Jump to content

I'm infected what do i do?


Recommended Posts

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 5/20/2012 4:16:03 PM
System Uptime: 9/12/2013 3:26:04 AM (64 hours ago)
.
Motherboard: Dell Inc. |  | 04GJJT
Processor: AMD Athlon II X2 250 Processor | CPU 1 | 3000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 356.354 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is CDROM ()
K: is FIXED (NTFS) - 1863 GiB total, 1760.007 GiB free.
M: is FIXED (NTFS) - 932 GiB total, 297.13 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: AODDriver4.1
Device ID: ROOT\LEGACY_AODDRIVER4.1\0000
Manufacturer: 
Name: AODDriver4.1
PNP Device ID: ROOT\LEGACY_AODDRIVER4.1\0000
Service: AODDriver4.1
.
==== System Restore Points ===================
.
RP310: 9/7/2013 1:04:47 PM - Installed Motorola Device Manager
RP311: 9/8/2013 7:00:46 PM - Windows Backup
RP313: 9/8/2013 7:49:05 PM - Windows Defender Checkpoint
RP314: 9/8/2013 7:54:25 PM - Windows Backup
RP315: 9/12/2013 3:00:29 AM - Windows Update
.
==== Installed Programs ======================
.
 Updater
ABBYY FineReader 6.0 Sprint
ActivClient CAC x64
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7)
Advanced SystemCare 6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaImpression for Kodak
ArcSoft RAW Thumbnail Viewer
Bonjour
BrowserProtect
Catalyst Control Center InstallProxy
CCleaner
Cherry SmartCard Package V3.2 Build 2
Company of Heroes
Company of Heroes - FAKEMSI
Consumer In-Home Service Agreement
ConvertXtoDVD 4.1.19.365
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Online
Dell Edoc Viewer
Dell Stage Remote
DivX Setup
Google Chrome
Google Earth Plug-in
Google Update Helper
iCloud
Impulse
IObit Apps Toolbar v6.9
iTunes
Java 7 Update 25
Java Auto Updater
Java 7 Update 1 (64-bit)
JavaFX 2.1.1
Junk Mail filter update
KODAK Share Button App
Lexmark 5600-6600 Series
Lexmark Printable Web
Lexmark Toolbar
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Corporation
Microsoft DirectX SDK (June 2010)
Microsoft LifeCam
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Starter 2010 - English
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Motorola Device Manager
Motorola Device Software Update
Motorola Mobile Drivers Installation 6.2.0
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
My Dell
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 310.90
NVIDIA 3D Vision Driver 311.06
NVIDIA Control Panel 311.06
NVIDIA Graphics Driver 311.06
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA nView 136.27
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.1031
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
PlayReady PC Runtime x86
PowerISO
QuickTime
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio Update Manager
SCHOOLDAYS HQ
Search Protection
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2760597) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2794707) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760769) 32-Bit Edition
Sendori
Skype Click to Call
Skype™ 6.3
Smart Defrag 2
Sonic Activation Module
Speccy
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195
VLC media player 2.0.8
WD SmartWare
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
9/9/2013 9:18:11 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:  An instance of the service is already running.
9/9/2013 9:17:39 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
9/9/2013 9:17:39 PM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
9/7/2013 1:06:21 PM, Error: Service Control Manager [7030]  - The PST Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
9/14/2013 7:03:01 PM, Error: Service Control Manager [7000]  - The BrowserProtect service failed to start due to the following error:  The system cannot find the path specified.
9/14/2013 3:42:52 PM, Error: Service Control Manager [7031]  - The Service Sendori service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/12/2013 5:31:41 PM, Error: Service Control Manager [7000]  - The UrlFilter service failed to start due to the following error:  There are no more endpoints available from the endpoint mapper.
9/12/2013 5:30:30 PM, Error: Service Control Manager [7024]  - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
9/12/2013 3:29:46 AM, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
9/12/2013 3:29:46 AM, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.
9/12/2013 3:27:35 AM, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
9/12/2013 3:27:30 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the lxduCATSCustConnectService service to connect.
9/12/2013 3:27:30 AM, Error: Service Control Manager [7003]  - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
9/12/2013 3:27:30 AM, Error: Service Control Manager [7000]  - The lxduCATSCustConnectService service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
9/12/2013 3:27:29 AM, Error: Service Control Manager [7000]  - The AODDriver4.1 service failed to start due to the following error:  The system cannot find the file specified.
9/12/2013 3:27:10 AM, Error: Microsoft-Windows-Smartcard-Server [602]  - WDM Reader driver initialization cannot open reader device:  The system cannot find the path specified.
9/12/2013 3:26:09 AM, Error: Application Popup [876]  - Driver DLACDBHE.SYS has been blocked from loading.
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16686  BrowserJavaVersion: 10.25.2
Run by Johnstons at 19:00:51 on 2013-09-14
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4095.1690 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\lxducoms.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Sendori\sndappv2.exe
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Program Files (x86)\Sendori\SendoriSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Sendori\SendoriUp.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduMsdMon.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Users\Johnstons\AppData\Roaming\Search Protection\SearchProtection.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe
C:\Program Files (x86)\Sendori\SendoriTray.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
C:\PROGRAM FILES (X86)\COMMON FILES\ARCSOFT\CONNECTION SERVICE\BIN\ACDAEMON.EXE
C:\PROGRAM FILES (X86)\COMMON FILES\ARCSOFT\CONNECTION SERVICE\BIN\ArcCon.ac
C:\PROGRAM FILES (X86) (X86)\LEXMARK 5600-6600 SERIES\LXDUMON.EXE
C:\PROGRAM FILES\ACTIVIDENTITY\ACTIVCLIENT\ACCRDSUB.EXE
C:\PROGRAM FILES (X86)\DELL\STAGE REMOTE\STAGEREMOTE.EXE
C:\PROGRAM FILES\ACTIVIDENTITY\ACTIVCLIENT\ACSAGENT.EXE
C:\PROGRAM FILES (X86)\DELL\STAGE REMOTE\StageRemoteService.exe
C:\PROGRAM FILES (X86)\WESTERN DIGITAL\WD QUICK VIEW\WDDMSTATUS.EXE
C:\PROGRAM FILES (X86)\ASK.COM\UPDATER\UPDATER.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Sendori\Sendori.Service.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - <orphaned>
uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
BHO: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - <orphaned>
BHO: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - <orphaned>
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: ToolbarBHO Class: {9519AF7E-638D-4933-BAD6-D33D23C79FE5} - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll
BHO: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - <orphaned>
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: RAW Thumbnail Viewer: {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
uRun: [searchProtection] "C:\Users\Johnstons\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [ArcSoft MediaImpression Monitor] C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe
mRun: [sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
uPolicies-Explorer: NoViewOnDrive = dword:0
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: DisableLocalMachineRun = dword:0
uPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
uPolicies-Explorer: DisableCurrentUserRun = dword:0
uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
uPolicies-Explorer: NoFile = dword:0
uPolicies-Explorer: HideClock = dword:0
uPolicies-Explorer: NoDevMgrUpdate = dword:0
uPolicies-Explorer: NoDFSTab = dword:0
uPolicies-Explorer: NoWindowsUpdate = dword:0
uPolicies-Explorer: NoEncryptOnMove = dword:0
uPolicies-Explorer: NoRunasInstallPrompt = dword:0
uPolicies-Explorer: NoResolveTrack = dword:0
uPolicies-Explorer: NoStartMenuSubFolders = dword:0
uPolicies-System: NoDispAppearancePage = dword:0
uPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Read EXIF - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - <orphaned>
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.0.1 205.171.2.226
TCP: Interfaces\{9466F664-3DC6-4FAA-AD86-FBFE196B07D6} : DHCPNameServer = 192.168.0.1 205.171.2.226
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [lxduamon] "C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe"
x64-Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe"
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - <orphaned>
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 DRVECDB;DRVECDB;C:\Windows\System32\drivers\DRVECDB.SYS [2012-10-30 122776]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-3-1 55856]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2013-7-5 17720]
R1 DLARTL_E;DLARTL_E;C:\Windows\System32\drivers\DLARTL_E.SYS [2012-10-30 39288]
R2 ac.sharedstore;ActivIdentity Shared Store Service;C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-6-3 277032]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-8-23 574272]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-4 238080]
R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2013-7-1 119072]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 DLABMFSE;DLABMFSE;C:\Windows\System32\DLA\DLABMFSE.SYS [2012-10-30 44152]
R2 DLABOIOE;DLABOIOE;C:\Windows\System32\DLA\DLABOIOE.SYS [2012-10-30 41976]
R2 DLADResE;DLADResE;C:\Windows\System32\DLA\DLADResE.SYS [2012-10-30 10360]
R2 DLAIFS_E;DLAIFS_E;C:\Windows\System32\DLA\DLAIFS_E.SYS [2012-10-30 141432]
R2 DLAOPIOE;DLAOPIOE;C:\Windows\System32\DLA\DLAOPIOE.SYS [2012-10-30 33656]
R2 DLAPoolE;DLAPoolE;C:\Windows\System32\DLA\DLAPoolE.SYS [2012-10-30 18040]
R2 DLAUDF_E;DLAUDF_E;C:\Windows\System32\DLA\DLAUDF_E.SYS [2012-10-30 143096]
R2 DLAUDFAE;DLAUDFAE;C:\Windows\System32\DLA\DLAUDFAE.SYS [2012-10-30 136952]
R2 DRVEDDM;DRVEDDM;C:\Windows\System32\drivers\DRVEDDM.SYS [2012-10-30 63608]
R2 lxdu_device;lxdu_device;C:\Windows\System32\lxducoms.exe -service --> C:\Windows\System32\lxducoms.exe -service [?]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-8-29 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-8-29 701512]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-7-31 137528]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2013-5-18 65657]
R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2013-7-1 22304]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-8-14 3291008]
R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2013-7-1 3623200]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-9-14 1157056]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-9-14 248248]
R2 WDRulesService;WD Rules;C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-9-14 1177536]
R3 cxbu0x64;SmartTerminal XX44;C:\Windows\System32\drivers\cxbu0x64.sys [2012-6-1 177920]
R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2012-3-1 320040]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-8-29 25928]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-13 36720]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
RUnknown RegFilter;RegFilter; [x]
S1 DLACDBHE;DLACDBHE;C:\Windows\System32\drivers\DLACDBHE.SYS [2012-10-30 15992]
S2 BrowserProtect;BrowserProtect; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 lxduCATSCustConnectService;lxduCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxduserv.exe [2012-5-20 29184]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-7-11 46136]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-23 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-23 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-23 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-5-22 1255736]
S4 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2013-09-11 07:37:18 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-09-10 16:58:28 -------- d-----w- C:\Users\Johnstons\AppData\Local\{F68F18FE-0016-4FD0-BE1D-906758A355F0}
2013-09-10 01:21:54 -------- d-----w- C:\Windows\Logs
2013-09-07 17:06:17 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap
2013-09-07 17:05:53 -------- d-----w- C:\Program Files\Motorola Inc
2013-09-06 11:44:14 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{315AB4BA-54C7-4BAC-89F8-8C75C6D316B8}\mpengine.dll
2013-09-05 15:15:23 -------- d-----w- C:\Users\Johnstons\AppData\Local\{8259BBF3-7E2C-426B-81AB-8E3B8691DF33}
2013-09-03 22:10:04 -------- d-----w- C:\Users\Johnstons\AppData\Local\{4C7A1DC0-436D-4082-8B6C-860AB5031DA4}
2013-09-03 22:09:05 -------- d-----w- C:\Users\Johnstons\AppData\Local\{85983512-61D1-42B2-96D1-FB8D2F220E7B}
2013-08-31 14:34:21 -------- d-----w- C:\Users\Johnstons\AppData\Local\{4AE56943-DE37-4920-9574-DE802514AE49}
2013-08-30 10:41:56 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-30 10:41:56 -------- d-----w- C:\Program Files\iTunes
2013-08-30 10:41:56 -------- d-----w- C:\Program Files\iPod
2013-08-30 10:41:56 -------- d-----w- C:\Program Files (x86)\iTunes
2013-08-30 01:03:28 -------- d-----w- C:\Users\Johnstons\AppData\Roaming\Malwarebytes
2013-08-30 01:03:10 -------- d-----w- C:\ProgramData\Malwarebytes
2013-08-30 01:03:09 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-08-30 01:03:09 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-29 16:59:14 -------- d-----w- C:\ProgramData\dasrngar
2013-08-29 04:23:55 -------- d-----w- C:\ProgramData\vpy
2013-08-29 04:04:41 -------- d-----w- C:\ProgramData\gmpx
2013-08-24 19:32:08 -------- d-----w- C:\Users\Johnstons\AppData\Local\{DA4A2196-CA6C-4CCE-B92F-095D41D7FB12}
2013-08-24 19:31:54 -------- d-----w- C:\Users\Johnstons\Tracing
2013-08-23 15:01:37 -------- d-----w- C:\Program Files (x86)\Windows Password Recovery Tool Standard
2013-08-23 14:58:51 -------- d-----w- C:\Users\Johnstons\AppData\Local\AVG SafeGuard toolbar
2013-08-23 14:58:48 -------- d-----w- C:\Users\Johnstons\AppData\Local\Wajam
2013-08-23 14:57:55 -------- d-----w- C:\ProgramData\AVG SafeGuard toolbar
2013-08-23 14:57:55 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2013-08-23 14:57:54 -------- d-----w- C:\Program Files (x86)\AVG SafeGuard toolbar
2013-08-23 14:57:36 -------- d--h--w- C:\ProgramData\Common Files
2013-08-23 14:31:37 -------- d-----w- C:\Users\Johnstons\AppData\Roaming\Search Protection
2013-08-23 14:28:57 268968 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2013-08-23 14:16:15 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-22 23:44:38 -------- d-----w- C:\Windows\System32\MRT
2013-08-22 15:33:12 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-08-22 15:33:11 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-08-22 15:33:08 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-08-22 15:33:08 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-08-22 15:33:07 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-08-22 15:33:07 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-08-22 15:33:07 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-08-22 15:33:07 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-08-22 15:32:55 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-08-22 15:32:55 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-08-22 15:32:48 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-08-22 15:32:48 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-08-22 15:32:46 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-08-22 15:32:46 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-08-22 15:32:45 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-08-22 15:32:45 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
==================== Find3M  ====================
.
2013-09-13 17:04:10 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-13 17:04:10 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-30 01:22:22 9842040 ----a-w- C:\Program Files (x86)\Common Files\wruninstall.exe
2013-08-23 14:16:11 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-08-23 14:16:11 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-08-10 03:17:38 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-08-10 03:07:50 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-08-08 01:20:43 3155456 ----a-w- C:\Windows\System32\win32k.sys
2013-08-07 08:22:02 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-01 16:49:06 325920 ----a-w- C:\Windows\SysWow64\Sendori.dll
2013-06-26 23:21:50 23208 ----a-w- C:\Windows\System32\drivers\Sftvollh.sys
2013-06-26 23:21:48 28840 ----a-w- C:\Windows\System32\drivers\Sftredirlh.sys
2013-06-26 23:21:46 273576 ----a-w- C:\Windows\System32\drivers\Sftplaylh.sys
2013-06-26 23:21:46 1777320 ----a-w- C:\Windows\System32\sftldr.dll
2013-06-26 23:21:46 1130664 ----a-w- C:\Windows\SysWow64\sftldr_wow64.dll
2013-06-26 23:21:44 767144 ----a-w- C:\Windows\System32\drivers\Sftfslh.sys
.
============= FINISH: 19:03:34.86 ===============
 

 

attach.txt

dds.txt

Link to post
Share on other sites

Welcome to the forum.

What seems to be the problem??

--------------------------

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes and use the default font)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Failure to remove such software will result in your topic being closed and no further assistance being provided.


MrC


Note:
Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly


Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive


<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.


<+>The removal of malware isn't instantaneous, please be patient.


<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs


<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.


------->Your topic will be closed if you haven't replied within 3 days!<--------
(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

RogueKiller V8.6.11 _x64_ [sep 11 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Johnstons [Admin rights]

Mode : Scan -- Date : 09/14/2013 19:51:45

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 2 ¤¤¤

[sUSP PATH] SearchProtection.exe -- C:\Users\Johnstons\AppData\Roaming\Search Protection\SearchProtection.exe [7] -> KILLED [TermProc]

[ZeroAccess][sERVICE] ???etadpug -- "C:\Program Files (x86)\Google\Desktop\Install\{f63b28fd-0731-d121-b956-25a17ac2166e}\   \...\???ﯹ๛\{f63b28fd-0731-d121-b956-25a17ac2166e}\GoogleUpdate.exe" < [x] -> STOPPED

 

¤¤¤ Registry Entries : 20 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : SearchProtection ("C:\Users\Johnstons\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart [7]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-3491262524-2520724422-229997225-1001\[...]\Run : SearchProtection ("C:\Users\Johnstons\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart [7]) -> FOUND

[sERVICE][ZeroAccess] HKLM\[...]\CCSet\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{f63b28fd-0731-d121-b956-25a17ac2166e}\   \...\???ﯹ๛\{f63b28fd-0731-d121-b956-25a17ac2166e}\GoogleUpdate.exe" < [x]) -> FOUND

[sERVICE][ZeroAccess] HKLM\[...]\CS001\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{f63b28fd-0731-d121-b956-25a17ac2166e}\   \...\???ﯹ๛\{f63b28fd-0731-d121-b956-25a17ac2166e}\GoogleUpdate.exe" < [x]) -> FOUND

[sERVICE][ZeroAccess] HKLM\[...]\CS002\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{f63b28fd-0731-d121-b956-25a17ac2166e}\   \...\???ﯹ๛\{f63b28fd-0731-d121-b956-25a17ac2166e}\GoogleUpdate.exe" < [x]) -> FOUND

[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL] HKCU\[...]\System : DisableCMD (0) -> FOUND

[HJ POL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL] HKLM\[...]\System : DisableCMD (0) -> FOUND

[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableCMD (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HID SVC][Hidden from API] HKLM\[...]\CCSet\[...]\Services : . e () -> FOUND

[HID SVC][Hidden from API] HKLM\[...]\CS001\[...]\Services : . e () -> FOUND

[HID SVC][Hidden from API] HKLM\[...]\CS002\[...]\Services : . e () -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][Junction] en-US : C:\Program Files\Windows Defender\en-US >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MpAsDesc.dll : C:\Program Files\Windows Defender\MpAsDesc.dll >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MpCmdRun.exe : C:\Program Files\Windows Defender\MpCmdRun.exe >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MpCommu.dll : C:\Program Files\Windows Defender\MpCommu.dll >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MpEvMsg.dll : C:\Program Files\Windows Defender\MpEvMsg.dll >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MpOAV.dll : C:\Program Files\Windows Defender\MpOAV.dll >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MpRTP.dll : C:\Program Files\Windows Defender\MpRTP.dll >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MSASCui.exe : C:\Program Files\Windows Defender\MSASCui.exe >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MsMpCom.dll : C:\Program Files\Windows Defender\MsMpCom.dll >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MsMpLics.dll : C:\Program Files\Windows Defender\MsMpLics.dll >> \systemroot\system32\config [-] --> FOUND

[ZeroAccess][Junction] MsMpRes.dll : C:\Program Files\Windows Defender\MsMpRes.dll >> \systemroot\system32\config [-] --> FOUND

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection : ZeroAccess ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 www.100888290cs.com

127.0.0.1 100888290cs.com

127.0.0.1 100sexlinks.com

127.0.0.1 www.100sexlinks.com

[...]

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: ST3500413AS ATA Device +++++

--- User ---

[MBR] 86221e59a53d1a494e82d3a456f303f9

[bSP] d06556f87a55d9df9c7585cf2aac124e : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15168 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31145984 | Size: 461728 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

+++++ PhysicalDrive1: ST3500413AS ATA Device +++++

--- User ---

[MBR] 7435b395373533bcd39085cd12602a0e

[bSP] 3a263ec662f61a27d74cd7a536bc3337 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

 

Finished : << RKreport[0]_S_09142013_195145.txt >>

 

 

 

 

RKreport0_S_09142013_195145.txt

Link to post
Share on other sites

Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

I would change all my passwords and keep a close eye on all your sensitive accounts.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system)

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
MrC
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-09-2013 02

Ran by Johnstons (administrator) on JOHNSTONS-PC on 14-09-2013 20:47:35

Running from C:\Users\Johnstons\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(AMD) C:\Windows\system32\atiesrxx.exe

(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe

(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe

(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

( ) C:\Windows\system32\lxducoms.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe

(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe

(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

(Sendori) C:\Program Files (x86)\Sendori\sndappv2.exe

(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe

(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe

(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriSvc.exe

(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriUp.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

(AMD) C:\Windows\system32\atieclxx.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe

() C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduMsdMon.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe

(PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

(ArcSoft, Inc.) C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe

(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriTray.exe

() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(IObit) C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe

(Eastman Kodak Company) C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe

(ArcSoft Inc.) C:\PROGRAM FILES (X86)\COMMON FILES\ARCSOFT\CONNECTION SERVICE\BIN\ACDAEMON.EXE

(ArcSoft Inc.) C:\PROGRAM FILES (X86)\COMMON FILES\ARCSOFT\CONNECTION SERVICE\BIN\ArcCon.ac

() C:\PROGRAM FILES (X86) (X86)\LEXMARK 5600-6600 SERIES\LXDUMON.EXE

(ActivIdentity) C:\PROGRAM FILES\ACTIVIDENTITY\ACTIVCLIENT\ACCRDSUB.EXE

() C:\PROGRAM FILES (X86)\DELL\STAGE REMOTE\STAGEREMOTE.EXE

(ActivIdentity) C:\PROGRAM FILES\ACTIVIDENTITY\ACTIVCLIENT\ACSAGENT.EXE

() C:\PROGRAM FILES (X86)\DELL\STAGE REMOTE\StageRemoteService.exe

(Western Digital Technologies, Inc.) C:\PROGRAM FILES (X86)\WESTERN DIGITAL\WD QUICK VIEW\WDDMSTATUS.EXE

(Ask) C:\PROGRAM FILES (X86)\ASK.COM\UPDATER\UPDATER.EXE

(sendori) C:\Program Files (x86)\Sendori\Sendori.Service.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

() C:\Program Files (x86)\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [lxduamon] - C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe [16040 2010-02-04] ()

HKLM\...\Run: [acevents] - C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity)

HKLM\...\Run: [] - [x]

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)

Winlogon\Notify\ScCertProp: C:\WINDOWS\SysWOW64\explorer.exe (Microsoft Corporation)

HKLM\...\Policies\Explorer: [NoFolderOptions] 0

HKLM\...\Policies\Explorer: [NoViewOnDrive] 0

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0

HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0

HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0

HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0

HKLM\...\Policies\Explorer: [NoViewContextMenu] 0

HKLM\...\Policies\Explorer: [NoShellSearchButton] 0

HKLM\...\Policies\Explorer: [NoFind] 0

HKLM\...\Policies\Explorer: [NoFile] 0

HKLM\...\Policies\Explorer: [HideClock] 0

HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0

HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0

HKLM\...\Policies\Explorer: [NoSetFolders] 0

HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0

HKLM\...\Policies\Explorer: [NoSetTaskbar] 0

HKLM\...\Policies\Explorer: [NoDeletePrinter] 0

HKLM\...\Policies\Explorer: [NoDFSTab] 0

HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0

HKLM\...\Policies\Explorer: [NoLogoff] 0

HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0

HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0

HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0

HKLM\...\Policies\Explorer: [NoResolveSearch] 0

HKLM\...\Policies\Explorer: [NoSaveSettings] 0

HKLM\...\Policies\Explorer: [NoHardwareTab] 0

HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0

HKLM\...\Policies\Explorer: [NoDesktop] 0

HKCU\...\Run: [Advanced SystemCare 6] - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-04-18] (IObit)

HKCU\...\Run: [searchProtection] - C:\Users\Johnstons\AppData\Roaming\Search Protection\SearchProtection.EXE [832360 2013-09-03] (Spigot, Inc.)

HKCU\...\Policies\system: [DisableCMD] 0

HKCU\...\Policies\system: [NoDispAppearancePage] 0

HKCU\...\Policies\system: [NoDispBackgroundPage] 0

HKCU\...\Policies\system: [NoDispSettingsPage] 0

HKCU\...\Policies\Explorer: [NoFolderOptions] 0

HKCU\...\Policies\Explorer: [NoViewOnDrive] 0

HKCU\...\Policies\Explorer: [NoControlPanel] 0

HKCU\...\Policies\Explorer: [DisableLocalMachineRun] 0

HKCU\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0

HKCU\...\Policies\Explorer: [DisableCurrentUserRun] 0

HKCU\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0

HKCU\...\Policies\Explorer: [NoViewContextMenu] 0

HKCU\...\Policies\Explorer: [NoShellSearchButton] 0

HKCU\...\Policies\Explorer: [NoFind] 0

HKCU\...\Policies\Explorer: [NoFile] 0

HKCU\...\Policies\Explorer: [HideClock] 0

HKCU\...\Policies\Explorer: [NoTrayContextMenu] 0

HKCU\...\Policies\Explorer: [NoTrayItemsDisplay] 0

HKCU\...\Policies\Explorer: [NoSetFolders] 0

HKCU\...\Policies\Explorer: [NoDevMgrUpdate] 0

HKCU\...\Policies\Explorer: [NoSetTaskbar] 0

HKCU\...\Policies\Explorer: [NoDeletePrinter] 0

HKCU\...\Policies\Explorer: [NoDFSTab] 0

HKCU\...\Policies\Explorer: [NoChangeStartMenu] 0

HKCU\...\Policies\Explorer: [NoLogoff] 0

HKCU\...\Policies\Explorer: [NoWindowsUpdate] 0

HKCU\...\Policies\Explorer: [NoEncryptOnMove] 0

HKCU\...\Policies\Explorer: [NoRunasInstallPrompt] 0

HKCU\...\Policies\Explorer: [NoResolveSearch] 0

HKCU\...\Policies\Explorer: [NoSaveSettings] 0

HKCU\...\Policies\Explorer: [NoHardwareTab] 0

HKCU\...\Policies\Explorer: [NoStartMenuSubFolders] 0

MountPoints2: I - I:\setup_the_witcher_2_ee_3.0.1.17.exe

MountPoints2: {6f847d59-be8d-11e2-bdbf-d4bed9c4e401} - I:\MotorolaDeviceManagerSetup.exe -a

HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [bCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)

HKLM-x32\...\Run: [ArcSoft MediaImpression Monitor] - C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe [80448 2010-12-15] (ArcSoft, Inc.)

HKLM-x32\...\Run: [sendori Tray] - C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2013-07-01] (Sendori, Inc.)

HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-19] (DivX, LLC)

HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)

HKU\UpdatusUser\...\Run: [spybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)

HKU\UpdatusUser\...\Run: [KGShareApp] - C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe [394752 2012-06-26] (Eastman Kodak Company)

HKU\UpdatusUser\...\Run: [iSUSPM Startup] - C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [221184 2004-07-27] (InstallShield Software Corporation)

HKU\UpdatusUser\...\Run: [uTorrent] - "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED

HKU\UpdatusUser\...\Run: [Advanced SystemCare 6] - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-04-18] (IObit)

HKU\UpdatusUser\...\Policies\system: [DisableCMD] 0

HKU\UpdatusUser\...\Policies\system: [NoDispAppearancePage] 0

HKU\UpdatusUser\...\Policies\system: [NoDispBackgroundPage] 0

HKU\UpdatusUser\...\Policies\system: [NoDispSettingsPage] 0

Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk

ShortcutTarget: Uninstall Webroot RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1

URLSearchHook: (No Name) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} -  No File

URLSearchHook: (No Name) - {687578b9-7132-4a7a-80e4-30ee31099e03} -  No File

SearchScopes: HKLM - DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

SearchScopes: HKLM-x32 - DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

SearchScopes: HKCU - {1CFC9AA4-96E0-4A6D-92C4-546C082BCFDB} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=EDD91424-D1F7-4D11-ABB7-F2F87890D6FF&apn_sauid=7289C31C-E39D-4EE4-BEA4-B5F152845059

SearchScopes: HKCU - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = 

SearchScopes: HKCU - {A972B5CD-A54C-4228-B39E-C527661C40AD} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: No Name - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} -  No File

BHO-x32: No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File

BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: ToolbarBHO Class - {9519AF7E-638D-4933-BAD6-D33D23C79FE5} - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)

BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)

BHO-x32: No Name - {D2C5E510-BE6D-42CC-9F61-E4F939078474} -  No File

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM -  No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} -  No File

Toolbar: HKLM-x32 -  No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File

Toolbar: HKLM-x32 - RAW Thumbnail Viewer - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)

Toolbar: HKLM-x32 -  No Name - {8660E5B3-6C41-44DE-8503-98D99BBECD41} -  No File

Toolbar: HKLM-x32 -  No Name - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} -  No File

Toolbar: HKLM-x32 -  No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} -  No File

Toolbar: HKCU -  No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File

Toolbar: HKCU -  No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File

DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} 

DPF: HKLM-x32 {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} 

DPF: HKLM-x32 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} 

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226

 

Chrome: 

=======

CHR RestoreOnStartup: "https://www.google.com/"

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll ()

CHR Plugin: (Wajam) - C:\Users\Johnstons\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_1\plugins/PriamNPAPI.dll No File

CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll No File

CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File

CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

CHR Extension: (Instant Notifications for Gmail) - C:\Users\JOHNST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\adlgnpfgagimgadbaboilkbdnhbpegmd\1.4.9_1

CHR Extension: (Halo 4 Theme) - C:\Users\JOHNST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cenafinbdpjeekhgifoicckecljgelob\1_1

CHR Extension: (Google Search) - C:\Users\JOHNST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1

CHR Extension: (AccelerateTab) - C:\Users\JOHNST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0

CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\JOHNST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_1

CHR Extension: (Chrome In-App Payments service) - C:\Users\JOHNST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0

CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\JOHNST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_1

CHR Extension: (BrowserProtect) - C:\Users\JOHNST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0

CHR Extension: (Gmail) - C:\Users\JOHNST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

CHR Extension: (RSS Feed Reader) - C:\Users\JOHNST~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp\5.2.0_1

CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASC_GhromePlugin.crx

CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

CHR HKLM-x32\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Services (Whitelisted) =================

 

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

R2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [574272 2013-04-18] (IObit)

R2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [119072 2013-07-01] (Sendori, Inc.)

S2 lxduCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [29184 2009-10-16] (Lexmark International, Inc.)

R2 lxdu_device; C:\Windows\system32\lxducoms.exe [1039360 2009-10-16] ( )

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-07-31] (Motorola Mobility LLC)

R2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2013-07-01] (sendori)

R2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2013-07-01] (Sendori)

R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-14] (Western Digital )

R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-14] (Western Digital)

R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-14] (Western Digital )

S2 BrowserProtect; 

U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{f63b28fd-0731-d121-b956-25a17ac2166e}\   \...\???\{f63b28fd-0731-d121-b956-25a17ac2166e}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

 

==================== Drivers (Whitelisted) ====================

 

R3 cxbu0x64; C:\Windows\System32\DRIVERS\cxbu0x64.sys [177920 2011-10-12] (HID Global Corporation)

R2 DLABMFSE; C:\Windows\System32\DLA\DLABMFSE.SYS [44152 2006-08-18] (Roxio)

R2 DLABOIOE; C:\Windows\System32\DLA\DLABOIOE.SYS [41976 2006-08-18] (Roxio)

S1 DLACDBHE; C:\Windows\System32\Drivers\DLACDBHE.SYS [15992 2006-08-11] (Roxio)

R2 DLADResE; C:\Windows\System32\DLA\DLADResE.SYS [10360 2006-08-18] (Roxio)

R2 DLAIFS_E; C:\Windows\System32\DLA\DLAIFS_E.SYS [141432 2006-08-18] (Roxio)

R2 DLAOPIOE; C:\Windows\System32\DLA\DLAOPIOE.SYS [33656 2006-08-18] (Roxio)

R2 DLAPoolE; C:\Windows\System32\DLA\DLAPoolE.SYS [18040 2006-08-18] (Roxio)

R1 DLARTL_E; C:\Windows\System32\Drivers\DLARTL_E.SYS [39288 2006-08-11] (Roxio)

R2 DLAUDFAE; C:\Windows\System32\DLA\DLAUDFAE.SYS [136952 2006-08-18] (Roxio)

R2 DLAUDF_E; C:\Windows\System32\DLA\DLAUDF_E.SYS [143096 2006-08-18] (Roxio)

R0 DRVECDB; C:\Windows\System32\Drivers\DRVECDB.SYS [122776 2006-07-21] (Sonic Solutions)

R2 DRVEDDM; C:\Windows\System32\Drivers\DRVEDDM.SYS [63608 2006-08-11] (Roxio)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2013-05-22] ()

S2 AODDriver4.1; No ImagePath

S3 ATICDSDr; No ImagePath

S3 motccgp; system32\DRIVERS\motccgp.sys [x]

S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [x]

S3 MotoSwitchService; system32\DRIVERS\motswch.sys [x]

S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [x]

U0 SR; 

U2 srservice; 

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-09-14 20:47 - 2013-09-14 20:47 - 01950516 _____ (Farbar) C:\Users\Johnstons\Downloads\FRST64.exe

2013-09-14 20:47 - 2013-09-14 20:47 - 00000000 ____D C:\FRST

2013-09-14 20:38 - 2013-09-14 20:38 - 23478616 _____ (Hewlett-Packard Company                                     ) C:\Users\Johnstons\Downloads\sp57538.exe

2013-09-14 20:37 - 2013-09-14 20:38 - 32444856 _____ (Hewlett-Packard                                             ) C:\Users\Johnstons\Downloads\sp57063 (1).exe

2013-09-14 20:34 - 2013-09-14 20:37 - 165626176 _____ (Hewlett-Packard                                             ) C:\Users\Johnstons\Downloads\sp58600.exe

2013-09-14 20:34 - 2013-09-14 20:35 - 32444856 _____ (Hewlett-Packard                                             ) C:\Users\Johnstons\Downloads\sp57063.exe

2013-09-14 20:34 - 2013-09-14 20:34 - 06001128 _____ (Hewlett-Packard                                             ) C:\Users\Johnstons\Downloads\sp55083.exe

2013-09-14 19:51 - 2013-09-14 19:51 - 00006389 _____ C:\Users\Johnstons\Desktop\RKreport[0]_S_09142013_195145.txt

2013-09-14 19:49 - 2013-09-14 19:54 - 00000000 ____D C:\Users\Johnstons\Desktop\RK_Quarantine

2013-09-14 19:49 - 2013-09-14 19:49 - 03787776 _____ C:\Users\Johnstons\Downloads\RogueKillerX64.exe

2013-09-14 19:03 - 2013-09-14 19:05 - 00030550 _____ C:\Users\Johnstons\Desktop\dds.txt

2013-09-14 19:03 - 2013-09-14 19:05 - 00014374 _____ C:\Users\Johnstons\Desktop\attach.txt

2013-09-14 18:59 - 2013-09-14 18:59 - 00688992 ____R (Swearware) C:\Users\Johnstons\Desktop\dds.com

2013-09-14 16:42 - 2013-09-14 17:28 - 3224686592 _____ C:\Users\Johnstons\Downloads\X15-65733.iso

2013-09-14 07:40 - 2013-09-14 07:45 - 397537280 _____ C:\Users\Johnstons\Downloads\bitdefender-rescue-cd.iso

2013-09-12 03:08 - 2013-08-10 01:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-09-12 03:08 - 2013-08-10 01:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-09-12 03:08 - 2013-08-10 01:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-09-12 03:08 - 2013-08-10 01:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-09-12 03:08 - 2013-08-10 01:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-09-12 03:08 - 2013-08-10 01:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-09-12 03:08 - 2013-08-10 01:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-09-12 03:08 - 2013-08-10 01:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-09-12 03:08 - 2013-08-10 01:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-09-12 03:08 - 2013-08-10 01:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-09-12 03:08 - 2013-08-10 01:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-09-12 03:08 - 2013-08-10 01:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-09-12 03:08 - 2013-08-10 01:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-09-12 03:08 - 2013-08-10 01:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-09-12 03:08 - 2013-08-09 23:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-09-12 03:08 - 2013-08-09 23:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-09-12 03:08 - 2013-08-09 23:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-09-12 03:08 - 2013-08-09 23:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-09-12 03:08 - 2013-08-09 23:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-09-12 03:08 - 2013-08-09 23:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-09-12 03:08 - 2013-08-09 23:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-09-12 03:08 - 2013-08-09 23:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-09-12 03:08 - 2013-08-09 23:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-09-12 03:08 - 2013-08-09 23:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-09-12 03:08 - 2013-08-09 23:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-09-12 03:08 - 2013-08-09 23:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-09-12 03:08 - 2013-08-09 23:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-09-12 03:08 - 2013-08-09 23:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-09-12 03:08 - 2013-08-09 23:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-09-12 03:08 - 2013-08-09 22:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-09-12 03:08 - 2013-08-09 22:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-09-11 03:37 - 2013-08-07 21:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-09-11 03:37 - 2013-08-04 22:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys

2013-09-11 03:37 - 2013-08-01 22:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-09-11 03:37 - 2013-08-01 22:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-09-11 03:37 - 2013-08-01 22:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2013-09-11 03:37 - 2013-08-01 22:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2013-09-11 03:37 - 2013-08-01 22:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2013-09-11 03:37 - 2013-08-01 22:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2013-09-11 03:37 - 2013-08-01 22:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2013-09-11 03:37 - 2013-08-01 22:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2013-09-11 03:37 - 2013-08-01 22:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2013-09-11 03:37 - 2013-08-01 22:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2013-09-11 03:37 - 2013-08-01 22:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2013-09-11 03:37 - 2013-08-01 22:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 22:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 21:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-09-11 03:37 - 2013-08-01 21:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-09-11 03:37 - 2013-08-01 21:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2013-09-11 03:37 - 2013-08-01 21:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2013-09-11 03:37 - 2013-08-01 21:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2013-09-11 03:37 - 2013-08-01 21:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-09-11 03:37 - 2013-08-01 21:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2013-09-11 03:37 - 2013-08-01 21:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 21:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 21:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2013-09-11 03:37 - 2013-08-01 20:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2013-09-11 03:37 - 2013-08-01 20:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-09-11 03:37 - 2013-08-01 20:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-09-11 03:37 - 2013-08-01 20:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-09-11 03:37 - 2013-08-01 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-09-11 03:37 - 2013-08-01 20:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 20:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 20:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2013-09-11 03:37 - 2013-08-01 20:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2013-09-11 03:37 - 2013-07-25 22:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2013-09-11 03:37 - 2013-07-25 22:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll

2013-09-11 03:37 - 2013-07-25 21:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2013-09-11 03:37 - 2013-07-25 21:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll

2013-09-10 12:58 - 2013-09-10 12:58 - 00000000 ____D C:\Users\Johnstons\AppData\Local\{F68F18FE-0016-4FD0-BE1D-906758A355F0}

2013-09-09 21:16 - 2013-09-14 08:30 - 00000280 _____ C:\Windows\setupact.log

2013-09-09 21:16 - 2013-09-09 21:16 - 00000000 _____ C:\Windows\setuperr.log

2013-09-09 21:15 - 2013-09-12 03:26 - 00007206 _____ C:\Windows\PFRO.log

2013-09-07 13:06 - 2013-09-07 13:06 - 00003494 _____ C:\Windows\System32\Tasks\Motorola Device Manager Update

2013-09-07 13:06 - 2013-09-07 13:06 - 00003476 _____ C:\Windows\System32\Tasks\Motorola Device Manager Engine

2013-09-07 13:06 - 2013-09-07 13:06 - 00003302 _____ C:\Windows\System32\Tasks\Motorola Device Manager Initial Update

2013-09-07 13:05 - 2013-09-07 13:05 - 00000000 ____D C:\Program Files\Motorola Inc

2013-09-05 11:15 - 2013-09-05 11:15 - 00000000 ____D C:\Users\Johnstons\AppData\Local\{8259BBF3-7E2C-426B-81AB-8E3B8691DF33}

2013-09-03 18:10 - 2013-09-03 18:10 - 00000000 ____D C:\Users\Johnstons\AppData\Local\{4C7A1DC0-436D-4082-8B6C-860AB5031DA4}

2013-09-03 18:09 - 2013-09-03 18:09 - 00000000 ____D C:\Users\Johnstons\AppData\Local\{85983512-61D1-42B2-96D1-FB8D2F220E7B}

2013-08-31 10:36 - 2013-08-31 13:52 - 00000772 _____ C:\Users\Johnstons\Downloads\anime.txt

2013-08-31 10:34 - 2013-08-31 10:34 - 00000000 ____D C:\Users\Johnstons\AppData\Local\{4AE56943-DE37-4920-9574-DE802514AE49}

2013-08-30 10:50 - 2013-08-30 10:50 - 00003180 _____ C:\Windows\System32\Tasks\{0EEEBC3B-2E7D-44C1-BCF2-BA122B2530D3}

2013-08-30 06:51 - 2013-08-30 06:51 - 00001068 _____ C:\Users\Public\Desktop\VLC media player.lnk

2013-08-30 06:51 - 2013-08-30 06:51 - 00001068 _____ C:\ProgramData\Desktop\VLC media player.lnk

2013-08-30 06:41 - 2013-08-30 06:42 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-08-30 06:41 - 2013-08-30 06:42 - 00000000 ____D C:\Program Files\iTunes

2013-08-30 06:41 - 2013-08-30 06:42 - 00000000 ____D C:\Program Files (x86)\iTunes

2013-08-30 06:41 - 2013-08-30 06:41 - 00000000 ____D C:\Program Files\iPod

2013-08-29 21:03 - 2013-08-29 21:03 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-08-29 21:03 - 2013-08-29 21:03 - 00001111 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk

2013-08-29 21:03 - 2013-08-29 21:03 - 00000000 ____D C:\Users\Johnstons\AppData\Roaming\Malwarebytes

2013-08-29 21:03 - 2013-08-29 21:03 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-08-29 21:03 - 2013-08-29 21:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-08-29 21:03 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-08-29 13:39 - 2013-08-29 20:55 - 00000000 ____D C:\Users\Johnstons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro

2013-08-29 12:59 - 2013-08-29 20:55 - 00000000 ____D C:\ProgramData\dasrngar

2013-08-29 00:23 - 2013-08-29 01:17 - 00000000 ____D C:\ProgramData\vpy

2013-08-29 00:04 - 2013-08-29 00:22 - 00000000 ____D C:\ProgramData\gmpx

2013-08-24 15:32 - 2013-08-24 15:32 - 00000000 ____D C:\Users\Johnstons\AppData\Local\{DA4A2196-CA6C-4CCE-B92F-095D41D7FB12}

2013-08-24 15:31 - 2013-09-09 06:03 - 00000000 ____D C:\Users\Johnstons\Tracing

2013-08-23 11:01 - 2013-08-29 20:55 - 00000000 ____D C:\Program Files (x86)\Windows Password Recovery Tool Standard

2013-08-23 10:58 - 2013-08-23 10:59 - 00000000 ____D C:\Users\Johnstons\AppData\Local\AVG SafeGuard toolbar

2013-08-23 10:58 - 2013-08-23 10:58 - 00000000 ____D C:\Users\Johnstons\AppData\Local\Wajam

2013-08-23 10:57 - 2013-08-29 20:55 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar

2013-08-23 10:57 - 2013-08-29 20:55 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar

2013-08-23 10:35 - 2013-08-23 10:35 - 93302784 _____ C:\Windows\system32\config\SOFTWARE.iobit

2013-08-23 10:35 - 2013-08-23 10:35 - 05689344 _____ C:\Windows\system32\config\DEFAULT.iobit

2013-08-23 10:35 - 2013-08-23 10:35 - 00061440 _____ C:\Windows\system32\config\SAM.iobit

2013-08-23 10:35 - 2013-08-23 10:35 - 00024576 _____ C:\Windows\system32\config\SECURITY.iobit

2013-08-23 10:31 - 2013-08-23 10:32 - 00000000 ____D C:\Users\Johnstons\AppData\Roaming\Search Protection

2013-08-23 10:29 - 2013-08-23 10:29 - 00001274 _____ C:\Users\Public\Desktop\Uninstaller.lnk

2013-08-23 10:29 - 2013-08-23 10:29 - 00001274 _____ C:\ProgramData\Desktop\Uninstaller.lnk

2013-08-23 10:29 - 2013-08-23 10:29 - 00001262 _____ C:\Users\Johnstons\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk

2013-08-23 10:29 - 2013-08-23 10:29 - 00001223 _____ C:\Users\Public\Desktop\Advanced SystemCare 6.lnk

2013-08-23 10:29 - 2013-08-23 10:29 - 00001223 _____ C:\ProgramData\Desktop\Advanced SystemCare 6.lnk

2013-08-23 10:28 - 2013-08-15 17:31 - 00268968 _____ C:\Windows\SysWOW64\sqlite3.dll

2013-08-23 10:16 - 2013-08-23 10:16 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-08-23 10:16 - 2013-08-23 10:16 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-08-23 10:16 - 2013-08-23 10:16 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-08-23 10:16 - 2013-08-23 10:16 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-08-22 19:44 - 2013-09-12 03:08 - 00000000 ____D C:\Windows\system32\MRT

2013-08-22 11:33 - 2013-07-09 01:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2013-08-22 11:33 - 2013-07-09 01:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2013-08-22 11:33 - 2013-07-09 01:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2013-08-22 11:33 - 2013-07-09 01:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2013-08-22 11:33 - 2013-07-09 00:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2013-08-22 11:33 - 2013-07-09 00:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2013-08-22 11:33 - 2013-07-09 00:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2013-08-22 11:33 - 2013-07-09 00:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2013-08-22 11:32 - 2013-07-25 05:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2013-08-22 11:32 - 2013-07-25 04:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

2013-08-22 11:32 - 2013-07-18 21:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2013-08-22 11:32 - 2013-07-18 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2013-08-22 11:32 - 2013-07-09 01:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2013-08-22 11:32 - 2013-07-09 00:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2013-08-22 11:32 - 2013-07-06 02:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-08-22 11:32 - 2013-06-15 00:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

 

==================== One Month Modified Files and Folders =======

 

2013-09-14 20:47 - 2013-09-14 20:47 - 01950516 _____ (Farbar) C:\Users\Johnstons\Downloads\FRST64.exe

2013-09-14 20:47 - 2013-09-14 20:47 - 00000000 ____D C:\FRST

2013-09-14 20:42 - 2012-03-01 00:05 - 00000000 ____D C:\ProgramData\Roxio

2013-09-14 20:38 - 2013-09-14 20:38 - 23478616 _____ (Hewlett-Packard Company                                     ) C:\Users\Johnstons\Downloads\sp57538.exe

2013-09-14 20:38 - 2013-09-14 20:37 - 32444856 _____ (Hewlett-Packard                                             ) C:\Users\Johnstons\Downloads\sp57063 (1).exe

2013-09-14 20:37 - 2013-09-14 20:34 - 165626176 _____ (Hewlett-Packard                                             ) C:\Users\Johnstons\Downloads\sp58600.exe

2013-09-14 20:35 - 2013-09-14 20:34 - 32444856 _____ (Hewlett-Packard                                             ) C:\Users\Johnstons\Downloads\sp57063.exe

2013-09-14 20:35 - 2012-06-25 08:35 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-09-14 20:34 - 2013-09-14 20:34 - 06001128 _____ (Hewlett-Packard                                             ) C:\Users\Johnstons\Downloads\sp55083.exe

2013-09-14 20:32 - 2013-02-02 21:24 - 02009187 _____ C:\Windows\WindowsUpdate.log

2013-09-14 20:04 - 2012-05-20 19:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-09-14 19:54 - 2013-09-14 19:49 - 00000000 ____D C:\Users\Johnstons\Desktop\RK_Quarantine

2013-09-14 19:51 - 2013-09-14 19:51 - 00006389 _____ C:\Users\Johnstons\Desktop\RKreport[0]_S_09142013_195145.txt

2013-09-14 19:49 - 2013-09-14 19:49 - 03787776 _____ C:\Users\Johnstons\Downloads\RogueKillerX64.exe

2013-09-14 19:05 - 2013-09-14 19:03 - 00030550 _____ C:\Users\Johnstons\Desktop\dds.txt

2013-09-14 19:05 - 2013-09-14 19:03 - 00014374 _____ C:\Users\Johnstons\Desktop\attach.txt

2013-09-14 18:59 - 2013-09-14 18:59 - 00688992 ____R (Swearware) C:\Users\Johnstons\Desktop\dds.com

2013-09-14 17:28 - 2013-09-14 16:42 - 3224686592 _____ C:\Users\Johnstons\Downloads\X15-65733.iso

2013-09-14 17:02 - 2013-02-12 14:18 - 00000000 ____D C:\Users\Johnstons\AppData\Roaming\IObit

2013-09-14 11:14 - 2013-06-17 19:25 - 00000000 ____D C:\Users\Johnstons\AppData\Roaming\vlc

2013-09-14 08:30 - 2013-09-09 21:16 - 00000280 _____ C:\Windows\setupact.log

2013-09-14 07:45 - 2013-09-14 07:40 - 397537280 _____ C:\Users\Johnstons\Downloads\bitdefender-rescue-cd.iso

2013-09-14 02:35 - 2012-06-25 08:35 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-09-13 13:04 - 2012-05-20 19:10 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-09-13 13:04 - 2012-05-20 19:10 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-09-13 13:04 - 2012-02-29 23:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-09-12 17:30 - 2012-05-20 16:19 - 00000000 ___RD C:\Users\Johnstons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-09-12 17:30 - 2012-05-20 16:19 - 00000000 ___RD C:\Users\Johnstons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2013-09-12 12:23 - 2009-07-14 00:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-09-12 12:23 - 2009-07-14 00:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-09-12 04:03 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache

2013-09-12 03:27 - 2012-05-25 15:46 - 00000000 ____D C:\ProgramData\NVIDIA

2013-09-12 03:27 - 2011-02-10 10:02 - 00000000 ____D C:\Windows\panther

2013-09-12 03:27 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-09-12 03:27 - 2009-07-14 00:45 - 00421168 _____ C:\Windows\system32\FNTCACHE.DAT

2013-09-12 03:26 - 2013-09-09 21:15 - 00007206 _____ C:\Windows\PFRO.log

2013-09-12 03:08 - 2013-08-22 19:44 - 00000000 ____D C:\Windows\system32\MRT

2013-09-12 03:08 - 2012-05-20 19:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client

2013-09-12 03:08 - 2011-02-10 12:10 - 00811334 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2013-09-12 03:06 - 2012-05-23 17:20 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-09-12 03:06 - 2012-05-22 17:51 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-09-10 12:58 - 2013-09-10 12:58 - 00000000 ____D C:\Users\Johnstons\AppData\Local\{F68F18FE-0016-4FD0-BE1D-906758A355F0}

2013-09-10 12:51 - 2012-11-22 13:53 - 00000000 ____D C:\Users\Johnstons\Documents\ND work resumes

2013-09-09 21:34 - 2012-06-23 14:03 - 00000000 ____D C:\Users\Johnstons\Documents\IT junk files

2013-09-09 21:32 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF

2013-09-09 21:16 - 2013-09-09 21:16 - 00000000 _____ C:\Windows\setuperr.log

2013-09-09 06:03 - 2013-08-24 15:31 - 00000000 ____D C:\Users\Johnstons\Tracing

2013-09-08 20:00 - 2013-04-28 09:11 - 00000000 ____D C:\Users\Johnstons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

2013-09-07 13:06 - 2013-09-07 13:06 - 00003494 _____ C:\Windows\System32\Tasks\Motorola Device Manager Update

2013-09-07 13:06 - 2013-09-07 13:06 - 00003476 _____ C:\Windows\System32\Tasks\Motorola Device Manager Engine

2013-09-07 13:06 - 2013-09-07 13:06 - 00003302 _____ C:\Windows\System32\Tasks\Motorola Device Manager Initial Update

2013-09-07 13:05 - 2013-09-07 13:05 - 00000000 ____D C:\Program Files\Motorola Inc

2013-09-05 19:09 - 2013-02-24 19:46 - 00000000 ____D C:\ProgramData\Sendori

2013-09-05 11:15 - 2013-09-05 11:15 - 00000000 ____D C:\Users\Johnstons\AppData\Local\{8259BBF3-7E2C-426B-81AB-8E3B8691DF33}

2013-09-03 18:10 - 2013-09-03 18:10 - 00000000 ____D C:\Users\Johnstons\AppData\Local\{4C7A1DC0-436D-4082-8B6C-860AB5031DA4}

2013-09-03 18:09 - 2013-09-03 18:09 - 00000000 ____D C:\Users\Johnstons\AppData\Local\{85983512-61D1-42B2-96D1-FB8D2F220E7B}

2013-08-31 13:52 - 2013-08-31 10:36 - 00000772 _____ C:\Users\Johnstons\Downloads\anime.txt

2013-08-31 13:38 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\addins

2013-08-31 10:34 - 2013-08-31 10:34 - 00000000 ____D C:\Users\Johnstons\AppData\Local\{4AE56943-DE37-4920-9574-DE802514AE49}

2013-08-30 10:50 - 2013-08-30 10:50 - 00003180 _____ C:\Windows\System32\Tasks\{0EEEBC3B-2E7D-44C1-BCF2-BA122B2530D3}

2013-08-30 06:51 - 2013-08-30 06:51 - 00001068 _____ C:\Users\Public\Desktop\VLC media player.lnk

2013-08-30 06:51 - 2013-08-30 06:51 - 00001068 _____ C:\ProgramData\Desktop\VLC media player.lnk

2013-08-30 06:42 - 2013-08-30 06:41 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-08-30 06:42 - 2013-08-30 06:41 - 00000000 ____D C:\Program Files\iTunes

2013-08-30 06:42 - 2013-08-30 06:41 - 00000000 ____D C:\Program Files (x86)\iTunes

2013-08-30 06:42 - 2012-09-20 20:34 - 00001785 _____ C:\Users\Public\Desktop\iTunes.lnk

2013-08-30 06:42 - 2012-09-20 20:34 - 00001785 _____ C:\ProgramData\Desktop\iTunes.lnk

2013-08-30 06:41 - 2013-08-30 06:41 - 00000000 ____D C:\Program Files\iPod

2013-08-29 21:44 - 2012-05-20 16:16 - 00000000 ____D C:\Users\Johnstons

2013-08-29 21:22 - 2012-11-08 19:05 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-08-29 21:03 - 2013-08-29 21:03 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-08-29 21:03 - 2013-08-29 21:03 - 00001111 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk

2013-08-29 21:03 - 2013-08-29 21:03 - 00000000 ____D C:\Users\Johnstons\AppData\Roaming\Malwarebytes

2013-08-29 21:03 - 2013-08-29 21:03 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-08-29 21:03 - 2013-08-29 21:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-08-29 20:55 - 2013-08-29 13:39 - 00000000 ____D C:\Users\Johnstons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro

2013-08-29 20:55 - 2013-08-29 12:59 - 00000000 ____D C:\ProgramData\dasrngar

2013-08-29 20:55 - 2013-08-23 11:01 - 00000000 ____D C:\Program Files (x86)\Windows Password Recovery Tool Standard

2013-08-29 20:55 - 2013-08-23 10:57 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar

2013-08-29 20:55 - 2013-08-23 10:57 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar

2013-08-29 20:55 - 2013-05-23 12:04 - 00000000 ____D C:\Program Files\My Dell

2013-08-29 20:55 - 2012-11-18 17:19 - 00000000 ____D C:\Users\Johnstons\AppData\Local\lptmp480379487

2013-08-29 20:55 - 2012-07-16 17:06 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2013-08-29 20:55 - 2012-07-16 17:06 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2013-08-29 20:55 - 2012-05-21 15:31 - 00000000 ____D C:\ProgramData\PCDr

2013-08-29 20:55 - 2012-02-29 23:50 - 00000000 ___RD C:\Program Files (x86)\Skype

2013-08-29 20:55 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Defender

2013-08-29 20:55 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration

2013-08-29 20:55 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat

2013-08-29 20:54 - 2012-06-12 08:57 - 00000000 ____D C:\Users\Johnstons\AppData\Roaming\Skype

2013-08-29 20:54 - 2012-02-29 23:50 - 00000000 ____D C:\ProgramData\Skype

2013-08-29 20:53 - 2012-06-25 08:35 - 00000000 ____D C:\Program Files (x86)\Google

2013-08-29 01:17 - 2013-08-29 00:23 - 00000000 ____D C:\ProgramData\vpy

2013-08-29 00:23 - 2013-06-17 19:19 - 00000000 ____D C:\Users\Johnstons\AppData\Roaming\DivX

2013-08-29 00:22 - 2013-08-29 00:04 - 00000000 ____D C:\ProgramData\gmpx

2013-08-24 15:32 - 2013-08-24 15:32 - 00000000 ____D C:\Users\Johnstons\AppData\Local\{DA4A2196-CA6C-4CCE-B92F-095D41D7FB12}

2013-08-23 10:59 - 2013-08-23 10:58 - 00000000 ____D C:\Users\Johnstons\AppData\Local\AVG SafeGuard toolbar

2013-08-23 10:58 - 2013-08-23 10:58 - 00000000 ____D C:\Users\Johnstons\AppData\Local\Wajam

2013-08-23 10:35 - 2013-08-23 10:35 - 93302784 _____ C:\Windows\system32\config\SOFTWARE.iobit

2013-08-23 10:35 - 2013-08-23 10:35 - 05689344 _____ C:\Windows\system32\config\DEFAULT.iobit

2013-08-23 10:35 - 2013-08-23 10:35 - 00061440 _____ C:\Windows\system32\config\SAM.iobit

2013-08-23 10:35 - 2013-08-23 10:35 - 00024576 _____ C:\Windows\system32\config\SECURITY.iobit

2013-08-23 10:32 - 2013-08-23 10:31 - 00000000 ____D C:\Users\Johnstons\AppData\Roaming\Search Protection

2013-08-23 10:29 - 2013-08-23 10:29 - 00001274 _____ C:\Users\Public\Desktop\Uninstaller.lnk

2013-08-23 10:29 - 2013-08-23 10:29 - 00001274 _____ C:\ProgramData\Desktop\Uninstaller.lnk

2013-08-23 10:29 - 2013-08-23 10:29 - 00001262 _____ C:\Users\Johnstons\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk

2013-08-23 10:29 - 2013-08-23 10:29 - 00001223 _____ C:\Users\Public\Desktop\Advanced SystemCare 6.lnk

2013-08-23 10:29 - 2013-08-23 10:29 - 00001223 _____ C:\ProgramData\Desktop\Advanced SystemCare 6.lnk

2013-08-23 10:16 - 2013-08-23 10:16 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-08-23 10:16 - 2013-08-23 10:16 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-08-23 10:16 - 2013-08-23 10:16 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-08-23 10:16 - 2013-08-23 10:16 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-08-23 10:16 - 2012-05-31 17:56 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2013-08-23 10:16 - 2012-02-29 23:40 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll

2013-08-22 19:47 - 2009-07-14 01:13 - 00809262 _____ C:\Windows\system32\PerfStringBackup.INI

2013-08-22 09:02 - 2013-05-23 12:05 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask

2013-08-15 17:31 - 2013-08-23 10:28 - 00268968 _____ C:\Windows\SysWOW64\sqlite3.dll

 

Files to move or delete:

====================

ZeroAccess:

C:\Program Files (x86)\Google\Desktop\Install

 

 

Some content of TEMP:

====================

C:\Users\Johnstons\AppData\Local\Temp\SearchProtectionSetup.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

 

 

LastRegBack: 2013-09-11 00:57

 

==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites

Please uninstall Search Protection from your add/remove programs if you can.

Then.........

Download the attached fixlist.txt to the same folder as FRST.
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then......

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.
reply1.jpg

New window that comes up.
replyer1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:
If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
Internet access
Windows Update
Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.


MrC

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-09-2013 02

Ran by Johnstons at 2013-09-14 21:22:16 Run:1

Running from C:\Users\Johnstons\Downloads

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{f63b28fd-0731-d121-b956-25a17ac2166e}\   \...\???\{f63b28fd-0731-d121-b956-25a17ac2166e}\GoogleUpdate.exe" 

C:\Program Files (x86)\Google\Desktop\Install

C:\Users\Johnstons\AppData\Local\Temp\SearchProtectionSetup.exe

DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

 

*****************

 

*etadpug => Service deleted successfully.

C:\Program Files (x86)\Google\Desktop\Install => Moved successfully.

C:\Users\Johnstons\AppData\Local\Temp\SearchProtectionSetup.exe => Moved successfully.

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.

"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.

 

==== End of Fixlog ====

Link to post
Share on other sites

Malwarebytes Anti-Rootkit BETA 1.07.0.1005

www.malwarebytes.org

 

Database version: v2013.09.14.11

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16686

Johnstons :: JOHNSTONS-PC [administrator]

 

9/14/2013 9:43:33 PM

mbar-log-2013-09-14 (21-43-33).txt

 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: 

Objects scanned: 285164

Time elapsed: 12 minute(s), 39 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

Physical Sectors Detected: 0

(No malicious items detected)

 

(end)

 

mbar-log-2013-09-14 (21-43-33).txt

mbar-log-2013-09-14 (22-05-26).txt

system-log.txt

Link to post
Share on other sites

RogueKiller V8.6.11 _x64_ [sep 11 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Johnstons [Admin rights]

Mode : Scan -- Date : 09/15/2013 10:54:38

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 12 ¤¤¤

[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL] HKCU\[...]\System : DisableCMD (0) -> FOUND

[HJ POL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL] HKLM\[...]\System : DisableCMD (0) -> FOUND

[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableCMD (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 www.100888290cs.com

127.0.0.1 100888290cs.com

127.0.0.1 100sexlinks.com

127.0.0.1 www.100sexlinks.com

[...]

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: ST3500413AS ATA Device +++++

--- User ---

[MBR] 86221e59a53d1a494e82d3a456f303f9

[bSP] d06556f87a55d9df9c7585cf2aac124e : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15168 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31145984 | Size: 461728 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

+++++ PhysicalDrive1: ST3500413AS ATA Device +++++

--- User ---

[MBR] 7435b395373533bcd39085cd12602a0e

[bSP] 3a263ec662f61a27d74cd7a536bc3337 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

 

Finished : << RKreport[0]_S_09152013_105438.txt >>

Link to post
Share on other sites

OK...Next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

ComboFix 13-09-14.01 - Johnstons 09/15/2013  15:14:12.1.2 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4095.2316 [GMT -4:00]

Running from: c:\users\Johnstons\Downloads\ComboFix.exe

SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\DSearchLink

c:\programdata\DSearchLink\DSearchLink.exe

c:\programdata\PCDr\6280\AddOnDownloaded\9a29e1fb-664e-4651-a32c-e1ab34198ded.dll

c:\programdata\PCDr\6280\AddOnDownloaded\ad3867bf-de78-4ebd-93f2-0811b275b627.dll

c:\users\Johnstons\AppData\Local\Google\Chrome\User Data\Default\Preferences

c:\users\Johnstons\AppData\Roaming\inst.exe

c:\users\Johnstons\AppData\Roaming\vso_ts_preview.xml

c:\users\Johnstons\Desktop\Search.lnk

c:\windows\Tasks\TopArcadeHits.job

c:\windows\wininit.ini

.

.

(((((((((((((((((((((((((   Files Created from 2013-08-15 to 2013-09-15  )))))))))))))))))))))))))))))))

.

.

2013-09-15 19:34 . 2013-09-15 19:34 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-09-15 19:34 . 2013-09-15 19:34 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-09-15 19:03 . 2013-09-15 19:03 -------- d-----w- c:\users\Johnstons\AppData\Roaming\DSite

2013-09-15 19:03 . 2013-09-15 19:06 -------- d-----w- c:\program files (x86)\OpenIt

2013-09-15 19:03 . 2013-09-15 19:03 -------- d-----w- c:\users\Johnstons\AppData\Roaming\Babylon

2013-09-15 19:03 . 2013-09-15 19:03 -------- d-----w- c:\programdata\Babylon

2013-09-15 01:43 . 2013-09-15 02:16 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-09-15 00:47 . 2013-09-15 00:47 -------- d-----w- C:\FRST

2013-09-11 07:37 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys

2013-09-10 01:21 . 2013-09-15 03:54 -------- d-----w- c:\windows\Logs

2013-09-07 17:05 . 2013-09-07 17:05 -------- d-----w- c:\program files\Motorola Inc

2013-09-06 11:44 . 2013-08-20 04:46 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{315AB4BA-54C7-4BAC-89F8-8C75C6D316B8}\mpengine.dll

2013-09-03 13:53 . 2013-09-03 13:53 187248 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

2013-08-30 10:41 . 2013-08-30 10:42 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-08-30 10:41 . 2013-08-30 10:42 -------- d-----w- c:\program files\iTunes

2013-08-30 10:41 . 2013-08-30 10:42 -------- d-----w- c:\program files (x86)\iTunes

2013-08-30 10:41 . 2013-08-30 10:41 -------- d-----w- c:\program files\iPod

2013-08-30 01:03 . 2013-08-30 01:03 -------- d-----w- c:\users\Johnstons\AppData\Roaming\Malwarebytes

2013-08-30 01:03 . 2013-08-30 01:03 -------- d-----w- c:\programdata\Malwarebytes

2013-08-30 01:03 . 2013-08-30 01:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-08-30 01:03 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-08-29 16:59 . 2013-08-30 00:55 -------- d-----w- c:\programdata\dasrngar

2013-08-29 04:23 . 2013-08-29 05:17 -------- d-----w- c:\programdata\vpy

2013-08-29 04:04 . 2013-08-29 04:22 -------- d-----w- c:\programdata\gmpx

2013-08-24 19:31 . 2013-09-09 10:03 -------- d-----w- c:\users\Johnstons\Tracing

2013-08-23 15:01 . 2013-08-30 00:55 -------- d-----w- c:\program files (x86)\Windows Password Recovery Tool Standard

2013-08-23 14:58 . 2013-08-23 14:59 -------- d-----w- c:\users\Johnstons\AppData\Local\AVG SafeGuard toolbar

2013-08-23 14:58 . 2013-08-23 14:58 -------- d-----w- c:\users\Johnstons\AppData\Local\Wajam

2013-08-23 14:57 . 2013-08-30 00:55 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search

2013-08-23 14:57 . 2013-08-30 00:55 -------- d-----w- c:\programdata\AVG SafeGuard toolbar

2013-08-23 14:57 . 2013-08-30 00:55 -------- d-----w- c:\program files (x86)\AVG SafeGuard toolbar

2013-08-23 14:57 . 2013-08-23 14:57 -------- d--h--w- c:\programdata\Common Files

2013-08-23 14:28 . 2013-08-15 21:31 268968 ----a-w- c:\windows\SysWow64\sqlite3.dll

2013-08-23 14:16 . 2013-08-23 14:16 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-08-22 23:44 . 2013-09-12 07:08 -------- d-----w- c:\windows\system32\MRT

2013-08-22 15:33 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll

2013-08-22 15:33 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll

2013-08-22 15:33 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll

2013-08-22 15:33 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll

2013-08-22 15:33 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2013-08-22 15:33 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll

2013-08-22 15:33 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2013-08-22 15:33 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2013-08-22 15:32 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll

2013-08-22 15:32 . 2013-07-19 01:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2013-08-22 15:32 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-08-22 15:32 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL

2013-08-22 15:32 . 2013-07-09 05:51 1217024 ----a-w- c:\windows\system32\rpcrt4.dll

2013-08-22 15:32 . 2013-07-09 04:52 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll

2013-08-22 15:32 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-08-22 15:32 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-09-13 17:04 . 2012-05-20 23:10 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-09-13 17:04 . 2012-03-01 03:24 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-09-12 07:06 . 2012-05-23 21:20 79143768 ----a-w- c:\windows\system32\MRT.exe

2013-08-30 01:22 . 2012-11-08 23:05 9842040 ----a-w- c:\program files (x86)\Common Files\wruninstall.exe

2013-08-23 14:16 . 2012-05-31 21:56 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-08-23 14:16 . 2012-03-01 03:40 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-08-07 08:22 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-08-02 01:48 . 2013-09-11 07:37 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-07-01 16:49 . 2013-02-24 23:46 325920 ----a-w- c:\windows\SysWow64\Sendori.dll

2013-06-26 23:21 . 2013-06-26 23:21 23208 ----a-w- c:\windows\system32\drivers\Sftvollh.sys

2013-06-26 23:21 . 2013-06-26 23:21 28840 ----a-w- c:\windows\system32\drivers\Sftredirlh.sys

2013-06-26 23:21 . 2013-06-26 23:21 273576 ----a-w- c:\windows\system32\drivers\Sftplaylh.sys

2013-06-26 23:21 . 2013-06-26 23:21 1777320 ----a-w- c:\windows\system32\sftldr.dll

2013-06-26 23:21 . 2013-06-26 23:21 1130664 ----a-w- c:\windows\SysWow64\sftldr_wow64.dll

2013-06-26 23:21 . 2013-06-26 23:21 767144 ----a-w- c:\windows\system32\drivers\Sftfslh.sys

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-04-19 491840]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"ArcSoft MediaImpression Monitor"="c:\program files (x86)\Kodak\MediaImpression\ArcMonitor.exe" [2010-12-15 80448]

"Sendori Tray"="c:\program files (x86)\Sendori\SendoriTray.exe" [2013-07-01 83232]

"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-05-20 450560]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

.

c:\users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Uninstall Webroot RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe -x -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2012-11-8 9842040]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoDevMgrUpdate"= 0 (0x0)

"NoDFSTab"= 0 (0x0)

"NoEncryptOnMove"= 0 (0x0)

"NoResolveTrack"= 0 (0x0)

"NoStartMenuSubFolders"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDevMgrUpdate"= 0 (0x0)

"NoDFSTab"= 0 (0x0)

"NoEncryptOnMove"= 0 (0x0)

"NoResolveTrack"= 0 (0x0)

"NoStartMenuSubFolders"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"DisableLocalMachineRun"= 0 (0x0)

"DisableLocalMachineRunOnce"= 0 (0x0)

"DisableCurrentUserRun"= 0 (0x0)

"DisableCurrentUserRunOnce"= 0 (0x0)

"NoFile"= 0 (0x0)

"HideClock"= 0 (0x0)

"NoDevMgrUpdate"= 0 (0x0)

"NoDFSTab"= 0 (0x0)

"NoEncryptOnMove"= 0 (0x0)

"NoResolveTrack"= 0 (0x0)

"NoStartMenuSubFolders"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

.

R1 DLACDBHE;DLACDBHE;c:\windows\system32\Drivers\DLACDBHE.SYS;c:\windows\SYSNATIVE\Drivers\DLACDBHE.SYS [x]

R2 AODDriver4.1;AODDriver4.1; [x]

R2 BrowserProtect;BrowserProtect; [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxduserv.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R2 Update WebConnect;Update WebConnect;c:\program files (x86)\WebConnect\updateWebConnect.exe;c:\program files (x86)\WebConnect\updateWebConnect.exe [x]

R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]

R3 ATICDSDr;ATICDSDr; [x]

R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]

R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]

R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]

R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 DRVECDB;DRVECDB;c:\windows\System32\Drivers\DRVECDB.SYS;c:\windows\SYSNATIVE\Drivers\DRVECDB.SYS [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]

S1 DLARTL_E;DLARTL_E;c:\windows\system32\Drivers\DLARTL_E.SYS;c:\windows\SYSNATIVE\Drivers\DLARTL_E.SYS [x]

S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [x]

S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe;c:\program files (x86)\Sendori\SendoriSvc.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 DLABMFSE;DLABMFSE;c:\windows\system32\DLA\DLABMFSE.SYS;c:\windows\SYSNATIVE\DLA\DLABMFSE.SYS [x]

S2 DLABOIOE;DLABOIOE;c:\windows\system32\DLA\DLABOIOE.SYS;c:\windows\SYSNATIVE\DLA\DLABOIOE.SYS [x]

S2 DLADResE;DLADResE;c:\windows\system32\DLA\DLADResE.SYS;c:\windows\SYSNATIVE\DLA\DLADResE.SYS [x]

S2 DLAIFS_E;DLAIFS_E;c:\windows\system32\DLA\DLAIFS_E.SYS;c:\windows\SYSNATIVE\DLA\DLAIFS_E.SYS [x]

S2 DLAOPIOE;DLAOPIOE;c:\windows\system32\DLA\DLAOPIOE.SYS;c:\windows\SYSNATIVE\DLA\DLAOPIOE.SYS [x]

S2 DLAPoolE;DLAPoolE;c:\windows\system32\DLA\DLAPoolE.SYS;c:\windows\SYSNATIVE\DLA\DLAPoolE.SYS [x]

S2 DLAUDF_E;DLAUDF_E;c:\windows\system32\DLA\DLAUDF_E.SYS;c:\windows\SYSNATIVE\DLA\DLAUDF_E.SYS [x]

S2 DLAUDFAE;DLAUDFAE;c:\windows\system32\DLA\DLAUDFAE.SYS;c:\windows\SYSNATIVE\DLA\DLAUDFAE.SYS [x]

S2 DRVEDDM;DRVEDDM;c:\windows\system32\Drivers\DRVEDDM.SYS;c:\windows\SYSNATIVE\Drivers\DRVEDDM.SYS [x]

S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe;c:\windows\SYSNATIVE\lxducoms.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]

S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]

S2 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe;c:\program files (x86)\Sendori\Sendori.Service.exe [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

S2 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe;c:\program files (x86)\Sendori\sndappv2.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]

S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]

S2 WDRulesService;WD Rules;c:\program files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [x]

S3 cxbu0x64;SmartTerminal XX44;c:\windows\system32\DRIVERS\cxbu0x64.sys;c:\windows\SYSNATIVE\DRIVERS\cxbu0x64.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-09-05 12:35 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-09-15 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-20 17:04]

.

2013-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-25 12:35]

.

2013-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-25 12:35]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"lxduamon"="c:\program files (x86)\Lexmark 5600-6600 Series\lxduamon.exe" [2010-02-04 16040]

"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 196648]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;192.168.*.*

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Read EXIF - c:\program files (x86)\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

Trusted Zone: worldoftanks.com\www

TCP: DhcpNameServer = 192.168.0.1 205.171.2.226

.

.

------- File Associations -------

.

inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1

JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*

txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{03EB0E9C-7A91-4381-A220-9B52B641CDB1} - (no file)

URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)

BHO-{03EB0E9C-7A91-4381-A220-9B52B641CDB1} - (no file)

Toolbar-Locked - (no file)

Toolbar-{8660E5B3-6C41-44DE-8503-98D99BBECD41} - (no file)

Toolbar-{03EB0E9C-7A91-4381-A220-9B52B641CDB1} - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]

@="131473"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Sendori\SendoriUp.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe

c:\program files (x86)\Kodak\KODAK Share Button App\Listener.exe

.

**************************************************************************

.

Completion time: 2013-09-15  16:08:24 - machine was rebooted

ComboFix-quarantined-files.txt  2013-09-15 20:08

.

Pre-Run: 388,640,272,384 bytes free

Post-Run: 388,414,291,968 bytes free

.

- - End Of File - - 5E4329B729CB1636056C243FDAC2C55E

5C616939100B85E558DA92B899A0FC36

Link to post
Share on other sites

Looks Good....

Lets clean out any adware while you're here: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

# AdwCleaner v3.004 - Report created 15/09/2013 at 16:20:20

# Updated 15/09/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Johnstons - JOHNSTONS-PC

# Running from : C:\Users\Johnstons\Downloads\AdwCleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

Service Found : BrowserProtect

Service Found : Update WebConnect

 

***** [ Files / Folders ] *****

 

File Found : C:\Windows\System32\Tasks\BrowserProtect

Folder Found : C:\Users\Johnstons\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph

Folder Found C:\Program Files (x86)\Ask.com

Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Found C:\Program Files (x86)\Conduit

Folder Found C:\Program Files (x86)\Crawler Toolbar

Folder Found C:\Program Files (x86)\IObit Apps Toolbar

Folder Found C:\Program Files (x86)\openit

Folder Found C:\ProgramData\~0

Folder Found C:\ProgramData\Ask

Folder Found C:\ProgramData\Babylon

Folder Found C:\ProgramData\BrowserProtect

Folder Found C:\Users\Johnstons\AppData\Local\apn

Folder Found C:\Users\Johnstons\AppData\Local\Conduit

Folder Found C:\Users\Johnstons\AppData\Local\cre

Folder Found C:\Users\Johnstons\AppData\Local\PackageAware

Folder Found C:\Users\Johnstons\AppData\Local\Wajam

Folder Found C:\Users\Johnstons\AppData\LocalLow\AskToolbar

Folder Found C:\Users\Johnstons\AppData\LocalLow\BabylonToolbar

Folder Found C:\Users\Johnstons\AppData\LocalLow\boost_interprocess

Folder Found C:\Users\Johnstons\AppData\LocalLow\Conduit

Folder Found C:\Users\Johnstons\AppData\LocalLow\Search Settings

Folder Found C:\Users\Johnstons\AppData\LocalLow\Toolbar4

Folder Found C:\Users\Johnstons\AppData\Roaming\Babylon

Folder Found C:\Users\Johnstons\AppData\Roaming\DSite

Folder Found C:\Users\Johnstons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\5d4d8ddb634e841

Key Found : HKCU\Software\APN

Key Found : HKCU\Software\AppDataLow\Software\Crossrider

Key Found : HKCU\Software\AppDataLow\Software\I Want This

Key Found : HKCU\Software\AppDataLow\Software\Search Settings

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\Delta

Key Found : HKCU\Software\dsiteproducts

Key Found : HKCU\Software\InstallCore

Key Found : HKCU\Software\Microsoft\Babylon

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Found : HKCU\Software\Search Settings

Key Found : HKCU\Software\Softonic

Key Found : [x64] HKCU\Software\APN

Key Found : [x64] HKCU\Software\Conduit

Key Found : [x64] HKCU\Software\Delta

Key Found : [x64] HKCU\Software\dsiteproducts

Key Found : [x64] HKCU\Software\InstallCore

Key Found : [x64] HKCU\Software\Microsoft\Babylon

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : [x64] HKCU\Software\Search Settings

Key Found : [x64] HKCU\Software\Softonic

Key Found : HKLM\SOFTWARE\5d4d8ddb634e841

Key Found : HKLM\Software\APN

Key Found : HKLM\Software\AskToolbar

Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}

Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Found : HKLM\SOFTWARE\Classes\Prod.cap

Key Found : HKLM\Software\Conduit

Key Found : HKLM\Software\DataMngr

Key Found : HKLM\Software\Delta

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Key Found : HKLM\Software\Search Settings

Key Found : HKLM\Software\systweak

Key Found : HKLM\Software\Uniblue\DriverScanner

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{0F827075-B026-42F3-885D-98981EE7B1AE}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16686

 

 

-\\ Google Chrome v29.0.1547.66

 

[ File : C:\Users\Johnstons\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [7595 octets] - [15/09/2013 16:20:20]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7655 octets] ##########

Link to post
Share on other sites

# AdwCleaner v3.004 - Report created 15/09/2013 at 16:37:06

# Updated 15/09/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Johnstons - JOHNSTONS-PC

# Running from : C:\Users\Johnstons\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

[#] Service Deleted : BrowserProtect

[#] Service Deleted : Update WebConnect

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\~0

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\ProgramData\BrowserProtect

Folder Deleted : C:\Program Files (x86)\Ask.com

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Program Files (x86)\Crawler Toolbar

Folder Deleted : C:\Program Files (x86)\IObit Apps Toolbar

Folder Deleted : C:\Program Files (x86)\openit

Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Deleted : C:\Users\Johnstons\AppData\Local\apn

Folder Deleted : C:\Users\Johnstons\AppData\Local\Conduit

Folder Deleted : C:\Users\Johnstons\AppData\Local\cre

Folder Deleted : C:\Users\Johnstons\AppData\Local\PackageAware

Folder Deleted : C:\Users\Johnstons\AppData\Local\Wajam

Folder Deleted : C:\Users\Johnstons\AppData\LocalLow\AskToolbar

Folder Deleted : C:\Users\Johnstons\AppData\LocalLow\BabylonToolbar

Folder Deleted : C:\Users\Johnstons\AppData\LocalLow\boost_interprocess

Folder Deleted : C:\Users\Johnstons\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Johnstons\AppData\LocalLow\Search Settings

Folder Deleted : C:\Users\Johnstons\AppData\LocalLow\Toolbar4

Folder Deleted : C:\Users\Johnstons\AppData\Roaming\Babylon

Folder Deleted : C:\Users\Johnstons\AppData\Roaming\DSite

Folder Deleted : C:\Users\Johnstons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect

Folder Deleted : C:\Users\Johnstons\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph

File Deleted : C:\Windows\System32\Tasks\BrowserProtect

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{0F827075-B026-42F3-885D-98981EE7B1AE}]

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS

Key Deleted : HKCU\Software\5d4d8ddb634e841

Key Deleted : HKLM\SOFTWARE\5d4d8ddb634e841

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\APN

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Delta

Key Deleted : HKCU\Software\dsiteproducts

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\Microsoft\Babylon

Key Deleted : HKCU\Software\Search Settings

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\AppDataLow\Software\I Want This

Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKLM\Software\APN

Key Deleted : HKLM\Software\AskToolbar

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\Software\Delta

Key Deleted : HKLM\Software\Search Settings

Key Deleted : HKLM\Software\systweak

Key Deleted : HKLM\Software\Uniblue\DriverScanner

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16686

 

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]

 

-\\ Google Chrome v29.0.1547.66

 

[ File : C:\Users\Johnstons\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [7783 octets] - [15/09/2013 16:20:20]

AdwCleaner[s0].txt - [7302 octets] - [15/09/2013 16:37:06]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7362 octets] ##########

Link to post
Share on other sites

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.09.15.06

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16686

Johnstons :: JOHNSTONS-PC [administrator]

 

Protection: Enabled

 

9/15/2013 5:22:06 PM

mbam-log-2013-09-15 (17-22-06).txt

 

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|K:\|M:\|Q:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 412618

Time elapsed: 50 minute(s), 39 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 1

HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 4

C:\Users\Johnstons\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.

C:\Users\Johnstons\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.

C:\Users\Johnstons\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.

C:\Users\Johnstons\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\skin (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.

 

Files Detected: 7

C:\Qoobox\Quarantine\C\ProgramData\DSearchLink\DSearchLink.exe.vir (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.

C:\Users\Johnstons\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome.manifest (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.

C:\Users\Johnstons\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\icon.png (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.

C:\Users\Johnstons\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\install.rdf (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.

C:\Users\Johnstons\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content\browser.xul (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.

C:\Users\Johnstons\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content\toparcadehits.js (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.

C:\Users\Johnstons\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\skin\style.css (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.

 

(end)

Link to post
Share on other sites

It should be OK now........

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.73  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 10  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

avast! Antivirus   

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 JavaFX 2.1.1    

 Java 7 Update 25  

 Adobe Flash Player 11.8.800.168  

 Adobe Reader 10.1.8 Adobe Reader out of Date!  

 Google Chrome 29.0.1547.62  

 Google Chrome 29.0.1547.66  

 Google Chrome plugins...  

````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbamgui.exe  

 Malwarebytes' Anti-Malware mbamscheduler.exe   

 AVAST Software Avast AvastSvc.exe  

 AVAST Software Avast AvastUI.exe  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 0% 

````````````````````End of Log`````````````````````` 

Link to post
Share on other sites

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

JavaFX 2.1.1 <----uninstall from your add/remove programs
Java 7 Update 25 <----please update, should be Update 40


Go to control panel > Java > Update Tab > Update Now
Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

If there's no update tab in Java, uninstall it and Download and install the latest version from Here
Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

---------------------------------


Adobe Reader 10.1.8 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

If you used FRST:
Download the fixlist.txt to the same folder as FRST.
Run FRST and click Fix only once and wait
That will delete the quarantine folder created by FRST.

-----------------------------

Please download OTC to your desktop.
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.