Browser hijacking (www.dosearches.com)

[Artea]

Earlier today I installed the latest version of Daemon Tools Lite (virtual driver software), a programme I have been using for years. During the installation, it asked me to install third-party software, to which I declined. But despite that, I found it had still installed some. I uninstalled all of it, but one problem still remained. My browser (both FireFox and Internet Explorer kept redirecting me to a website called www.dosearches.com). At first it was set as the homepage. After I had changed it, it still redirected me to it whenever I started the browser. When opening a new tab, it would automatically go there as well. I have tried a few malware removal tools, some of which did detect the source and removed it, only to find nothing had changed. Any help would be greatly appreciated.

[MrCharlie]

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

[Artea]

Here is dds.txt:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720  BrowserJavaVersion: 10.25.2
Run by A at 19:17:30 on 2013-10-13
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.31.1043.18.6139.4289 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\A\Desktop\lmc-1.2.35-win32\lmc.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uSearch Bar = Preserve


BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [uTorrent] "C:\Users\A\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [LAN Messenger] C:\Users\A\Desktop\lmc-1.2.35-win32\lmc.exe
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2AAEDA3E-4E60-4670-A15B-6BB70D7DABF5} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL


x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0a6ubgx9.default\
FF - prefs.js: browser.search.selectedEngine - dosearches

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-10-13 283064]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-4-14 321104]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 139616]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-4-14 135560]
R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-5-15 384040]
R3 NisSrv;Microsoft Netwerkinspectie;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-8-12 366600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-13 25928]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-11 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-4-14 246376]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-11 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-8-11 30208]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-8-11 1255736]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-29 241152]
S4 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-3-28 361984]
S4 ePowerSvc;Acer ePower Service;C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2013-8-11 867712]
S4 GREGService;GREGService;C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-1-8 23584]
S4 Live Updater Service;Live Updater Service;C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2013-9-14 255376]
S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-10-13 418376]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-10-13 701512]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
S4 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-6-29 255744]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2013-10-13 17:04:42    283064    ----a-w-    C:\Windows\System32\drivers\dtsoftbus01.sys
2013-10-13 17:04:31    --------    d-----w-    C:\Program Files (x86)\DAEMON Tools Lite
2013-10-13 16:13:01    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-13 16:12:58    116440    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2013-10-13 16:07:56    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2013-10-13 14:43:10    --------    d-----w-    C:\Users\A\AppData\Roaming\Malwarebytes
2013-10-13 14:42:41    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-10-13 14:42:40    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-13 14:00:43    --------    d-----w-    C:\Windows\86CA3695A4124BAE92B649A60C2AC663.TMP
2013-10-13 14:00:40    --------    d-----w-    C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-10-13 13:20:24    9694160    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0560774C-1D04-4531-B7BB-15052DE45746}\mpengine.dll
2013-10-13 13:06:55    --------    d-----w-    C:\Users\A\AppData\Local\Apps
2013-10-11 12:47:49    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2013-10-11 12:47:49    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2013-10-11 12:47:49    52736    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2013-10-11 12:47:49    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2013-10-11 12:47:48    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2013-10-11 12:47:48    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2013-10-11 12:47:48    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2013-10-11 12:04:17    9694160    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-10 21:05:12    --------    d-----w-    C:\Program Files (x86)\Glare
2013-10-08 10:16:55    32768    ------w-    C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2013-10-08 10:16:55    225280    ------w-    C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2013-10-08 10:16:55    176128    ------w-    C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2013-10-08 10:16:54    77824    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
2013-10-05 11:42:36    --------    d-----w-    C:\Program Files (x86)\Valve
2013-10-03 10:20:35    --------    d-----w-    C:\Users\A\AppData\Roaming\SNS
2013-10-01 09:49:52    --------    d-----w-    C:\Users\A\AppData\Local\Ubisoft Game Launcher
2013-09-23 17:47:59    131072    ----a-w-    C:\Windows\SysWow64\eax.dll
2013-09-23 07:17:56    --------    d-----w-    C:\Program Files\Dolphin 4.0
2013-09-22 22:34:51    --------    d-----w-    C:\Users\A\AppData\Roaming\Windows Live Writer
2013-09-22 22:34:51    --------    d-----w-    C:\Users\A\AppData\Local\Windows Live Writer
2013-09-21 17:30:35    --------    d-----w-    C:\Users\A\AppData\Roaming\runic games
2013-09-20 14:05:25    3851784    ----a-w-    C:\Windows\SysWow64\D3DX9_39.dll
2013-09-15 20:40:31    --------    d-----w-    C:\Program Files (x86)\Solveig Multimedia
2013-09-15 20:40:31    --------    d-----w-    C:\Program Files (x86)\Common Files\Solveig Multimedia
2013-09-14 00:04:02    --------    d-----w-    C:\Program Files (x86)\Video Web Camera
2013-09-13 23:46:14    --------    d-----w-    C:\Users\A\AppData\Local\CyberLink
.
==================== Find3M  ====================
.
2013-10-09 06:45:49    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 06:45:49    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-22 23:28:06    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49    2876928    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-09-22 22:54:51    3959296    ----a-w-    C:\Windows\System32\jscript9.dll
2013-09-22 22:54:50    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-09-21 03:38:39    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-09-21 03:30:24    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10:19    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2013-09-08 02:30:37    1903552    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14    327168    ----a-w-    C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58    231424    ----a-w-    C:\Windows\SysWow64\mswsock.dll
2013-08-29 02:17:48    5549504    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28    243712    ----a-w-    C:\Windows\System32\wow64.dll
2013-08-29 02:16:14    859648    ----a-w-    C:\Windows\System32\tdh.dll
2013-08-29 02:13:28    878080    ----a-w-    C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45    3969472    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45    3914176    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16    619520    ----a-w-    C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17    640512    ----a-w-    C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06    3155968    ----a-w-    C:\Windows\System32\win32k.sys
2013-08-28 01:12:33    461312    ----a-w-    C:\Windows\System32\scavengeui.dll
2013-08-25 13:23:53    21840    ----atw-    C:\Windows\SysWow64\SIntfNT.dll
2013-08-25 13:23:53    17212    ----atw-    C:\Windows\SysWow64\SIntf32.dll
2013-08-25 13:23:53    12067    ----atw-    C:\Windows\SysWow64\SIntf16.dll
2013-08-24 13:12:12    0    ----a-w-    C:\Windows\ativpsrm.bin
2013-08-13 21:57:05    466456    ----a-w-    C:\Windows\System32\wrap_oal.dll
2013-08-13 21:57:05    122904    ----a-w-    C:\Windows\System32\OpenAL32.dll
2013-08-13 21:57:04    444952    ----a-w-    C:\Windows\SysWow64\wrap_oal.dll
2013-08-13 21:57:04    109080    ----a-w-    C:\Windows\SysWow64\OpenAL32.dll
2013-08-11 23:28:26    564824    ----a-w-    C:\Windows\System32\drivers\sptd.sys
2013-08-11 23:06:20    2560    ----a-w-    C:\Windows\SysWow64\drivers\nl-NL\qwavedrv.sys.mui
2013-08-11 23:06:09    5632    ----a-w-    C:\Windows\SysWow64\drivers\nl-NL\ndiscap.sys.mui
2013-08-11 23:06:04    50688    ----a-w-    C:\Windows\SysWow64\drivers\nl-NL\tcpip.sys.mui
2013-08-11 23:06:01    26624    ----a-w-    C:\Windows\SysWow64\drivers\nl-NL\bfe.dll.mui
2013-08-11 23:06:01    16896    ----a-w-    C:\Windows\SysWow64\drivers\nl-NL\pacer.sys.mui
2013-08-11 23:05:52    2560    ----a-w-    C:\Windows\SysWow64\drivers\nl-NL\scfilter.sys.mui
2013-08-11 20:43:35    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-11 20:43:33    867240    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-08-11 20:43:33    789416    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-08-11 17:49:27    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-07 02:22:02    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-08-05 02:25:45    155584    ----a-w-    C:\Windows\System32\drivers\ataport.sys
2013-08-02 02:14:57    215040    ----a-w-    C:\Windows\System32\winsrv.dll
2013-08-02 02:13:34    424448    ----a-w-    C:\Windows\System32\KernelBase.dll
2013-08-02 01:50:42    274944    ----a-w-    C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17    338432    ----a-w-    C:\Windows\System32\conhost.exe
2013-08-02 00:59:09    112640    ----a-w-    C:\Windows\System32\smss.exe
2013-08-02 00:43:05    6144    ---ha-w-    C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05    4608    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-08-01 12:09:36    983488    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-07-25 09:25:54    1888768    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27    1620992    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-20 10:33:12    102608    ----a-w-    C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-07-20 10:33:08    124112    ----a-w-    C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-07-19 01:58:42    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-07-19 01:41:01    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 19:18:23,68 ===============
 

 

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11-8-2013 18:07:34
System Uptime: 13-10-2013 18:58:06 (1 hours ago)
.
Motherboard: Packard Bell |  | SJV52_DN
Processor: AMD Phenom II N970 Quad-Core Processor | Socket S1G4 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 448 GiB total, 46,535 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
???? ??? Windows Live
???? Windows Live
????? Windows Live
?????? ??????? ?? Windows Live
???????? ?????????? Windows Live
?????????? Windows Live
??????????? ?? Windows Live
7-Zip 9.20 (x64 edition)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.04)
AMD Accelerated Video Transcoding
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD VISION Engine Control Center
Anachronox
µTorrent
Avidemux 2.5
Backup Manager Basic
Broadcom Gigabit NetLink Controller
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
D3DX10
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dolphin 4.0
Driver Sweeper versie 3.2.0
ETDWare PS/2-x64 7.0.6.5_WHQL
Fotogalerija Windows Live
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galeria fotogràfica del Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Galería fotográfica de Windows Live
GIMP 2.8.0
Glare
Identity Card
Java 7 Update 25
Java Auto Updater
JDownloader 2
Junk Mail filter update
Launch Manager
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile NLD Language Pack
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_CRT_x86
Mozilla Firefox 24.0 (x86 nl)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
OpenAL
Packard Bell MyBackup
Packard Bell Power Management
Packard Bell Recovery Management
Packard Bell Registration
Packard Bell ScreenSaver
Packard Bell Social Networks
Packard Bell Updater
Papers, Please
Planescape Torment
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Pošta Windows Live
Raccolta foto di Windows Live
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
resident evil 4
S?????? f?t???af??? t?? Windows Live
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2794707) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
SolveigMM AVI Trimmer
SpeedFan (remove only)
SPEEDLINK Strike 2 Gamepad
Spelunky
Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
Thief GOLD
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
Video Web Camera
VLC media player 2.0.8
Welcome Center
Windows Live
Windows Live ???
Windows Live ????
Windows Live Argazki Galeria
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotótár
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotogaléria
Windows Live Fotograf Galerisi
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
.
==== End Of File ===========================
 

 

RogueKiller:

 

RogueKiller V8.7.2 _x64_ [Oct  3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

besturingssysteem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Gestart vanuit : Normale modus
Gebruiker : A [Administrator rechten]
Modus : Scan -- Datum : 10/13/2013 19:26:06
| ARK || FAK || MBR |

¤¤¤ Kwaadaardige processen : 0 ¤¤¤

¤¤¤ Register verwijzingen : 13 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : LAN Messenger (C:\Users\A\Desktop\lmc-1.2.35-win32\lmc.exe [-]) -> gevonden
[RUN][sUSP PATH] HKUS\S-1-5-21-4274040924-4012289211-355380576-1000\[...]\Run : LAN Messenger (C:\Users\A\Desktop\lmc-1.2.35-win32\lmc.exe [-]) -> gevonden
[sHELL][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\Windows : load (C:\Users\A\AppData\Roaming\Microsoft\Windows\taskmgr.exe [x]) -> gevonden
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> gevonden
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> gevonden
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> gevonden
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> gevonden
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> gevonden
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> gevonden
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> gevonden
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> gevonden
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> gevonden
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> gevonden

¤¤¤ geplande taken : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ webbrowsers : 0 ¤¤¤

¤¤¤ Speciale Files / Folders: ¤¤¤

¤¤¤ Driver : [Niet geladen 0x0] ¤¤¤

¤¤¤ Externe Hives: ¤¤¤

¤¤¤ Infectie :  ¤¤¤

¤¤¤ HOSTS Bestand: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Controle: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standaardschijfstations) - WDC WD5000BEVT-22A0RT0 ATA Device +++++
--- User ---
[MBR] c6c0bb79f9bd6874fcda83f24441b42c
[bSP] e9f2f4e0b3163b0e42be5db825e35c50 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 18432 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 37750784 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 37955584 | Size: 458406 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Gereed : << RKreport[0]_S_10132013_192606.txt >>



 

[MrCharlie]

Give this a try:

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.

  Vista/Windows 7/8 users right-click and select Run As Administrator

• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Please uncheck elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you may want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
• If you're ready to clean it all up.....click the Clean button.
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• To restore an item that has been deleted:
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[Artea]

Unfortunately, the problem still remains unchanged.

 

Here's the Adwcleaner log:

 

# AdwCleaner v3.007 - Report created 13/10/2013 at 20:05:34
# Updated 09/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : A - A-PC
# Running from : C:\Users\A\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v24.0 (nl)

[ File : C:\Users\A\AppDAtA\RoAming\MozillA\Firefox\Profiles\0a6ubgx9.default\prefs.js ]


*************************

AdwCleaner[R1].txt - [812 octets] - [13/10/2013 20:01:48]
AdwCleaner[R2].txt - [871 octets] - [13/10/2013 20:04:19]
AdwCleaner[s1].txt - [795 octets] - [13/10/2013 20:05:34]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [854 octets] ##########
 

 

And here's the Malwarebytes log:

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.13.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
A :: A-PC [administrator]

Protection: Disabled

13-10-2013 20:09:07
MBAM-log-2013-10-13 (20-17-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206470
Time elapsed: 7 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\A\AppData\Local\Temp\bitool.dll (PUP.Optional.Somoto) -> No action taken.
C:\Users\A\AppData\Local\Temp\nsw2168.tmp (PUP.Optional.Somoto.A) -> No action taken.
C:\Users\A\Local Settings\Temporary Internet Files\Content.IE5\FLY77SIC\BiTool[1].dll (PUP.Optional.Somoto) -> No action taken.
C:\Users\A\Local Settings\Temporary Internet Files\Content.IE5\KRHSDVOS\bi_downloader[1].exe (PUP.Optional.Somoto.A) -> No action taken.

(end)
 

[MrCharlie]

What browsers are affected?

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system)

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

MrC

[Artea]

I have FireFox and Internet Explorer, and both are affected.

 

I can't seem to find the option for attaching a file (for Addition.txt). Could you tell me where it is?

 

Here's FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by A (administrator) on A-PC on 13-10-2013 21:47:50
Running from C:\Users\A\Downloads\Farbar Recovery Scan Tool
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Dutch Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(LAN Messenger) C:\Users\A\Desktop\lmc-1.2.35-win32\lmc.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
HKCU\...\Run: [uTorrent] - C:\Users\A\AppData\Roaming\uTorrent\uTorrent.exe [1130576 2013-08-12] (BitTorrent Inc.)
HKCU\...\Run: [LAN Messenger] - C:\Users\A\Desktop\lmc-1.2.35-win32\lmc.exe [1721344 2012-07-24] (LAN Messenger)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.dosearches.com/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=sc&from=smt&uid=WDCXWD5000BEVT-22A0RT0_WD-WX81A31L9791L9791&ts=1381671888
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU -  No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0a6ubgx9.default

FF SelectedSearchEngine: dosearches

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0a6ubgx9.default\searchplugins\dictionarycom.xml
FF SearchPlugin: C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0a6ubgx9.default\searchplugins\imdb.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\bolcom-nl.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\marktplaats-nl.xml
FF Extension: United States English Spellchecker - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0a6ubgx9.default\Extensions\en-US@dictionaries.addons.mozilla.org
FF Extension: WOT - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0a6ubgx9.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: DownloadHelper - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0a6ubgx9.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: adblockpopups - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0a6ubgx9.default\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: TFToolbarX - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0a6ubgx9.default\Extensions\TFToolbarX@torrent-finder.xpi
FF Extension: No Name - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0a6ubgx9.default\Extensions\{76C80A11-FAD4-406c-8246-F5ED4F9367B5}.xpi
FF Extension: No Name - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0a6ubgx9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0a6ubgx9.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.dosearches.com/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=sc&from=smt&uid=WDCXWD5000BEVT-22A0RT0_WD-WX81A31L9791L9791&ts=1381671888

==================== Services (Whitelisted) =================

S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.)
S4 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [867712 2011-01-05] (Acer Incorporated)
S4 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
S4 Live Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [255376 2012-04-05] (Acer Incorporated)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
S4 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [255744 2010-06-29] (NewTech Infosystems, Inc.)

==================== Drivers (Whitelisted) ====================

R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-10-13] (Disc Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-08-12] (Duplex Secure Ltd.)
U3 aa8vwgys; C:\Windows\System32\Drivers\aa8vwgys.sys [0 ] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-13 21:15 - 2013-10-13 21:47 - 00000000 ____D C:\Users\A\Downloads\Farbar Recovery Scan Tool
2013-10-13 21:15 - 2013-10-13 21:15 - 00000000 ____D C:\FRST
2013-10-13 20:01 - 2013-10-13 20:05 - 00000000 ____D C:\AdwCleaner
2013-10-13 20:01 - 2013-10-13 20:01 - 01048960 _____ C:\Users\A\Desktop\AdwCleaner.exe
2013-10-13 19:26 - 2013-10-13 19:26 - 00002724 _____ C:\Users\A\Desktop\RKreport[0]_S_10132013_192606.txt
2013-10-13 19:19 - 2013-10-13 19:19 - 00009266 _____ C:\Users\A\Desktop\attach.txt
2013-10-13 19:19 - 2013-10-13 19:18 - 00019580 _____ C:\Users\A\Desktop\dds.txt
2013-10-13 19:15 - 2013-10-13 19:15 - 03985920 _____ C:\Users\A\Desktop\RogueKillerX64.exe
2013-10-13 19:15 - 2013-10-13 19:15 - 00688992 ____R (Swearware) C:\Users\A\Desktop\dds.scr
2013-10-13 19:04 - 2013-10-13 19:04 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2013-10-13 19:04 - 2013-10-13 19:04 - 00001922 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-10-13 19:04 - 2013-10-13 19:04 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-10-13 18:13 - 2013-10-13 18:51 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-13 18:07 - 2013-10-13 18:51 - 00000000 ____D C:\Users\A\Desktop\mbar
2013-10-13 18:07 - 2013-10-13 18:07 - 12576792 _____ (Malwarebytes Corp.) C:\Users\A\Downloads\mbar-1.07.0.1007.exe
2013-10-13 18:07 - 2013-10-13 18:07 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-13 17:06 - 2013-10-13 17:10 - 00000000 ____D C:\Users\A\Desktop\RK_Quarantine
2013-10-13 16:43 - 2013-10-13 16:43 - 00000000 ____D C:\Users\A\AppData\Roaming\Malwarebytes
2013-10-13 16:42 - 2013-10-13 16:42 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\A\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-13 16:42 - 2013-10-13 16:42 - 00001081 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-13 16:42 - 2013-10-13 16:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-13 16:42 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-13 16:01 - 2013-10-13 16:01 - 00000000 _____ C:\autoexec.bat
2013-10-13 16:00 - 2013-10-13 16:43 - 00000000 ____D C:\Windows\86CA3695A4124BAE92B649A60C2AC663.TMP
2013-10-13 15:33 - 2013-10-13 20:18 - 00005514 _____ C:\Windows\PFRO.log
2013-10-13 15:15 - 2013-10-13 15:15 - 00000000 ____D C:\Users\A\AppData\Roaming\InstallShield
2013-10-13 15:15 - 2013-10-13 15:15 - 00000000 ____D C:\ProgramData\InstallShield
2013-10-13 15:06 - 2013-10-13 15:06 - 00000000 ____D C:\Users\A\AppData\Local\Apps\2.0
2013-10-13 10:05 - 2013-10-13 15:33 - 00045444 _____ C:\Windows\WindowsUpdate.log
2013-10-13 01:11 - 2013-10-13 15:24 - 00000000 ____D C:\Users\A\Downloads\Mage.Knight.Apocalypse.Proper-Razor1911
2013-10-13 01:00 - 2013-10-13 21:41 - 00000896 _____ C:\Windows\setupact.log
2013-10-13 01:00 - 2013-10-13 01:00 - 00000000 _____ C:\Windows\setuperr.log
2013-10-12 15:55 - 2013-10-12 15:55 - 00053348 _____ C:\Users\A\Desktop\cc_20131012_155553.reg
2013-10-11 14:47 - 2013-09-04 14:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-11 14:47 - 2013-09-04 14:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-11 14:47 - 2013-09-04 14:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-11 14:47 - 2013-09-04 14:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-11 14:47 - 2013-09-04 14:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-11 14:47 - 2013-09-04 14:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-11 14:47 - 2013-09-04 14:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-11 09:26 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-11 09:26 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-11 09:26 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-11 09:26 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-11 09:26 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-11 09:26 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-11 09:26 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-11 09:26 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-11 09:26 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-11 09:26 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-11 09:26 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-11 09:26 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-11 09:26 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-11 09:26 - 2013-09-23 00:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-11 09:26 - 2013-09-23 00:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-11 09:26 - 2013-09-23 00:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-11 09:26 - 2013-09-23 00:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-11 09:26 - 2013-09-23 00:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-11 09:26 - 2013-09-23 00:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-11 09:26 - 2013-09-23 00:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-11 09:26 - 2013-09-23 00:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-11 09:26 - 2013-09-23 00:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-11 09:26 - 2013-09-23 00:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-11 09:26 - 2013-09-23 00:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-11 09:26 - 2013-09-23 00:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-11 09:26 - 2013-09-23 00:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-11 09:26 - 2013-09-23 00:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-11 09:26 - 2013-09-21 05:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-11 09:26 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-11 09:26 - 2013-09-21 04:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-11 09:26 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-11 00:44 - 2013-10-11 09:45 - 00000000 ____D C:\Users\A\Downloads\The Sandman
2013-10-10 23:07 - 2013-10-10 23:07 - 00000752 _____ C:\Users\Public\Desktop\Glare.lnk
2013-10-10 23:05 - 2013-10-10 23:58 - 00000000 ____D C:\Program Files (x86)\Glare
2013-10-10 08:33 - 2013-09-14 03:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-10 08:33 - 2013-09-08 04:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-10 08:33 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-10 08:33 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-10 08:33 - 2013-08-29 04:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-10 08:33 - 2013-08-29 04:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-10 08:33 - 2013-08-29 04:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-10 08:33 - 2013-08-29 04:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-10 08:33 - 2013-08-29 04:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-10 08:33 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-10 08:33 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-10 08:33 - 2013-08-29 03:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-10 08:33 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-10 08:33 - 2013-08-29 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-10 08:33 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-10 08:33 - 2013-08-29 02:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-10 08:33 - 2013-08-29 02:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-10 08:33 - 2013-08-29 02:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-10 08:33 - 2013-08-29 02:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-10 08:33 - 2013-08-28 03:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 08:33 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-10 08:33 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-10 08:33 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 08:33 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 08:33 - 2013-07-12 12:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-10 08:33 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-10 08:33 - 2013-07-12 12:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-10 08:33 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-10 08:33 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 08:33 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-10 08:33 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-10 08:33 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-10 08:33 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-10 08:33 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-10 08:33 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 08:33 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 08:33 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-10 08:33 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-10 08:33 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-10 08:33 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-10 08:33 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-10 08:33 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-10 08:33 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-10 08:33 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-10 08:33 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 08:33 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-10 08:33 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 18:13 - 2013-10-11 20:23 - 00000000 ____D C:\Users\A\Downloads\Archer - Season 1 - 4 iTunes
2013-10-08 19:31 - 2013-10-13 20:09 - 00000000 ____D C:\Users\A\Downloads\Games
2013-10-08 12:19 - 2013-10-08 12:20 - 00000000 ____D C:\Users\A\Downloads\Cibrail 2011
2013-10-07 12:17 - 2013-10-07 12:17 - 00000000 ____D C:\Users\A\Downloads\2008 Beatific Vision (USA)
2013-10-06 18:14 - 2013-10-06 18:15 - 00000141 _____ C:\Users\A\Desktop\Boete.txt
2013-10-06 15:32 - 2013-10-06 16:14 - 00000000 ____D C:\Users\A\Downloads\Before.I.Forget.2007.DVDRip.XviD-WRD
2013-10-05 13:55 - 2013-10-05 13:55 - 00001910 _____ C:\Users\A\Desktop\Portal.lnk
2013-10-05 13:42 - 2013-10-05 13:42 - 00000000 ____D C:\Program Files (x86)\Valve
2013-10-03 20:01 - 2013-10-04 12:21 - 00000000 ____D C:\Users\A\Downloads\Beatific Vision
2013-10-03 17:27 - 2013-10-03 17:29 - 00000000 ____D C:\Users\A\Downloads\You Belong to Me
2013-10-03 16:47 - 2013-10-04 18:59 - 00000336 _____ C:\Users\A\Desktop\No seeds.txt
2013-10-03 12:20 - 2013-10-03 12:20 - 00000000 ____D C:\Users\A\AppData\Roaming\SNS
2013-10-02 17:35 - 2013-10-03 12:22 - 00000000 ____D C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antichamber
2013-10-01 11:49 - 2013-10-01 11:49 - 00000000 ____D C:\Users\A\AppData\Local\Ubisoft Game Launcher
2013-09-24 14:04 - 2013-09-24 14:04 - 00000000 ____D C:\Users\A\Downloads\2006 Contadora Is For Lovers (USA-PAN)
2013-09-23 19:47 - 2002-05-21 08:37 - 00131072 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\eax.dll
2013-09-23 09:22 - 2013-09-23 21:23 - 00000000 ____D C:\Users\A\Documents\Dolphin Emulator
2013-09-23 09:17 - 2013-09-23 09:18 - 00000000 ____D C:\Program Files\Dolphin 4.0
2013-09-23 00:34 - 2013-09-23 00:35 - 00000000 ____D C:\Users\A\AppData\Local\Windows Live Writer
2013-09-23 00:34 - 2013-09-23 00:34 - 00000000 ____D C:\Users\A\AppData\Roaming\Windows Live Writer
2013-09-21 20:39 - 2013-09-21 20:39 - 00000000 ____D C:\Users\A\Downloads\2007 Skull & Bones (USA)
2013-09-21 19:30 - 2013-09-22 00:15 - 00000000 ____D C:\Users\A\AppData\Roaming\runic games
2013-09-20 16:05 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-09-19 08:49 - 2013-09-19 13:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-15 22:40 - 2013-09-15 22:40 - 00000000 ____D C:\Program Files (x86)\Solveig Multimedia
2013-09-14 02:04 - 2013-09-16 14:09 - 00000000 ____D C:\Program Files (x86)\Video Web Camera
2013-09-14 01:46 - 2013-09-14 01:46 - 00000000 ____D C:\Users\A\AppData\Local\CyberLink
2013-09-14 01:41 - 2013-09-14 01:41 - 00000032 _____ C:\ProgramData\Temp.log
2013-09-13 00:58 - 2013-09-13 01:01 - 00000120 _____ C:\Windows\wininit.ini

==================== One Month Modified Files and Folders =======

2013-10-13 21:47 - 2013-10-13 21:15 - 00000000 ____D C:\Users\A\Downloads\Farbar Recovery Scan Tool
2013-10-13 21:45 - 2013-08-11 22:15 - 00000940 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-13 21:43 - 2013-08-12 04:06 - 00000000 ____D C:\Users\A\AppData\Roaming\uTorrent
2013-10-13 21:41 - 2013-10-13 01:00 - 00000896 _____ C:\Windows\setupact.log
2013-10-13 21:41 - 2009-07-14 07:08 - 00032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-13 21:41 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-13 21:15 - 2013-10-13 21:15 - 00000000 ____D C:\FRST
2013-10-13 21:08 - 2013-08-12 18:43 - 00000000 ____D C:\Users\A\AppData\Local\CrashDumps
2013-10-13 20:26 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-13 20:26 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-13 20:18 - 2013-10-13 15:33 - 00005514 _____ C:\Windows\PFRO.log
2013-10-13 20:09 - 2013-10-08 19:31 - 00000000 ____D C:\Users\A\Downloads\Games
2013-10-13 20:09 - 2013-08-11 23:13 - 00000000 ____D C:\Users\A\Downloads\JDownloader
2013-10-13 20:05 - 2013-10-13 20:01 - 00000000 ____D C:\AdwCleaner
2013-10-13 20:01 - 2013-10-13 20:01 - 01048960 _____ C:\Users\A\Desktop\AdwCleaner.exe
2013-10-13 20:00 - 2013-08-11 22:45 - 00000000 ____D C:\Users\A\AppData\Roaming\vlc
2013-10-13 19:26 - 2013-10-13 19:26 - 00002724 _____ C:\Users\A\Desktop\RKreport[0]_S_10132013_192606.txt
2013-10-13 19:19 - 2013-10-13 19:19 - 00009266 _____ C:\Users\A\Desktop\attach.txt
2013-10-13 19:18 - 2013-10-13 19:19 - 00019580 _____ C:\Users\A\Desktop\dds.txt
2013-10-13 19:15 - 2013-10-13 19:15 - 03985920 _____ C:\Users\A\Desktop\RogueKillerX64.exe
2013-10-13 19:15 - 2013-10-13 19:15 - 00688992 ____R (Swearware) C:\Users\A\Desktop\dds.scr
2013-10-13 19:15 - 2013-08-11 18:07 - 00000000 ____D C:\Users\A
2013-10-13 19:07 - 2013-08-12 01:07 - 00699554 _____ C:\Windows\system32\perfh013.dat
2013-10-13 19:07 - 2013-08-12 01:07 - 00132570 _____ C:\Windows\system32\perfc013.dat
2013-10-13 19:07 - 2009-07-14 07:13 - 01543080 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-13 19:04 - 2013-10-13 19:04 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2013-10-13 19:04 - 2013-10-13 19:04 - 00001922 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-10-13 19:04 - 2013-10-13 19:04 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-10-13 18:51 - 2013-10-13 18:13 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-13 18:51 - 2013-10-13 18:07 - 00000000 ____D C:\Users\A\Desktop\mbar
2013-10-13 18:07 - 2013-10-13 18:07 - 12576792 _____ (Malwarebytes Corp.) C:\Users\A\Downloads\mbar-1.07.0.1007.exe
2013-10-13 18:07 - 2013-10-13 18:07 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-13 17:10 - 2013-10-13 17:06 - 00000000 ____D C:\Users\A\Desktop\RK_Quarantine
2013-10-13 16:47 - 2013-08-11 23:00 - 00000000 ____D C:\Users\A\Desktop\Games
2013-10-13 16:43 - 2013-10-13 16:43 - 00000000 ____D C:\Users\A\AppData\Roaming\Malwarebytes
2013-10-13 16:43 - 2013-10-13 16:00 - 00000000 ____D C:\Windows\86CA3695A4124BAE92B649A60C2AC663.TMP
2013-10-13 16:42 - 2013-10-13 16:42 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\A\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-13 16:42 - 2013-10-13 16:42 - 00001081 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-13 16:42 - 2013-10-13 16:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-13 16:01 - 2013-10-13 16:01 - 00000000 _____ C:\autoexec.bat
2013-10-13 15:44 - 2013-08-11 18:07 - 00001741 _____ C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-13 15:33 - 2013-10-13 10:05 - 00045444 _____ C:\Windows\WindowsUpdate.log
2013-10-13 15:24 - 2013-10-13 01:11 - 00000000 ____D C:\Users\A\Downloads\Mage.Knight.Apocalypse.Proper-Razor1911
2013-10-13 15:16 - 2011-04-14 15:19 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-10-13 15:15 - 2013-10-13 15:15 - 00000000 ____D C:\Users\A\AppData\Roaming\InstallShield
2013-10-13 15:15 - 2013-10-13 15:15 - 00000000 ____D C:\ProgramData\InstallShield
2013-10-13 15:06 - 2013-10-13 15:06 - 00000000 ____D C:\Users\A\AppData\Local\Apps\2.0
2013-10-13 14:45 - 2013-08-12 01:28 - 00000000 ____D C:\Users\A\AppData\Roaming\DAEMON Tools Lite
2013-10-13 10:36 - 2013-08-11 22:56 - 00000805 _____ C:\Users\A\Desktop\Download.txt
2013-10-13 01:35 - 2013-08-30 11:49 - 00000000 ____D C:\Program Files (x86)\JDownloader v2.0
2013-10-13 01:00 - 2013-10-13 01:00 - 00000000 _____ C:\Windows\setuperr.log
2013-10-12 15:55 - 2013-10-12 15:55 - 00053348 _____ C:\Users\A\Desktop\cc_20131012_155553.reg
2013-10-12 15:55 - 2007-07-12 03:49 - 00000000 ____D C:\Windows\Panther
2013-10-12 15:24 - 2013-08-22 20:42 - 00000000 ____D C:\GOG games
2013-10-11 20:23 - 2013-10-09 18:13 - 00000000 ____D C:\Users\A\Downloads\Archer - Season 1 - 4 iTunes
2013-10-11 14:48 - 2013-08-11 23:58 - 00001912 _____ C:\Windows\epplauncher.mif
2013-10-11 14:48 - 2013-08-11 23:55 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-11 14:48 - 2013-08-11 23:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-10-11 14:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-10-11 13:53 - 2009-07-14 06:45 - 00420448 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 13:52 - 2013-08-12 00:28 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 13:52 - 2013-08-12 00:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-11 09:45 - 2013-10-11 00:44 - 00000000 ____D C:\Users\A\Downloads\The Sandman
2013-10-11 09:29 - 2013-08-14 22:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-11 01:15 - 2013-08-11 20:19 - 00000000 ____D C:\Windows\system32\MRT
2013-10-11 01:15 - 2013-08-11 19:20 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 23:58 - 2013-10-10 23:05 - 00000000 ____D C:\Program Files (x86)\Glare
2013-10-10 23:07 - 2013-10-10 23:07 - 00000752 _____ C:\Users\Public\Desktop\Glare.lnk
2013-10-10 17:14 - 2013-08-13 20:34 - 00000000 ____D C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-10-10 14:24 - 2013-08-12 01:42 - 00000000 ____D C:\Users\A\Downloads\TV
2013-10-09 08:45 - 2013-08-11 22:15 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-09 08:45 - 2013-08-11 22:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 08:45 - 2013-08-11 22:15 - 00003878 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-08 20:39 - 2013-08-22 21:41 - 00000000 ____D C:\Users\A\Downloads\I Want Your Love
2013-10-08 15:36 - 2013-08-12 00:54 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2013-10-08 12:20 - 2013-10-08 12:19 - 00000000 ____D C:\Users\A\Downloads\Cibrail 2011
2013-10-07 12:17 - 2013-10-07 12:17 - 00000000 ____D C:\Users\A\Downloads\2008 Beatific Vision (USA)
2013-10-06 18:15 - 2013-10-06 18:14 - 00000141 _____ C:\Users\A\Desktop\Boete.txt
2013-10-06 16:14 - 2013-10-06 15:32 - 00000000 ____D C:\Users\A\Downloads\Before.I.Forget.2007.DVDRip.XviD-WRD
2013-10-06 01:46 - 2013-08-11 22:40 - 00000000 ____D C:\Users\A\Documents\Werk
2013-10-05 13:55 - 2013-10-05 13:55 - 00001910 _____ C:\Users\A\Desktop\Portal.lnk
2013-10-05 13:42 - 2013-10-05 13:42 - 00000000 ____D C:\Program Files (x86)\Valve
2013-10-05 01:31 - 2013-08-12 03:33 - 00000000 ____D C:\Users\A\AppData\Roaming\avidemux
2013-10-04 18:59 - 2013-10-03 16:47 - 00000336 _____ C:\Users\A\Desktop\No seeds.txt
2013-10-04 14:54 - 2013-08-22 17:20 - 00000000 ____D C:\Users\A\Downloads\1. New G
2013-10-04 12:21 - 2013-10-03 20:01 - 00000000 ____D C:\Users\A\Downloads\Beatific Vision
2013-10-03 20:38 - 2013-08-25 18:45 - 00000000 ____D C:\Users\A\AppData\Local\SKIDROW
2013-10-03 17:29 - 2013-10-03 17:27 - 00000000 ____D C:\Users\A\Downloads\You Belong to Me
2013-10-03 12:22 - 2013-10-02 17:35 - 00000000 ____D C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antichamber
2013-10-03 12:20 - 2013-10-03 12:20 - 00000000 ____D C:\Users\A\AppData\Roaming\SNS
2013-10-01 13:15 - 2013-08-16 01:12 - 00000000 ____D C:\Users\A\Documents\Received Files
2013-10-01 11:49 - 2013-10-01 11:49 - 00000000 ____D C:\Users\A\AppData\Local\Ubisoft Game Launcher
2013-10-01 11:49 - 2013-08-31 12:51 - 00000000 ____D C:\ProgramData\Orbit
2013-09-30 15:59 - 2013-08-26 23:16 - 00000000 ____D C:\Users\A\.gimp-2.8
2013-09-24 14:04 - 2013-09-24 14:04 - 00000000 ____D C:\Users\A\Downloads\2006 Contadora Is For Lovers (USA-PAN)
2013-09-23 21:23 - 2013-09-23 09:22 - 00000000 ____D C:\Users\A\Documents\Dolphin Emulator
2013-09-23 09:18 - 2013-09-23 09:17 - 00000000 ____D C:\Program Files\Dolphin 4.0
2013-09-23 01:28 - 2013-10-11 09:26 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-23 01:28 - 2013-10-11 09:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-23 01:27 - 2013-10-11 09:26 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-23 01:27 - 2013-10-11 09:26 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-23 01:27 - 2013-10-11 09:26 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-23 01:27 - 2013-10-11 09:26 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-23 01:27 - 2013-10-11 09:26 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-23 01:27 - 2013-10-11 09:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-23 01:27 - 2013-10-11 09:26 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-23 01:27 - 2013-10-11 09:26 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-23 01:27 - 2013-10-11 09:26 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-23 01:27 - 2013-10-11 09:26 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-23 01:27 - 2013-10-11 09:26 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-23 00:55 - 2013-10-11 09:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 00:55 - 2013-10-11 09:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 00:55 - 2013-10-11 09:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 00:54 - 2013-10-11 09:26 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-23 00:54 - 2013-10-11 09:26 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 00:54 - 2013-10-11 09:26 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-23 00:54 - 2013-10-11 09:26 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 00:54 - 2013-10-11 09:26 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-23 00:54 - 2013-10-11 09:26 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-23 00:54 - 2013-10-11 09:26 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-23 00:54 - 2013-10-11 09:26 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-23 00:54 - 2013-10-11 09:26 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-23 00:54 - 2013-10-11 09:26 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-23 00:54 - 2013-10-11 09:26 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-23 00:35 - 2013-09-23 00:34 - 00000000 ____D C:\Users\A\AppData\Local\Windows Live Writer
2013-09-23 00:35 - 2013-08-11 18:07 - 00000000 ____D C:\Users\A\AppData\Local\Windows Live
2013-09-23 00:34 - 2013-09-23 00:34 - 00000000 ____D C:\Users\A\AppData\Roaming\Windows Live Writer
2013-09-22 00:15 - 2013-09-21 19:30 - 00000000 ____D C:\Users\A\AppData\Roaming\runic games
2013-09-21 20:39 - 2013-09-21 20:39 - 00000000 ____D C:\Users\A\Downloads\2007 Skull & Bones (USA)
2013-09-21 05:38 - 2013-10-11 09:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-21 05:30 - 2013-10-11 09:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-21 04:48 - 2013-10-11 09:26 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-21 04:39 - 2013-10-11 09:26 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-20 08:21 - 2013-08-11 21:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-19 13:00 - 2013-09-19 08:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-19 13:00 - 2013-08-11 21:50 - 00000000 ____D C:\Users\A\AppData\Local\Mozilla
2013-09-16 14:09 - 2013-09-14 02:04 - 00000000 ____D C:\Program Files (x86)\Video Web Camera
2013-09-15 22:40 - 2013-09-15 22:40 - 00000000 ____D C:\Program Files (x86)\Solveig Multimedia
2013-09-14 03:10 - 2013-10-10 08:33 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-09-14 01:51 - 2013-08-11 18:07 - 00000000 ___RD C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-14 01:50 - 2011-04-14 15:54 - 00000000 ____D C:\Program Files\Packard Bell
2013-09-14 01:46 - 2013-09-14 01:46 - 00000000 ____D C:\Users\A\AppData\Local\CyberLink
2013-09-14 01:41 - 2013-09-14 01:41 - 00000032 _____ C:\ProgramData\Temp.log
2013-09-14 01:38 - 2013-08-14 23:01 - 00000000 ____D C:\Users\A\Documents\Youcam
2013-09-13 12:46 - 2013-08-25 13:56 - 00000396 _____ C:\Windows\SIERRA.INI
2013-09-13 01:01 - 2013-09-13 00:58 - 00000120 _____ C:\Windows\wininit.ini

Some content of TEMP:
====================
C:\Users\A\AppData\Local\Temp\ntdll_dump.dll
C:\Users\A\AppData\Local\Temp\Quarantine.exe
C:\Users\A\AppData\Local\Temp\SHSetup.exe
C:\Users\A\AppData\Local\Temp\_is83B0.exe
C:\Users\A\AppData\Local\Temp\_is8C28.exe
C:\Users\A\AppData\Local\Temp\_is9C20.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-11 14:22

==================== End Of Log ============================

[Artea]

Ah, here it is. It doesn't show if you use the simple reply option.

Addition.txt

[MrCharlie]

Download the attached fixlist.txt to the same folder as FRST.
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

See how it is, if no difference...........

Right-click your browser’s shortcut. Choose Properties. Go to Shortcut tab and navigate to Target line. There should be only your browser’s directory in the Targetline:

Internet Explorer – C:Program FilesInternet Exploreriexplore.exe

Mozilla Firefox –C:Program FilesMozilla Firefoxfirefox.exe

Google Chrome – C:Program FilesGoogleChromeApplicationchrome.exe


Let me know.......MrC

[Artea]

I followed your suggestion about changing the shortcut target line and it worked. No sight of dosearches anywhere. I did it before running fixlist.though.

 

Anyway, here's Fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by A at 2013-10-14 00:13:42 Run:1
Running from C:\Users\A\Downloads\Farbar Recovery Scan Tool
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
FF SelectedSearchEngine: dosearches
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.dosearche...1&ts=1381671888
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.dosearche...1&ts=1381671888

*****************

Firefox SelectedSearchEngine deleted successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.

==== End of Fixlog ====

[MrCharlie]

Great.....

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• If you get Unsupported operating system. Aborting now, just reboot and try again.
• A Notepad document should open automatically called checkup.txt.
• Please Post the contents of that document.
• Do Not Attach It!!!

MrC

[Artea]

 Results of screen317's Security Check version 0.99.74  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 25  
 Java version out of Date!
 Adobe Flash Player 11.9.900.117  
 Adobe Reader XI  
 Mozilla Firefox (24.0)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````
 

[MrCharlie]

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Java 7 Update 25 <---please update, should be Update 40
Java version out of Date! <--------Go to control panel > Java > Update Tab > Update Now
Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /



Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

If you used FRST:
Download the fixlist.txt to the same folder as FRST.
Run FRST and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-----------------------------

Please download OTC to your desktop.
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[Artea]

Allright, I followed all those steps. Thank again for all your help.

[MrCharlie]

OK....Take Care MrC

[LDTate]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.