng\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\warning.png

c:\users\Peter Feng\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\main.html

c:\users\Peter Feng\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\SearchProtector.css

c:\users\Peter Feng\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\settings.js

c:\users\Peter Feng\AppData\Roaming\SearchProtect\ffprotect\popupTransparent.xul

c:\users\Peter Feng\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\EN

c:\windows\wininit.ini

.

.

(((((((((((((((((((((((((   Files Created from 2013-08-01 to 2013-09-01  )))))))))))))))))))))))))))))))

.

.

2013-09-01 20:46 . 2013-09-01 20:46 -------- d-----w- c:\users\PETERbk\AppData\Local\temp

2013-09-01 20:46 . 2013-09-01 20:46 -------- d-----w- c:\users\Peter Feng\AppData\Local\temp

2013-09-01 20:46 . 2013-09-01 20:46 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-09-01 18:47 . 2013-09-01 19:39 -------- d-----w- C:\mbar

2013-09-01 18:05 . 2013-09-01 20:22 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-09-01 17:01 . 2013-09-01 19:37 -------- d-----w- C:\FRST

2013-08-29 23:10 . 2013-08-29 23:10 -------- d-sh--w- c:\windows\system32\%APPDATA%

2013-08-29 01:35 . 2013-08-29 01:35 -------- d-----w- c:\users\Bob Feng\AppData\Roaming\HTC

2013-08-29 01:35 . 2013-08-29 01:35 -------- d-----w- c:\users\Bob Feng\AppData\Roaming\HTC Sync

2013-08-29 01:33 . 2013-09-01 19:42 -------- d-----w- c:\users\Bob Feng\AppData\Local\HTC MediaHub

2013-08-29 01:33 . 2013-08-29 01:33 -------- d-----w- c:\users\Bob Feng\.android

2013-08-29 01:33 . 2013-08-29 01:33 -------- d-----w- c:\programdata\Motorola

2013-08-29 01:33 . 2013-08-29 01:33 -------- d-----w- c:\program files (x86)\Spirent Communications

2013-08-29 01:32 . 2013-08-29 01:32 -------- d-----w- c:\users\Peter Feng\AppData\Local\Downloaded Installations

2013-08-29 01:32 . 2013-08-29 01:32 -------- d-----w- c:\program files\HTC

2013-08-29 01:31 . 2013-08-29 01:33 -------- d-----w- c:\program files (x86)\HTC

2013-08-29 01:31 . 2013-08-29 01:31 -------- d-----w- c:\programdata\HTC

2013-08-29 01:31 . 2013-08-29 01:31 -------- d-----w- C:\Temp

2013-08-14 18:11 . 2013-08-14 18:11 4774272 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

2013-08-14 18:11 . 2013-08-14 18:11 4774272 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

2013-08-10 05:23 . 2013-08-10 05:23 -------- d-----w- c:\program files (x86)\Common Files\Skype

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-08-21 00:41 . 2013-01-14 05:35 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-08-21 00:41 . 2013-01-14 05:35 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-08-21 00:41 . 2013-02-08 08:41 17737608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2013-08-15 08:45 . 2012-09-04 05:34 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2013-07-10 00:04 . 2013-07-10 00:04 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-07-10 00:04 . 2013-07-10 00:04 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-07-10 00:04 . 2013-07-10 00:04 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-07-01 19:28 . 2012-12-13 01:05 325920 ----a-w- c:\windows\SysWow64\Sendori.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll" [2011-10-06 2015544]

"{f999a48b-1950-4d81-9971-79018f807b4b}"= "c:\program files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll" [2013-04-10 231712]

.

[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]

[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]

.

[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{8BD7501A-5166-4036-BB01-5FC63C68EFEB}]

2012-11-08 22:10 383488 ----a-w- c:\program files (x86)\BuzzSocialPoints_DNS_IE\ScriptHost.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2013-08-15 08:45 3122864 ----a-w- c:\program files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{f999a48b-1950-4d81-9971-79018f807b4b}]

2013-04-10 10:19 231712 ----a-w- c:\program files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll" [2013-08-15 3122864]

"{f999a48b-1950-4d81-9971-79018f807b4b}"= "c:\program files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll" [2013-04-10 231712]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-02-01 18:03 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-12-16 3093624]

"AVG-Secure-Search-Update_JUNE2013_TB"="c:\program files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" [2013-06-03 1266712]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]

"AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2012-01-27 2077536]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-08-15 2314416]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]

"Sendori Tray"="c:\program files (x86)\Sendori\SendoriTray.exe" [2013-07-01 83232]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

"VMM Mode Selection"="c:\program files\HTC\ModeSelection\VMMModeSelection.exe" [2013-05-02 83448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]

"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2013-04-04 1127496]

"Malwarebytes Anti-Rootkit (cleanup)"="c:\programdata\Malwarebytes' Anti-Malware (portable)\cleanup.dll" [2013-08-13 1616696]

"(A0)"="c:\users\Peter Feng\Desktop\mbar\mbar.exe" [2013-08-13 1178424]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE -b -l [1999-2-17 65588]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe;c:\program files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]

R3 Gun;Gun;c:\game\SoftnyxGame\GunBoundIS\Gun64.sys;c:\game\SoftnyxGame\GunBoundIS\Gun64.sys [x]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]

R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]

R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\Drivers\avgldx64.sys;c:\windows\SYSNATIVE\Drivers\avgldx64.sys [x]

S1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\Drivers\avgmfx64.sys;c:\windows\SYSNATIVE\Drivers\avgmfx64.sys [x]

S1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\Drivers\avgtdia.sys;c:\windows\SYSNATIVE\Drivers\avgtdia.sys [x]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]

S2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe;c:\program files (x86)\Sendori\SendoriSvc.exe [x]

S2 avg9emc;AVG Free E-mail Scanner;c:\program files (x86)\AVG\AVG9\avgemc.exe;c:\program files (x86)\AVG\AVG9\avgemc.exe [x]

S2 avg9wd;AVG Free WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [x]

S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]

S2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]

S2 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe;c:\program files (x86)\Sendori\Sendori.Service.exe [x]

S2 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe;c:\program files (x86)\Sendori\sndappv2.exe [x]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]

S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe;c:\oem\USBDECTION\USBS3S4Detection.exe [x]

S2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-09-01 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-14 00:41]

.

2013-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-17 02:17]

.

2013-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-17 02:17]

.

2013-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3225524269-368955587-3553265919-1002Core.job

- c:\users\Bob Feng\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-21 19:15]

.

2013-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3225524269-368955587-3553265919-1002UA.job

- c:\users\Bob Feng\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-21 19:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-02-01 18:06 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-06-27 23:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-06-27 23:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-06-27 23:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2013-06-27 23:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-06-27 23:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-06-27 23:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-24 9642528]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1840720]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2009-07-14 415232]

.

------- Supplementary Scan -------

.


uLocal Page = c:\windows\system32\blank.htm



mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.1.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll

FF - ProfilePath - c:\users\Peter Feng\AppData\Roaming\Mozilla\Firefox\Profiles\t9p5z273.default\


FF - prefs.js: browser.search.selectedEngine - Mixi.DJ Search


FF - user.js: extensions.incredibar_i.newTab - false


FF - user.js: extensions.incredibar_i.id - f673195200000000000070f1a196bcf0

FF - user.js: extensions.incredibar_i.instlDay - 15687

FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1417:05

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef - 

FF - user.js: extensions.incredibar_i.dfltLng - 

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id - 

FF - user.js: extensions.incredibar_i.upn2 - 6R8O445ARH

FF - user.js: extensions.incredibar_i.upn2n - 92825561527179689

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10678

FF - user.js: extensions.incredibar_i.ppd - 111

FF - user.js: extensions.mixidj.tlbrSrchUrl - 

FF - user.js: extensions.mixidj.id - f673195200000000000070f1a196bcf0

FF - user.js: extensions.mixidj.appId - {A2773ED4-83BD-488A-A186-73590706C916}

FF - user.js: extensions.mixidj.instlDay - 15837

FF - user.js: extensions.mixidj.vrsn - 1.8.18.8

FF - user.js: extensions.mixidj.vrsni - 1.8.18.8

FF - user.js: extensions.mixidj.vrsnTs - 1.8.18.821:01

FF - user.js: extensions.mixidj.prtnrId - mixidj

FF - user.js: extensions.mixidj.prdct - mixidj

FF - user.js: extensions.mixidj.aflt - babsst

FF - user.js: extensions.mixidj.smplGrp - none

FF - user.js: extensions.mixidj.tlbrId - base

FF - user.js: extensions.mixidj.instlRef - sst

FF - user.js: extensions.mixidj.dfltLng - en

FF - user.js: extensions.mixidj.excTlbr - false

FF - user.js: extensions.mixidj.ffxUnstlRst - false

FF - user.js: extensions.mixidj.admin - false

FF - user.js: extensions.mixidj.autoRvrt - false

FF - user.js: extensions.mixidj.rvrt - false

FF - user.js: extensions.mixidj.newTab - false

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

Toolbar-Locked - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)

ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)

ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)

Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe

Wow6432Node-HKU-Default-Run-SearchProtect - \SearchProtect\bin\cltmng.exe

Toolbar-Locked - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{F999A48B-1950-4D81-9971-79018F807B4B} - (no file)

ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)

ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)

ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)

AddRemove-DealScout - c:\program files (x86)\DealScout\uninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3225524269-368955587-3553265919-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-3225524269-368955587-3553265919-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-09-01  13:48:49

ComboFix-quarantined-files.txt  2013-09-01 20:48

.

Pre-Run: 839,054,602,240 bytes free

Post-Run: 840,827,555,840 bytes free

.

- - End Of File - - 35AFFB7036C5001D33C356372F8E3EC6

 

 

Here we go..

Link to post
Share on other sites

Almost done.....

Lets clean out any adware while you're here:

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
If you agree with everything listed to be removed in the folders section...........

Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.