Search Assist Hyperlink Ads - A Hijacked Browser?

[ChaoticFox]

Howdy. I joined this forum so that I could find help with this annoying virus. The culprit is this thing called "Search Assist" that seems to have gotten into all of my browsers. What happens is that it finds keywords on any website I visit, highlights them in an orange color, and displays an ad when I hover over them. It even happens on this site. Here are some screens of the problem:

 

 

 

I have done numerous scans with Malwarebytes, including ones with my computer in safe mode, and it tells me my pc is clean. There are no new toolbars or extensions in the browsers that could've been installed, and other sites have been less than helpful. Any ideas, guys?

[MrCharlie]

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes and use the default font)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

[ChaoticFox]

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.25.2

Run by Owner at 16:01:55 on 2013-09-13

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.13294.4890 [GMT -4:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Microsoft LifeCam\MSCamS64.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\LTONHIS\Verbatim\SKDaemon.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Users\Owner\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler.exe

C:\Users\Owner\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler64.exe

C:\Program Files (x86)\Sendori\SendoriSvc.exe

C:\Program Files (x86)\puush\puush.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe

C:\Program Files (x86)\Clownfish\Clownfish.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Program Files\Rainmeter\Rainmeter.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Sendori\SendoriUp.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\Winamp\winampa.exe

C:\Program Files (x86)\Sendori\SendoriTray.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe

C:\Program Files (x86)\Sendori\sndappv2.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\WUDFHost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\java.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files\Java\jre6\bin\javaw.exe

C:\Program Files (x86)\iTunes\iTunes.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe

C:\Program Files\Java\jre6\bin\javaw.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\taskmgr.exe

C:\Program Files (x86)\Sendori\Sendori.Service.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

uURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned>

mWinlogon: Userinit = userinit.exe,

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

uRun: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [AdobeBridge] <no file>

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup

mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun: [sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoStrCmpLogical = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: EnableVirtualization = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

mPolicies-Windows\System: UseOEMBackground = dword:1

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

LSP: C:\Windows\System32\Sendori.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{215759C3-A3D4-4BF2-9F09-F1BC2B23C784} : NameServer = 8.8.8.8

TCP: Interfaces\{321067B6-3DCC-4FB8-8DBB-57FA24BF535B} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{34C136D0-1A71-4C60-B7A7-C464D88210F6} : DHCPNameServer = 192.168.1.1

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-Run: [RunDLLEntry_THXCfg] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64

x64-Run: [RunDLLEntry_EptMon] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\EptMon64.dll,RunDLLEntry EptMon64

x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup

x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-Run: [sKDaemon.exe] C:\Program Files\LTONHIS\Verbatim\SKDaemon.exe

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

Hosts: 74.208.10.249 gs.apple.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4spvckgf.default\

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - 

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2013-07-22 21:39; {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}; C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4spvckgf.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}

FF - ExtSQL: 2013-09-02 12:58; {AB2CE124-6272-4b12-94A9-7303C7397BD1}; C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-10-15 56208]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-28 241152]

R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2013-7-1 119072]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-15 13336]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-8-29 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-8-29 701512]

R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2013-7-1 22304]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-10-15 1692480]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-8-14 3291008]

R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2013-7-1 3623200]

R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-7-17 4153184]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-10-15 317440]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-10-15 406056]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-8-29 25928]

R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-2 31744]

R3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0;PCDSRVC{D3412D80-CF3B4A27-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\My Dell\pcdsrvc_x64.pkms [2013-5-3 25584]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]

S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-8-5 9216]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]

S3 AE1000;Linksys AE1000 Driver;C:\Windows\System32\drivers\ae1000w7.sys [2010-6-11 1101600]

S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-10-15 158976]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]

S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-16 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== File Associations ===============

.

FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\Dreamweaver.exe","%1"

ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\dreamweaver.exe", "%1"

.

=============== Created Last 30 ================

.

2013-09-11 21:02:02 -------- d-----w- C:\AdwCleaner

2013-09-07 07:36:46 1075424 ----a-w- C:\ProgramData\Microsoft\WDExpress\11.0\1033\ResourceCache.dll

2013-09-07 07:36:22 -------- d-----w- C:\Program Files (x86)\NuGet

2013-09-07 07:34:52 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules

2013-09-07 07:33:47 -------- d-----w- C:\Program Files (x86)\Common Files\Microsoft

2013-09-07 07:33:46 -------- d-----w- C:\Program Files (x86)\Windows Kits

2013-09-07 07:32:49 -------- d-----w- C:\Program Files (x86)\Microsoft Help Viewer

2013-09-07 07:32:23 -------- d-----w- C:\Windows\SysWow64\1033

2013-09-07 07:32:23 -------- d-----w- C:\Windows\System32\1033

2013-09-07 07:32:17 -------- d-----w- C:\Program Files\Microsoft SQL Server

2013-09-07 07:30:43 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 11.0

2013-09-06 19:48:54 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft

2013-09-06 19:48:54 -------- d-----w- C:\ProgramData\Package Cache

2013-09-05 18:28:08 -------- d-----w- C:\Users\Owner\AppData\Roaming\TuneUp Software

2013-09-02 16:58:32 -------- d-----r- C:\Program Files (x86)\Skype

2013-08-29 16:40:06 -------- d-----w- C:\SMBX

2013-08-29 15:22:37 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes

2013-08-29 15:22:08 -------- d-----w- C:\ProgramData\Malwarebytes

2013-08-29 15:22:07 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-08-29 15:22:07 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-08-29 15:21:51 -------- d-----w- C:\Users\Owner\AppData\Local\Programs

2013-08-29 11:31:58 -------- d-----w- C:\ProgramData\ahrpDn37

2013-08-28 22:22:34 -------- d-----w- C:\ProgramData\nklc

2013-08-28 22:09:56 -------- d-----w- C:\ProgramData\ggab

2013-08-18 01:08:22 -------- d-----w- C:\Users\Owner\AppData\Local\Electronic Arts

2013-08-16 23:44:54 -------- d-----w- C:\Program Files (x86)\AMD AVT

2013-08-16 04:32:12 -------- d-----w- C:\Users\Owner\AppData\Local\Criterion Games

2013-08-16 02:46:30 -------- d-----w- C:\ProgramData\SystemRequirementsLab

2013-08-16 02:30:14 -------- d-----w- C:\Users\Owner\AppData\Local\ESN

2013-08-16 02:30:12 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins

2013-08-16 02:28:32 -------- d-----w- C:\ProgramData\EA Logs

2013-08-16 02:28:32 -------- d-----w- C:\ProgramData\EA Core

2013-08-16 02:26:17 447752 ----a-w- C:\Windows\SysWow64\vp6vfw.dll

2013-08-16 02:09:45 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller

2013-08-15 23:58:56 -------- d-----w- C:\Program Files (x86)\Origin Games

2013-08-15 23:52:40 -------- d-----w- C:\Users\Owner\AppData\Roaming\Origin

2013-08-15 23:52:35 -------- d-----w- C:\Users\Owner\AppData\Local\Origin

2013-08-15 23:51:40 -------- d-----w- C:\ProgramData\Origin

2013-08-15 23:51:40 -------- d-----w- C:\ProgramData\Electronic Arts

2013-08-15 23:51:38 -------- d-----w- C:\Program Files (x86)\Origin

2013-08-15 05:36:59 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-08-15 05:36:59 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-08-15 05:36:59 1084928 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-08-15 05:36:59 108032 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll

2013-08-15 05:36:58 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-08-15 05:31:21 -------- d-----w- C:\Windows\System32\MRT

.

==================== Find3M  ====================

.

2013-09-13 15:34:07 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-09-13 15:34:07 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-09-13 15:34:01 4751752 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2013-08-22 04:14:32 466456 ----a-w- C:\Windows\System32\wrap_oal.dll

2013-08-22 04:14:32 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2013-08-22 04:14:32 122904 ----a-w- C:\Windows\System32\OpenAL32.dll

2013-08-22 04:14:32 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2013-08-16 02:33:57 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2013-08-16 02:33:57 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2013-08-16 02:12:07 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2013-08-16 02:12:00 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll

2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll

2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll

2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll

2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll

2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll

2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll

2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll

2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll

2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll

2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-07-01 16:49:06 325920 ----a-w- C:\Windows\SysWow64\Sendori.dll

2013-06-28 21:01:13 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-06-28 21:01:12 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2013-06-28 21:01:12 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll

.

============= FINISH: 16:02:34.53 ===============

 

 

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium 

Boot Device: \Device\HarddiskVolume2

Install Date: 1/16/2012 12:47:09 PM

System Uptime: 9/13/2013 3:33:43 AM (13 hours ago)

.

Motherboard: Dell Inc. |  | 0Y2MRG

Processor: Intel® Core i5-2320 CPU @ 3.00GHz | CPU 1 | 3001/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 856 GiB total, 143.897 GiB free.

D: is CDROM (CDFS)

E: is Removable

F: is Removable

G: is Removable

H: is Removable

I: is CDROM ()

Z: is FIXED (NTFS) - 62 GiB total, 9.647 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP227: 9/5/2013 1:54:38 AM - Scheduled Checkpoint

RP228: 9/5/2013 2:27:26 PM - Removed AVG 2012

RP229: 9/5/2013 2:28:48 PM - Removed AVG 2012

RP230: 9/6/2013 3:48:47 PM - Microsoft Visual Studio Express 2012 for Windows Desktop - ENU

RP231: 9/6/2013 3:49:27 PM - Windows Update

RP232: 9/7/2013 3:00:10 AM - Windows Update

RP233: 9/7/2013 3:28:43 AM - Microsoft Visual Studio Express 2012 for Windows Desktop - ENU

.

==== Installed Programs ======================

.

 Update for Microsoft Office 2007 (KB2508958)

Ace of Spades

Adobe Acrobat X Pro - English, Français, Deutsch

Adobe AIR

Adobe Content Viewer

Adobe Creative Suite 5.5 Design Premium

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Help Manager

Adobe Premiere Pro CS6

Adobe Reader X MUI

Adobe Widget Browser

Alan Wake

AMD Accelerated Video Transcoding

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Media Foundation Decoders

AMD Wireless Display v3.0

Amnesia: The Dark Descent

And Yet It Moves

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Applian FLV and Media Player 3.1.1.12

ASPCA Reminder by We-Care.com v5.0.5.1

ATI AVIVO64 Codecs

Awesomenauts

Batman: Arkham Asylum GOTY Edition

Battlefield 3™

Battlelog Web Plugins

BIT.TRIP RUNNER

bl

Bonjour

Braid

Breath of Death VII 

Burnout Paradise: The Ultimate Box

Camtasia Studio 7

Castle Crashers

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

Cave Story+

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Cheat Engine 6.2

Clownfish for Skype

Cogs

Combined Community Codec Pack 2011-11-11

Command and Conquer: Red Alert 3 - Uprising

Company of Heroes

Cozi

Crayon Physics Deluxe

Crysis 2 Maximum Edition

Cthulhu Saves the World 

Cubemen

D3DX10

DarksidersInstaller

Day of Defeat: Source

dBpoweramp FLAC Codec

dBpoweramp m4a Codec

dBpoweramp Music Converter

Dead Space

Dead Space™ 3

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell Edoc Viewer

Dell Getting Started Guide

Dell MusicStage

Dell PhotoStage

Dell Stage

Dell VideoStage 

Derpys Lamp

DEVIL MAY CRY 4

DirectX 9 Runtime

DivX Setup

Don't Starve

Dota 2

Dungeon Defenders

DW WLAN Card

Entity Framework Designer for Visual Studio 2012 - enu

ESN Sonar

Far Cry

Far Cry 2

Fliqlo Screen Saver

Fraps (remove only)

Free DVD Video Burner version 3.1.4.412

Free Video to DVD Converter version 5.0.9.412

Fusion's Chao Editor

GameRanger

GCFScape 1.8.2

Google Chrome

Gotham City Impostors: Free To Play

Guild Wars 2

Guitar Hero - World Tour v1.0

Guitar Hero III

Guitar Hero Three Control Panel

Haali Media Splitter

Hammerfight

Hammerwatch

Hi-Rez Studios Authenticate and Update Service

iCloud

iFunbox (v2.1.2228.731), iFunbox DevTeam

ImgBurn

Impulse®

Intel® Rapid Storage Technology

iTunes

Java 7 Update 25

Java Auto Updater

Java 6 Update 24 (64-bit)

Java 6 Update 35

Junk Mail filter update

Key Mapper

Killing Floor

L.A. Noire

League of Legends

Left 4 Dead 2

Left 4 Dead 2 Authoring Tools

LG United Mobile Drivers

LIMBO

Lone Survivor

LOVE (remove only)

Magicka

Malwarebytes Anti-Malware version 1.75.0.1300

Matroska Pack

Medal of Honor Multiplayer

Medal of Honor Single Player

Mesh Runtime

Metro 2033

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft .NET Framework 4.5

Microsoft .NET Framework 4.5 Multi-Targeting Pack

Microsoft .NET Framework 4.5 SDK

Microsoft Application Error Reporting

Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)

Microsoft Corporation

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft Help Viewer 1.0

Microsoft Help Viewer 2.0

Microsoft LifeCam

Microsoft NuGet - Visual Studio Express 2012 for Windows Desktop

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office 2010

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2007

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing (English) 2010

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2007

Microsoft Publisher 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2008 R2 Management Objects

Microsoft SQL Server 2012 Command Line Utilities 

Microsoft SQL Server 2012 Data-Tier App Framework 

Microsoft SQL Server 2012 Express LocalDB 

Microsoft SQL Server 2012 Management Objects 

Microsoft SQL Server 2012 Management Objects  (x64)

Microsoft SQL Server 2012 Native Client 

Microsoft SQL Server 2012 T-SQL Language Service 

Microsoft SQL Server 2012 Transact-SQL Compiler Service 

Microsoft SQL Server 2012 Transact-SQL ScriptDom 

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server Compact 3.5 SP2 x64 ENU

Microsoft SQL Server Compact 4.0 SP1 x64 ENU

Microsoft SQL Server Data Tools - enu (11.1.20828.01)

Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01)

Microsoft SQL Server System CLR Types

Microsoft System CLR Types for SQL Server 2012

Microsoft System CLR Types for SQL Server 2012 (x64)

Microsoft Visual C# 2010 Express - ENU

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Microsoft Visual C++ 2012 32bit Compilers - ENU Resources

Microsoft Visual C++ 2012 Core Libraries

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727

Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727

Microsoft Visual C++ 2012 x86-x64 Compilers

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727

Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727

Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU

Microsoft Visual Studio 2012 Express Prerequisites x64 - ENU

Microsoft Visual Studio 2012 Preparation

Microsoft Visual Studio 2012 Shell (Minimum)

Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies

Microsoft Visual Studio 2012 Shell (Minimum) Resources

Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU

Microsoft Visual Studio Express 2012 for Windows Desktop

Microsoft Visual Studio Express 2012 for Windows Desktop - ENU

Microsoft Visual Studio Team Foundation Server 2012 Object Model

Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU

Microsoft Visual Studio Team Foundation Server 2012 Team Explorer

Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU

Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core

Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources

Microsoft Xbox 360 Accessories 1.2

Microsoft XNA Framework Redistributable 3.1

Microsoft XNA Framework Redistributable 4.0

Microsoft XNA Game Studio 4.0

Microsoft XNA Game Studio 4.0 (ARP entry)

Microsoft XNA Game Studio 4.0 (Redists)

Microsoft XNA Game Studio 4.0 (Shared Components)

Microsoft XNA Game Studio 4.0 (Visual Studio)

Microsoft XNA Game Studio 4.0 (XnaLiveProxy)

Microsoft XNA Game Studio 4.0 Documentation

Microsoft XNA Game Studio Platform Tools

Microsoft_VC80_ATL_x86

Microsoft_VC80_ATL_x86_x64

Microsoft_VC80_CRT_x86

Microsoft_VC80_CRT_x86_x64

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFC_x86_x64

Microsoft_VC80_MFCLOC_x86

Microsoft_VC80_MFCLOC_x86_x64

Microsoft_VC90_ATL_x86

Microsoft_VC90_ATL_x86_x64

Microsoft_VC90_CRT_x86

Microsoft_VC90_CRT_x86_x64

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFC_x86_x64

Microsoft_VC90_MFCLOC_x86

Microsoft_VC90_MFCLOC_x86_x64

Mirror's Edge

Mozilla Firefox 16.0.2 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT Redists

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Multimedia Card Reader

Mumble 1.2.3

My Dell

MyMenu 1.2

No-IP DUC

Notepad++

NVIDIA PhysX

OpenAL

Origin

Paint.NET v3.5.10

Pando Media Booster

PDF Settings CS5

PFConfig 1.0.296

ph

PHANTASY STAR ONLINE 2

PhotoShowExpress

Pinnacle Studio 15

Pinnacle Studio Bonus Content

Pinnacle Video Driver

Pitiri 1977

Plants vs. Zombies: Game of the Year

Poker Night at the Inventory

Populous

Portal 2

Portforward Static IP Address 1.0.47

Power Sound Editor Free

PowerISO

Prerequisites for SSDT 

Psychonauts

PunkBuster Services

puush

QuickTime

Rainmeter

RBVirtualFolder64Inst

Real Alternative 2.0.2

Really Big Sky

Realm of the Mad God

Realtek High Definition Audio Driver

Red Faction: Armageddon

Rockstar Games Social Club

RollerCoaster Tycoon 3 Platinum

Roxio Activation Module

Roxio BackOnTrack

Roxio Burn

Roxio Creator Starter

Roxio Express Labeler 3

Roxio File Backup

Saints Row: The Third

SDFormatter

Security Update for Microsoft .NET Framework 4.5 (KB2737083)

Security Update for Microsoft .NET Framework 4.5 (KB2742613)

Security Update for Microsoft .NET Framework 4.5 (KB2789648)

Security Update for Microsoft .NET Framework 4.5 (KB2804582)

Security Update for Microsoft .NET Framework 4.5 (KB2833957)

Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition 

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition 

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition 

Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition

Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition

Security Update for Microsoft Visual C# 2010 Express - ENU (KB2251489)

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Sendori

Shoot Many Robots

Skype Click to Call

Skype™ 6.6

Smite

Snuggle Truck

Sonic Adventure™ 2 

Sonic CinePlayer Decoder Pack

Source SDK

Source SDK Base 2006

Source SDK Base 2007

Star Wars - Battlefront II

Star Wars Empire at War

Star Wars Empire at War Forces of Corruption

Steam

StepMania v5.0 alpha 2 (remove only)

Super Mario Bros. X version 1.3

Super Meat Boy

Super Meat Boy Editor

Superbrothers: Sword & Sworcery EP

System Requirements Lab CYRI

System Requirements Lab Detection

System Requirements Lab for Intel

TeamSpeak 3 Client

TeamViewer 8

TERA

Terraria

The Binding Of Isaac

The Sims™ 3

The Sims™ 3 High-End Loft Stuff

The Sims™ 3 Late Night

THX TruStudio PC

TightVNC 1.3.10

Titan Quest

TrackMania² Stadium Open Beta

Ulead GIF Animator 5 TBYB

Ultima PsOBB

Unreal Development Kit: 2012-02

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4.5 (KB2750147)

Update for Microsoft .NET Framework 4.5 (KB2805221)

Update for Microsoft .NET Framework 4.5 (KB2805226)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

VC80CRTRedist - 8.0.50727.6195

Ventrilo Client for Windows x64

Verbatim

Visual Studio 2008 x64 Redistributables

Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

VTFEdit 1.2.5

VVVVVV

Winamp

Winamp Detector Plug-in

Windows 7 Logon Background Changer

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Software Development Kit

Windows Software Development Kit DirectX x64 Remote

Windows Software Development Kit DirectX x86 Remote

Windows Software Development Kit for Windows Store Apps

Windows Software Development Kit for Windows Store Apps DirectX x64 Remote

Windows Software Development Kit for Windows Store Apps DirectX x86 Remote

WinRAR 5.00 beta 8 (64-bit)

WinSCP 5.1

.

==== Event Viewer Messages From Past Week ========

.

9/13/2013 3:38:48 PM, Error: Service Control Manager [7031]  - The Service Sendori service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/13/2013 3:36:16 AM, Error: Service Control Manager [7023]  - The Function Discovery Resource Publication service terminated with the following error:  %%-2147024891

9/13/2013 3:36:16 AM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:  %%-2147024891

9/13/2013 3:35:57 AM, Error: Service Control Manager [7034]  - The Skype Updater service terminated unexpectedly.  It has done this 1 time(s).

9/13/2013 3:35:56 AM, Error: Service Control Manager [7022]  - The Service Sendori service hung on starting.

9/13/2013 3:34:33 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Application Sendori service.

9/13/2013 3:34:15 AM, Error: Service Control Manager [7023]  - The sndappv2 service terminated with the following error:  %%-2147467243

9/13/2013 3:34:03 AM, Error: Service Control Manager [7003]  - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

9/13/2013 3:34:02 AM, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.

9/13/2013 12:50:07 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service sndappv2 with arguments "-Service" in order to run the server: {B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}

9/13/2013 12:49:16 AM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.

9/13/2013 12:49:14 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

9/13/2013 12:49:14 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

9/13/2013 12:49:12 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

9/13/2013 12:49:12 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

9/13/2013 12:49:11 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

9/13/2013 12:49:06 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

9/13/2013 12:49:00 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl

9/13/2013 12:48:58 AM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.

9/13/2013 12:48:58 AM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.

9/13/2013 12:48:58 AM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.

9/13/2013 12:48:58 AM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.

9/13/2013 12:48:58 AM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.

9/13/2013 12:48:58 AM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.

9/13/2013 12:48:58 AM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.

9/13/2013 12:48:58 AM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.

9/13/2013 12:48:58 AM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.

9/13/2013 12:48:58 AM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.

9/10/2013 4:42:51 AM, Error: iaStor [9]  - The device, \Device\Ide\iaStor0, did not respond within the timeout period.

.

==== End Of File ===========================

 

[ChaoticFox]

RogueKiller V8.6.11 _x64_ [sep 11 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Owner [Admin rights]

Mode : Scan -- Date : 09/13/2013 16:13:29

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 15 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : Google Update ("C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND

[RUN][sUSP PATH] HKCU\[...]\Run : ROC_ROC_APR2013_AV (C:\Users\Owner\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 86f7f2cf779747d18540c94a3536aae6-543305670ea17b9b473f75a87a88cdc294869005 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2012 [x][x][x][x]) -> FOUND

[RUN][sUSP PATH] HKCU\[...]\Run : AVG-Secure-Search-Update_0913a (C:\Users\Owner\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 86f7f2cf779747d18540c94a3536aae6-543305670ea17b9b473f75a87a88cdc294869005 --CMPID 0913a [x][x][x]) -> FOUND

[RUN][ZeroAccess] HKUS\.DEFAULT\[...]\Run : Google Update ("C:\Windows\system32\config\systemprofile\AppData\Local\Google\Desktop\Install\{577fc01d-903c-e16a-2b3d-a339c196ba5c}\?��?��?��\?��?��?��\???ﯹ๛\{577fc01d-903c-e16a-2b3d-a339c196ba5c}\GoogleUpdate.exe" >) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-2754525585-2667275184-1495631457-1000\[...]\Run : Google Update ("C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-2754525585-2667275184-1495631457-1000\[...]\Run : ROC_ROC_APR2013_AV (C:\Users\Owner\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 86f7f2cf779747d18540c94a3536aae6-543305670ea17b9b473f75a87a88cdc294869005 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2012 [x][x][x][x]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-2754525585-2667275184-1495631457-1000\[...]\Run : AVG-Secure-Search-Update_0913a (C:\Users\Owner\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 86f7f2cf779747d18540c94a3536aae6-543305670ea17b9b473f75a87a88cdc294869005 --CMPID 0913a [x][x][x]) -> FOUND

[RUN][ZeroAccess] HKUS\S-1-5-18\[...]\Run : Google Update ("C:\Windows\system32\config\systemprofile\AppData\Local\Google\Desktop\Install\{577fc01d-903c-e16a-2b3d-a339c196ba5c}\?��?��?��\?��?��?��\???ﯹ๛\{577fc01d-903c-e16a-2b3d-a339c196ba5c}\GoogleUpdate.exe" >) -> FOUND

[HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 6 ¤¤¤

[V1][sUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> FOUND

[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2754525585-2667275184-1495631457-1000UA.job : C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND

[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2754525585-2667275184-1495631457-1000Core.job : C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND

[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2754525585-2667275184-1495631457-1000Core : C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND

[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2754525585-2667275184-1495631457-1000UA : C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND

[V2][sUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> FOUND

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][Junction] en-US : C:\Program Files\Windows Defender\en-US >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MpAsDesc.dll : C:\Program Files\Windows Defender\MpAsDesc.dll >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MpCmdRun.exe : C:\Program Files\Windows Defender\MpCmdRun.exe >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MpCommu.dll : C:\Program Files\Windows Defender\MpCommu.dll >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MpEvMsg.dll : C:\Program Files\Windows Defender\MpEvMsg.dll >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MpOAV.dll : C:\Program Files\Windows Defender\MpOAV.dll >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MpRTP.dll : C:\Program Files\Windows Defender\MpRTP.dll >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MSASCui.exe : C:\Program Files\Windows Defender\MSASCui.exe >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MsMpCom.dll : C:\Program Files\Windows Defender\MsMpCom.dll >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MsMpLics.dll : C:\Program Files\Windows Defender\MsMpLics.dll >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MsMpRes.dll : C:\Program Files\Windows Defender\MsMpRes.dll >> \systemroot\system32\config [-] --> FOUND

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection : ZeroAccess ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

127.0.0.1       localhost

127.0.0.1 activate.adobe.com

127.0.0.1 3dns-3.adobe.com

127.0.0.1 adobe-dns-2.adobe.com

127.0.0.1 adobe-dns-3.adobe.com

127.0.0.1 ereg.wip3.adobe.com

127.0.0.1 activate-sea.adobe.com

127.0.0.1 wip3.adobe.com

127.0.0.1 wwis-dubc1-vip60.adobe.com

127.0.0.1 activate-sjc0.adobe.com

127.0.0.1 practivate.adobe.com

127.0.0.1 ereg.adobe.com

127.0.0.1 activate.wip3.adobe.com

127.0.0.1 3dns-2.adobe.com

127.0.0.1 adobe-dns.adobe.com 

::1             localhost

74.208.10.249 gs.apple.com

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: WDC WD10EALX-759BA1 +++++

--- User ---

[MBR] 3676249455b64b91538b69be8c59c4d6

[bSP] d53b0be2a56687c8690d9092ce5b8143 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 13566 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27865088 | Size: 876334 Mo

3 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 1822599166 | Size: 63928 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_09132013_161329.txt >>

RKreport[0]_S_09132013_151032.txt

 

 

 

 

 

That should be all the reports you need.

[MrCharlie]

Did you read this warning:

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Failure to remove such software will result in your topic being closed and no further assistance being provided.

Your Host file:
 

127.0.0.1 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
::1 localhost
74.208.10.249 gs.apple.com

 

 

It's used to by-pass adobe activation.....MrC

[ChaoticFox]

My apologies, I completely forgot that I did that. I uninstalled the pirated programs and removed the host file. Hopefullly this new log will back up my story.

 

 

RogueKiller V8.6.11 _x64_ [sep 11 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Owner [Admin rights]

Mode : Scan -- Date : 09/13/2013 17:09:54

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 15 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : Google Update ("C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND

[RUN][sUSP PATH] HKCU\[...]\Run : ROC_ROC_APR2013_AV (C:\Users\Owner\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 86f7f2cf779747d18540c94a3536aae6-543305670ea17b9b473f75a87a88cdc294869005 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2012 [x][x][x][x]) -> FOUND

[RUN][sUSP PATH] HKCU\[...]\Run : AVG-Secure-Search-Update_0913a (C:\Users\Owner\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 86f7f2cf779747d18540c94a3536aae6-543305670ea17b9b473f75a87a88cdc294869005 --CMPID 0913a [x][x][x]) -> FOUND

[RUN][ZeroAccess] HKUS\.DEFAULT\[...]\Run : Google Update ("C:\Windows\system32\config\systemprofile\AppData\Local\Google\Desktop\Install\{577fc01d-903c-e16a-2b3d-a339c196ba5c}\?��?��?��\?��?��?��\???ﯹ๛\{577fc01d-903c-e16a-2b3d-a339c196ba5c}\GoogleUpdate.exe" >) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-2754525585-2667275184-1495631457-1000\[...]\Run : Google Update ("C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-2754525585-2667275184-1495631457-1000\[...]\Run : ROC_ROC_APR2013_AV (C:\Users\Owner\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 86f7f2cf779747d18540c94a3536aae6-543305670ea17b9b473f75a87a88cdc294869005 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2012 [x][x][x][x]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-2754525585-2667275184-1495631457-1000\[...]\Run : AVG-Secure-Search-Update_0913a (C:\Users\Owner\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 86f7f2cf779747d18540c94a3536aae6-543305670ea17b9b473f75a87a88cdc294869005 --CMPID 0913a [x][x][x]) -> FOUND

[RUN][ZeroAccess] HKUS\S-1-5-18\[...]\Run : Google Update ("C:\Windows\system32\config\systemprofile\AppData\Local\Google\Desktop\Install\{577fc01d-903c-e16a-2b3d-a339c196ba5c}\?��?��?��\?��?��?��\???ﯹ๛\{577fc01d-903c-e16a-2b3d-a339c196ba5c}\GoogleUpdate.exe" >) -> FOUND

[HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 6 ¤¤¤

[V1][sUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> FOUND

[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2754525585-2667275184-1495631457-1000UA.job : C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND

[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2754525585-2667275184-1495631457-1000Core.job : C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND

[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2754525585-2667275184-1495631457-1000Core : C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND

[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2754525585-2667275184-1495631457-1000UA : C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND

[V2][sUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> FOUND

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][Junction] en-US : C:\Program Files\Windows Defender\en-US >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MpAsDesc.dll : C:\Program Files\Windows Defender\MpAsDesc.dll >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MpCmdRun.exe : C:\Program Files\Windows Defender\MpCmdRun.exe >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MpCommu.dll : C:\Program Files\Windows Defender\MpCommu.dll >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MpEvMsg.dll : C:\Program Files\Windows Defender\MpEvMsg.dll >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MpOAV.dll : C:\Program Files\Windows Defender\MpOAV.dll >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MpRTP.dll : C:\Program Files\Windows Defender\MpRTP.dll >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MSASCui.exe : C:\Program Files\Windows Defender\MSASCui.exe >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MsMpCom.dll : C:\Program Files\Windows Defender\MsMpCom.dll >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MsMpLics.dll : C:\Program Files\Windows Defender\MsMpLics.dll >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MsMpRes.dll : C:\Program Files\Windows Defender\MsMpRes.dll >> \systemroot\system32\config [-] --> FOUND

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection : ZeroAccess ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: WDC WD10EALX-759BA1 +++++

--- User ---

[MBR] 3676249455b64b91538b69be8c59c4d6

[bSP] d53b0be2a56687c8690d9092ce5b8143 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 13566 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27865088 | Size: 876334 Mo

3 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 1822599166 | Size: 63928 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_09132013_170954.txt >>

RKreport[0]_S_09132013_151032.txt

[MrCharlie]

Please read the following information first.

 

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

I would change all my passwords and keep a close eye on all your sensitive accounts.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system)

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

MrC

[ChaoticFox]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-09-2013 04

Ran by Owner (administrator) on OWNER-PC on 13-09-2013 19:07:28

Running from C:\Users\Owner\Desktop

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(AMD) C:\Windows\system32\atiesrxx.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

() C:\Program Files\LTONHIS\Verbatim\SKDaemon.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Google Inc.) C:\Users\Owner\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler.exe

(Google Inc.) C:\Users\Owner\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler64.exe

(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriSvc.exe

() C:\Program Files (x86)\puush\puush.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

() C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe

(Bogdan Sharkov) C:\Program Files (x86)\Clownfish\Clownfish.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe

() C:\Program Files\Rainmeter\Rainmeter.exe

(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriUp.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe

(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriTray.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe

(Sendori) C:\Program Files (x86)\Sendori\sndappv2.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe

(sendori) C:\Program Files (x86)\Sendori\Sendori.Service.exe

(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe

(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\javaw.exe

(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\javaw.exe

(Microsoft Corporation) C:\Windows\system32\cmd.exe

(Sun Microsystems, Inc.) C:\Windows\system32\java.exe

(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [RunDLLEntry_THXCfg] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64

HKLM\...\Run: [RunDLLEntry_EptMon] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64

HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj [207845 2011-04-29] ()

HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12681320 2011-08-26] (Realtek Semiconductor)

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [sKDaemon.exe] - C:\Program Files\LTONHIS\Verbatim\SKDaemon.exe [318464 2008-09-17] ()

HKLM\...\Policies\Explorer: [NoStrCmpLogical] 1

HKCU\...\Run: [Google Update] - C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-01-16] (Google Inc.)

HKCU\...\Run: [steam] - C:\Program Files (x86)\Steam\steam.exe [1811368 2013-09-06] (Valve Corporation)

HKCU\...\Run: [msnmsgr] - "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

HKCU\...\Run: [AdobeBridge] - [x]

HKCU\...\Run: [puush] - C:\Program Files (x86)\puush\puush.exe [567880 2013-07-14] ()

HKCU\...\Run: [iFunBoxConnector] - C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe [812544 2012-11-20] ()

HKCU\...\Run: [ROC_ROC_APR2013_AV] - C:\Users\Owner\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 86f7f2cf779747d18540c94a3536aae6-543305670ea17b9b473f75a87a88cdc294869005 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2012

HKCU\...\Run: [Clownfish] - C:\Program Files (x86)\Clownfish\Clownfish.exe [1268472 2013-05-13] (Bogdan Sharkov)

HKCU\...\Run: [AVG-Secure-Search-Update_0913a] - C:\Users\Owner\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 86f7f2cf779747d18540c94a3536aae6-543305670ea17b9b473f75a87a88cdc294869005 --CMPID 0913a

HKCU\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)

HKCU\...\Policies\Explorer: [NoDesktopCleanupWizard] 1

MountPoints2: I - I:\Autorun.exe

MountPoints2: {0b2c84ad-2116-11e2-a34f-180373d24315} - J:\TL_Bootstrap.exe

HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)

HKLM-x32\...\Run: [shwiconXP9106] - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)

HKLM-x32\...\Run: [THX Audio Control Panel] - C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)

HKLM-x32\...\Run: [updReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [] -  [x]

HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)

HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()

HKLM-x32\...\Run: [AccuWeatherWidget] - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj [2825741 2011-04-29] ()

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [switchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [38984 2013-05-10] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840768 2013-05-10] (Adobe Systems Inc.)

HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [312376 2011-11-14] (Power Software Ltd)

HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-05-07] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()

HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)

HKLM-x32\...\Run: [sendori Tray] - C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2013-07-01] (Sendori, Inc.)

HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)

HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)

HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)

Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk

ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1

URLSearchHook: (No Name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -  No File

SearchScopes: HKLM - DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

SearchScopes: HKCU - DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = 

SearchScopes: HKCU - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = 

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Winsock: Catalog9 01 C:\Windows\system32\Sendori.dll File Not found ()

Winsock: Catalog9 02 C:\Windows\system32\Sendori.dll File Not found ()

Winsock: Catalog9 03 C:\Windows\system32\Sendori.dll File Not found ()

Winsock: Catalog9 04 C:\Windows\system32\Sendori.dll File Not found ()

Winsock: Catalog9 15 C:\Windows\system32\Sendori.dll File Not found ()

 

Hosts: Hosts file not detected in the default directory

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{215759C3-A3D4-4BF2-9F09-F1BC2B23C784}: [NameServer]8.8.8.8

 

FireFox:

========

FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4spvckgf.default

FF Homepage: about:home

FF Keyword.URL: user_pref("keyword.URL", "");

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)

FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Owner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Owner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Extension: Просмотр HTTP заголовков - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4spvckgf.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}

FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4spvckgf.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

 

Chrome: 

=======

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Shockwave Flash) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll ()

CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)

CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\plugins\nppl3260.dll (RealNetworks, Inc.)

CHR Plugin: (RealPlayer Version Plugin) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\plugins\nprpjplug.dll (RealNetworks, Inc.)

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

CHR Plugin: (Java Platform SE 7 U10) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Google Update) - C:\Users\Owner\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File

CHR Extension: (James White) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0

CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (YouTube\u2122 Ratings Preview) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbhdenfmgbagncdmgbholejjpmmiank\2.3.3_0

CHR Extension: (AdBlock) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.7_0

CHR Extension: (Stealthy) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieaebnkibonmpbhdaanjkmedikadnoje\3.0.1_0

CHR Extension: (Auto Replay for YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.28_0

CHR Extension: (Chrome In-App Payments service) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0

CHR Extension: (4chan Plus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinelipedelckihohgdlpcclgocodhjj\3.0.0_0

CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

CHR HKLM-x32\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\Owner\AppData\Local\Temp\ccex.crx

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

CHR HKLM-x32\...\Chrome\Extension: [lkpmjnommfoljgjbckjmjhkmnhfmcmon] - C:\ProgramData\WeCareReminder\\wecarereminderro.crx

CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

CHR StartMenuInternet: Google Chrome - C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

 

==================== Services (Whitelisted) =================

 

R2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [119072 2013-07-01] (Sendori, Inc.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S3 npggsvc; C:\Windows\SysWow64\GameMon.des [5180032 2012-12-23] (INCA Internet Co., Ltd.)

R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2013-08-15] ()

R2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2013-07-01] (sendori)

R2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2013-07-01] (Sendori)

 

==================== Drivers (Whitelisted) ====================

 

S3 AE1000; C:\Windows\System32\DRIVERS\ae1000w7.sys [1101600 2010-06-11] (Ralink Technology Corp.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2011-02-14] (LG Electronics Inc.)

S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [28160 2011-02-14] (LG Electronics Inc.)

S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [34816 2011-02-14] (LG Electronics Inc.)

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]

R3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [x]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-09-13 19:07 - 2013-09-13 19:07 - 01950312 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe

2013-09-13 19:07 - 2013-09-13 19:07 - 00000000 ____D C:\FRST

2013-09-13 17:09 - 2013-09-13 17:09 - 00006806 _____ C:\Users\Owner\Desktop\RKreport[0]_S_09132013_170954.txt

2013-09-13 16:04 - 2013-09-13 16:04 - 00006799 _____ C:\Users\Owner\Desktop\attach.zip

2013-09-13 16:02 - 2013-09-13 16:02 - 00028006 _____ C:\Users\Owner\Desktop\dds.txt

2013-09-13 16:02 - 2013-09-13 16:02 - 00024804 _____ C:\Users\Owner\Desktop\attach.txt

2013-09-13 15:59 - 2013-09-13 15:59 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.com

2013-09-13 15:10 - 2013-09-13 15:10 - 00007296 _____ C:\Users\Owner\Desktop\RKreport[0]_S_09132013_151032.txt

2013-09-13 15:06 - 2013-09-13 15:28 - 00000000 ____D C:\Users\Owner\Desktop\RK_Quarantine

2013-09-13 15:06 - 2013-09-13 15:06 - 03787776 _____ C:\Users\Owner\Desktop\RogueKillerX64.exe

2013-09-13 00:05 - 2013-09-13 00:05 - 00000000 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_52328ef3.dmp

2013-09-12 12:58 - 2013-09-12 12:58 - 00354042 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_5230db24.dmp

2013-09-11 17:02 - 2013-09-11 17:04 - 00000000 ____D C:\AdwCleaner

2013-09-11 17:01 - 2013-09-11 17:01 - 01037278 _____ C:\Users\Owner\Desktop\adwcleaner.exe

2013-09-07 03:36 - 2013-09-07 03:36 - 00000000 ____D C:\Users\Owner\Documents\Visual Studio 2012

2013-09-07 03:36 - 2013-09-07 03:36 - 00000000 ____D C:\Program Files (x86)\NuGet

2013-09-07 03:34 - 2013-09-07 03:34 - 00000000 ____D C:\Windows\symbols

2013-09-07 03:33 - 2013-09-07 03:33 - 00000000 ____D C:\Program Files (x86)\Windows Kits

2013-09-07 03:32 - 2013-09-07 03:35 - 00000000 ____D C:\Program Files\Microsoft SQL Server

2013-09-07 03:32 - 2013-09-07 03:32 - 00000000 ____D C:\Windows\SysWOW64\1033

2013-09-07 03:32 - 2013-09-07 03:32 - 00000000 ____D C:\Windows\system32\1033

2013-09-07 03:32 - 2013-09-07 03:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Help Viewer

2013-09-07 03:30 - 2013-09-07 03:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 11.0

2013-09-07 03:27 - 2013-09-07 03:27 - 00336750 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_522ad53f.dmp

2013-09-07 03:25 - 2013-09-07 03:25 - 00302988 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_522903d0.dmp

2013-09-06 20:02 - 2013-09-06 20:02 - 00268140 _____ C:\Users\Owner\Desktop\test.rar

2013-09-06 15:48 - 2013-09-06 15:51 - 00000000 ____D C:\ProgramData\Package Cache

2013-09-05 22:23 - 2013-09-05 22:23 - 21609810 _____ C:\Users\Owner\Desktop\Sphax PureBDCraft 128x MC14.zip

2013-09-05 22:21 - 2013-09-05 22:21 - 62166237 _____ C:\Users\Owner\Desktop\Feed The Beast 128x Sphax Addon 122.zip

2013-09-05 14:46 - 2013-09-05 14:46 - 00302088 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_522390ce.dmp

2013-09-05 14:42 - 2013-09-05 14:42 - 00015671 _____ C:\Users\Owner\Desktop\RestartEvolution_3.1.zip

2013-09-05 14:33 - 2013-09-05 14:33 - 00504856 _____ C:\Users\Owner\Desktop\mcrtoolkit10a14_5 (1).zip

2013-09-05 14:28 - 2013-09-05 14:28 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TuneUp Software

2013-09-03 14:40 - 2013-09-03 14:40 - 00066566 _____ C:\Users\Owner\Desktop\download.htm

2013-09-03 10:49 - 2013-09-03 10:49 - 00000963 _____ C:\Users\Owner\Desktop\ruined_Cottage.schematic

2013-09-02 19:13 - 2013-09-02 19:14 - 01979566 _____ C:\Users\Owner\Desktop\screenshots.rar

2013-09-02 12:59 - 2013-09-07 00:02 - 00000000 ____D C:\Users\Owner\AppData\Roaming\skypePM

2013-09-02 12:59 - 2013-09-02 12:59 - 00000056 ____H C:\Windows\SysWOW64\ezsidmv.dat

2013-09-02 12:58 - 2013-09-11 19:33 - 00000000 ___RD C:\Program Files (x86)\Skype

2013-09-02 12:58 - 2013-09-02 12:58 - 00002866 _____ C:\Windows\System32\Tasks\{9C7234AC-3983-483F-AF95-BAD5EE791D25}

2013-09-02 12:56 - 2013-09-02 12:56 - 00003122 _____ C:\Windows\System32\Tasks\{2F628C03-D09B-4EBF-85D8-00E7AA18D331}

2013-09-02 12:49 - 2013-09-02 12:49 - 00003122 _____ C:\Windows\System32\Tasks\{85EF0623-8253-46B2-BE8A-BE9D67FE6D9E}

2013-09-01 15:53 - 2013-09-01 15:53 - 00000413 _____ C:\wakeuptoken.info

2013-08-30 18:34 - 2013-08-30 18:34 - 00000000 ____D C:\Windows\Sun

2013-08-29 15:40 - 2013-08-29 15:40 - 00338032 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_521f716d.dmp

2013-08-29 13:47 - 2013-08-29 14:25 - 00000000 ____D C:\Users\Owner\Desktop\STTBTLL-v1.2

2013-08-29 13:44 - 2013-08-29 13:44 - 36516252 _____ C:\Users\Owner\Desktop\STTBTLL-Patch1.2.zip

2013-08-29 13:14 - 2013-08-29 13:17 - 453365629 _____ C:\Users\Owner\Desktop\STTBTLL-v1.2.zip

2013-08-29 12:40 - 2013-08-29 12:40 - 00000000 ____D C:\SMBX

2013-08-29 11:22 - 2013-08-29 11:22 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-08-29 11:22 - 2013-08-29 11:22 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes

2013-08-29 11:22 - 2013-08-29 11:22 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-08-29 11:22 - 2013-08-29 11:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-08-29 11:22 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-08-29 11:18 - 2013-08-29 11:24 - 00008564 _____ C:\Users\Owner\Desktop\Rkill.txt

2013-08-29 11:18 - 2013-08-29 11:18 - 00000000 ____D C:\Users\Owner\Desktop\rkill

2013-08-29 11:11 - 2013-09-13 03:34 - 00002040 _____ C:\Windows\SysWOW64\debug.log

2013-08-29 07:31 - 2013-08-29 11:12 - 00000000 ____D C:\ProgramData\ahrpDn37

2013-08-29 07:31 - 2013-08-29 07:31 - 00000000 ____D C:\Program Files (x86)\Google

2013-08-28 18:22 - 2013-08-28 18:23 - 00000000 ____D C:\ProgramData\nklc

2013-08-28 18:09 - 2013-09-05 14:57 - 00000000 ____D C:\ProgramData\ggab

2013-08-27 20:08 - 2013-08-27 20:08 - 00729778 _____ C:\Users\Owner\Desktop\Burnout_Paradise_SaveGame_Patcher.zip

2013-08-24 22:15 - 2013-08-24 22:15 - 42167034 _____ C:\Users\Owner\Desktop\divinerpg_server.zip

2013-08-23 08:16 - 2013-08-23 08:16 - 01331819 _____ C:\Users\Owner\Desktop\Essentials.zip

2013-08-22 20:01 - 2013-08-22 20:01 - 00342510 _____ C:\Users\Owner\Desktop\OptiFine_1.4.6_HD_D5.zip

2013-08-22 19:46 - 2013-08-22 19:46 - 00095796 _____ C:\Users\Owner\Desktop\OptiFine_1.4.6_L_B5.zip

2013-08-21 21:02 - 2013-08-21 21:18 - 00000000 ____D C:\Users\Owner\Desktop\VIDEO_TS

2013-08-21 21:02 - 2013-08-21 21:02 - 00000000 ____D C:\Users\Owner\Desktop\AUDIO_TS

2013-08-20 23:48 - 2013-08-20 23:48 - 34103034 _____ C:\Users\Owner\Desktop\Ultimate_Server.zip

2013-08-20 23:48 - 2013-08-20 23:48 - 11415431 _____ C:\Users\Owner\Desktop\world.zip

2013-08-20 18:57 - 2013-08-20 18:57 - 10012564 _____ C:\Users\Owner\Desktop\spelunky_1_1.zip

2013-08-20 15:30 - 2013-08-20 15:30 - 00504856 _____ C:\Users\Owner\Desktop\mcrtoolkit10a14_5.zip

2013-08-17 21:08 - 2013-08-17 21:08 - 00000000 ____D C:\Users\Owner\AppData\Local\Electronic Arts

2013-08-17 21:07 - 2013-08-17 21:07 - 00000000 ____D C:\Users\Owner\Documents\Electrontic Arts

2013-08-16 19:45 - 2013-08-16 19:45 - 00000000 ____D C:\ProgramData\ATI

2013-08-16 19:44 - 2013-08-16 19:44 - 00000000 ____D C:\Program Files (x86)\AMD AVT

2013-08-16 13:50 - 2013-08-16 13:50 - 00000000 ____D C:\Users\Owner\Documents\EA Games

2013-08-16 00:32 - 2013-08-16 00:32 - 00000000 ____D C:\Users\Owner\AppData\Local\Criterion Games

2013-08-15 22:46 - 2013-08-15 22:46 - 00000000 ____D C:\ProgramData\SystemRequirementsLab

2013-08-15 22:33 - 2013-08-15 22:34 - 00000000 ____D C:\Users\Owner\Documents\Battlefield 3

2013-08-15 22:30 - 2013-08-15 22:30 - 00000000 ____D C:\Users\Owner\AppData\Local\ESN

2013-08-15 22:30 - 2013-08-15 22:30 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins

2013-08-15 22:28 - 2013-08-15 22:28 - 00000000 ____D C:\ProgramData\EA Core

2013-08-15 22:27 - 2013-08-17 21:08 - 00000000 ____D C:\Users\Owner\Documents\Electronic Arts

2013-08-15 22:26 - 2013-08-17 01:22 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll

2013-08-15 19:58 - 2013-08-22 19:51 - 00000000 ____D C:\Program Files (x86)\Origin Games

2013-08-15 19:52 - 2013-08-15 22:28 - 00000000 ____D C:\Users\Owner\AppData\Local\Origin

2013-08-15 19:52 - 2013-08-15 22:18 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Origin

2013-08-15 19:51 - 2013-08-27 20:13 - 00000000 ____D C:\Program Files (x86)\Origin

2013-08-15 19:51 - 2013-08-15 22:28 - 00000000 ____D C:\ProgramData\Electronic Arts

2013-08-15 19:51 - 2013-08-15 20:01 - 00000000 ____D C:\ProgramData\Origin

2013-08-15 01:37 - 2013-07-26 01:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-08-15 01:37 - 2013-07-26 01:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-08-15 01:37 - 2013-07-26 01:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-08-15 01:37 - 2013-07-26 01:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-08-15 01:37 - 2013-07-26 01:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-08-15 01:37 - 2013-07-26 01:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-08-15 01:37 - 2013-07-26 01:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-08-15 01:37 - 2013-07-26 01:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-08-15 01:37 - 2013-07-26 01:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-08-15 01:37 - 2013-07-25 23:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-08-15 01:37 - 2013-07-25 23:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-08-15 01:37 - 2013-07-25 23:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-08-15 01:37 - 2013-07-25 23:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-08-15 01:37 - 2013-07-25 23:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-08-15 01:37 - 2013-07-25 23:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-08-15 01:37 - 2013-07-25 23:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-08-15 01:37 - 2013-07-25 23:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-08-15 01:37 - 2013-07-25 23:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-08-15 01:37 - 2013-07-25 23:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-08-15 01:37 - 2013-07-25 22:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-08-15 01:37 - 2013-07-25 22:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-08-15 01:37 - 2013-07-25 21:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-08-15 01:36 - 2013-07-26 01:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-08-15 01:36 - 2013-07-26 01:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-08-15 01:36 - 2013-07-26 01:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-08-15 01:36 - 2013-07-26 01:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-08-15 01:36 - 2013-07-26 01:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-08-15 01:36 - 2013-07-25 23:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-08-15 01:36 - 2013-07-25 23:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-08-15 01:36 - 2013-07-25 23:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-08-15 01:36 - 2013-07-25 23:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-08-15 01:31 - 2013-08-15 01:33 - 00000000 ____D C:\Windows\system32\MRT

2013-08-14 12:48 - 2013-07-18 21:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2013-08-14 12:48 - 2013-07-18 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2013-08-14 12:48 - 2013-07-09 01:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2013-08-14 12:48 - 2013-07-09 01:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2013-08-14 12:48 - 2013-07-09 01:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2013-08-14 12:48 - 2013-07-09 01:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2013-08-14 12:48 - 2013-07-09 00:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2013-08-14 12:48 - 2013-07-09 00:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2013-08-14 12:48 - 2013-07-09 00:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2013-08-14 12:48 - 2013-07-09 00:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2013-08-14 12:47 - 2013-07-25 05:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2013-08-14 12:47 - 2013-07-25 04:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

2013-08-14 12:47 - 2013-07-09 02:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-08-14 12:47 - 2013-07-09 01:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-08-14 12:47 - 2013-07-09 01:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2013-08-14 12:47 - 2013-07-09 01:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2013-08-14 12:47 - 2013-07-09 01:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-08-14 12:47 - 2013-07-09 01:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-08-14 12:47 - 2013-07-09 00:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2013-08-14 12:47 - 2013-07-09 00:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2013-08-14 12:47 - 2013-07-09 00:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-08-14 12:47 - 2013-07-08 22:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-08-14 12:47 - 2013-07-08 22:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-08-14 12:47 - 2013-07-08 22:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-08-14 12:47 - 2013-07-08 22:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-08-14 12:47 - 2013-07-06 02:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-08-14 12:47 - 2013-06-15 00:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2013-08-14 00:55 - 2013-08-14 00:56 - 00000063 _____ C:\Users\Owner\Documents\minecraft locations.txt

 

==================== One Month Modified Files and Folders =======

 

2013-09-13 19:07 - 2013-09-13 19:07 - 01950312 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe

2013-09-13 19:07 - 2013-09-13 19:07 - 00000000 ____D C:\FRST

2013-09-13 19:05 - 2012-01-17 17:12 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype

2013-09-13 18:34 - 2012-04-18 21:05 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-09-13 18:32 - 2009-07-14 00:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-09-13 18:32 - 2009-07-14 00:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-09-13 18:30 - 2012-01-16 23:11 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2754525585-2667275184-1495631457-1000UA.job

2013-09-13 17:45 - 2012-08-02 21:45 - 00000000 ____D C:\Users\Owner\AppData\Local\PMB Files

2013-09-13 17:45 - 2012-08-02 21:45 - 00000000 ____D C:\ProgramData\PMB Files

2013-09-13 17:10 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF

2013-09-13 17:09 - 2013-09-13 17:09 - 00006806 _____ C:\Users\Owner\Desktop\RKreport[0]_S_09132013_170954.txt

2013-09-13 16:26 - 2012-01-17 16:18 - 00000000 ____D C:\Program Files (x86)\Steam

2013-09-13 16:04 - 2013-09-13 16:04 - 00006799 _____ C:\Users\Owner\Desktop\attach.zip

2013-09-13 16:02 - 2013-09-13 16:02 - 00028006 _____ C:\Users\Owner\Desktop\dds.txt

2013-09-13 16:02 - 2013-09-13 16:02 - 00024804 _____ C:\Users\Owner\Desktop\attach.txt

2013-09-13 16:00 - 2012-01-18 22:08 - 00000000 ____D C:\Users\Owner\AppData\Roaming\uTorrent

2013-09-13 15:59 - 2013-09-13 15:59 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.com

2013-09-13 15:28 - 2013-09-13 15:06 - 00000000 ____D C:\Users\Owner\Desktop\RK_Quarantine

2013-09-13 15:10 - 2013-09-13 15:10 - 00007296 _____ C:\Users\Owner\Desktop\RKreport[0]_S_09132013_151032.txt

2013-09-13 15:06 - 2013-09-13 15:06 - 03787776 _____ C:\Users\Owner\Desktop\RogueKillerX64.exe

2013-09-13 15:04 - 2011-10-15 01:36 - 01396707 _____ C:\Windows\WindowsUpdate.log

2013-09-13 15:02 - 2013-05-23 16:20 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask

2013-09-13 11:34 - 2013-03-12 17:42 - 04751752 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2013-09-13 11:34 - 2012-04-18 21:05 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-09-13 11:34 - 2012-04-18 21:05 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-09-13 11:34 - 2011-10-15 01:37 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-09-13 03:44 - 2012-01-22 21:29 - 00000000 ____D C:\Users\Owner\AppData\Local\Adobe

2013-09-13 03:34 - 2013-08-29 11:11 - 00002040 _____ C:\Windows\SysWOW64\debug.log

2013-09-13 03:34 - 2012-01-16 13:47 - 00000000 ____D C:\Users\Owner\AppData\Local\SoftThinks

2013-09-13 03:34 - 2011-10-15 01:48 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup

2013-09-13 03:33 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-09-13 03:33 - 2009-07-14 00:51 - 00090915 _____ C:\Windows\setupact.log

2013-09-13 00:05 - 2013-09-13 00:05 - 00000000 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_52328ef3.dmp

2013-09-13 00:04 - 2010-11-20 23:47 - 00293802 _____ C:\Windows\PFRO.log

2013-09-12 20:30 - 2012-01-16 23:11 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2754525585-2667275184-1495631457-1000Core.job

2013-09-12 19:43 - 2012-11-16 23:22 - 00000000 ____D C:\Users\Owner\AppData\Roaming\ftblauncher

2013-09-12 12:58 - 2013-09-12 12:58 - 00354042 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_5230db24.dmp

2013-09-11 23:17 - 2012-09-12 20:09 - 00000000 ____D C:\Users\Owner\Downloads\PFConfig 1.0.296+working serial

2013-09-11 19:33 - 2013-09-02 12:58 - 00000000 ___RD C:\Program Files (x86)\Skype

2013-09-11 19:33 - 2011-10-15 01:50 - 00000000 ____D C:\ProgramData\Skype

2013-09-11 17:04 - 2013-09-11 17:02 - 00000000 ____D C:\AdwCleaner

2013-09-11 17:04 - 2012-01-21 00:34 - 00000000 ____D C:\ProgramData\Uniblue

2013-09-11 17:01 - 2013-09-11 17:01 - 01037278 _____ C:\Users\Owner\Desktop\adwcleaner.exe

2013-09-09 17:01 - 2012-01-19 19:52 - 00000000 ____D C:\Users\Owner\Games

2013-09-07 03:36 - 2013-09-07 03:36 - 00000000 ____D C:\Users\Owner\Documents\Visual Studio 2012

2013-09-07 03:36 - 2013-09-07 03:36 - 00000000 ____D C:\Program Files (x86)\NuGet

2013-09-07 03:36 - 2012-04-18 21:09 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server

2013-09-07 03:35 - 2013-09-07 03:32 - 00000000 ____D C:\Program Files\Microsoft SQL Server

2013-09-07 03:35 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2013-09-07 03:34 - 2013-09-07 03:34 - 00000000 ____D C:\Windows\symbols

2013-09-07 03:33 - 2013-09-07 03:33 - 00000000 ____D C:\Program Files (x86)\Windows Kits

2013-09-07 03:33 - 2013-09-07 03:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 11.0

2013-09-07 03:32 - 2013-09-07 03:32 - 00000000 ____D C:\Windows\SysWOW64\1033

2013-09-07 03:32 - 2013-09-07 03:32 - 00000000 ____D C:\Windows\system32\1033

2013-09-07 03:32 - 2013-09-07 03:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Help Viewer

2013-09-07 03:32 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\MSBuild

2013-09-07 03:31 - 2012-04-18 21:09 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition

2013-09-07 03:31 - 2011-10-15 01:57 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2013-09-07 03:27 - 2013-09-07 03:27 - 00336750 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_522ad53f.dmp

2013-09-07 03:25 - 2013-09-07 03:25 - 00302988 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_522903d0.dmp

2013-09-07 03:07 - 2011-02-10 12:10 - 00774402 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2013-09-07 03:07 - 2009-07-14 01:13 - 00774402 _____ C:\Windows\system32\PerfStringBackup.INI

2013-09-07 00:02 - 2013-09-02 12:59 - 00000000 ____D C:\Users\Owner\AppData\Roaming\skypePM

2013-09-06 20:02 - 2013-09-06 20:02 - 00268140 _____ C:\Users\Owner\Desktop\test.rar

2013-09-06 15:51 - 2013-09-06 15:48 - 00000000 ____D C:\ProgramData\Package Cache

2013-09-05 22:23 - 2013-09-05 22:23 - 21609810 _____ C:\Users\Owner\Desktop\Sphax PureBDCraft 128x MC14.zip

2013-09-05 22:21 - 2013-09-05 22:21 - 62166237 _____ C:\Users\Owner\Desktop\Feed The Beast 128x Sphax Addon 122.zip

2013-09-05 18:28 - 2013-02-10 15:33 - 00000000 ____D C:\ProgramData\Sendori

2013-09-05 14:57 - 2013-08-28 18:09 - 00000000 ____D C:\ProgramData\ggab

2013-09-05 14:46 - 2013-09-05 14:46 - 00302088 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_522390ce.dmp

2013-09-05 14:42 - 2013-09-05 14:42 - 00015671 _____ C:\Users\Owner\Desktop\RestartEvolution_3.1.zip

2013-09-05 14:33 - 2013-09-05 14:33 - 00504856 _____ C:\Users\Owner\Desktop\mcrtoolkit10a14_5 (1).zip

2013-09-05 14:29 - 2012-01-18 00:21 - 00000000 ____D C:\ProgramData\MFAData

2013-09-05 14:28 - 2013-09-05 14:28 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TuneUp Software

2013-09-05 13:13 - 2012-08-26 04:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-09-03 23:15 - 2012-01-16 23:21 - 00000000 ____D C:\Users\Owner\AppData\Roaming\.minecraft

2013-09-03 14:40 - 2013-09-03 14:40 - 00066566 _____ C:\Users\Owner\Desktop\download.htm

2013-09-03 10:49 - 2013-09-03 10:49 - 00000963 _____ C:\Users\Owner\Desktop\ruined_Cottage.schematic

2013-09-02 19:14 - 2013-09-02 19:13 - 01979566 _____ C:\Users\Owner\Desktop\screenshots.rar

2013-09-02 12:59 - 2013-09-02 12:59 - 00000056 ____H C:\Windows\SysWOW64\ezsidmv.dat

2013-09-02 12:58 - 2013-09-02 12:58 - 00002866 _____ C:\Windows\System32\Tasks\{9C7234AC-3983-483F-AF95-BAD5EE791D25}

2013-09-02 12:56 - 2013-09-02 12:56 - 00003122 _____ C:\Windows\System32\Tasks\{2F628C03-D09B-4EBF-85D8-00E7AA18D331}

2013-09-02 12:49 - 2013-09-02 12:49 - 00003122 _____ C:\Windows\System32\Tasks\{85EF0623-8253-46B2-BE8A-BE9D67FE6D9E}

2013-09-01 15:53 - 2013-09-01 15:53 - 00000413 _____ C:\wakeuptoken.info

2013-09-01 15:07 - 2012-01-18 19:31 - 00000000 ____D C:\Program Files\WinRAR

2013-08-30 18:34 - 2013-08-30 18:34 - 00000000 ____D C:\Windows\Sun

2013-08-29 15:40 - 2013-08-29 15:40 - 00338032 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_521f716d.dmp

2013-08-29 14:25 - 2013-08-29 13:47 - 00000000 ____D C:\Users\Owner\Desktop\STTBTLL-v1.2

2013-08-29 13:44 - 2013-08-29 13:44 - 36516252 _____ C:\Users\Owner\Desktop\STTBTLL-Patch1.2.zip

2013-08-29 13:17 - 2013-08-29 13:14 - 453365629 _____ C:\Users\Owner\Desktop\STTBTLL-v1.2.zip

2013-08-29 12:58 - 2012-01-18 17:20 - 00000000 ____D C:\Program Files\Common Files\Apple

2013-08-29 12:40 - 2013-08-29 12:40 - 00000000 ____D C:\SMBX

2013-08-29 12:27 - 2012-01-18 19:31 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

2013-08-29 12:11 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration

2013-08-29 11:24 - 2013-08-29 11:18 - 00008564 _____ C:\Users\Owner\Desktop\Rkill.txt

2013-08-29 11:22 - 2013-08-29 11:22 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-08-29 11:22 - 2013-08-29 11:22 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes

2013-08-29 11:22 - 2013-08-29 11:22 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-08-29 11:22 - 2013-08-29 11:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-08-29 11:18 - 2013-08-29 11:18 - 00000000 ____D C:\Users\Owner\Desktop\rkill

2013-08-29 11:12 - 2013-08-29 07:31 - 00000000 ____D C:\ProgramData\ahrpDn37

2013-08-29 11:11 - 2013-01-29 22:20 - 00000000 ____D C:\Program Files (x86)\i-Funbox DevTeam

2013-08-29 07:31 - 2013-08-29 07:31 - 00000000 ____D C:\Program Files (x86)\Google

2013-08-29 07:31 - 2013-01-11 22:23 - 00000436 _____ C:\Windows\system32\Drivers\etc\hosts.ics

2013-08-28 18:23 - 2013-08-28 18:22 - 00000000 ____D C:\ProgramData\nklc

2013-08-27 20:13 - 2013-08-15 19:51 - 00000000 ____D C:\Program Files (x86)\Origin

2013-08-27 20:08 - 2013-08-27 20:08 - 00729778 _____ C:\Users\Owner\Desktop\Burnout_Paradise_SaveGame_Patcher.zip

2013-08-24 22:15 - 2013-08-24 22:15 - 42167034 _____ C:\Users\Owner\Desktop\divinerpg_server.zip

2013-08-23 08:16 - 2013-08-23 08:16 - 01331819 _____ C:\Users\Owner\Desktop\Essentials.zip

2013-08-22 20:01 - 2013-08-22 20:01 - 00342510 _____ C:\Users\Owner\Desktop\OptiFine_1.4.6_HD_D5.zip

2013-08-22 19:51 - 2013-08-15 19:58 - 00000000 ____D C:\Program Files (x86)\Origin Games

2013-08-22 19:46 - 2013-08-22 19:46 - 00095796 _____ C:\Users\Owner\Desktop\OptiFine_1.4.6_L_B5.zip

2013-08-22 00:14 - 2012-05-26 19:58 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll

2013-08-22 00:14 - 2012-05-26 19:58 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll

2013-08-22 00:14 - 2012-05-26 19:58 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll

2013-08-22 00:14 - 2012-05-26 19:57 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll

2013-08-21 21:18 - 2013-08-21 21:02 - 00000000 ____D C:\Users\Owner\Desktop\VIDEO_TS

2013-08-21 21:02 - 2013-08-21 21:02 - 00000000 ____D C:\Users\Owner\Desktop\AUDIO_TS

2013-08-20 23:48 - 2013-08-20 23:48 - 34103034 _____ C:\Users\Owner\Desktop\Ultimate_Server.zip

2013-08-20 23:48 - 2013-08-20 23:48 - 11415431 _____ C:\Users\Owner\Desktop\world.zip

2013-08-20 18:57 - 2013-08-20 18:57 - 10012564 _____ C:\Users\Owner\Desktop\spelunky_1_1.zip

2013-08-20 15:30 - 2013-08-20 15:30 - 00504856 _____ C:\Users\Owner\Desktop\mcrtoolkit10a14_5.zip

2013-08-18 20:57 - 2012-01-25 15:57 - 00000132 _____ C:\Users\Owner\AppData\Roaming\Adobe PNG Format CS5 Prefs

2013-08-18 03:40 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache

2013-08-17 21:08 - 2013-08-17 21:08 - 00000000 ____D C:\Users\Owner\AppData\Local\Electronic Arts

2013-08-17 21:08 - 2013-08-15 22:27 - 00000000 ____D C:\Users\Owner\Documents\Electronic Arts

2013-08-17 21:08 - 2011-10-15 01:55 - 00345609 _____ C:\Windows\DirectX.log

2013-08-17 21:07 - 2013-08-17 21:07 - 00000000 ____D C:\Users\Owner\Documents\Electrontic Arts

2013-08-17 01:28 - 2011-10-15 01:44 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2013-08-17 01:22 - 2013-08-15 22:26 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll

2013-08-16 19:45 - 2013-08-16 19:45 - 00000000 ____D C:\ProgramData\ATI

2013-08-16 19:45 - 2012-06-09 18:08 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SystemRequirementsLab

2013-08-16 19:45 - 2012-06-09 18:08 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab

2013-08-16 19:44 - 2013-08-16 19:44 - 00000000 ____D C:\Program Files (x86)\AMD AVT

2013-08-16 19:44 - 2012-08-01 13:35 - 00000000 ____D C:\ProgramData\AMD

2013-08-16 19:44 - 2012-08-01 13:33 - 00000000 ____D C:\Program Files\ATI Technologies

2013-08-16 13:50 - 2013-08-16 13:50 - 00000000 ____D C:\Users\Owner\Documents\EA Games

2013-08-16 00:32 - 2013-08-16 00:32 - 00000000 ____D C:\Users\Owner\AppData\Local\Criterion Games

2013-08-15 22:46 - 2013-08-15 22:46 - 00000000 ____D C:\ProgramData\SystemRequirementsLab

2013-08-15 22:34 - 2013-08-15 22:33 - 00000000 ____D C:\Users\Owner\Documents\Battlefield 3

2013-08-15 22:33 - 2012-05-27 02:08 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.xtr

2013-08-15 22:33 - 2012-05-27 02:08 - 00000000 ____D C:\Users\Owner\AppData\Local\PunkBuster

2013-08-15 22:33 - 2012-05-27 02:06 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.exe

2013-08-15 22:30 - 2013-08-15 22:30 - 00000000 ____D C:\Users\Owner\AppData\Local\ESN

2013-08-15 22:30 - 2013-08-15 22:30 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins

2013-08-15 22:28 - 2013-08-15 22:28 - 00000000 ____D C:\ProgramData\EA Core

2013-08-15 22:28 - 2013-08-15 19:52 - 00000000 ____D C:\Users\Owner\AppData\Local\Origin

2013-08-15 22:28 - 2013-08-15 19:51 - 00000000 ____D C:\ProgramData\Electronic Arts

2013-08-15 22:18 - 2013-08-15 19:52 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Origin

2013-08-15 22:12 - 2012-05-27 02:06 - 00189248 _____ C:\Windows\SysWOW64\PnkBstrB.ex0

2013-08-15 22:12 - 2012-05-27 02:06 - 00075136 _____ C:\Windows\SysWOW64\PnkBstrA.exe

2013-08-15 20:01 - 2013-08-15 19:51 - 00000000 ____D C:\ProgramData\Origin

2013-08-15 14:26 - 2013-01-16 15:38 - 00000000 ____D C:\ProgramData\InstallMate

2013-08-15 01:33 - 2013-08-15 01:31 - 00000000 ____D C:\Windows\system32\MRT

2013-08-15 01:33 - 2012-02-08 17:33 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-08-15 01:31 - 2012-01-16 16:17 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-08-14 00:56 - 2013-08-14 00:55 - 00000063 _____ C:\Users\Owner\Documents\minecraft locations.txt

 

Files to move or delete:

====================

ZeroAccess:

C:\Program Files (x86)\Google\Desktop\Install

 

 

Some content of TEMP:

====================

C:\Users\Owner\AppData\Local\Temp\12-6_vista_win7_64_dd_ccc.exe

C:\Users\Owner\AppData\Local\Temp\13-4_win7_win8_64_dd_ccc_whql.exe

C:\Users\Owner\AppData\Local\Temp\8521a6520479d9e2be54ebe5a2aa1fd0.dll

C:\Users\Owner\AppData\Local\Temp\contentDATs.exe

C:\Users\Owner\AppData\Local\Temp\FastDownload.exe

C:\Users\Owner\AppData\Local\Temp\Gw2.exe

C:\Users\Owner\AppData\Local\Temp\jansi-32-git-Bukkit-1.5.2-R1.0-42-g3b7c805-b2831jnks.dll

C:\Users\Owner\AppData\Local\Temp\jansi-32-git-Bukkit-jenkins-CraftBukkit-173.dll

C:\Users\Owner\AppData\Local\Temp\jansi-64-git-Bukkit-1.5.2-R1.0-42-g3b7c805-b2831jnks.dll

C:\Users\Owner\AppData\Local\Temp\jansi-64-git-Bukkit-1.6.2-R0.1-b2838jnks.dll

C:\Users\Owner\AppData\Local\Temp\jansi-64-git-Bukkit-jenkins-CraftBukkit-173.dll

C:\Users\Owner\AppData\Local\Temp\jansi-64.dll

C:\Users\Owner\AppData\Local\Temp\jline_git-Bukkit-1_2_5-R1_0-b2149jnks.dll

C:\Users\Owner\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe

C:\Users\Owner\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe

C:\Users\Owner\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe

C:\Users\Owner\AppData\Local\Temp\jre-7u10-windows-i586-iftw.exe

C:\Users\Owner\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe

C:\Users\Owner\AppData\Local\Temp\MSN3131.exe

C:\Users\Owner\AppData\Local\Temp\mssinstaller.exe

C:\Users\Owner\AppData\Local\Temp\ose00000.exe

C:\Users\Owner\AppData\Local\Temp\ose00001.exe

C:\Users\Owner\AppData\Local\Temp\Quarantine.exe

C:\Users\Owner\AppData\Local\Temp\SecurityScan_Release.exe

C:\Users\Owner\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Owner\AppData\Local\Temp\sonarinst.exe

C:\Users\Owner\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll

C:\Users\Owner\AppData\Local\Temp\SRLDetectionLibrary5759931914750588048.dll

C:\Users\Owner\AppData\Local\Temp\swt-win32-3349.dll

C:\Users\Owner\AppData\Local\Temp\tbuTor.dll

C:\Users\Owner\AppData\Local\Temp\tmp82A.exe

C:\Users\Owner\AppData\Local\Temp\tmpA218.exe

C:\Users\Owner\AppData\Local\Temp\tmpED4A.exe

C:\Users\Owner\AppData\Local\Temp\xmlUpdater.exe

C:\Users\Owner\AppData\Local\Temp\YontooSetup-S.exe

C:\Users\Owner\AppData\Local\Temp\_is1A91.exe

C:\Users\Owner\AppData\Local\Temp\_is27F.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

 

 

LastRegBack: 2013-09-11 02:40

 

==================== End Of Log ============================

[MrCharlie]

Download the attached fixlist.txt to the same folder as FRST.

Run FRST and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then......

Download Malwarebytes Anti-Rootkit from HERE

• Unzip the contents to a folder in a convenient location.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

New window that comes up.

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

[ChaoticFox]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-09-2013 04

Ran by Owner at 2013-09-13 19:08:12

Running from C:\Users\Owner\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Installed Programs =======================

 

 Update for Microsoft Office 2007 (KB2508958) (x32)

Ace of Spades (x32 Version: 0.75.015)

Ace of Spades (x32)

Adobe Acrobat X Pro - English, Français, Deutsch (x32 Version: 10.1.7)

Adobe AIR (x32 Version: 3.1.0.4880)

Adobe Content Viewer (x32 Version: 1.4.0)

Adobe Creative Suite 5.5 Design Premium (x32 Version: 5.5)

Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.174)

Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)

Adobe Help Manager (x32 Version: 4.0.244)

Adobe Premiere Pro CS6 (x32 Version: 6.0)

Adobe Reader X MUI (x32 Version: 10.0.0)

Adobe Widget Browser (x32 Version: 2.0 Build 230)

Adobe Widget Browser (x32 Version: 2.0.230)

Alan Wake (x32)

AMD Accelerated Video Transcoding (Version: 12.10.100.30328)

AMD APP SDK Runtime (Version: 10.0.1084.4)

AMD Catalyst Install Manager (Version: 8.0.911.0)

AMD Drag and Drop Transcoding (Version: 2.00.0000)

AMD Media Foundation Decoders (Version: 1.0.80328.2204)

AMD Wireless Display v3.0 (Version: 1.0.0.10)

Amnesia: The Dark Descent (x32)

And Yet It Moves (x32)

Apple Application Support (x32 Version: 2.3.4)

Apple Mobile Device Support (Version: 6.1.0.13)

Apple Software Update (x32 Version: 2.1.3.127)

Applian FLV and Media Player 3.1.1.12 (x32 Version: 3.1.1.12)

ASPCA Reminder by We-Care.com v5.0.5.1 (x32 Version: 5.0.5.1)

ATI AVIVO64 Codecs (Version: 11.6.0.10104)

Awesomenauts (x32)

Batman: Arkham Asylum GOTY Edition (x32)

Battlefield 3™ (x32 Version: 1.6.0.0)

Battlelog Web Plugins (x32 Version: 2.1.7)

BIT.TRIP RUNNER (x32)

bl (x32 Version: 1.0.0)

Bonjour (Version: 3.0.0.10)

Braid (x32)

Breath of Death VII  (x32)

Burnout Paradise: The Ultimate Box (x32)

Camtasia Studio 7 (x32 Version: 7.1.1)

Castle Crashers (x32)

Catalyst Control Center - Branding (x32 Version: 1.00.0000)

Catalyst Control Center (x32 Version: 2013.0328.2218.38225)

Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225)

Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225)

Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225)

Cave Story+ (x32)

CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225)

CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225)

CCC Help Czech (x32 Version: 2013.0328.2217.38225)

CCC Help Danish (x32 Version: 2013.0328.2217.38225)

CCC Help Dutch (x32 Version: 2013.0328.2217.38225)

CCC Help English (x32 Version: 2013.0328.2217.38225)

CCC Help Finnish (x32 Version: 2013.0328.2217.38225)

CCC Help French (x32 Version: 2013.0328.2217.38225)

CCC Help German (x32 Version: 2013.0328.2217.38225)

CCC Help Greek (x32 Version: 2013.0328.2217.38225)

CCC Help Hungarian (x32 Version: 2013.0328.2217.38225)

CCC Help Italian (x32 Version: 2013.0328.2217.38225)

CCC Help Japanese (x32 Version: 2013.0328.2217.38225)

CCC Help Korean (x32 Version: 2013.0328.2217.38225)

CCC Help Norwegian (x32 Version: 2013.0328.2217.38225)

CCC Help Polish (x32 Version: 2013.0328.2217.38225)

CCC Help Portuguese (x32 Version: 2013.0328.2217.38225)

CCC Help Russian (x32 Version: 2013.0328.2217.38225)

CCC Help Spanish (x32 Version: 2013.0328.2217.38225)

CCC Help Swedish (x32 Version: 2013.0328.2217.38225)

CCC Help Thai (x32 Version: 2013.0328.2217.38225)

CCC Help Turkish (x32 Version: 2013.0328.2217.38225)

ccc-utility64 (Version: 2013.0328.2218.38225)

Cheat Engine 6.2 (x32)

Clownfish for Skype (x32)

Cogs (x32)

Combined Community Codec Pack 2011-11-11 (x32 Version: 2011.11.11.0)

Command and Conquer: Red Alert 3 - Uprising (x32)

Company of Heroes (x32)

Cozi (x32 Version: 1.0.6505.38692)

Crayon Physics Deluxe (x32)

Crysis 2 Maximum Edition (x32)

Cthulhu Saves the World  (x32)

Cubemen (x32)

D3DX10 (x32 Version: 15.4.2368.0902)

DarksidersInstaller (x32 Version: 1.00.1000)

Day of Defeat: Source (x32)

dBpoweramp FLAC Codec (x32 Version: Release 14 (FLAC 1.2.1))

dBpoweramp m4a Codec (x32 Version: Release 14 r2)

dBpoweramp Music Converter (x32 Version: Release 14.4)

Dead Space (x32)

Dead Space™ 3 (x32 Version: 1.0.0.0)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)

Dell DataSafe Local Backup - Support Software (x32 Version: 9.4.57)

Dell DataSafe Local Backup (x32 Version: 9.4.57)

Dell Edoc Viewer (Version: 1.0.0)

Dell Getting Started Guide (x32 Version: 1.00.0000)

Dell MusicStage (x32 Version: 1.5.201.0)

Dell PhotoStage (x32 Version: 1.5.0.65)

Dell Stage (x32 Version: 1.5.201.0)

Dell VideoStage  (x32 Version: 1.2.0.1712)

Derpys Lamp (x32)

DEVIL MAY CRY 4 (x32 Version: 1.00.000)

DirectX 9 Runtime (x32 Version: 1.00.0000)

DivX Setup (x32 Version: 2.6.1.9)

Don't Starve (x32)

Dota 2 (x32)

Dungeon Defenders (x32)

DW WLAN Card (Version: 5.60.48.35)

Entity Framework Designer for Visual Studio 2012 - enu (x32 Version: 11.1.20810.00)

ESN Sonar (x32 Version: 0.70.4)

Far Cry (x32)

Far Cry 2 (x32)

Fliqlo Screen Saver (x32)

Fraps (remove only) (x32)

Free DVD Video Burner version 3.1.4.412 (x32 Version: 3.1.4.412)

Free Video to DVD Converter version 5.0.9.412 (x32 Version: 5.0.9.412)

Fusion's Chao Editor (Version: 2.0)

GameRanger (HKCU)

GCFScape 1.8.2

Google Chrome (HKCU Version: 29.0.1547.66)

Gotham City Impostors: Free To Play (x32)

Guild Wars 2 (x32)

Guitar Hero - World Tour v1.0 (x32)

Guitar Hero III (x32 Version: 1.3)

Guitar Hero Three Control Panel (x32 Version: 2.0.4)

Haali Media Splitter (x32)

Hammerfight (x32)

Hammerwatch (x32)

Hi-Rez Studios Authenticate and Update Service (x32 Version: 3.0.0.0)

iCloud (Version: 2.1.2.8)

iFunbox (v2.1.2228.731), iFunbox DevTeam (x32 Version: v2.1.2228.731)

ImgBurn (x32 Version: 2.5.7.0)

Impulse® (x32 Version: 3.29)

Intel® Rapid Storage Technology (x32 Version: 10.0.0.1046)

iTunes (Version: 11.0.4.4)

Java 7 Update 25 (x32 Version: 7.0.250)

Java Auto Updater (x32 Version: 2.1.9.5)

Java 6 Update 24 (64-bit) (Version: 6.0.240)

Java 6 Update 35 (x32 Version: 6.0.350)

Junk Mail filter update (x32 Version: 15.4.3502.0922)

Key Mapper (x32 Version: 1.0.2)

Killing Floor (x32)

L.A. Noire (x32)

League of Legends (x32 Version: 1.3)

Left 4 Dead 2 (x32)

Left 4 Dead 2 Authoring Tools (x32)

LG United Mobile Drivers (x32 Version: 3.3.0.0)

LIMBO (x32)

Lone Survivor (x32)

LOVE (remove only) (x32)

Magicka (x32)

Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)

Matroska Pack (x32)

Medal of Honor Multiplayer (x32)

Medal of Honor Single Player (x32)

Mesh Runtime (x32 Version: 15.4.5722.2)

Metro 2033 (x32)

Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319)

Microsoft .NET Framework 4.5 (Version: 4.5.50709)

Microsoft .NET Framework 4.5 Multi-Targeting Pack (x32 Version: 4.5.50709)

Microsoft .NET Framework 4.5 SDK (x32 Version: 4.5.50709)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000)

Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (x32 Version: 3.5.30730.0)

Microsoft Corporation (Version: 9.1.0.0)

Microsoft Corporation (x32 Version: 9.1.0.0)

Microsoft Games for Windows - LIVE (x32 Version: 3.0.86.0)

Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)

Microsoft Help Viewer 1.0 (Version: 1.0.30319)

Microsoft Help Viewer 2.0 (x32 Version: 2.0.50727)

Microsoft LifeCam (Version: 3.60.253.0)

Microsoft NuGet - Visual Studio Express 2012 for Windows Desktop (x32 Version: 2.0.30717.9005)

Microsoft Office 2007 Service Pack 3 (SP3) (x32)

Microsoft Office 2010 (x32 Version: 14.0.4763.1000)

Microsoft Office 2010 Service Pack 1 (SP1) (x32)

Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)

Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)

Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)

Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)

Microsoft Office Publisher 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)

Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Publisher 2010 (x32 Version: 14.0.6029.1000)

Microsoft Silverlight (Version: 5.1.20513.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)

Microsoft SQL Server 2008 R2 Management Objects (x32 Version: 10.50.1447.4)

Microsoft SQL Server 2012 Command Line Utilities  (Version: 11.0.2100.60)

Microsoft SQL Server 2012 Data-Tier App Framework  (Version: 11.0.2316.0)

Microsoft SQL Server 2012 Data-Tier App Framework  (x32 Version: 11.0.2316.0)

Microsoft SQL Server 2012 Express LocalDB  (Version: 11.0.2100.60)

Microsoft SQL Server 2012 Management Objects  (x32 Version: 11.0.2100.60)

Microsoft SQL Server 2012 Management Objects  (x64) (Version: 11.0.2100.60)

Microsoft SQL Server 2012 Native Client  (Version: 11.0.2100.60)

Microsoft SQL Server 2012 Transact-SQL Compiler Service  (Version: 11.0.2100.60)

Microsoft SQL Server 2012 Transact-SQL ScriptDom  (Version: 11.0.2100.60)

Microsoft SQL Server 2012 T-SQL Language Service  (x32 Version: 11.0.2100.60)

Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0)

Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)

Microsoft SQL Server Compact 4.0 SP1 x64 ENU (Version: 4.0.8876.1)

Microsoft SQL Server Data Tools - enu (11.1.20828.01) (x32 Version: 11.1.20828.01)

Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01) (x32 Version: 11.1.20828.01)

Microsoft SQL Server System CLR Types (x32 Version: 10.50.1447.4)

Microsoft System CLR Types for SQL Server 2012 (x32 Version: 11.0.2100.60)

Microsoft System CLR Types for SQL Server 2012 (x64) (Version: 11.0.2100.60)

Microsoft Visual C# 2010 Express - ENU (x32 Version: 10.0.30319)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (x32 Version: 9.0.30411)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (Version: 10.0.30319)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)

Microsoft Visual C++ 2012 32bit Compilers - ENU Resources (x32 Version: 11.0.50727)

Microsoft Visual C++ 2012 Core Libraries (x32 Version: 11.0.50727)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727)

Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727 (Version: 11.0.50727)

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727)

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727)

Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727 (x32 Version: 11.0.50727)

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727)

Microsoft Visual C++ 2012 x86-x64 Compilers (x32 Version: 11.0.50727)

Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (x32 Version: 10.0.30319)

Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (Version: 10.0.30319)

Microsoft Visual Studio 2012 Express Prerequisites x64 - ENU (Version: 11.0.50727)

Microsoft Visual Studio 2012 Preparation (x32 Version: 11.0.50727)

Microsoft Visual Studio 2012 Shell (Minimum) (x32 Version: 11.0.50727)

Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies (x32 Version: 11.0.50727)

Microsoft Visual Studio 2012 Shell (Minimum) Resources (x32 Version: 11.0.50727)

Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU (x32 Version: 4.0.8876.1)

Microsoft Visual Studio Express 2012 for Windows Desktop - ENU (x32 Version: 11.0.50727)

Microsoft Visual Studio Express 2012 for Windows Desktop - ENU (x32 Version: 11.0.50727.42)

Microsoft Visual Studio Express 2012 for Windows Desktop (x32 Version: 11.0.50727)

Microsoft Visual Studio Team Foundation Server 2012 Object Model (Version: 11.0.50727)

Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU (Version: 11.0.50727)

Microsoft Visual Studio Team Foundation Server 2012 Team Explorer (x32 Version: 11.0.50727)

Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU (x32 Version: 11.0.50727)

Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core (x32 Version: 11.0.50727)

Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources (x32 Version: 11.0.50727)

Microsoft Xbox 360 Accessories 1.2 (Version: 1.20.146.0)

Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0)

Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0)

Microsoft XNA Game Studio 4.0 (ARP entry) (x32 Version: 4.0.20823.0)

Microsoft XNA Game Studio 4.0 (Redists) (x32 Version: 4.0.20823.0)

Microsoft XNA Game Studio 4.0 (Shared Components) (x32 Version: 4.0.20823.0)

Microsoft XNA Game Studio 4.0 (Visual Studio) (x32 Version: 4.0.20823.0)

Microsoft XNA Game Studio 4.0 (x32 Version: 4.0.20823.0)

Microsoft XNA Game Studio 4.0 (XnaLiveProxy) (x32 Version: 4.0.20823.0)

Microsoft XNA Game Studio 4.0 Documentation (x32 Version: 4.0.20823.0)

Microsoft XNA Game Studio Platform Tools (x32 Version: 1.3.0.0)

Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)

Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)

Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)

Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)

Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)

Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)

Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)

Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)

Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)

Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)

Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)

Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)

Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)

Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)

Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)

Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)

Mirror's Edge (x32)

Mozilla Firefox 16.0.2 (x86 en-US) (x32 Version: 16.0.2)

Mozilla Maintenance Service (x32 Version: 16.0.2)

MSVCRT (x32 Version: 15.4.2862.0708)

MSVCRT Redists (Version: 1.0)

MSVCRT_amd64 (x32 Version: 15.4.2862.0708)

MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)

Multimedia Card Reader (x32 Version: 1.7.915.93)

Mumble 1.2.3 (x32 Version: 1.2.3)

My Dell (Version: 3.3.6280.92)

MyMenu 1.2 (x32)

No-IP DUC (x32 Version: 3.0.4)

Notepad++ (x32 Version: 5.9.8)

NVIDIA PhysX (x32 Version: 9.12.0613)

OpenAL (x32)

Origin (x32 Version: 9.3.1.4482)

Paint.NET v3.5.10 (Version: 3.60.0)

Pando Media Booster (x32 Version: 2.6.0.8)

PDF Settings CS5 (x32 Version: 10.0)

PFConfig 1.0.296 (x32 Version: 1.0.296)

ph (x32 Version: 1.0.0)

PHANTASY STAR ONLINE 2 (x32)

PhotoShowExpress (x32 Version: 2.0.063)

Pinnacle Studio 15 (x32 Version: 15.0.0.7593)

Pinnacle Studio Bonus Content (x32 Version: 15.0.0.51)

Pinnacle Video Driver (Version: 12.1.0.030)

Pitiri 1977 (x32)

Plants vs. Zombies: Game of the Year (x32)

Poker Night at the Inventory (x32)

Populous (x32 Version: 1.0.0.0)

Portal 2 (x32)

Portforward Static IP Address 1.0.47 (x32 Version: 1.0.47)

Power Sound Editor Free (x32)

PowerISO (x32 Version: 4.9)

Prerequisites for SSDT  (x32 Version: 11.0.2100.60)

Psychonauts (x32)

PunkBuster Services (x32 Version: 0.991)

puush (x32 Version: 1.0.0.0)

QuickTime (x32 Version: 7.74.80.86)

Rainmeter (x32 Version: 2.4 beta r1593)

RBVirtualFolder64Inst (Version: 1.00.0000)

Real Alternative 2.0.2 (x32 Version: 2.0.2)

Really Big Sky (x32)

Realm of the Mad God (x32)

Realtek High Definition Audio Driver (x32 Version: 6.0.1.6449)

Red Faction: Armageddon (x32)

Rockstar Games Social Club (x32 Version: 1.0.6.1)

RollerCoaster Tycoon 3 Platinum (x32 Version: 1.00.000)

Roxio Activation Module (x32 Version: 1.0)

Roxio BackOnTrack (x32 Version: 1.3.3)

Roxio Burn (x32 Version: 1.8)

Roxio Creator Starter (x32 Version: 1.0.439)

Roxio Creator Starter (x32 Version: 12.1.77.0)

Roxio Creator Starter (x32 Version: 5.0.0)

Roxio Express Labeler 3 (x32 Version: 3.2.2)

Roxio File Backup (Version: 1.3.2)

Saints Row: The Third (x32)

SDFormatter (x32 Version: 3.1.0)

Sendori (x32 Version: 2.0.15)

Shoot Many Robots (x32)

Skype Click to Call (x32 Version: 6.11.13348)

Skype™ 6.6 (x32 Version: 6.6.106)

Smite (x32 Version: 0.1.1642.3)

Snuggle Truck (x32)

Sonic Adventure™ 2  (x32)

Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0)

Source SDK (x32)

Source SDK Base 2006 (x32)

Source SDK Base 2007 (x32)

Star Wars - Battlefront II (x32)

Star Wars Empire at War (x32 Version: 1.0)

Star Wars Empire at War Forces of Corruption (x32 Version: 1.0)

Steam (x32 Version: 1.0.0.0)

StepMania v5.0 alpha 2 (remove only) (x32 Version: )

Super Mario Bros. X version 1.3 (x32 Version: 1.3)

Super Meat Boy (x32)

Super Meat Boy Editor (x32)

Superbrothers: Sword & Sworcery EP (x32)

System Requirements Lab CYRI (x32 Version: 6.0.7.0)

System Requirements Lab Detection (x32 Version: 1.0.5.0)

System Requirements Lab for Intel (x32 Version: 4.5.15.0)

TeamSpeak 3 Client

TeamViewer 8 (x32 Version: 8.0.19617)

TERA (x32 Version: 1.5)

Terraria (x32)

The Binding Of Isaac (x32)

The Sims™ 3 (x32 Version: 1.42.130)

The Sims™ 3 High-End Loft Stuff (x32 Version: 3.0.38)

The Sims™ 3 Late Night (x32 Version: 6.0.81)

THX TruStudio PC (x32 Version: 1.0)

TightVNC 1.3.10 (x32 Version: 1.3.10)

Titan Quest (x32)

TrackMania² Stadium Open Beta (x32)

Ulead GIF Animator 5 TBYB (x32)

Ultima PsOBB (x32)

Unreal Development Kit: 2012-02

Update for 2007 Microsoft Office System (KB967642) (x32)

Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)

Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)

Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)

Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2553065) (x32)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2566458) (x32)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)

Update for Microsoft Office Excel 2007 Help (KB963678) (x32)

Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)

Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)

Update for Microsoft Office Script Editor Help (KB963671) (x32)

Update for Microsoft Office Word 2007 Help (KB963665) (x32)

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)

VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)

Ventrilo Client for Windows x64 (Version: 3.0.8.0)

Verbatim (Version: 1.0.0.8)

Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2)

Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (x32 Version: 4.0.8080.0)

VTFEdit 1.2.5 (x32)

VVVVVV (x32)

Winamp (x32 Version: 5.63 )

Winamp Detector Plug-in (HKCU Version: 1.0.0.1)

Windows 7 Logon Background Changer (x32 Version: 1.5.2)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922)

Windows Live Essentials (x32 Version: 15.4.3502.0922)

Windows Live Essentials (x32 Version: 15.4.3508.1109)

Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)

Windows Live Installer (x32 Version: 15.4.3502.0922)

Windows Live Language Selector (Version: 15.4.3508.1109)

Windows Live Mail (x32 Version: 15.4.3502.0922)

Windows Live Mesh (x32 Version: 15.4.3502.0922)

Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)

Windows Live MIME IFilter (Version: 15.4.3502.0922)

Windows Live Movie Maker (x32 Version: 15.4.3502.0922)

Windows Live Photo Common (x32 Version: 15.4.3502.0922)

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)

Windows Live Remote Client (Version: 15.4.5722.2)

Windows Live Remote Client Resources (Version: 15.4.5722.2)

Windows Live Remote Service (Version: 15.4.5722.2)

Windows Live Remote Service Resources (Version: 15.4.5722.2)

Windows Live SOXE (x32 Version: 15.4.3502.0922)

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)

Windows Live UX Platform (x32 Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)

Windows Live Writer (x32 Version: 15.4.3502.0922)

Windows Live Writer Resources (x32 Version: 15.4.3502.0922)

Windows Software Development Kit (x32 Version: 8.59.25584)

Windows Software Development Kit DirectX x64 Remote (Version: 8.59.25584)

Windows Software Development Kit DirectX x86 Remote (x32 Version: 8.59.25584)

Windows Software Development Kit for Windows Store Apps (x32 Version: 8.59.25584)

Windows Software Development Kit for Windows Store Apps DirectX x64 Remote (Version: 8.59.25584)

Windows Software Development Kit for Windows Store Apps DirectX x86 Remote (x32 Version: 8.59.25584)

WinRAR 5.00 beta 8 (64-bit) (Version: 5.00.8)

WinSCP 5.1 (x32 Version: 5.1)

 

==================== Restore Points  =========================

 

05-09-2013 05:54:38 Scheduled Checkpoint

05-09-2013 18:27:26 Removed AVG 2012

05-09-2013 18:28:48 Removed AVG 2012

06-09-2013 19:48:47 Microsoft Visual Studio Express 2012 for Windows Desktop - ENU

06-09-2013 19:49:27 Windows Update

07-09-2013 07:00:10 Windows Update

07-09-2013 07:28:43 Microsoft Visual Studio Express 2012 for Windows Desktop - ENU

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started

Task: {1162AF64-A32C-495A-8092-2E62D6AD4820} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {121113A0-5B94-4D48-AAE5-DF7CD5901A60} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2754525585-2667275184-1495631457-1000UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-16] (Google Inc.)

Task: {17B78F39-1EAE-4A17-BFD9-3FF7D9F9BA72} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2754525585-2667275184-1495631457-1000Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-16] (Google Inc.)

Task: {1AF91F64-CE46-43D7-A4B7-4E545D938691} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task

Task: {20864E5A-F3C6-4C72-9703-11EAAC4A3F47} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-05-07] (PC-Doctor, Inc.)

Task: {5AD53C59-27BD-4512-AE26-EAB2BA3EE8BA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-13] (Adobe Systems Incorporated)

Task: {68410B5C-1C83-4CDC-8872-FF401AB2D2BC} - System32\Tasks\{9C7234AC-3983-483F-AF95-BAD5EE791D25} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-06-21] (Skype Technologies S.A.)

Task: {6B85B703-AF4C-4E5A-83CD-C0B6939E9A22} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()

Task: {9046EDA3-C787-44BD-9D1B-F16AAE8731F8} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {CAA22124-755E-4DD8-9E7A-3DC3B9C1CC06} - System32\Tasks\AdobeAAMUpdater-1.0-Owner-PC-Owner => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)

Task: {DC42CB43-91E6-48D1-8A23-CAA636D7A81E} - System32\Tasks\{2F628C03-D09B-4EBF-85D8-00E7AA18D331} => Chrome.exe http://ui.skype.com/ui/0/4.2.0.169/en/go/help.faq.installer?LastError=1603

Task: {DCB6CD21-E262-43BB-9A57-CE1D2CCA821E} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-07-17] (PC-Doctor, Inc.)

Task: {F5151AA2-BB87-4B48-9B56-BB72A4EFF79B} - System32\Tasks\{85EF0623-8253-46B2-BE8A-BE9D67FE6D9E} => Chrome.exe http://ui.skype.com/ui/0/4.2.0.169/en/go/help.faq.installer?LastError=1603

Task: {F7ED70DF-ADBD-4CC8-8B50-EDC23962F84F} - System32\Tasks\SystemToolsDailyTest => C:\Windows\System32\uaclauncher.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2754525585-2667275184-1495631457-1000Core.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2754525585-2667275184-1495631457-1000UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-01-08 15:53 - 2012-11-22 23:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe

2009-07-13 19:37 - 2009-07-13 21:39 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\Dwm.exe

2011-10-15 03:28 - 2011-10-15 03:28 - 02871808 _____ (Microsoft Corporation) C:\Windows\Explorer.EXE

2012-10-31 17:03 - 2012-09-24 10:49 - 00206544 _____ (Martin Prikryl) C:\Program Files (x86)\WinSCP\DragExt64.dll

2013-04-05 12:58 - 2013-04-05 12:58 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll

2010-11-10 23:53 - 2010-11-10 23:53 - 00817136 _____ () C:\Program Files\Roxio\Roxio Burn\RBVirtualFolder64.dll

2012-01-18 19:31 - 2013-08-22 18:09 - 00214104 _____ (Alexander Roshal) C:\Program Files\WinRAR\rarext.dll

2010-11-10 23:54 - 2010-11-10 23:54 - 00177136 _____ (TODO: <Company name>) C:\Program Files\Roxio\Roxio Burn\RB_ContextMenu64.dll

2011-11-14 23:50 - 2011-11-14 23:50 - 00228408 _____ (Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOSH.DLL

2011-07-18 17:04 - 2011-07-18 17:04 - 00301568 _____ () C:\Program Files (x86)\Notepad++\NppShell_04.dll

2011-10-15 01:48 - 2011-07-08 11:12 - 02749248 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

2009-07-13 19:57 - 2009-07-13 21:39 - 00045568 _____ (Microsoft Corporation) C:\Windows\System32\rundll32.exe

2011-10-15 01:52 - 2009-10-15 14:38 - 00017920 ____N (Creative Technology Ltd.) C:\Windows\system32\THXCfg64.dll

2011-10-15 01:52 - 2009-10-15 14:32 - 00021504 ____N (Creative Technology Ltd.) C:\Windows\system32\EptMon64.dll

2012-01-21 00:52 - 2011-08-26 19:18 - 12681320 _____ (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

2008-09-17 13:27 - 2008-09-17 13:27 - 00318464 _____ () C:\Program Files\LTONHIS\Verbatim\SKDaemon.exe

2008-09-15 19:00 - 2008-09-15 19:00 - 00054272 _____ (LITE-ON TECHNOLOGY CORP.) C:\Program Files\LTONHIS\Verbatim\SKUsbKbd.dll

2008-01-16 09:18 - 2008-01-16 09:18 - 00260096 _____ () C:\Program Files\LTONHIS\Verbatim\SKHooks.dll

2007-11-05 11:30 - 2007-11-05 11:30 - 00154624 _____ (LITE-ON TECHNOLOGY CORP.) C:\Program Files\LTONHIS\Verbatim\Skutil.dll

2013-07-12 20:25 - 2013-07-12 20:25 - 00217992 ____T (Google Inc.) C:\Users\Owner\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler.exe

2013-07-12 20:25 - 2013-07-12 20:25 - 00290696 ____T (Google Inc.) C:\Users\Owner\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler64.exe

2012-01-10 14:41 - 2013-07-14 15:03 - 00567880 _____ () C:\Program Files (x86)\puush\puush.exe

2013-01-29 22:20 - 2012-11-20 02:03 - 00812544 _____ () C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe

2013-05-13 03:49 - 2013-05-13 03:49 - 01268472 _____ (Bogdan Sharkov) C:\Program Files (x86)\Clownfish\Clownfish.exe

2013-06-21 09:58 - 2013-06-21 09:58 - 19875432 ____R (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

2009-07-13 19:43 - 2009-07-13 21:14 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe

2012-08-05 10:49 - 2012-08-05 10:49 - 00041160 _____ () C:\Program Files\Rainmeter\Rainmeter.exe

2012-08-05 10:49 - 2012-08-05 10:49 - 00736968 _____ () C:\Program Files\Rainmeter\Rainmeter.dll

2010-03-10 17:26 - 2010-03-10 17:26 - 00237568 _____ (Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

2010-11-17 11:35 - 2010-11-17 11:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

2011-11-14 23:50 - 2011-11-14 23:50 - 00312376 _____ (Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

2011-07-28 19:08 - 2011-07-28 19:08 - 01259376 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

2012-06-28 11:40 - 2012-06-28 11:40 - 00074752 _____ (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe

2013-07-01 12:49 - 2013-07-01 12:49 - 00083232 _____ (Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriTray.exe

2013-01-08 15:53 - 2012-11-29 23:23 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2012-01-16 23:11 - 2013-09-02 16:35 - 00829392 _____ (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

2013-05-14 17:26 - 2013-04-13 01:49 - 00308736 _____ (Microsoft Corporation) C:\Windows\AppPatch\AppPatch64\AcGenral.DLL

2013-05-23 15:56 - 2013-05-23 15:56 - 00273920 _____ () C:\Users\Owner\Games\FTB\Ultimate\minecraft\bin\natives\lwjgl64.dll

2013-05-23 15:56 - 2013-05-23 15:56 - 00195072 _____ () C:\Users\Owner\Games\FTB\Ultimate\minecraft\bin\natives\OpenAL64.dll

2010-11-20 23:23 - 2010-11-20 23:23 - 00345088 _____ (Microsoft Corporation) C:\Windows\system32\cmd.exe

2011-10-15 01:44 - 2011-10-15 01:44 - 00171808 _____ (Sun Microsystems, Inc.) C:\Windows\system32\java.exe

2012-01-16 16:05 - 2011-05-04 01:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe

2013-09-13 19:07 - 2013-09-13 19:07 - 01950312 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe

2009-07-13 19:59 - 2009-07-13 21:39 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\DllHost.exe

2013-01-29 22:20 - 2012-04-26 15:38 - 20758016 _____ () C:\Program Files (x86)\i-Funbox DevTeam\libcef.dll

2011-11-02 00:26 - 2011-11-02 00:26 - 00053608 _____ (Open Source Software community project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll

2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2011-08-31 00:05 - 2011-08-31 00:05 - 00085864 _____ (Apple Inc.) C:\Windows\system32\dnssd.dll

2010-11-20 23:24 - 2010-11-20 23:24 - 01435648 _____ (Microsoft Corporation) C:\Windows\System32\Speech\Common\sapi.dll

2013-06-21 09:53 - 2013-06-21 09:53 - 00088680 ____R (Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.dll

2013-09-11 07:34 - 2013-09-11 07:34 - 16242568 ____N (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_8_800_168.ocx

2013-08-15 12:24 - 2013-08-15 12:24 - 00475136 _____ (Intel Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ebdb3050959d9be47d33d2c77d6cc291\IAStorUtil.ni.dll

2013-07-13 14:20 - 2013-07-13 14:20 - 00014336 _____ (Intel Corp.) C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\34002b75cd0faab68bf8079299c1aa46\IAStorCommon.ni.dll

2010-11-22 14:27 - 2010-11-22 14:27 - 00190960 _____ (Roxio, Inc.) c:\program files (x86)\common files\roxio shared\dllshared\rsl.dll

2010-11-24 23:44 - 2010-11-24 23:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll

2011-07-28 19:09 - 2011-07-28 19:09 - 00096112 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll

2013-07-01 12:49 - 2013-07-01 12:49 - 00275744 _____ (Sendori, Inc.) C:\Program Files (x86)\Sendori\DynLib.dll

2013-03-12 17:10 - 2013-08-21 18:18 - 00687104 _____ () C:\Program Files (x86)\Steam\SDL2.dll

2012-01-17 16:38 - 2013-09-06 16:55 - 01120680 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL

2012-01-17 16:38 - 2013-08-07 15:31 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

2012-03-15 21:06 - 2013-06-14 19:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll

2012-03-15 21:06 - 2013-06-14 19:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll

2012-03-15 21:06 - 2013-06-14 19:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll

2013-09-03 22:33 - 2013-09-02 16:34 - 47074256 _____ (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\29.0.1547.66\chrome.dll

2013-09-03 22:33 - 2013-09-02 16:35 - 09962960 _____ (The ICU Project) C:\Users\Owner\AppData\Local\Google\Chrome\Application\29.0.1547.66\icudt.dll

2013-09-03 22:33 - 2013-09-02 14:46 - 03231688 _____ (Microsoft Corporation) C:\Users\Owner\AppData\Local\Google\Chrome\Application\29.0.1547.66\D3DCompiler_46.dll

2013-09-03 22:33 - 2013-09-02 16:35 - 00709584 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\29.0.1547.66\libglesv2.dll

2013-09-03 22:33 - 2013-09-02 16:35 - 00099792 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\29.0.1547.66\libegl.dll

2013-09-03 22:33 - 2013-09-02 16:35 - 04053456 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll

2013-09-03 22:33 - 2013-09-02 16:35 - 00410576 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll

2013-09-03 22:33 - 2013-09-02 16:35 - 02110928 _____ (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\29.0.1547.66\libpeerconnection.dll

2013-09-03 22:33 - 2013-09-02 16:35 - 01604560 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll

2013-09-03 22:33 - 2013-09-02 16:35 - 13599184 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll

2013-05-31 11:55 - 2013-05-31 11:55 - 03008536 _____ (Gracenote, Inc.) C:\Program Files (x86)\iTunes\GNSDK_DSP.DLL

2013-05-31 11:55 - 2013-05-31 11:55 - 00776216 _____ (Gracenote, Inc.) C:\Program Files (x86)\iTunes\GNSDK_SDKMANAGER.DLL

2013-05-31 11:55 - 2013-05-31 11:55 - 00219672 _____ (Gracenote, Inc.) C:\Program Files (x86)\iTunes\GNSDK_MUSICID.DLL

2013-05-31 11:55 - 2013-05-31 11:55 - 00262680 _____ (Gracenote, Inc.) C:\Program Files (x86)\iTunes\GNSDK_SUBMIT.DLL

 

==================== Alternate Data Streams (whitelisted) ==========

 

AlternateDataStreams: C:\Users\Owner\Cookies:3iIxjmZssPF6yKyRB8z

AlternateDataStreams: C:\Users\Owner\AppData\Local\DlNTffEyXb3WT9:uV8Sj0tQ5ibfxx5kro45q3zYE

 

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (09/13/2013 03:40:05 PM) (Source: .NET Runtime) (User: )

Description: Shim database version C:\Windows\Microsoft.NET\Framework\v4.0 doesn't have a matching runtime directory

 

Error: (09/13/2013 00:22:30 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (09/13/2013 03:36:20 AM) (Source: SendoriService) (User: )

Description: In the enable methodObject reference not set to an instance of an object.

 

Error: (09/13/2013 03:36:15 AM) (Source: Application Error) (User: )

Description: Faulting application name: CCC.exe, version: 3.5.0.0, time stamp: 0x4f8350e0

Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b8479b

Exception code: 0xc000041d

Fault offset: 0x0000000000009e5d

Faulting process id: 0x109c

Faulting application start time: 0xCCC.exe0

Faulting application path: CCC.exe1

Faulting module path: CCC.exe2

Report Id: CCC.exe3

 

Error: (09/13/2013 03:35:54 AM) (Source: Application Error) (User: )

Description: Faulting application name: CCC.exe, version: 3.5.0.0, time stamp: 0x4f8350e0

Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b8479b

Exception code: 0xe0434352

Fault offset: 0x0000000000009e5d

Faulting process id: 0x109c

Faulting application start time: 0xCCC.exe0

Faulting application path: CCC.exe1

Faulting module path: CCC.exe2

Report Id: CCC.exe3

 

Error: (09/13/2013 03:35:38 AM) (Source: .NET Runtime) (User: )

Description: Application: CCC.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.Windows.Markup.XamlParseException

Stack:

   at System.Windows.FrameworkTemplate.LoadTemplateXaml(System.Xaml.XamlReader, System.Xaml.XamlObjectWriter)

   at System.Windows.FrameworkTemplate.LoadTemplateXaml(System.Xaml.XamlObjectWriter)

   at System.Windows.FrameworkTemplate.LoadOptimizedTemplateContent(System.Windows.DependencyObject, System.Windows.Markup.IComponentConnector, System.Windows.Markup.IStyleConnector, System.Collections.Generic.List`1<System.Windows.DependencyObject>, System.Windows.UncommonField`1<System.Collections.Hashtable>)

   at System.Windows.FrameworkTemplate.LoadContent(System.Windows.DependencyObject, System.Collections.Generic.List`1<System.Windows.DependencyObject>)

   at System.Windows.StyleHelper.ApplyTemplateContent(System.Windows.UncommonField`1<System.Collections.Specialized.HybridDictionary[]>, System.Windows.DependencyObject, System.Windows.FrameworkElementFactory, Int32, System.Collections.Specialized.HybridDictionary, System.Windows.FrameworkTemplate)

   at System.Windows.FrameworkTemplate.ApplyTemplateContent(System.Windows.UncommonField`1<System.Collections.Specialized.HybridDictionary[]>, System.Windows.FrameworkElement)

   at System.Windows.FrameworkElement.ApplyTemplate()

   at System.Windows.FrameworkElement.MeasureCore(System.Windows.Size)

   at System.Windows.UIElement.Measure(System.Windows.Size)

   at System.Windows.ContextLayoutManager.UpdateLayout()

   at System.Windows.Interop.HwndSource.Process_WM_SIZE(System.Windows.UIElement, IntPtr, MS.Internal.Interop.WindowMessage, IntPtr, IntPtr)

   at System.Windows.Interop.HwndSource.LayoutFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)

   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)

   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)

   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)

   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)

   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)

   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)

   at MS.Win32.UnsafeNativeMethods.ShowWindow(System.Runtime.InteropServices.HandleRef, Int32)

   at MS.Win32.UnsafeNativeMethods.ShowWindow(System.Runtime.InteropServices.HandleRef, Int32)

   at System.Windows.Window.ShowHelper(System.Object)

   at ATI.ACE.CLI.Component.Dashboard.Dashboard.DerivedRun()

   at ATI.ACE.CLI.Component.Client.Shared.Private.ClientUIComponent.DoRun()

   at ATI.ACE.CCC.Implementation.CCC_Main.CCCNewThreadBegin(System.Object)

   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)

   at System.Threading.ThreadHelper.ThreadStart(System.Object)

 

Error: (09/13/2013 03:34:44 AM) (Source: Bonjour Service) (User: )

Description: ERROR: handle_resolve_request bad interfaceIndex 24

 

Error: (09/13/2013 03:34:44 AM) (Source: Bonjour Service) (User: )

Description: ERROR: handle_resolve_request bad interfaceIndex 23

 

Error: (09/13/2013 03:34:44 AM) (Source: Bonjour Service) (User: )

Description: ERROR: handle_resolve_request bad interfaceIndex 22

 

Error: (09/13/2013 03:34:44 AM) (Source: Bonjour Service) (User: )

Description: ERROR: handle_resolve_request bad interfaceIndex 21

 

 

System errors:

=============

Error: (09/13/2013 05:08:23 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)

Description: There was an error while attempting to read the local hosts file.

 

Error: (09/13/2013 03:38:48 PM) (Source: Service Control Manager) (User: )

Description: The Service Sendori service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

 

Error: (09/13/2013 03:34:33 PM) (Source: Service Control Manager) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Application Sendori service.

 

Error: (09/13/2013 11:37:39 AM) (Source: Service Control Manager) (User: )

Description: The Service Sendori service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

 

Error: (09/13/2013 07:36:20 AM) (Source: Service Control Manager) (User: )

Description: The Service Sendori service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

 

Error: (09/13/2013 03:36:16 AM) (Source: Service Control Manager) (User: )

Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 

%%-2147024891

 

Error: (09/13/2013 03:36:16 AM) (Source: Service Control Manager) (User: )

Description: The Function Discovery Resource Publication service terminated with the following error: 

%%-2147024891

 

Error: (09/13/2013 03:36:13 AM) (Source: DCOM) (User: )

Description: {CC957078-B838-47C4-A7CF-626E7A82FC58}

 

Error: (09/13/2013 03:35:57 AM) (Source: Service Control Manager) (User: )

Description: The Skype Updater service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (09/13/2013 03:35:56 AM) (Source: Service Control Manager) (User: )

Description: The Service Sendori service hung on starting.

 

 

Microsoft Office Sessions:

=========================

 

CodeIntegrity Errors:

===================================

  Date: 2012-04-16 15:00:58.532

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2012-04-16 15:00:58.518

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 52%

Total physical RAM: 13294.46 MB

Available physical RAM: 6377.38 MB

Total Pagefile: 26587.1 MB

Available Pagefile: 15063.64 MB

Total Virtual: 8192 MB

Available Virtual: 8191.8 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:855.8 GB) (Free:145.14 GB) NTFS

Drive d: (VS2012_WDX_ENU) (CDROM) (Total:0.59 GB) (Free:0 GB) CDFS

Drive z: (Media) (Fixed) (Total:62.43 GB) (Free:9.65 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 10DF4266)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Active) - (Size=13 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=856 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=62 GB) - (Type=05)

 

==================== End Of Log ============================

[ChaoticFox]

I ran the program twice, the second sweep coming up clean, and the problem still persists. Here are the two logs, anyway.

 

 

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1005

www.malwarebytes.org

 

Database version: v2013.09.13.11

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16660

Owner :: OWNER-PC [administrator]

 

9/13/2013 9:02:42 PM

mbar-log-2013-09-13 (21-02-42).txt

 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: 

Objects scanned: 306560

Time elapsed: 24 minute(s), 24 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 4

HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLab) -> Delete on reboot.

HKLM\SOFTWARE\CLASSES\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Delete on reboot.

HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660066226658} (Adware.GamePlayLab) -> Delete on reboot.

HKLM\SOFTWARE\CLASSES\INTERFACE\{77777777-7777-7777-7777-770077227758} (Adware.GamePlayLab) -> Delete on reboot.

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

Physical Sectors Detected: 0

(No malicious items detected)

 

(end)

 

 

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1005

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

 

Account is Administrative

 

Internet Explorer version: 10.0.9200.16660

 

Java version: 1.6.0_35

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, Z:\ DRIVE_FIXED

CPU speed: 2.993000 GHz

Memory total: 13940248576, free: 5874065408

 

Downloaded database version: v2013.09.13.11

Downloaded database version: v2013.08.06.01

=======================================

Initializing...

------------ Kernel report ------------

     09/13/2013 21:02:39

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\iaStor.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\PxHlpa64.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\System32\Drivers\SCDEmu.SYS

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\atikmpag.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\bcmwl664.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\k57nd60a.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\MarvinBus64.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\AtihdW76.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\DRIVERS\IntcDAud.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\cdfs.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\drivers\usbaudio.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\Drivers\nx6000.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\??\C:\Windows\system32\drivers\mbam.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\??\c:\program files\my dell\pcdsrvc_x64.pkms

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\usp10.dll

\Windows\System32\setupapi.dll

\Windows\System32\gdi32.dll

\Windows\System32\urlmon.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk4\DR4

Upper Device Object: 0xfffffa800ebe9060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000083\

Lower Device Object: 0xfffffa800e441b60

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk3\DR3

Upper Device Object: 0xfffffa800d895060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000082\

Lower Device Object: 0xfffffa800e431980

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk2\DR2

Upper Device Object: 0xfffffa800d894060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000081\

Lower Device Object: 0xfffffa800e42ab60

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa800ebf6060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000080\

Lower Device Object: 0xfffffa800e420b60

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa800d032060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa800b375050

Lower Device Driver Name: \Driver\iaStor\

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa800d032060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800ce278a0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800d032060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800b375050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 10DF4266

 

Partition information:

 

    Partition 0 type is Other (0xde)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 63  Numsec = 80262

 

    Partition 1 type is Primary (0x7)

    Partition is ACTIVE.

    Partition starts at LBA: 81920  Numsec = 27783168

    Partition file system is NTFS

    Partition is bootable

 

    Partition 2 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 27865088  Numsec = 1794733750

 

    Partition 3 type is Extended with CSH (0x5)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 1822599166  Numsec = 130924546

 

Disk Size: 1000204886016 bytes

Sector size: 512 bytes

 

Scanning physical sectors of unpartitioned space on drive 0 (1-62-1953505168-1953525168)...

Done!

Physical Sector Size: 0

Drive: 1, DevicePointer: 0xfffffa800ebf6060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800e43f910, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800ebf6060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800e420b60, DeviceName: \Device\00000080\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 2, DevicePointer: 0xfffffa800d894060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800ebf6b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800d894060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800e42ab60, DeviceName: \Device\00000081\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 3, DevicePointer: 0xfffffa800d895060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800d895b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800d895060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800e431980, DeviceName: \Device\00000082\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 4, DevicePointer: 0xfffffa800ebe9060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800d894b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800ebe9060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800e441b60, DeviceName: \Device\00000083\, DriverName: \Driver\USBSTOR\

------------ End ----------

Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055225558} --> [Adware.GamePlayLab]

Infected: HKLM\SOFTWARE\CLASSES\TypeLib\{44444444-4444-4444-4444-440044224458} --> [Adware.GamePlayLab]

Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660066226658} --> [Adware.GamePlayLab]

Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{77777777-7777-7777-7777-770077227758} --> [Adware.GamePlayLab]

Scan finished

Creating System Restore point...

Cleaning up...

Removal scheduling successful. System shutdown needed.

System shutdown occurred

=======================================

 

 

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1005

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

 

Account is Administrative

 

Internet Explorer version: 10.0.9200.16660

 

Java version: 1.6.0_35

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, Z:\ DRIVE_FIXED

CPU speed: 2.993000 GHz

Memory total: 13940248576, free: 12341850112

 

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1005

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

 

Account is Administrative

 

Internet Explorer version: 10.0.9200.16660

 

Java version: 1.6.0_35

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, Z:\ DRIVE_FIXED

CPU speed: 2.993000 GHz

Memory total: 13940248576, free: 11070074880

 

=======================================

Initializing...

------------ Kernel report ------------

     09/13/2013 21:46:07

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\System32\drivers\imofugc.sys

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\iaStor.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\PxHlpa64.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\System32\Drivers\SCDEmu.SYS

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\atikmpag.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\bcmwl664.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\k57nd60a.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\MarvinBus64.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\AtihdW76.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\DRIVERS\IntcDAud.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\cdfs.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\system32\drivers\usbaudio.sys

\SystemRoot\System32\Drivers\nx6000.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\??\C:\Windows\system32\drivers\mbam.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\SystemRoot\system32\drivers\spsys.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\Wldap32.dll

\Windows\System32\urlmon.dll

\Windows\System32\iertutil.dll

\Windows\System32\shlwapi.dll

\Windows\System32\clbcatq.dll

\Windows\System32\sechost.dll

\Windows\System32\ws2_32.dll

\Windows\System32\user32.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\difxapi.dll

\Windows\System32\usp10.dll

\Windows\System32\advapi32.dll

\Windows\System32\ole32.dll

\Windows\System32\imm32.dll

\Windows\System32\comdlg32.dll

\Windows\System32\oleaut32.dll

\Windows\System32\setupapi.dll

\Windows\System32\normaliz.dll

\Windows\System32\msvcrt.dll

\Windows\System32\gdi32.dll

\Windows\System32\wininet.dll

\Windows\System32\lpk.dll

\Windows\System32\msctf.dll

\Windows\System32\imagehlp.dll

\Windows\System32\psapi.dll

\Windows\System32\shell32.dll

\Windows\System32\nsi.dll

\Windows\System32\kernel32.dll

\Windows\System32\comctl32.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\wintrust.dll

\Windows\System32\devobj.dll

\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

\Windows\System32\crypt32.dll

\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

\Windows\System32\KernelBase.dll

\Windows\System32\msasn1.dll

\Windows\SysWOW64\normaliz.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk4\DR4

Upper Device Object: 0xfffffa800ea5a060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000007f\

Lower Device Object: 0xfffffa800e498b60

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk3\DR3

Upper Device Object: 0xfffffa800ea5b060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000007e\

Lower Device Object: 0xfffffa800e49db60

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk2\DR2

Upper Device Object: 0xfffffa800ea5c060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000007d\

Lower Device Object: 0xfffffa800e499b60

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa800ea4b060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000007c\

Lower Device Object: 0xfffffa800d8bab60

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa800d012060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa800b08a050

Lower Device Driver Name: \Driver\iaStor\

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa800d012060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800d012ab0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800d012060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800b08a050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 10DF4266

 

Partition information:

 

    Partition 0 type is Other (0xde)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 63  Numsec = 80262

 

    Partition 1 type is Primary (0x7)

    Partition is ACTIVE.

    Partition starts at LBA: 81920  Numsec = 27783168

    Partition file system is NTFS

    Partition is bootable

 

    Partition 2 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 27865088  Numsec = 1794733750

 

    Partition 3 type is Extended with CSH (0x5)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 1822599166  Numsec = 130924546

 

Disk Size: 1000204886016 bytes

Sector size: 512 bytes

 

Scanning physical sectors of unpartitioned space on drive 0 (1-62-1953505168-1953525168)...

Done!

Physical Sector Size: 0

Drive: 1, DevicePointer: 0xfffffa800ea4b060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800e49c910, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800ea4b060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800d8bab60, DeviceName: \Device\0000007c\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 2, DevicePointer: 0xfffffa800ea5c060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800ea4bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800ea5c060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800e499b60, DeviceName: \Device\0000007d\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 3, DevicePointer: 0xfffffa800ea5b060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800ea5cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800ea5b060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800e49db60, DeviceName: \Device\0000007e\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 4, DevicePointer: 0xfffffa800ea5a060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800ea5bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800ea5a060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800e498b60, DeviceName: \Device\0000007f\, DriverName: \Driver\USBSTOR\

------------ End ----------

Scan finished

=======================================

 

 

Removal queue found; removal started

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_81920_i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...

Removal finished

 

[MrCharlie]

Lets finish up with the ZeroAccess infection first, then we'll get to the adware problem.

Please scan the system with RogueKiller and post the new log.

MrC (be back in the AM)

[ChaoticFox]

Sorry if that came off as aggressive. I really didn't mean anything by it. Here is the new log:

 

RogueKiller V8.6.11 _x64_ [sep 11 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Owner [Admin rights]

Mode : Scan -- Date : 09/13/2013 22:43:32

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 15 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : Google Update ("C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND

[RUN][sUSP PATH] HKCU\[...]\Run : ROC_ROC_APR2013_AV (C:\Users\Owner\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 86f7f2cf779747d18540c94a3536aae6-543305670ea17b9b473f75a87a88cdc294869005 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2012 [x][x][x][x]) -> FOUND

[RUN][sUSP PATH] HKCU\[...]\Run : AVG-Secure-Search-Update_0913a (C:\Users\Owner\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 86f7f2cf779747d18540c94a3536aae6-543305670ea17b9b473f75a87a88cdc294869005 --CMPID 0913a [x][x][x]) -> FOUND

[RUN][ZeroAccess] HKUS\.DEFAULT\[...]\Run : Google Update ("C:\Windows\system32\config\systemprofile\AppData\Local\Google\Desktop\Install\{577fc01d-903c-e16a-2b3d-a339c196ba5c}\?��?��?��\?��?��?��\???ﯹ๛\{577fc01d-903c-e16a-2b3d-a339c196ba5c}\GoogleUpdate.exe" >) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-2754525585-2667275184-1495631457-1000\[...]\Run : Google Update ("C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-2754525585-2667275184-1495631457-1000\[...]\Run : ROC_ROC_APR2013_AV (C:\Users\Owner\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 86f7f2cf779747d18540c94a3536aae6-543305670ea17b9b473f75a87a88cdc294869005 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2012 [x][x][x][x]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-2754525585-2667275184-1495631457-1000\[...]\Run : AVG-Secure-Search-Update_0913a (C:\Users\Owner\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 86f7f2cf779747d18540c94a3536aae6-543305670ea17b9b473f75a87a88cdc294869005 --CMPID 0913a [x][x][x]) -> FOUND

[RUN][ZeroAccess] HKUS\S-1-5-18\[...]\Run : Google Update ("C:\Windows\system32\config\systemprofile\AppData\Local\Google\Desktop\Install\{577fc01d-903c-e16a-2b3d-a339c196ba5c}\?��?��?��\?��?��?��\???ﯹ๛\{577fc01d-903c-e16a-2b3d-a339c196ba5c}\GoogleUpdate.exe" >) -> FOUND

[HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 6 ¤¤¤

[V1][sUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> FOUND

[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2754525585-2667275184-1495631457-1000UA.job : C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND

[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2754525585-2667275184-1495631457-1000Core.job : C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND

[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2754525585-2667275184-1495631457-1000Core : C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND

[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-2754525585-2667275184-1495631457-1000UA : C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND

[V2][sUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> FOUND

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection : ZeroAccess ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: WDC WD10EALX-759BA1 +++++

--- User ---

[MBR] 3676249455b64b91538b69be8c59c4d6

[bSP] d53b0be2a56687c8690d9092ce5b8143 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 13566 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27865088 | Size: 876334 Mo

3 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 1822599166 | Size: 63928 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_09132013_224332.txt >>

RKreport[0]_S_09132013_151032.txt;RKreport[0]_S_09132013_170954.txt

 

 

 

[MrCharlie]

Run RogueKiller again and click Scan
When the scan completes > click on the Registry tab
Put a check next to all of these and uncheck the rest: (if found)
 

[RUN][ZeroAccess] HKUS\.DEFAULT\[...]\Run : Google Update ("C:\Windows\system32\config\systemprofile\AppData\Local\Google\Desktop\Install\{577fc01d-903c-e16a-2b3d-a339c196ba5c}\? ? ? \? ? ? \???ﯹ๛\{577fc01d-903c-e16a-2b3d-a339c196ba5c}\GoogleUpdate.exe" >) -> FOUND

[RUN][ZeroAccess] HKUS\S-1-5-18\[...]\Run : Google Update ("C:\Windows\system32\config\systemprofile\AppData\Local\Google\Desktop\Install\{577fc01d-903c-e16a-2b3d-a339c196ba5c}\? ? ? \? ? ? \???ﯹ๛\{577fc01d-903c-e16a-2b3d-a339c196ba5c}\GoogleUpdate.exe" >) -> FOUND

Now click Delete on the right hand column under Options

-------------

Reboot and run another scan to ensure they are gone.


Then........


Lets clean out any adware while you're here: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Please uncheck elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you may want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
• If you're ready to clean it all up.....click the Clean button.
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• To restore an item that has been deleted:
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[ChaoticFox]

Well, I ran both RogueKiller and AdwCleaner, and both came up with almost no results. Here are the logs of each, in that order.

 

RogueKiller V8.6.11 _x64_ [sep 11 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Owner [Admin rights]

Mode : Scan -- Date : 09/14/2013 17:11:38

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 0 ¤¤¤

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: WDC WD10EALX-759BA1 +++++

--- User ---

[MBR] 3676249455b64b91538b69be8c59c4d6

[bSP] d53b0be2a56687c8690d9092ce5b8143 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 13566 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27865088 | Size: 876334 Mo

3 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 1822599166 | Size: 63928 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_09142013_171138.txt >>

RKreport[0]_D_09132013_232039.txt;RKreport[0]_S_09132013_151032.txt;RKreport[0]_S_09132013_170954.txt

RKreport[0]_S_09132013_224332.txt;RKreport[0]_S_09142013_165154.txt;RKreport[0]_S_09142013_165419.txt

RKreport[0]_S_09142013_165707.txt

 

 

 

_______________________________________________________________________________

 

 

 

# AdwCleaner v3.003 - Report created 14/09/2013 at 17:14:51

# Updated 07/09/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Owner - OWNER-PC

# Running from : C:\Users\Owner\Desktop\adwcleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16660

 

 

-\\ Mozilla Firefox v16.0.2 (en-US)

 

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4spvckgf.default\prefs.js ]

 

 

-\\ Google Chrome v

 

[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [15966 octets] - [11/09/2013 17:02:04]

AdwCleaner[R1].txt - [1935 octets] - [14/09/2013 16:58:09]

AdwCleaner[R2].txt - [1995 octets] - [14/09/2013 17:13:25]

AdwCleaner[R3].txt - [1842 octets] - [14/09/2013 17:14:51]

AdwCleaner[s0].txt - [16189 octets] - [11/09/2013 17:04:16]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1963 octets] ##########

 

[MrCharlie]

In Chrome, what is this extension:

CHR HKLM-x32\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\Owner\AppData\Local\Temp\ccex.crx

------------------------------

Uninstall these from your add/remove programs and any other Java listed except Java 7 Update 25:
Java™ 6 Update 24 (64-bit)
Java™ 6 Update 35

--------------------

Update your Java: Java 7 Update 40

Java 7 Update 25 <--------Go to control panel > Java > Update Tab > Update Now
Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

If there's no update tab in Java, uninstall it and Download and install the latest version from Here
Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

-------------------------

Now clear you Java cache:

http://www.java.com/en/download/help/plugin_cache.xml

-------------------------

Clean out temp files:

Download, install and run CCleaner free to clean out temp files.
Here's a Tutorial if needed.
You may want to uncheck "cookies" and please stay away from the registry cleaner.

--------------------------

Now run another scan with FRST and post the new log.......MrC

[ChaoticFox]

Well, I wasn't able to find that extension that you mentioned, since it doesn't show up in my list of extensions, but that certainly sounds like the culprit. I followed every other step that you mentioned, however, and here is the new log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-09-2013

Ran by Owner (administrator) on OWNER-PC on 14-09-2013 20:01:41

Running from C:\Users\Owner\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(AMD) C:\Windows\system32\atiesrxx.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

(Sendori) C:\Program Files (x86)\Sendori\sndappv2.exe

(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

() C:\Program Files\LTONHIS\Verbatim\SKDaemon.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

() C:\Program Files (x86)\puush\puush.exe

() C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe

(Bogdan Sharkov) C:\Program Files (x86)\Clownfish\Clownfish.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

() C:\Program Files\Rainmeter\Rainmeter.exe

() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriSvc.exe

(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe

(sendori) C:\Program Files (x86)\Sendori\Sendori.Service.exe

(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe

(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriTray.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe

(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriUp.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe

(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [RunDLLEntry_THXCfg] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64

HKLM\...\Run: [RunDLLEntry_EptMon] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64

HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj [207845 2011-04-29] ()

HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12681320 2011-08-26] (Realtek Semiconductor)

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [sKDaemon.exe] - C:\Program Files\LTONHIS\Verbatim\SKDaemon.exe [318464 2008-09-17] ()

HKLM\...\Policies\Explorer: [NoStrCmpLogical] 1

HKCU\...\Run: [steam] - C:\Program Files (x86)\Steam\steam.exe [1811368 2013-09-06] (Valve Corporation)

HKCU\...\Run: [msnmsgr] - "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

HKCU\...\Run: [AdobeBridge] - [x]

HKCU\...\Run: [puush] - C:\Program Files (x86)\puush\puush.exe [567880 2013-07-14] ()

HKCU\...\Run: [iFunBoxConnector] - C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe [812544 2012-11-20] ()

HKCU\...\Run: [Clownfish] - C:\Program Files (x86)\Clownfish\Clownfish.exe [1268472 2013-05-13] (Bogdan Sharkov)

HKCU\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)

HKCU\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKCU\...\Policies\Explorer: [NoDesktopCleanupWizard] 1

MountPoints2: I - I:\Autorun.exe

MountPoints2: {0b2c84ad-2116-11e2-a34f-180373d24315} - J:\TL_Bootstrap.exe

HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)

HKLM-x32\...\Run: [shwiconXP9106] - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)

HKLM-x32\...\Run: [THX Audio Control Panel] - C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)

HKLM-x32\...\Run: [updReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [] -  [x]

HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)

HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()

HKLM-x32\...\Run: [AccuWeatherWidget] - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj [2825741 2011-04-29] ()

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [switchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [38984 2013-05-10] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840768 2013-05-10] (Adobe Systems Inc.)

HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [312376 2011-11-14] (Power Software Ltd)

HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-05-07] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()

HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)

HKLM-x32\...\Run: [sendori Tray] - C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2013-07-01] (Sendori, Inc.)

HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)

HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)

HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)

Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk

ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1

URLSearchHook: (No Name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -  No File

SearchScopes: HKLM - DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

SearchScopes: HKCU - DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = 

SearchScopes: HKCU - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = 

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Winsock: Catalog9 01 C:\Windows\system32\Sendori.dll File Not found ()

Winsock: Catalog9 02 C:\Windows\system32\Sendori.dll File Not found ()

Winsock: Catalog9 03 C:\Windows\system32\Sendori.dll File Not found ()

Winsock: Catalog9 04 C:\Windows\system32\Sendori.dll File Not found ()

Winsock: Catalog9 15 C:\Windows\system32\Sendori.dll File Not found ()

 

Hosts: Hosts file not detected in the default directory

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{215759C3-A3D4-4BF2-9F09-F1BC2B23C784}: [NameServer]8.8.8.8

 

FireFox:

========

FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4spvckgf.default

FF Homepage: about:home

FF Keyword.URL: user_pref("keyword.URL", "");

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)

FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Owner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Owner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Extension: Просмотр HTTP заголовков - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4spvckgf.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}

FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4spvckgf.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

 

Chrome: 

=======

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Shockwave Flash) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll ()

CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)

CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\plugins\nppl3260.dll (RealNetworks, Inc.)

CHR Plugin: (RealPlayer Version Plugin) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\plugins\nprpjplug.dll (RealNetworks, Inc.)

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

CHR Plugin: (Java Platform SE 7 U10) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File

CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Google Update) - C:\Users\Owner\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File

CHR Extension: (James White) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0

CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (YouTube\u2122 Ratings Preview) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbhdenfmgbagncdmgbholejjpmmiank\2.3.3_0

CHR Extension: (AdBlock) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.7_0

CHR Extension: (Stealthy) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieaebnkibonmpbhdaanjkmedikadnoje\3.0.1_0

CHR Extension: (Auto Replay for YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.28_0

CHR Extension: (Chrome In-App Payments service) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0

CHR Extension: (4chan Plus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinelipedelckihohgdlpcclgocodhjj\3.0.0_0

CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

CHR HKLM-x32\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\Owner\AppData\Local\Temp\ccex.crx

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

CHR HKLM-x32\...\Chrome\Extension: [lkpmjnommfoljgjbckjmjhkmnhfmcmon] - C:\ProgramData\WeCareReminder\\wecarereminderro.crx

CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

CHR StartMenuInternet: Google Chrome - C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

 

==================== Services (Whitelisted) =================

 

R2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [119072 2013-07-01] (Sendori, Inc.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S3 npggsvc; C:\Windows\SysWow64\GameMon.des [5180032 2012-12-23] (INCA Internet Co., Ltd.)

R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2013-08-15] ()

R2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2013-07-01] (sendori)

R2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2013-07-01] (Sendori)

 

==================== Drivers (Whitelisted) ====================

 

S3 AE1000; C:\Windows\System32\DRIVERS\ae1000w7.sys [1101600 2010-06-11] (Ralink Technology Corp.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2011-02-14] (LG Electronics Inc.)

S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [28160 2011-02-14] (LG Electronics Inc.)

S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [34816 2011-02-14] (LG Electronics Inc.)

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]

S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [x]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-09-14 20:01 - 2013-09-14 20:01 - 01950310 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe

2013-09-14 19:56 - 2013-09-14 19:56 - 04454952 _____ (Piriform Ltd) C:\Users\Owner\Desktop\ccsetup405.exe

2013-09-14 19:56 - 2013-09-14 19:56 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC

2013-09-14 19:56 - 2013-09-14 19:56 - 00000000 ____D C:\Program Files\CCleaner

2013-09-14 19:38 - 2013-09-14 19:38 - 01095080 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll

2013-09-14 19:38 - 2013-09-14 19:38 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2013-09-14 19:35 - 2013-09-14 19:36 - 30669224 _____ (Oracle Corporation) C:\Users\Owner\Desktop\jre-7u40-windows-x64.exe

2013-09-14 17:11 - 2013-09-14 17:11 - 00001699 _____ C:\Users\Owner\Desktop\RKreport[0]_S_09142013_171138.txt

2013-09-14 17:01 - 2013-09-14 17:01 - 00293774 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_5233be6c.dmp

2013-09-14 16:57 - 2013-09-14 16:57 - 00001666 _____ C:\Users\Owner\Desktop\RKreport[0]_S_09142013_165707.txt

2013-09-14 16:54 - 2013-09-14 16:54 - 00001630 _____ C:\Users\Owner\Desktop\RKreport[0]_S_09142013_165419.txt

2013-09-14 16:51 - 2013-09-14 16:51 - 00001596 _____ C:\Users\Owner\Desktop\RKreport[0]_S_09142013_165154.txt

2013-09-13 23:20 - 2013-09-13 23:20 - 00005439 _____ C:\Users\Owner\Desktop\RKreport[0]_D_09132013_232039.txt

2013-09-13 22:43 - 2013-09-13 22:43 - 00005179 _____ C:\Users\Owner\Desktop\RKreport[0]_S_09132013_224332.txt

2013-09-13 21:36 - 2013-09-13 21:36 - 00295232 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_5232c00d.dmp

2013-09-13 21:02 - 2013-09-13 22:08 - 00000000 ____D C:\Users\Owner\Desktop\mbar

2013-09-13 21:00 - 2013-09-13 21:00 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Owner\Desktop\mbar-1.07.0.1005.exe

2013-09-13 19:08 - 2013-09-13 19:08 - 00060385 _____ C:\Users\Owner\Desktop\FRST.txt

2013-09-13 19:08 - 2013-09-13 19:08 - 00048901 _____ C:\Users\Owner\Desktop\Addition.txt

2013-09-13 19:07 - 2013-09-13 19:07 - 00000000 ____D C:\FRST

2013-09-13 17:09 - 2013-09-13 17:09 - 00006806 _____ C:\Users\Owner\Desktop\RKreport[0]_S_09132013_170954.txt

2013-09-13 16:02 - 2013-09-13 16:02 - 00028006 _____ C:\Users\Owner\Desktop\dds.txt

2013-09-13 16:02 - 2013-09-13 16:02 - 00024804 _____ C:\Users\Owner\Desktop\attach.txt

2013-09-13 15:59 - 2013-09-13 15:59 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.com

2013-09-13 15:10 - 2013-09-13 15:10 - 00007296 _____ C:\Users\Owner\Desktop\RKreport[0]_S_09132013_151032.txt

2013-09-13 15:06 - 2013-09-13 23:20 - 00000000 ____D C:\Users\Owner\Desktop\RK_Quarantine

2013-09-13 15:06 - 2013-09-13 15:06 - 03787776 _____ C:\Users\Owner\Desktop\RogueKillerX64.exe

2013-09-13 00:05 - 2013-09-13 00:05 - 00000000 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_52328ef3.dmp

2013-09-12 12:58 - 2013-09-12 12:58 - 00354042 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_5230db24.dmp

2013-09-11 17:02 - 2013-09-14 17:15 - 00000000 ____D C:\AdwCleaner

2013-09-11 17:01 - 2013-09-11 17:01 - 01037278 _____ C:\Users\Owner\Desktop\adwcleaner.exe

2013-09-07 03:36 - 2013-09-07 03:36 - 00000000 ____D C:\Users\Owner\Documents\Visual Studio 2012

2013-09-07 03:36 - 2013-09-07 03:36 - 00000000 ____D C:\Program Files (x86)\NuGet

2013-09-07 03:34 - 2013-09-07 03:34 - 00000000 ____D C:\Windows\symbols

2013-09-07 03:33 - 2013-09-07 03:33 - 00000000 ____D C:\Program Files (x86)\Windows Kits

2013-09-07 03:32 - 2013-09-07 03:35 - 00000000 ____D C:\Program Files\Microsoft SQL Server

2013-09-07 03:32 - 2013-09-07 03:32 - 00000000 ____D C:\Windows\SysWOW64\1033

2013-09-07 03:32 - 2013-09-07 03:32 - 00000000 ____D C:\Windows\system32\1033

2013-09-07 03:32 - 2013-09-07 03:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Help Viewer

2013-09-07 03:30 - 2013-09-07 03:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 11.0

2013-09-07 03:27 - 2013-09-07 03:27 - 00336750 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_522ad53f.dmp

2013-09-07 03:25 - 2013-09-07 03:25 - 00302988 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_522903d0.dmp

2013-09-06 15:48 - 2013-09-06 15:51 - 00000000 ____D C:\ProgramData\Package Cache

2013-09-05 14:46 - 2013-09-05 14:46 - 00302088 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_522390ce.dmp

2013-09-05 14:28 - 2013-09-05 14:28 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TuneUp Software

2013-09-03 14:40 - 2013-09-03 14:40 - 00066566 _____ C:\Users\Owner\Desktop\download.htm

2013-09-03 10:49 - 2013-09-03 10:49 - 00000963 _____ C:\Users\Owner\Desktop\ruined_Cottage.schematic

2013-09-02 12:59 - 2013-09-07 00:02 - 00000000 ____D C:\Users\Owner\AppData\Roaming\skypePM

2013-09-02 12:59 - 2013-09-02 12:59 - 00000056 ____H C:\Windows\SysWOW64\ezsidmv.dat

2013-09-02 12:58 - 2013-09-11 19:33 - 00000000 ___RD C:\Program Files (x86)\Skype

2013-09-02 12:58 - 2013-09-02 12:58 - 00002866 _____ C:\Windows\System32\Tasks\{9C7234AC-3983-483F-AF95-BAD5EE791D25}

2013-09-02 12:56 - 2013-09-02 12:56 - 00003122 _____ C:\Windows\System32\Tasks\{2F628C03-D09B-4EBF-85D8-00E7AA18D331}

2013-09-02 12:49 - 2013-09-02 12:49 - 00003122 _____ C:\Windows\System32\Tasks\{85EF0623-8253-46B2-BE8A-BE9D67FE6D9E}

2013-09-01 15:53 - 2013-09-01 15:53 - 00000413 _____ C:\wakeuptoken.info

2013-08-30 18:34 - 2013-08-30 18:34 - 00000000 ____D C:\Windows\Sun

2013-08-29 15:40 - 2013-08-29 15:40 - 00338032 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_521f716d.dmp

2013-08-29 13:47 - 2013-08-29 14:25 - 00000000 ____D C:\Users\Owner\Desktop\STTBTLL-v1.2

2013-08-29 12:40 - 2013-08-29 12:40 - 00000000 ____D C:\SMBX

2013-08-29 11:22 - 2013-08-29 11:22 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-08-29 11:22 - 2013-08-29 11:22 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes

2013-08-29 11:22 - 2013-08-29 11:22 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-08-29 11:22 - 2013-08-29 11:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-08-29 11:22 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-08-29 11:18 - 2013-08-29 11:24 - 00008564 _____ C:\Users\Owner\Desktop\Rkill.txt

2013-08-29 11:18 - 2013-08-29 11:18 - 00000000 ____D C:\Users\Owner\Desktop\rkill

2013-08-29 11:11 - 2013-09-14 17:01 - 00002186 _____ C:\Windows\SysWOW64\debug.log

2013-08-29 07:31 - 2013-08-29 11:12 - 00000000 ____D C:\ProgramData\ahrpDn37

2013-08-29 07:31 - 2013-08-29 07:31 - 00000000 ____D C:\Program Files (x86)\Google

2013-08-28 18:22 - 2013-08-28 18:23 - 00000000 ____D C:\ProgramData\nklc

2013-08-28 18:09 - 2013-09-05 14:57 - 00000000 ____D C:\ProgramData\ggab

2013-08-21 21:02 - 2013-08-21 21:18 - 00000000 ____D C:\Users\Owner\Desktop\VIDEO_TS

2013-08-21 21:02 - 2013-08-21 21:02 - 00000000 ____D C:\Users\Owner\Desktop\AUDIO_TS

2013-08-20 18:57 - 2013-08-20 18:57 - 10012564 _____ C:\Users\Owner\Desktop\spelunky_1_1.zip

2013-08-20 15:30 - 2013-08-20 15:30 - 00504856 _____ C:\Users\Owner\Desktop\mcrtoolkit10a14_5.zip

2013-08-17 21:08 - 2013-08-17 21:08 - 00000000 ____D C:\Users\Owner\AppData\Local\Electronic Arts

2013-08-17 21:07 - 2013-08-17 21:07 - 00000000 ____D C:\Users\Owner\Documents\Electrontic Arts

2013-08-16 19:45 - 2013-08-16 19:45 - 00000000 ____D C:\ProgramData\ATI

2013-08-16 19:44 - 2013-08-16 19:44 - 00000000 ____D C:\Program Files (x86)\AMD AVT

2013-08-16 13:50 - 2013-08-16 13:50 - 00000000 ____D C:\Users\Owner\Documents\EA Games

2013-08-16 00:32 - 2013-08-16 00:32 - 00000000 ____D C:\Users\Owner\AppData\Local\Criterion Games

2013-08-15 22:46 - 2013-08-15 22:46 - 00000000 ____D C:\ProgramData\SystemRequirementsLab

2013-08-15 22:33 - 2013-08-15 22:34 - 00000000 ____D C:\Users\Owner\Documents\Battlefield 3

2013-08-15 22:30 - 2013-08-15 22:30 - 00000000 ____D C:\Users\Owner\AppData\Local\ESN

2013-08-15 22:30 - 2013-08-15 22:30 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins

2013-08-15 22:28 - 2013-08-15 22:28 - 00000000 ____D C:\ProgramData\EA Core

2013-08-15 22:27 - 2013-08-17 21:08 - 00000000 ____D C:\Users\Owner\Documents\Electronic Arts

2013-08-15 22:26 - 2013-08-17 01:22 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll

2013-08-15 19:58 - 2013-08-22 19:51 - 00000000 ____D C:\Program Files (x86)\Origin Games

2013-08-15 19:52 - 2013-08-15 22:28 - 00000000 ____D C:\Users\Owner\AppData\Local\Origin

2013-08-15 19:52 - 2013-08-15 22:18 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Origin

2013-08-15 19:51 - 2013-08-27 20:13 - 00000000 ____D C:\Program Files (x86)\Origin

2013-08-15 19:51 - 2013-08-15 22:28 - 00000000 ____D C:\ProgramData\Electronic Arts

2013-08-15 19:51 - 2013-08-15 20:01 - 00000000 ____D C:\ProgramData\Origin

2013-08-15 01:37 - 2013-07-26 01:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-08-15 01:37 - 2013-07-26 01:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-08-15 01:37 - 2013-07-26 01:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-08-15 01:37 - 2013-07-26 01:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-08-15 01:37 - 2013-07-26 01:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-08-15 01:37 - 2013-07-26 01:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-08-15 01:37 - 2013-07-26 01:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-08-15 01:37 - 2013-07-26 01:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-08-15 01:37 - 2013-07-26 01:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-08-15 01:37 - 2013-07-25 23:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-08-15 01:37 - 2013-07-25 23:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-08-15 01:37 - 2013-07-25 23:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-08-15 01:37 - 2013-07-25 23:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-08-15 01:37 - 2013-07-25 23:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-08-15 01:37 - 2013-07-25 23:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-08-15 01:37 - 2013-07-25 23:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-08-15 01:37 - 2013-07-25 23:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-08-15 01:37 - 2013-07-25 23:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-08-15 01:37 - 2013-07-25 23:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-08-15 01:37 - 2013-07-25 22:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-08-15 01:37 - 2013-07-25 22:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-08-15 01:37 - 2013-07-25 21:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-08-15 01:36 - 2013-07-26 01:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-08-15 01:36 - 2013-07-26 01:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-08-15 01:36 - 2013-07-26 01:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-08-15 01:36 - 2013-07-26 01:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-08-15 01:36 - 2013-07-26 01:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-08-15 01:36 - 2013-07-25 23:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-08-15 01:36 - 2013-07-25 23:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-08-15 01:36 - 2013-07-25 23:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-08-15 01:36 - 2013-07-25 23:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-08-15 01:31 - 2013-08-15 01:33 - 00000000 ____D C:\Windows\system32\MRT

 

==================== One Month Modified Files and Folders =======

 

2013-09-14 20:01 - 2013-09-14 20:01 - 01950310 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe

2013-09-14 20:01 - 2012-01-17 17:12 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype

2013-09-14 19:59 - 2013-01-18 19:30 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Winamp

2013-09-14 19:59 - 2012-08-11 19:42 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Ventrilo

2013-09-14 19:59 - 2012-07-31 15:45 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Media Player Classic

2013-09-14 19:59 - 2012-03-18 16:08 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TS3Client

2013-09-14 19:59 - 2012-02-01 16:08 - 00000000 ____D C:\Users\Owner\Tracing

2013-09-14 19:59 - 2012-01-17 16:18 - 00000000 ____D C:\Program Files (x86)\Steam

2013-09-14 19:59 - 2011-02-10 10:02 - 00000000 ____D C:\Windows\panther

2013-09-14 19:56 - 2013-09-14 19:56 - 04454952 _____ (Piriform Ltd) C:\Users\Owner\Desktop\ccsetup405.exe

2013-09-14 19:56 - 2013-09-14 19:56 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC

2013-09-14 19:56 - 2013-09-14 19:56 - 00000000 ____D C:\Program Files\CCleaner

2013-09-14 19:38 - 2013-09-14 19:38 - 01095080 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll

2013-09-14 19:38 - 2013-09-14 19:38 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2013-09-14 19:38 - 2011-10-15 01:44 - 00973736 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll

2013-09-14 19:38 - 2011-10-15 01:44 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2013-09-14 19:38 - 2011-10-15 01:44 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2013-09-14 19:38 - 2011-10-15 01:44 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2013-09-14 19:38 - 2011-10-15 01:44 - 00000000 ____D C:\Program Files\Java

2013-09-14 19:36 - 2013-09-14 19:35 - 30669224 _____ (Oracle Corporation) C:\Users\Owner\Desktop\jre-7u40-windows-x64.exe

2013-09-14 19:34 - 2012-04-18 21:05 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-09-14 17:15 - 2013-09-11 17:02 - 00000000 ____D C:\AdwCleaner

2013-09-14 17:11 - 2013-09-14 17:11 - 00001699 _____ C:\Users\Owner\Desktop\RKreport[0]_S_09142013_171138.txt

2013-09-14 17:11 - 2009-07-14 00:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-09-14 17:11 - 2009-07-14 00:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-09-14 17:02 - 2012-01-16 13:47 - 00000000 ____D C:\Users\Owner\AppData\Local\SoftThinks

2013-09-14 17:02 - 2011-10-15 01:48 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup

2013-09-14 17:02 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-09-14 17:01 - 2013-09-14 17:01 - 00293774 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_5233be6c.dmp

2013-09-14 17:01 - 2013-08-29 11:11 - 00002186 _____ C:\Windows\SysWOW64\debug.log

2013-09-14 16:57 - 2013-09-14 16:57 - 00001666 _____ C:\Users\Owner\Desktop\RKreport[0]_S_09142013_165707.txt

2013-09-14 16:54 - 2013-09-14 16:54 - 00001630 _____ C:\Users\Owner\Desktop\RKreport[0]_S_09142013_165419.txt

2013-09-14 16:51 - 2013-09-14 16:51 - 00001596 _____ C:\Users\Owner\Desktop\RKreport[0]_S_09142013_165154.txt

2013-09-14 16:47 - 2012-08-02 21:45 - 00000000 ____D C:\Users\Owner\AppData\Local\PMB Files

2013-09-14 16:47 - 2012-08-02 21:45 - 00000000 ____D C:\ProgramData\PMB Files

2013-09-14 15:41 - 2013-03-09 23:10 - 00000000 ____D C:\Program Files (x86)\Guild Wars 2

2013-09-14 15:40 - 2013-03-09 23:09 - 00000000 ____D C:\Users\Owner\Documents\Guild Wars 2

2013-09-14 03:03 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF

2013-09-14 02:00 - 2012-01-22 21:29 - 00000000 ____D C:\Users\Owner\AppData\Local\Adobe

2013-09-13 23:20 - 2013-09-13 23:20 - 00005439 _____ C:\Users\Owner\Desktop\RKreport[0]_D_09132013_232039.txt

2013-09-13 23:20 - 2013-09-13 15:06 - 00000000 ____D C:\Users\Owner\Desktop\RK_Quarantine

2013-09-13 22:43 - 2013-09-13 22:43 - 00005179 _____ C:\Users\Owner\Desktop\RKreport[0]_S_09132013_224332.txt

2013-09-13 22:08 - 2013-09-13 21:02 - 00000000 ____D C:\Users\Owner\Desktop\mbar

2013-09-13 21:37 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\addins

2013-09-13 21:36 - 2013-09-13 21:36 - 00295232 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_5232c00d.dmp

2013-09-13 21:00 - 2013-09-13 21:00 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Owner\Desktop\mbar-1.07.0.1005.exe

2013-09-13 19:08 - 2013-09-13 19:08 - 00060385 _____ C:\Users\Owner\Desktop\FRST.txt

2013-09-13 19:08 - 2013-09-13 19:08 - 00048901 _____ C:\Users\Owner\Desktop\Addition.txt

2013-09-13 19:07 - 2013-09-13 19:07 - 00000000 ____D C:\FRST

2013-09-13 17:09 - 2013-09-13 17:09 - 00006806 _____ C:\Users\Owner\Desktop\RKreport[0]_S_09132013_170954.txt

2013-09-13 16:02 - 2013-09-13 16:02 - 00028006 _____ C:\Users\Owner\Desktop\dds.txt

2013-09-13 16:02 - 2013-09-13 16:02 - 00024804 _____ C:\Users\Owner\Desktop\attach.txt

2013-09-13 16:00 - 2012-01-18 22:08 - 00000000 ____D C:\Users\Owner\AppData\Roaming\uTorrent

2013-09-13 15:59 - 2013-09-13 15:59 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.com

2013-09-13 15:10 - 2013-09-13 15:10 - 00007296 _____ C:\Users\Owner\Desktop\RKreport[0]_S_09132013_151032.txt

2013-09-13 15:06 - 2013-09-13 15:06 - 03787776 _____ C:\Users\Owner\Desktop\RogueKillerX64.exe

2013-09-13 15:02 - 2013-05-23 16:20 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask

2013-09-13 11:34 - 2013-03-12 17:42 - 04751752 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2013-09-13 11:34 - 2012-04-18 21:05 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-09-13 11:34 - 2012-04-18 21:05 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-09-13 11:34 - 2011-10-15 01:37 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-09-13 00:05 - 2013-09-13 00:05 - 00000000 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_52328ef3.dmp

2013-09-12 19:43 - 2012-11-16 23:22 - 00000000 ____D C:\Users\Owner\AppData\Roaming\ftblauncher

2013-09-12 12:58 - 2013-09-12 12:58 - 00354042 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_5230db24.dmp

2013-09-11 23:17 - 2012-09-12 20:09 - 00000000 ____D C:\Users\Owner\Downloads\PFConfig 1.0.296+working serial

2013-09-11 19:33 - 2013-09-02 12:58 - 00000000 ___RD C:\Program Files (x86)\Skype

2013-09-11 19:33 - 2011-10-15 01:50 - 00000000 ____D C:\ProgramData\Skype

2013-09-11 17:04 - 2012-01-21 00:34 - 00000000 ____D C:\ProgramData\Uniblue

2013-09-11 17:01 - 2013-09-11 17:01 - 01037278 _____ C:\Users\Owner\Desktop\adwcleaner.exe

2013-09-09 17:01 - 2012-01-19 19:52 - 00000000 ____D C:\Users\Owner\Games

2013-09-07 03:36 - 2013-09-07 03:36 - 00000000 ____D C:\Users\Owner\Documents\Visual Studio 2012

2013-09-07 03:36 - 2013-09-07 03:36 - 00000000 ____D C:\Program Files (x86)\NuGet

2013-09-07 03:36 - 2012-04-18 21:09 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server

2013-09-07 03:35 - 2013-09-07 03:32 - 00000000 ____D C:\Program Files\Microsoft SQL Server

2013-09-07 03:35 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2013-09-07 03:34 - 2013-09-07 03:34 - 00000000 ____D C:\Windows\symbols

2013-09-07 03:33 - 2013-09-07 03:33 - 00000000 ____D C:\Program Files (x86)\Windows Kits

2013-09-07 03:33 - 2013-09-07 03:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 11.0

2013-09-07 03:32 - 2013-09-07 03:32 - 00000000 ____D C:\Windows\SysWOW64\1033

2013-09-07 03:32 - 2013-09-07 03:32 - 00000000 ____D C:\Windows\system32\1033

2013-09-07 03:32 - 2013-09-07 03:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Help Viewer

2013-09-07 03:32 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\MSBuild

2013-09-07 03:31 - 2012-04-18 21:09 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition

2013-09-07 03:31 - 2011-10-15 01:57 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2013-09-07 03:27 - 2013-09-07 03:27 - 00336750 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_522ad53f.dmp

2013-09-07 03:25 - 2013-09-07 03:25 - 00302988 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_522903d0.dmp

2013-09-07 03:07 - 2011-02-10 12:10 - 00774402 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2013-09-07 03:07 - 2009-07-14 01:13 - 00774402 _____ C:\Windows\system32\PerfStringBackup.INI

2013-09-07 00:02 - 2013-09-02 12:59 - 00000000 ____D C:\Users\Owner\AppData\Roaming\skypePM

2013-09-06 15:51 - 2013-09-06 15:48 - 00000000 ____D C:\ProgramData\Package Cache

2013-09-05 18:28 - 2013-02-10 15:33 - 00000000 ____D C:\ProgramData\Sendori

2013-09-05 14:57 - 2013-08-28 18:09 - 00000000 ____D C:\ProgramData\ggab

2013-09-05 14:46 - 2013-09-05 14:46 - 00302088 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_522390ce.dmp

2013-09-05 14:29 - 2012-01-18 00:21 - 00000000 ____D C:\ProgramData\MFAData

2013-09-05 14:28 - 2013-09-05 14:28 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TuneUp Software

2013-09-05 13:13 - 2012-08-26 04:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-09-03 23:15 - 2012-01-16 23:21 - 00000000 ____D C:\Users\Owner\AppData\Roaming\.minecraft

2013-09-03 14:40 - 2013-09-03 14:40 - 00066566 _____ C:\Users\Owner\Desktop\download.htm

2013-09-03 10:49 - 2013-09-03 10:49 - 00000963 _____ C:\Users\Owner\Desktop\ruined_Cottage.schematic

2013-09-02 12:59 - 2013-09-02 12:59 - 00000056 ____H C:\Windows\SysWOW64\ezsidmv.dat

2013-09-02 12:58 - 2013-09-02 12:58 - 00002866 _____ C:\Windows\System32\Tasks\{9C7234AC-3983-483F-AF95-BAD5EE791D25}

2013-09-02 12:56 - 2013-09-02 12:56 - 00003122 _____ C:\Windows\System32\Tasks\{2F628C03-D09B-4EBF-85D8-00E7AA18D331}

2013-09-02 12:49 - 2013-09-02 12:49 - 00003122 _____ C:\Windows\System32\Tasks\{85EF0623-8253-46B2-BE8A-BE9D67FE6D9E}

2013-09-01 15:53 - 2013-09-01 15:53 - 00000413 _____ C:\wakeuptoken.info

2013-09-01 15:07 - 2012-01-18 19:31 - 00000000 ____D C:\Program Files\WinRAR

2013-08-30 18:34 - 2013-08-30 18:34 - 00000000 ____D C:\Windows\Sun

2013-08-29 15:40 - 2013-08-29 15:40 - 00338032 _____ C:\Windows\SysWOW64\iFBConn_Build_2228_0731_521f716d.dmp

2013-08-29 14:25 - 2013-08-29 13:47 - 00000000 ____D C:\Users\Owner\Desktop\STTBTLL-v1.2

2013-08-29 12:58 - 2012-01-18 17:20 - 00000000 ____D C:\Program Files\Common Files\Apple

2013-08-29 12:40 - 2013-08-29 12:40 - 00000000 ____D C:\SMBX

2013-08-29 12:27 - 2012-01-18 19:31 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

2013-08-29 12:11 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration

2013-08-29 11:24 - 2013-08-29 11:18 - 00008564 _____ C:\Users\Owner\Desktop\Rkill.txt

2013-08-29 11:22 - 2013-08-29 11:22 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-08-29 11:22 - 2013-08-29 11:22 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes

2013-08-29 11:22 - 2013-08-29 11:22 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-08-29 11:22 - 2013-08-29 11:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-08-29 11:18 - 2013-08-29 11:18 - 00000000 ____D C:\Users\Owner\Desktop\rkill

2013-08-29 11:12 - 2013-08-29 07:31 - 00000000 ____D C:\ProgramData\ahrpDn37

2013-08-29 11:11 - 2013-01-29 22:20 - 00000000 ____D C:\Program Files (x86)\i-Funbox DevTeam

2013-08-29 07:31 - 2013-08-29 07:31 - 00000000 ____D C:\Program Files (x86)\Google

2013-08-29 07:31 - 2013-01-11 22:23 - 00000436 _____ C:\Windows\system32\Drivers\etc\hosts.ics

2013-08-28 18:23 - 2013-08-28 18:22 - 00000000 ____D C:\ProgramData\nklc

2013-08-27 20:13 - 2013-08-15 19:51 - 00000000 ____D C:\Program Files (x86)\Origin

2013-08-22 19:51 - 2013-08-15 19:58 - 00000000 ____D C:\Program Files (x86)\Origin Games

2013-08-22 00:14 - 2012-05-26 19:58 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll

2013-08-22 00:14 - 2012-05-26 19:58 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll

2013-08-22 00:14 - 2012-05-26 19:58 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll

2013-08-22 00:14 - 2012-05-26 19:57 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll

2013-08-21 21:18 - 2013-08-21 21:02 - 00000000 ____D C:\Users\Owner\Desktop\VIDEO_TS

2013-08-21 21:02 - 2013-08-21 21:02 - 00000000 ____D C:\Users\Owner\Desktop\AUDIO_TS

2013-08-20 18:57 - 2013-08-20 18:57 - 10012564 _____ C:\Users\Owner\Desktop\spelunky_1_1.zip

2013-08-20 15:30 - 2013-08-20 15:30 - 00504856 _____ C:\Users\Owner\Desktop\mcrtoolkit10a14_5.zip

2013-08-18 20:57 - 2012-01-25 15:57 - 00000132 _____ C:\Users\Owner\AppData\Roaming\Adobe PNG Format CS5 Prefs

2013-08-18 03:40 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache

2013-08-17 21:08 - 2013-08-17 21:08 - 00000000 ____D C:\Users\Owner\AppData\Local\Electronic Arts

2013-08-17 21:08 - 2013-08-15 22:27 - 00000000 ____D C:\Users\Owner\Documents\Electronic Arts

2013-08-17 21:07 - 2013-08-17 21:07 - 00000000 ____D C:\Users\Owner\Documents\Electrontic Arts

2013-08-17 01:28 - 2011-10-15 01:44 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2013-08-17 01:22 - 2013-08-15 22:26 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll

2013-08-16 19:45 - 2013-08-16 19:45 - 00000000 ____D C:\ProgramData\ATI

2013-08-16 19:45 - 2012-06-09 18:08 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SystemRequirementsLab

2013-08-16 19:45 - 2012-06-09 18:08 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab

2013-08-16 19:44 - 2013-08-16 19:44 - 00000000 ____D C:\Program Files (x86)\AMD AVT

2013-08-16 19:44 - 2012-08-01 13:35 - 00000000 ____D C:\ProgramData\AMD

2013-08-16 19:44 - 2012-08-01 13:33 - 00000000 ____D C:\Program Files\ATI Technologies

2013-08-16 13:50 - 2013-08-16 13:50 - 00000000 ____D C:\Users\Owner\Documents\EA Games

2013-08-16 00:32 - 2013-08-16 00:32 - 00000000 ____D C:\Users\Owner\AppData\Local\Criterion Games

2013-08-15 22:46 - 2013-08-15 22:46 - 00000000 ____D C:\ProgramData\SystemRequirementsLab

2013-08-15 22:34 - 2013-08-15 22:33 - 00000000 ____D C:\Users\Owner\Documents\Battlefield 3

2013-08-15 22:33 - 2012-05-27 02:08 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.xtr

2013-08-15 22:33 - 2012-05-27 02:08 - 00000000 ____D C:\Users\Owner\AppData\Local\PunkBuster

2013-08-15 22:33 - 2012-05-27 02:06 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.exe

2013-08-15 22:30 - 2013-08-15 22:30 - 00000000 ____D C:\Users\Owner\AppData\Local\ESN

2013-08-15 22:30 - 2013-08-15 22:30 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins

2013-08-15 22:28 - 2013-08-15 22:28 - 00000000 ____D C:\ProgramData\EA Core

2013-08-15 22:28 - 2013-08-15 19:52 - 00000000 ____D C:\Users\Owner\AppData\Local\Origin

2013-08-15 22:28 - 2013-08-15 19:51 - 00000000 ____D C:\ProgramData\Electronic Arts

2013-08-15 22:18 - 2013-08-15 19:52 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Origin

2013-08-15 22:12 - 2012-05-27 02:06 - 00189248 _____ C:\Windows\SysWOW64\PnkBstrB.ex0

2013-08-15 22:12 - 2012-05-27 02:06 - 00075136 _____ C:\Windows\SysWOW64\PnkBstrA.exe

2013-08-15 20:01 - 2013-08-15 19:51 - 00000000 ____D C:\ProgramData\Origin

2013-08-15 14:26 - 2013-01-16 15:38 - 00000000 ____D C:\ProgramData\InstallMate

2013-08-15 01:33 - 2013-08-15 01:31 - 00000000 ____D C:\Windows\system32\MRT

2013-08-15 01:33 - 2012-02-08 17:33 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-08-15 01:31 - 2012-01-16 16:17 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2013-09-11 02:40

 

 

==================== End Of Log ============================

[MrCharlie]

You'll be able to find all the extensions like this: (delete this one if found)

Please download SystemLook from the link below and save it to your Desktop.

http://jpshortstuff.247fixes.com/SystemLook_x64.exe

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:

  :folderfindbejbohlohkkgompgecdcbbglkpjfjgdj

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

I'll look over the rest of it...MrC (be back in the AM)

[ChaoticFox]

SystemLook 30.07.11 by jpshortstuff

Log created at 20:45 on 14/09/2013 by Owner

Administrator - Elevation successful

 

========== folderfind ==========

 

Searching for "bejbohlohkkgompgecdcbbglkpjfjgdj"

No folders found.

 

-= EOF =-

[MrCharlie]

OK, That was all I saw in the logs....please do this:

Please run a free online scan with the ESET Online Scanner (it may take a while to run)

Note: You will need to use Internet Explorer for this scan.

http://www.eset.eu/online-scanner

Tick the box next to YES, I accept the Terms of Use.

Click Start

When asked, allow the ActiveX control to install

Click Start

Make sure that the options Remove found threats and the option Scan unwanted applications is checked

Click Advanced settings and select the following:

• Scan potentially unwanted applications
• Scan for potentially unsafe applications
• Enable Anti-Stealth technology

Click Start

Wait for the scan to finish

Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic

MrC

[MrCharlie]

How are we doing??

 

Do you still need help or can I close this post??

 

MrC

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!