Jump to content

Problem with sdfssvc? And unknown websites.


Recommended Posts

Hi! I'm new here so I hope this is correct!
Yesterday I was on a skype video call, watching a legal stream on Crunchyroll, and also had Facebook, Youtube, and Gmail open, suddenly a new tab opened saying "You need to clean your computer to prevent system breakage."
I saw it and immediately tried closing it (I'm not dumb and about to click "clean now") but nothing worked, had to use task manager.
Ran MB (Pro trial), AVG, MSE, and Spybot, NOTHING turned up, and I thought "Oh good, maybe it was blocked", however, MB keeps blocking outgoing on my computer from "sdfssvc" as well as incoming ones from skype (which I'm not too worried as I had read a help topic on this site in regards about that but I thought I'd mention it as well).
The computer is running okay, but still concerned about overall privacy as it seems slightly out of funk lately. I'm posting the DDS log below as mentioned in the first post and attaching "attach"
Thank you whoever helps me for your time, it means a lot to me! :)
~Lainy

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16720  BrowserJavaVersion: 10.40.2
Run by Another at 17:30:48 on 2013-10-20
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8144.3443 [GMT -4:00]
.
AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\UnsignedThemesSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Logitech\G35\G35.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{FAF2E85D-7C6D-4407-A61C-B16E9593E105} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-5 45880]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-2-19 19264]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2013-3-13 22600]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2012-9-4 50296]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-7-20 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-4-4 46368]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2013-9-4 1432080]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-2-19 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-2-19 163608]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-10-20 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-10-20 701512]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2013-10-3 121616]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 139616]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-10-3 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-10-3 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-10-3 168384]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-5-12 413472]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-2-19 363800]
R2 UnsignedThemes;Unsigned Themes;C:\Windows\UnsignedThemesSvc.exe [2009-7-13 24168]
R2 uxpatch;uxpatch;C:\Windows\System32\drivers\uxpatch.sys [2009-7-13 30568]
R2 vToolbarUpdater17.0.12;vToolbarUpdater17.0.12;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [2013-10-1 1734680]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-2-19 357184]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-2-19 789824]
R3 LADF_DHP2;G35 DHP2 Filter Driver;C:\Windows\System32\drivers\ladfDHP2amd64.sys [2010-9-29 62168]
R3 LADF_SBVM;G35 SBVM Filter Driver;C:\Windows\System32\drivers\ladfSBVMamd64.sys [2010-9-29 377176]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-20 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-8-12 366600]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-2-19 677480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-11-22 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-7 19456]
S3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2013-1-23 13368]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-7 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-5-7 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-26 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-10-20 19:00:20 -------- d-----w- C:\Users\Another\AppData\Local\2K Games
2013-10-20 19:00:19 -------- d-----w- C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2013-10-20 09:24:49 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CBB4BCBD-68BA-4A68-897E-A531B9E26057}\offreg.dll
2013-10-20 05:15:31 -------- d-----w- C:\Users\Another\AppData\Roaming\Malwarebytes
2013-10-20 05:15:23 -------- d-----w- C:\ProgramData\Malwarebytes
2013-10-20 05:15:22 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-10-20 05:15:22 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-19 16:25:51 -------- d-----w- C:\Users\Another\FRANDZ N STUFF
2013-10-19 14:55:01 965000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C6D64CD1-2CD5-447D-A535-1AEA887D9303}\gapaengine.dll
2013-10-19 14:54:17 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CBB4BCBD-68BA-4A68-897E-A531B9E26057}\mpengine.dll
2013-10-17 15:20:33 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-11 22:09:04 -------- d-----w- C:\Users\Another\AppData\Local\Darksiders2
2013-10-10 20:17:25 -------- d-----w- C:\Users\Another\AppData\Roaming\W Photo Studio Viewer
2013-10-03 19:55:17 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-10-03 19:55:07 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-10-03 19:55:02 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-10-03 06:45:15 -------- d-----w- C:\Users\Another\AppData\Roaming\RenPy
2013-10-03 06:44:17 -------- d-----w- C:\ProgramData\Package Cache
2013-10-02 02:11:24 -------- d-----w- C:\ProgramData\Oracle
2013-10-02 02:11:10 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M  ====================
.
2013-10-02 03:08:43 46368 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-10-02 02:11:03 868264 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-10-02 02:11:02 790440 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-09-05 05:43:42 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-08-01 12:09:36 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-07-27 19:41:31 281032 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-07-27 19:41:31 281032 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-07-26 20:30:02 281032 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
.
============= FINISH: 17:31:13.32 ===============





Attach will be attached :)

attach.txt

Link to post
Share on other sites

Not meaning to bump or anything but I don't see an "Edit" option for my previous post. I just had another window open again with "To prevent system breakage".
Once again it froze everything related to Chrome and I had to use task manager to get rid of it.
It references Microsoft Security Essentials, but I googled the message and Microsoft confirms that it is a fake message and they're "looking into it" in the only forum thing I saw for it.
But my guess is that whatever it is is ON my computer already to be opening these tabs on their own.

Link to post
Share on other sites

Yes & no. The bit on the right never showed up. I'm assuming it was most likely blocked by one of my programs from opening, however, the part on the left opens up as a website itself almost, but that is the exact dialog, word for word. also I noticed when I made the update, the buttons weren't there either, just the text, so I'm getting the feeling it's somehow being blocked, but still on my computer, Does this mean a fix is possible??

Link to post
Share on other sites

Here's a photo of the blocked IP addressed I've been getting (several times). I'm still uncertain if they have anything to do with the warnings I keep getting from the fake antivirus. But I figure I should give you guys as much info to work with as possible.


post-147071-0-82818100-1382319200_thumb.

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:
 

Please read the following and post back the log

P2P/Piracy Warning:
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.




Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)




STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.



STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


 

Link to post
Share on other sites

Heyhi! Thank you so much for the immediate help! :)
I've followed each step as instructed, here's the logs =)


1 .)  RKill

 

Rkill 2.6.2 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 10/21/2013 12:30:11 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file.
 
 * HOSTS file entries found: 
 
  127.0.0.1 www.007guard.com
  127.0.0.1 007guard.com
  127.0.0.1 008i.com
  127.0.0.1 www.008k.com
  127.0.0.1 008k.com
  127.0.0.1 www.00hq.com
  127.0.0.1 00hq.com
  127.0.0.1 010402.com
  127.0.0.1 www.032439.com
  127.0.0.1 032439.com
  127.0.0.1 www.0scan.com
  127.0.0.1 0scan.com
  127.0.0.1 1000gratisproben.com
  127.0.0.1 www.1000gratisproben.com
  127.0.0.1 1001namen.com
  127.0.0.1 www.1001namen.com
  127.0.0.1 100888290cs.com
  127.0.0.1 www.100888290cs.com
  127.0.0.1 www.100sexlinks.com
  127.0.0.1 100sexlinks.com
 
  20 out of 15452 HOSTS entries shown.
  Please review HOSTS file for further entries.
 
Program finished at: 10/21/2013 12:30:16 PM
Execution time: 0 hours(s), 0 minute(s), and 5 seconds(s)


















2.) RogueKiller

RogueKiller V8.7.4 _x64_ [Oct 16 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Another [Admin rights]
Mode : Scan -- Date : 10/21/2013 12:42:22
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 6 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - ST2000DM001-1CH164 +++++
--- User ---
[MBR] 47c7d40c228b8913ab7b6185220c5238
[bSP] 310fe3295c94d23830d8ac48cbde8544 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1907627 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_10212013_124222.txt >>
 
 
 
(Question about that log, why is there logs for stuff I've never even heard of?)
Anyways, thank you again! =)

I will wait for your next steps. Let me know how those ones look :)

Link to post
Share on other sites

  • Root Admin

The logs are mainly only showing that you're using some type of hosts file protection which is typically a good thing.

 

Please go ahead and run through the following steps and post back the logs when ready.

STEP 03
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus



STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.


STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.



STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.


 

Link to post
Share on other sites

Real quick, I notice step 4 says to shut down antivirus and then start it back up again, I've had them all shut down since step "

  • Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners."

    Was I not suppose to keep them shut off? :S I guess I'll start them back up after this step then, that won't negatively effect anything I hope :/


    (as a side note, finish the MBar scan, nothing was found, I'll post those logs quickly while I do the other scans)

     

mbar-log-2013-10-21 (13-24-15).txt

system-log.txt

Link to post
Share on other sites

JRT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Home Premium x64
Ran by Another on Mon 10/21/2013 at 13:53:47.24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
 
 
 
~~~ Files
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
ADWCleaner
 
# AdwCleaner v3.010 - Report created 21/10/2013 at 14:54:02
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Another - ANOTHER-PC
# Running from : C:\Users\Another\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : vToolbarUpdater17.0.12
 
***** [ Files / Folders ] *****
 
Folder Found : C:\Users\Another\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16720
 
 
-\\ Google Chrome v30.0.1599.101
 
[ File : C:\Users\Another\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [2867 octets] - [21/10/2013 14:54:02]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2927 octets] ##########














MBAM
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.10.21.05
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Another :: ANOTHER-PC [administrator]
 
Protection: Disabled
 
10/21/2013 2:57:34 PM
mbam-log-2013-10-21 (14-57-34).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 242381
Time elapsed: 3 minute(s), 11 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)







C:\Program Files (x86)\Cheat Engine 6.3\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB application
C:\Program Files (x86)\Cheat Engine 6.3\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF application
(Cheat engine is a single player cheating program which I primarily use to altering games that are modded or in development. It should be clean though)

 



FRST

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-10-2013
Ran by Another (administrator) on ANOTHER-PC on 21-10-2013 16:15:00
Running from C:\Users\Another\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Logitech©) C:\Program Files (x86)\Logitech\G35\G35.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(McAfee, Inc.) c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Another\Downloads\AdwCleaner.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6468712 2012-03-20] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-13] (Adobe Systems Incorporated)
HKCU\...\Run: [steam] - C:\Program Files (x86)\Steam\steam.exe [1820072 2013-10-17] (Valve Corporation)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-02-27] ()
HKCU\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
MountPoints2: {903a0f4c-7af0-11e2-ab51-806e6f6e6963} - D:\PhotoApp.exe -autorun
MountPoints2: {91895b79-f0d3-11e2-ae54-3085a99cd41d} - E:\TL_Bootstrap.exe
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [Logitech G35] - C:\Program Files (x86)\Logitech\G35\G35.exe [1811800 2010-10-05] (Logitech©)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-08-15] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2404376 2013-10-01] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2237328 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [sDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nmd.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {AFF118A4-F688-4FD6-BA72-F9E17AC1BB77} URL = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 -  No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
Chrome: 
=======
CHR RestoreOnStartup:       "urls_to_restore_on_startup": null
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Another\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.3.1241_0\McChPlg.dll No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll (AVG Technologies)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Happy Cloud Plugin) - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\Another\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Another\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Another\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Another\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Another\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.0.379_0
CHR Extension: (SiteAdvisor) - C:\Users\Another\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.3.1271_0
CHR Extension: (AdBlock) - C:\Users\Another\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0
CHR Extension: (Skype Click to Call) - C:\Users\Another\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0
CHR Extension: (AVG SafeGuard) - C:\Users\Another\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.0.1.12_0
CHR Extension: (CR Queue.0) - C:\Users\Another\AppData\Local\Google\Chrome\User Data\Default\Extensions\onkdfchaiebkbhlbcdgbemkblolppign\1.8.7.7_0
CHR Extension: (Gmail) - C:\Users\Another\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.0.1.12\avg.crx
 
==================== Services (Whitelisted) =================
 
S2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432080 2013-09-04] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [163608 2012-03-06] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [121616 2013-10-02] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-07-09] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
S2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-13] (The Within Network, LLC)
R2 vToolbarUpdater17.0.12; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [1734680 2013-10-01] (AVG Secure Search)
 
==================== Drivers (Whitelisted) ====================
 
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-03-06] (AVAST Software)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-09-05] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-01] (AVG Technologies)
R3 LADF_DHP2; C:\Windows\System32\DRIVERS\ladfDHP2amd64.sys [62168 2010-09-29] (Logitech)
R3 LADF_SBVM; C:\Windows\System32\DRIVERS\ladfSBVMamd64.sys [377176 2010-09-29] (Logitech)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-13] ()
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-10-21 16:14 - 2013-10-21 16:14 - 01954670 _____ (Farbar) C:\Users\Another\Downloads\FRST64.exe
2013-10-21 16:14 - 2013-10-21 16:14 - 00000000 ____D C:\FRST
2013-10-21 16:13 - 2013-10-21 16:13 - 00000234 _____ C:\Users\Another\Desktop\eset.txt
2013-10-21 15:03 - 2013-10-21 15:03 - 02347384 _____ (ESET) C:\Users\Another\Downloads\esetsmartinstaller_enu.exe
2013-10-21 15:03 - 2013-10-21 15:03 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-21 14:55 - 2013-10-21 14:56 - 00005931 _____ C:\Users\Another\Desktop\new.txt
2013-10-21 14:53 - 2013-10-21 14:54 - 00000000 ____D C:\AdwCleaner
2013-10-21 14:53 - 2013-10-21 14:53 - 01060070 _____ C:\Users\Another\Downloads\AdwCleaner.exe
2013-10-21 13:57 - 2013-10-21 13:57 - 00003321 _____ C:\Users\Another\Desktop\JRT.txt
2013-10-21 13:53 - 2013-10-21 13:53 - 00000000 ____D C:\Windows\ERUNT
2013-10-21 13:50 - 2013-10-21 13:50 - 01033335 _____ (Thisisu) C:\Users\Another\Downloads\JRT.exe
2013-10-21 13:24 - 2013-10-21 13:39 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-21 13:19 - 2013-10-21 13:41 - 00000000 ____D C:\Users\Another\Desktop\mbar
2013-10-21 13:19 - 2013-10-21 13:19 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Another\Downloads\mbar-1.07.0.1007.exe
2013-10-21 13:19 - 2013-10-21 13:19 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-21 12:42 - 2013-10-21 12:42 - 00002362 _____ C:\Users\Another\Desktop\RKreport[0]_S_10212013_124222.txt
2013-10-21 12:33 - 2013-10-21 12:38 - 00000000 ____D C:\Users\Another\Desktop\RK_Quarantine
2013-10-21 12:33 - 2013-10-21 12:33 - 03989504 _____ C:\Users\Another\Downloads\RogueKillerX64.exe
2013-10-21 12:32 - 2013-10-21 12:32 - 00000000 ____D C:\Windows\ERDNT
2013-10-21 12:26 - 2013-10-21 12:31 - 00000935 _____ C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk
2013-10-21 12:26 - 2013-10-21 12:31 - 00000935 _____ C:\Users\Another\Desktop\NTREGOPT.lnk
2013-10-21 12:26 - 2013-10-21 12:31 - 00000916 _____ C:\Users\UpdatusUser\Desktop\ERUNT.lnk
2013-10-21 12:26 - 2013-10-21 12:31 - 00000916 _____ C:\Users\Another\Desktop\ERUNT.lnk
2013-10-21 12:26 - 2013-10-21 12:31 - 00000000 ____D C:\Program Files (x86)\ERUNT
2013-10-21 12:22 - 2013-10-21 12:22 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Another\Downloads\erunt-setup.exe
2013-10-21 12:20 - 2013-10-21 12:30 - 00003554 _____ C:\Users\Another\Desktop\Rkill.txt
2013-10-21 12:19 - 2013-10-21 12:19 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Another\Downloads\rkill.exe
2013-10-21 11:23 - 2013-10-21 11:23 - 00000056 _____ C:\Windows\setupact.log
2013-10-21 01:36 - 2013-10-21 01:36 - 00000426 _____ C:\Users\Another\Desktop\STATUS.txt
2013-10-20 17:31 - 2013-10-20 17:31 - 00025315 _____ C:\Users\Another\Desktop\dds.txt
2013-10-20 17:31 - 2013-10-20 17:31 - 00012806 _____ C:\Users\Another\Desktop\attach.txt
2013-10-20 17:30 - 2013-10-20 17:30 - 00688992 ____R (Swearware) C:\Users\Another\Downloads\dds (1).scr
2013-10-20 17:28 - 2013-10-20 17:28 - 00688992 _____ (Swearware) C:\Users\Another\Downloads\dds.scr
2013-10-20 15:00 - 2013-10-20 15:00 - 00000000 ____D C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2013-10-20 15:00 - 2013-10-20 15:00 - 00000000 ____D C:\Users\Another\AppData\Local\2K Games
2013-10-20 12:31 - 2013-10-20 12:31 - 00000000 ____D C:\Users\Another\Documents\Endless Space
2013-10-20 12:30 - 2013-10-20 14:59 - 00037098 _____ C:\Windows\DirectX.log
2013-10-20 01:15 - 2013-10-20 01:15 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-20 01:15 - 2013-10-20 01:15 - 00000000 ____D C:\Users\Another\AppData\Roaming\Malwarebytes
2013-10-20 01:15 - 2013-10-20 01:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-20 01:15 - 2013-10-20 01:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-20 01:15 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-20 01:08 - 2013-10-20 01:08 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Another\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-19 12:25 - 2013-10-19 12:26 - 00000000 ____D C:\Users\Another\FRANDZ N STUFF
2013-10-16 12:10 - 2013-10-16 12:11 - 00000090 _____ C:\Users\Another\Desktop\New Text Document.txt
2013-10-12 09:28 - 2013-10-12 09:35 - 00000000 ____D C:\Users\Another\Desktop\text
2013-10-11 18:09 - 2013-10-11 18:15 - 00000000 ____D C:\Users\Another\AppData\Local\Darksiders2
2013-10-11 18:03 - 2013-10-11 18:03 - 00045859 _____ C:\Users\Another\Downloads\Darksiders2.CT
2013-10-11 17:14 - 2013-10-11 17:14 - 00002041 _____ C:\Users\Another\Downloads\OrganTrail.CT
2013-10-11 16:52 - 2013-10-11 16:52 - 00000000 ____D C:\Users\Another\Documents\DeadIsland
2013-10-11 04:12 - 2013-10-11 04:12 - 00000000 ____D C:\Users\Another\Documents\Game of Thrones
2013-10-11 03:13 - 2013-09-22 19:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-11 03:13 - 2013-09-22 19:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-11 03:13 - 2013-09-22 19:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-11 03:13 - 2013-09-22 19:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-11 03:13 - 2013-09-22 19:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-11 03:13 - 2013-09-22 19:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-11 03:13 - 2013-09-22 19:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-11 03:13 - 2013-09-22 19:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-11 03:13 - 2013-09-22 19:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-11 03:13 - 2013-09-22 19:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-11 03:13 - 2013-09-22 19:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-11 03:13 - 2013-09-22 19:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-11 03:13 - 2013-09-22 19:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-11 03:13 - 2013-09-22 18:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-11 03:13 - 2013-09-22 18:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-11 03:13 - 2013-09-22 18:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-11 03:13 - 2013-09-22 18:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-11 03:13 - 2013-09-22 18:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-11 03:13 - 2013-09-22 18:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-11 03:13 - 2013-09-22 18:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-11 03:13 - 2013-09-22 18:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-11 03:13 - 2013-09-22 18:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-11 03:13 - 2013-09-22 18:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-11 03:13 - 2013-09-22 18:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-11 03:13 - 2013-09-22 18:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-11 03:13 - 2013-09-22 18:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-11 03:13 - 2013-09-22 18:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-11 03:13 - 2013-09-20 23:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-11 03:13 - 2013-09-20 23:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-11 03:13 - 2013-09-20 22:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-11 03:13 - 2013-09-20 22:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-10 16:17 - 2013-10-10 18:12 - 00000000 ____D C:\Users\Another\AppData\Roaming\W Photo Studio Viewer
2013-10-10 10:53 - 2013-09-13 21:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-10 10:53 - 2013-09-07 22:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-10 10:53 - 2013-09-07 22:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-10 10:53 - 2013-09-07 22:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-10 10:53 - 2013-08-28 22:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-10 10:53 - 2013-08-28 22:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-10 10:53 - 2013-08-28 22:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-10 10:53 - 2013-08-28 22:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-10 10:53 - 2013-08-28 22:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-10 10:53 - 2013-08-28 21:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-10 10:53 - 2013-08-28 21:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-10 10:53 - 2013-08-28 21:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-10 10:53 - 2013-08-28 21:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-10 10:53 - 2013-08-28 21:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-10 10:53 - 2013-08-28 21:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-10 10:53 - 2013-08-28 20:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-10 10:53 - 2013-08-28 20:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-10 10:53 - 2013-08-28 20:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-10 10:53 - 2013-08-28 20:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-10 10:53 - 2013-08-27 21:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 10:53 - 2013-08-27 21:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-10 10:53 - 2013-08-01 08:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-10 10:53 - 2013-07-20 06:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 10:53 - 2013-07-20 06:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 10:53 - 2013-07-12 06:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-10 10:53 - 2013-07-12 06:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-10 10:53 - 2013-07-04 08:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-10 10:53 - 2013-07-04 08:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 10:53 - 2013-07-04 08:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-10 10:53 - 2013-07-04 07:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-10 10:53 - 2013-07-04 07:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-10 10:53 - 2013-07-04 07:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-10 10:53 - 2013-07-04 06:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-10 10:53 - 2013-07-03 00:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 10:53 - 2013-07-03 00:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 10:53 - 2013-06-25 18:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-10 10:53 - 2013-06-06 01:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-10 10:53 - 2013-06-06 01:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-10 10:53 - 2013-06-06 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-10 10:53 - 2013-06-06 01:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-10 10:53 - 2013-06-06 00:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-10 10:53 - 2013-06-06 00:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-10 10:53 - 2013-06-06 00:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-10 10:53 - 2013-06-05 23:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 10:53 - 2013-06-05 23:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-10 10:53 - 2013-06-05 23:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 00:32 - 2009-06-10 17:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20131009-003218.backup
2013-10-05 22:24 - 2013-10-05 22:24 - 00845583 _____ C:\Users\Another\Downloads\LianaSims3_Fashion_126.rar
2013-10-05 22:23 - 2013-10-05 22:24 - 01334542 _____ C:\Users\Another\Downloads\LianaSims3_Fashion_219.rar
2013-10-05 22:23 - 2013-10-05 22:23 - 00669518 _____ C:\Users\Another\Downloads\LianaSims3_Fashion_127.rar
2013-10-05 22:17 - 2013-10-05 22:17 - 01134448 _____ C:\Users\Another\Downloads\LianaSims3_Fashion_155.rar
2013-10-03 15:55 - 2013-10-03 16:13 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-03 15:55 - 2013-10-03 15:55 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-10-03 15:55 - 2013-10-03 15:55 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-10-03 15:55 - 2009-01-25 12:14 - 00017272 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2013-10-03 02:45 - 2013-10-03 02:45 - 00000000 ____D C:\Users\Another\AppData\Roaming\RenPy
2013-10-03 02:44 - 2013-10-03 02:45 - 00000000 ____D C:\ProgramData\Package Cache
2013-10-01 22:11 - 2013-10-01 22:11 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-01 22:11 - 2013-10-01 22:11 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-01 22:11 - 2013-10-01 22:11 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-01 22:11 - 2013-10-01 22:11 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-01 22:11 - 2013-10-01 22:11 - 00000000 ____D C:\ProgramData\Oracle
2013-10-01 22:11 - 2013-10-01 22:11 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-01 22:09 - 2013-10-01 22:09 - 00913832 _____ (Oracle Corporation) C:\Users\Another\Downloads\chromeinstall-7u40.exe
2013-09-30 22:50 - 2013-10-18 17:44 - 00000000 ____D C:\Users\Another\Desktop\=)
 
==================== One Month Modified Files and Folders =======
 
2013-10-21 16:15 - 2013-02-26 16:20 - 00000000 ____D C:\Users\Another\AppData\Roaming\Skype
2013-10-21 16:14 - 2013-10-21 16:14 - 01954670 _____ (Farbar) C:\Users\Another\Downloads\FRST64.exe
2013-10-21 16:14 - 2013-10-21 16:14 - 00000000 ____D C:\FRST
2013-10-21 16:13 - 2013-10-21 16:13 - 00000234 _____ C:\Users\Another\Desktop\eset.txt
2013-10-21 16:13 - 2013-02-25 22:41 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-21 16:08 - 2013-03-09 21:45 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-21 15:56 - 2013-02-19 17:34 - 01222084 _____ C:\Windows\WindowsUpdate.log
2013-10-21 15:38 - 2013-07-22 20:14 - 00000000 ___RD C:\Users\Another\Desktop\Minecraft
2013-10-21 15:03 - 2013-10-21 15:03 - 02347384 _____ (ESET) C:\Users\Another\Downloads\esetsmartinstaller_enu.exe
2013-10-21 15:03 - 2013-10-21 15:03 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-21 14:56 - 2013-10-21 14:55 - 00005931 _____ C:\Users\Another\Desktop\new.txt
2013-10-21 14:54 - 2013-10-21 14:53 - 00000000 ____D C:\AdwCleaner
2013-10-21 14:53 - 2013-10-21 14:53 - 01060070 _____ C:\Users\Another\Downloads\AdwCleaner.exe
2013-10-21 13:57 - 2013-10-21 13:57 - 00003321 _____ C:\Users\Another\Desktop\JRT.txt
2013-10-21 13:53 - 2013-10-21 13:53 - 00000000 ____D C:\Windows\ERUNT
2013-10-21 13:50 - 2013-10-21 13:50 - 01033335 _____ (Thisisu) C:\Users\Another\Downloads\JRT.exe
2013-10-21 13:41 - 2013-10-21 13:19 - 00000000 ____D C:\Users\Another\Desktop\mbar
2013-10-21 13:39 - 2013-10-21 13:24 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-21 13:19 - 2013-10-21 13:19 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Another\Downloads\mbar-1.07.0.1007.exe
2013-10-21 13:19 - 2013-10-21 13:19 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-21 12:42 - 2013-10-21 12:42 - 00002362 _____ C:\Users\Another\Desktop\RKreport[0]_S_10212013_124222.txt
2013-10-21 12:39 - 2013-02-26 00:51 - 00000000 ____D C:\Program Files (x86)\Steam
2013-10-21 12:38 - 2013-10-21 12:33 - 00000000 ____D C:\Users\Another\Desktop\RK_Quarantine
2013-10-21 12:33 - 2013-10-21 12:33 - 03989504 _____ C:\Users\Another\Downloads\RogueKillerX64.exe
2013-10-21 12:32 - 2013-10-21 12:32 - 00000000 ____D C:\Windows\ERDNT
2013-10-21 12:31 - 2013-10-21 12:26 - 00000935 _____ C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk
2013-10-21 12:31 - 2013-10-21 12:26 - 00000935 _____ C:\Users\Another\Desktop\NTREGOPT.lnk
2013-10-21 12:31 - 2013-10-21 12:26 - 00000916 _____ C:\Users\UpdatusUser\Desktop\ERUNT.lnk
2013-10-21 12:31 - 2013-10-21 12:26 - 00000916 _____ C:\Users\Another\Desktop\ERUNT.lnk
2013-10-21 12:31 - 2013-10-21 12:26 - 00000000 ____D C:\Program Files (x86)\ERUNT
2013-10-21 12:30 - 2013-10-21 12:20 - 00003554 _____ C:\Users\Another\Desktop\Rkill.txt
2013-10-21 12:22 - 2013-10-21 12:22 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Another\Downloads\erunt-setup.exe
2013-10-21 12:19 - 2013-10-21 12:19 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Another\Downloads\rkill.exe
2013-10-21 11:58 - 2009-07-14 00:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-21 11:58 - 2009-07-14 00:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-21 11:57 - 2013-04-04 14:16 - 00000000 ____D C:\ProgramData\MFAData
2013-10-21 11:54 - 2013-02-27 14:00 - 00000000 ____D C:\Users\Another\AppData\Local\PMB Files
2013-10-21 11:25 - 2013-09-19 13:59 - 00000000 ____D C:\Users\Another\AppData\Local\Adobe
2013-10-21 11:24 - 2013-02-25 22:41 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-21 11:23 - 2013-10-21 11:23 - 00000056 _____ C:\Windows\setupact.log
2013-10-21 11:23 - 2013-02-19 18:07 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-21 11:23 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-21 02:32 - 2013-03-10 19:02 - 00000000 ____D C:\Users\Another\AppData\Roaming\TS3Client
2013-10-21 01:36 - 2013-10-21 01:36 - 00000426 _____ C:\Users\Another\Desktop\STATUS.txt
2013-10-20 17:31 - 2013-10-20 17:31 - 00025315 _____ C:\Users\Another\Desktop\dds.txt
2013-10-20 17:31 - 2013-10-20 17:31 - 00012806 _____ C:\Users\Another\Desktop\attach.txt
2013-10-20 17:30 - 2013-10-20 17:30 - 00688992 ____R (Swearware) C:\Users\Another\Downloads\dds (1).scr
2013-10-20 17:28 - 2013-10-20 17:28 - 00688992 _____ (Swearware) C:\Users\Another\Downloads\dds.scr
2013-10-20 15:00 - 2013-10-20 15:00 - 00000000 ____D C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2013-10-20 15:00 - 2013-10-20 15:00 - 00000000 ____D C:\Users\Another\AppData\Local\2K Games
2013-10-20 14:59 - 2013-10-20 12:30 - 00037098 _____ C:\Windows\DirectX.log
2013-10-20 12:31 - 2013-10-20 12:31 - 00000000 ____D C:\Users\Another\Documents\Endless Space
2013-10-20 01:15 - 2013-10-20 01:15 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-20 01:15 - 2013-10-20 01:15 - 00000000 ____D C:\Users\Another\AppData\Roaming\Malwarebytes
2013-10-20 01:15 - 2013-10-20 01:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-20 01:15 - 2013-10-20 01:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-20 01:08 - 2013-10-20 01:08 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Another\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-19 12:26 - 2013-10-19 12:25 - 00000000 ____D C:\Users\Another\FRANDZ N STUFF
2013-10-19 12:25 - 2013-02-25 22:35 - 00000000 ____D C:\Users\Another
2013-10-19 01:29 - 2013-09-05 04:15 - 00000000 ____D C:\Users\Another\Desktop\22
2013-10-18 17:44 - 2013-09-30 22:50 - 00000000 ____D C:\Users\Another\Desktop\=)
2013-10-16 12:11 - 2013-10-16 12:10 - 00000090 _____ C:\Users\Another\Desktop\New Text Document.txt
2013-10-16 01:37 - 2013-07-20 01:05 - 00001945 _____ C:\Windows\epplauncher.mif
2013-10-16 01:37 - 2013-07-20 01:04 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-16 01:37 - 2013-07-20 01:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-10-14 21:18 - 2013-03-02 20:32 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2013-10-14 11:42 - 2013-02-26 16:20 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-12 18:31 - 2013-02-27 16:23 - 08734208 ___SH C:\Users\Another\Thumbs.db
2013-10-12 09:35 - 2013-10-12 09:28 - 00000000 ____D C:\Users\Another\Desktop\text
2013-10-12 09:33 - 2013-09-18 14:41 - 00000000 ____D C:\Users\Another\Desktop\CE
2013-10-12 09:32 - 2013-07-06 02:56 - 00000000 ____D C:\Users\Another\Desktop\Crunchyroll Work Docs
2013-10-12 09:28 - 2013-08-09 17:28 - 00000000 ____D C:\Users\Another\Desktop\PapersPlease-0.5.13-Win-Demo
2013-10-11 20:01 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-10-11 18:15 - 2013-10-11 18:09 - 00000000 ____D C:\Users\Another\AppData\Local\Darksiders2
2013-10-11 18:09 - 2013-04-06 03:46 - 00000000 ____D C:\Users\Another\Documents\My Games
2013-10-11 18:08 - 2013-04-12 03:25 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-10-11 18:08 - 2011-11-22 12:50 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-10-11 18:03 - 2013-10-11 18:03 - 00045859 _____ C:\Users\Another\Downloads\Darksiders2.CT
2013-10-11 17:14 - 2013-10-11 17:14 - 00002041 _____ C:\Users\Another\Downloads\OrganTrail.CT
2013-10-11 16:52 - 2013-10-11 16:52 - 00000000 ____D C:\Users\Another\Documents\DeadIsland
2013-10-11 13:20 - 2009-07-14 01:13 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-11 13:13 - 2013-03-14 03:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 13:13 - 2013-03-14 03:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-11 13:13 - 2009-07-14 00:45 - 00294592 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 04:12 - 2013-10-11 04:12 - 00000000 ____D C:\Users\Another\Documents\Game of Thrones
2013-10-11 03:11 - 2013-05-26 04:38 - 00772214 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-11 03:07 - 2013-08-02 03:04 - 00000000 ____D C:\Windows\system32\MRT
2013-10-11 03:06 - 2013-02-26 05:37 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 18:12 - 2013-10-10 16:17 - 00000000 ____D C:\Users\Another\AppData\Roaming\W Photo Studio Viewer
2013-10-05 23:25 - 2013-08-14 15:20 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-10-05 23:08 - 2013-08-14 15:12 - 00000000 ____D C:\Program Files (x86)\Origin
2013-10-05 22:24 - 2013-10-05 22:24 - 00845583 _____ C:\Users\Another\Downloads\LianaSims3_Fashion_126.rar
2013-10-05 22:24 - 2013-10-05 22:23 - 01334542 _____ C:\Users\Another\Downloads\LianaSims3_Fashion_219.rar
2013-10-05 22:23 - 2013-10-05 22:23 - 00669518 _____ C:\Users\Another\Downloads\LianaSims3_Fashion_127.rar
2013-10-05 22:17 - 2013-10-05 22:17 - 01134448 _____ C:\Users\Another\Downloads\LianaSims3_Fashion_155.rar
2013-10-04 11:25 - 2013-03-18 15:16 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-10-03 16:13 - 2013-10-03 15:55 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-03 15:55 - 2013-10-03 15:55 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-10-03 15:55 - 2013-10-03 15:55 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-10-03 02:45 - 2013-10-03 02:45 - 00000000 ____D C:\Users\Another\AppData\Roaming\RenPy
2013-10-03 02:45 - 2013-10-03 02:44 - 00000000 ____D C:\ProgramData\Package Cache
2013-10-03 01:08 - 2013-02-25 22:41 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-03 01:08 - 2013-02-25 22:41 - 00003644 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-01 23:08 - 2013-04-04 14:27 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-10-01 23:08 - 2013-04-04 14:27 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-10-01 22:11 - 2013-10-01 22:11 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-01 22:11 - 2013-10-01 22:11 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-01 22:11 - 2013-10-01 22:11 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-01 22:11 - 2013-10-01 22:11 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-01 22:11 - 2013-10-01 22:11 - 00000000 ____D C:\ProgramData\Oracle
2013-10-01 22:11 - 2013-10-01 22:11 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-01 22:11 - 2013-04-04 15:22 - 00868264 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-10-01 22:11 - 2013-04-04 15:22 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-10-01 22:09 - 2013-10-01 22:09 - 00913832 _____ (Oracle Corporation) C:\Users\Another\Downloads\chromeinstall-7u40.exe
2013-09-22 19:28 - 2013-10-11 03:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-22 19:28 - 2013-10-11 03:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-22 19:27 - 2013-10-11 03:13 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-22 19:27 - 2013-10-11 03:13 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-22 19:27 - 2013-10-11 03:13 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-22 19:27 - 2013-10-11 03:13 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-22 19:27 - 2013-10-11 03:13 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-22 19:27 - 2013-10-11 03:13 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-22 19:27 - 2013-10-11 03:13 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-22 19:27 - 2013-10-11 03:13 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-22 19:27 - 2013-10-11 03:13 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-22 19:27 - 2013-10-11 03:13 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-22 19:27 - 2013-10-11 03:13 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-22 18:55 - 2013-10-11 03:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-22 18:55 - 2013-10-11 03:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-22 18:55 - 2013-10-11 03:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-22 18:54 - 2013-10-11 03:13 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-22 18:54 - 2013-10-11 03:13 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-22 18:54 - 2013-10-11 03:13 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-22 18:54 - 2013-10-11 03:13 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-22 18:54 - 2013-10-11 03:13 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-22 18:54 - 2013-10-11 03:13 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-22 18:54 - 2013-10-11 03:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-22 18:54 - 2013-10-11 03:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-22 18:54 - 2013-10-11 03:13 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-22 18:54 - 2013-10-11 03:13 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-22 18:54 - 2013-10-11 03:13 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
 
Files to move or delete:
====================
C:\Users\Another\jagex_cl_runescape_LIVE.dat
C:\Users\Another\Minecraft (2).exe
C:\Users\Another\Minecraft (3).exe
C:\Users\Another\random.dat
 
 
Some content of TEMP:
====================
C:\Users\Another\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Another\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-10-11 19:53
 
==================== End Of Log ============================




Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-10-2013
Ran by Another at 2013-10-21 16:15:32
Running from C:\Users\Another\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: AVG Internet Security 2013 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG Internet Security 2013 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: AVG Internet Security 2013 (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
 
==================== Installed Programs ======================
 
Adobe Acrobat XI Pro (x32 Version: 11.0)
Adobe Acrobat XI Pro (x32 Version: 11.0.00)
Adobe Creative Cloud (x32 Version: 2.1.2.232)
Adobe Flash Player 11 ActiveX (x32 Version: 11.6.602.180)
Adobe Reader XI (11.0.04) (x32 Version: 11.0.04)
Anna - Extended Edition (x32)
AVG 2013 (Version: 13.0.3222)
AVG 2013 (Version: 13.0.3408)
AVG 2013 (Version: 2013.0.3408)
AVG SafeGuard toolbar (x32 Version: 17.0.1.12)
Baldur's Gate: Enhanced Edition (x32)
Battlefield 1942™ (x32 Version: 1.6.20.0)
Beat Hazard (x32)
Borderlands 2 (x32)
Cheat Engine 6.3 (x32)
Chivalry: Medieval Warfare (x32)
Counter-Strike: Global Offensive (x32)
Crusader Kings II (x32)
D3DX10 (x32 Version: 15.4.2368.0902)
Darksiders II (x32)
Dead Island (x32)
Dead Space (x32)
DEFCON (x32)
Diablo III (x32 Version: 1.0.7.15295)
Dishonored (x32 Version: 1.0)
Dysfunctional Systems: Learning to Manage Chaos (x32)
Endless Space (x32)
ERUNT 1.1j (x32)
ESET Online Scanner v3 (x32)
Europa Universalis III (x32)
Fable III (x32)
Fallout: New Vegas (x32)
FINAL FANTASY XIV - A Realm Reborn (x32 Version: 1.0.0000)
FTL: Faster Than Light (x32)
Game of Thrones  (x32)
Google Chrome (x32 Version: 30.0.1599.101)
Google Drive (x32 Version: 1.12.5329.1887)
Google Update Helper (x32 Version: 1.3.21.165)
Grand Ages: Rome (x32)
Guns of Icarus Online (x32)
Happy Cloud Client (HKCU Version: 1.374)
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Management Engine Components (x32 Version: 8.0.4.1441)
Intel® Rapid Storage Technology (x32 Version: 11.1.0.1006)
Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.5.235)
Intel® Trusted Connect Service Client (Version: 1.23.605.1)
Jagged Alliance - Back in Action (x32)
Jagged Alliance: Crossfire (x32)
Java 7 Update 40 (x32 Version: 7.0.400)
Java Auto Updater (x32 Version: 2.1.9.8)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Killing Floor (x32)
King's Bounty: Armored Princess (x32)
King's Bounty: Crossworlds (x32)
King's Bounty: The Legend (x32)
L.A. Noire (x32)
League of Legends (x32 Version: 1.3)
Logitech G35 (Version: 1.1.178)
Mafia II (x32)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
McAfee SiteAdvisor (x32 Version: 3.6.549)
Medieval II: Total War (x32)
Medieval II: Total War Kingdoms (x32)
Men of War: Assault Squad (x32)
Men of War: Red Tide (x32)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (x32 Version: 3.5.30730.0)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft PowerPoint Viewer (x32 Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.3.0219.0)
Microsoft Security Essentials (Version: 4.3.219.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (x32 Version: 11.0.51106.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (x32 Version: 11.0.51106.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106)
MicroVolts (x32)
Mirror's Edge (x32)
MSI Afterburner 2.3.1 (x32 Version: 2.3.1)
MSI Kombustor 2.5.0 (x32)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
Mumble 1.2.3 (x32 Version: 1.2.3)
NVIDIA 3D Vision Controller Driver 320.18 (Version: 320.18)
NVIDIA 3D Vision Driver 320.18 (Version: 320.18)
NVIDIA Control Panel 320.18 (Version: 320.18)
NVIDIA GeForce Experience 1.5 (Version: 1.5)
NVIDIA Graphics Driver 320.18 (Version: 320.18)
NVIDIA HD Audio Driver 1.3.24.2 (Version: 1.3.24.2)
NVIDIA Install Application (Version: 2.1002.124.810)
NVIDIA PhysX (x32 Version: 9.12.1031)
NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2018)
NVIDIA Update 4.11.9 (Version: 4.11.9)
NVIDIA Update Components (Version: 4.11.9)
OpenAL (x32)
OpenOffice 4.0.0 (x32 Version: 4.00.9702)
Organ Trail: Director's Cut (x32)
Origin (x32 Version: 9.3.1.4482)
Pando Media Booster (x32 Version: 2.6.0.8)
PunkBuster Services (x32 Version: 0.992)
Ragnarok Online 2 (x32)
Realtek Ethernet Controller Driver (x32 Version: 7.52.203.2012)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6602)
Red Faction: Armageddon (x32)
Red Orchestra 2: Heroes of Stalingrad - Single Player (x32)
Risen (x32)
Risen 2 - Dark Waters (x32)
Rising Storm/Red Orchestra 2 Multiplayer (x32)
Rockstar Games Social Club (x32 Version: 1.1.0.1)
RuneScape Launcher 1.2.2 (x32 Version: 1.2.2)
Saints Row: The Third (x32)
Sid Meier's Civilization V (x32)
SimCity 4 Deluxe (x32)
Sine Mora (x32)
Skype Click to Call (x32 Version: 6.13.13771)
Skype™ 6.6 (x32 Version: 6.6.106)
Spybot - Search & Destroy (x32 Version: 2.0.12)
Star Wars: The Old Republic (x32 Version: 1.00)
StarCraft II (x32 Version: 2.0.11.26825)
Steam (x32 Version: 1.0.0.0)
System Requirements Lab CYRI (x32 Version: 6.0.7.0)
System Requirements Lab Detection (x32 Version: 1.0.5.0)
Team Fortress 2 (x32)
TeamSpeak 3 Client (x32 Version: 3.0.11.1)
TERA (x32 Version: 1.5)
The Walking Dead (x32)
The Witcher 2: Assassins of Kings Enhanced Edition (x32)
Thief: Deadly Shadows (x32)
Tropico 4 (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Uplink (x32)
UxStyle Core Beta (Version: 0.2.1.1)
Ventrilo Client for Windows x64 (Version: 3.0.8.0)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
War of the Roses (x32)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live Family Safety (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
WinZip 17.0 (Version: 17.0.10381)
 
==================== Restore Points  =========================
 
11-10-2013 20:50:36 Installed DirectX
15-10-2013 14:40:16 Windows Update
16-10-2013 05:36:40 Windows Update
19-10-2013 14:53:49 Windows Update
20-10-2013 16:29:09 Installed DirectX
20-10-2013 18:58:47 Installed DirectX
 
==================== Hosts content: ==========================
 
2009-07-13 22:34 - 2013-10-09 00:32 - 00449438 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {07CCF237-EA5B-434D-819E-3402D8B8F3CC} - System32\Tasks\AdobeAAMUpdater-1.0-Another-PC-Another => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-13] (Adobe Systems Incorporated)
Task: {87226546-1981-4FA0-B622-940F4527822E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {93ED5281-02FC-4E39-B2A2-0BBE88DBC03B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {A470167C-2E14-4A82-9E9D-6711F45119B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-25] (Google Inc.)
Task: {ABE11B40-1AC4-417B-829E-A96AA585A1F6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-25] (Google Inc.)
Task: {AD499622-8E78-476D-8AB5-7606CECD943E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {CD6532F1-1FE7-4323-A958-4F8D5353C89D} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {DBC4A82D-34EC-410E-9C3F-10743ED2C31E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-16] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-08-30 10:01 - 2013-08-30 10:01 - 03358064 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
2013-10-03 15:55 - 2012-11-13 14:06 - 00108960 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-10-03 15:55 - 2012-11-13 14:06 - 00416160 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-10-03 15:55 - 2012-11-13 14:06 - 00158624 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-10-03 15:55 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-10-03 15:55 - 2012-11-13 14:06 - 00528288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2013-10-01 23:08 - 2013-10-01 23:08 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\log4cplusU.dll
2013-08-15 12:54 - 2013-08-15 12:54 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\67f2d87ba056e1075fce76a8c50bb57e\IsdiInterop.ni.dll
2013-02-19 18:15 - 2012-02-01 20:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-02-19 18:14 - 2012-03-06 18:27 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-10-03 15:55 - 2012-11-13 14:06 - 00554400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
2013-10-18 11:15 - 2013-10-08 20:01 - 00698832 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
2013-10-18 11:15 - 2013-10-08 20:01 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll
2013-10-18 11:15 - 2013-10-08 20:02 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
2013-10-18 11:15 - 2013-10-08 20:02 - 00415184 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
2013-10-18 11:15 - 2013-10-08 20:01 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Percentage of memory in use: 37%
Total physical RAM: 8143.79 MB
Available physical RAM: 5089.74 MB
Total Pagefile: 16285.77 MB
Available Pagefile: 12737.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:1862.92 GB) (Free:1380.92 GB) NTFS
Drive d: (QSS_CD) (CDROM) (Total:0.14 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 38E3BFAD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=-198731366400) - (Type=07 NTFS)
 
==================== End Of Log ============================

 

Link to post
Share on other sites

# AdwCleaner v3.010 - Report created 21/10/2013 at 19:23:50
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Another - ANOTHER-PC
# Running from : C:\Users\Another\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : vToolbarUpdater17.0.12
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Another\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\AVG Security Toolbar
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16720
 
 
-\\ Google Chrome v30.0.1599.101
 
[ File : C:\Users\Another\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3039 octets] - [21/10/2013 14:54:02]
AdwCleaner[R1].txt - [3099 octets] - [21/10/2013 19:00:16]
AdwCleaner[s0].txt - [3038 octets] - [21/10/2013 19:23:50]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3098 octets] ##########










FRST
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-10-2013 01
Ran by Another (administrator) on ANOTHER-PC on 21-10-2013 20:01:12
Running from C:\Users\Another\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(The Within Network, LLC) C:\Windows\UnsignedThemesSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Logitech©) C:\Program Files (x86)\Logitech\G35\G35.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6468712 2012-03-20] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-13] (Adobe Systems Incorporated)
HKCU\...\Run: [steam] - C:\Program Files (x86)\Steam\steam.exe [1820072 2013-10-17] (Valve Corporation)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-02-27] ()
HKCU\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
MountPoints2: {903a0f4c-7af0-11e2-ab51-806e6f6e6963} - D:\PhotoApp.exe -autorun
MountPoints2: {91895b79-f0d3-11e2-ae54-3085a99cd41d} - E:\TL_Bootstrap.exe
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [Logitech G35] - C:\Program Files (x86)\Logitech\G35\G35.exe [1811800 2010-10-05] (Logitech©)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-08-15] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2237328 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [sDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nmd.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com
SearchScopes: HKCU - DefaultScope {AFF118A4-F688-4FD6-BA72-F9E17AC1BB77} URL = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
Chrome: 
=======
CHR RestoreOnStartup:       "urls_to_restore_on_startup": null
CHR DefaultSearchURL: (Bing) - http://www.bing.com/search?setmkt=en-US&q={searchTerms}
CHR DefaultSuggestURL: (Bing) - http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Another\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.3.1241_0\McChPlg.dll No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Happy Cloud Plugin) - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\Another\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Another\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Another\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Another\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Another\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.0.379_0
CHR Extension: (SiteAdvisor) - C:\Users\Another\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.3.1271_0
CHR Extension: (AdBlock) - C:\Users\Another\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0
CHR Extension: (Skype Click to Call) - C:\Users\Another\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0
CHR Extension: (CR Queue.0) - C:\Users\Another\AppData\Local\Google\Chrome\User Data\Default\Extensions\onkdfchaiebkbhlbcdgbemkblolppign\1.8.7.7_0
CHR Extension: (Gmail) - C:\Users\Another\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
 
==================== Services (Whitelisted) =================
 
S2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432080 2013-09-04] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [7168 2009-07-13] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [163608 2012-03-06] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [121616 2013-10-02] (McAfee, Inc.)
S3 msiserver; C:\Windows\SysWow64\msiexec.exe [73216 2010-11-20] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-07-09] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-13] (The Within Network, LLC)
R2 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [427520 2011-05-04] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-03-06] (AVAST Software)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-09-05] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-01] (AVG Technologies)
R3 LADF_DHP2; C:\Windows\System32\DRIVERS\ladfDHP2amd64.sys [62168 2010-09-29] (Logitech)
R3 LADF_SBVM; C:\Windows\System32\DRIVERS\ladfSBVMamd64.sys [377176 2010-09-29] (Logitech)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-13] ()
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-10-21 19:57 - 2013-10-21 19:57 - 01954698 _____ (Farbar) C:\Users\Another\Downloads\FRST64.exe
2013-10-21 16:14 - 2013-10-21 16:14 - 00000000 ____D C:\FRST
2013-10-21 15:03 - 2013-10-21 15:03 - 02347384 _____ (ESET) C:\Users\Another\Downloads\esetsmartinstaller_enu.exe
2013-10-21 15:03 - 2013-10-21 15:03 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-21 14:55 - 2013-10-21 14:56 - 00005931 _____ C:\Users\Another\Desktop\new.txt
2013-10-21 14:53 - 2013-10-21 19:23 - 00000000 ____D C:\AdwCleaner
2013-10-21 14:53 - 2013-10-21 14:53 - 01060070 _____ C:\Users\Another\Downloads\AdwCleaner.exe
2013-10-21 13:53 - 2013-10-21 13:53 - 00000000 ____D C:\Windows\ERUNT
2013-10-21 13:50 - 2013-10-21 13:50 - 01033335 _____ (Thisisu) C:\Users\Another\Downloads\JRT.exe
2013-10-21 13:24 - 2013-10-21 13:39 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-21 13:19 - 2013-10-21 13:41 - 00000000 ____D C:\Users\Another\Desktop\mbar
2013-10-21 13:19 - 2013-10-21 13:19 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Another\Downloads\mbar-1.07.0.1007.exe
2013-10-21 13:19 - 2013-10-21 13:19 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-21 12:33 - 2013-10-21 12:38 - 00000000 ____D C:\Users\Another\Desktop\RK_Quarantine
2013-10-21 12:33 - 2013-10-21 12:33 - 03989504 _____ C:\Users\Another\Downloads\RogueKillerX64.exe
2013-10-21 12:32 - 2013-10-21 12:32 - 00000000 ____D C:\Windows\ERDNT
2013-10-21 12:26 - 2013-10-21 12:31 - 00000935 _____ C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk
2013-10-21 12:26 - 2013-10-21 12:31 - 00000935 _____ C:\Users\Another\Desktop\NTREGOPT.lnk
2013-10-21 12:26 - 2013-10-21 12:31 - 00000916 _____ C:\Users\UpdatusUser\Desktop\ERUNT.lnk
2013-10-21 12:26 - 2013-10-21 12:31 - 00000916 _____ C:\Users\Another\Desktop\ERUNT.lnk
2013-10-21 12:26 - 2013-10-21 12:31 - 00000000 ____D C:\Program Files (x86)\ERUNT
2013-10-21 12:22 - 2013-10-21 12:22 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Another\Downloads\erunt-setup.exe
2013-10-21 12:19 - 2013-10-21 12:19 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Another\Downloads\rkill.exe
2013-10-21 11:23 - 2013-10-21 19:25 - 00000112 _____ C:\Windows\setupact.log
2013-10-20 17:30 - 2013-10-20 17:30 - 00688992 ____R (Swearware) C:\Users\Another\Downloads\dds (1).scr
2013-10-20 17:28 - 2013-10-20 17:28 - 00688992 _____ (Swearware) C:\Users\Another\Downloads\dds.scr
2013-10-20 15:00 - 2013-10-20 15:00 - 00000000 ____D C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2013-10-20 15:00 - 2013-10-20 15:00 - 00000000 ____D C:\Users\Another\AppData\Local\2K Games
2013-10-20 12:31 - 2013-10-20 12:31 - 00000000 ____D C:\Users\Another\Documents\Endless Space
2013-10-20 12:30 - 2013-10-20 14:59 - 00037098 _____ C:\Windows\DirectX.log
2013-10-20 01:15 - 2013-10-20 01:15 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-20 01:15 - 2013-10-20 01:15 - 00000000 ____D C:\Users\Another\AppData\Roaming\Malwarebytes
2013-10-20 01:15 - 2013-10-20 01:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-20 01:15 - 2013-10-20 01:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-20 01:15 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-20 01:08 - 2013-10-20 01:08 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Another\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-19 12:25 - 2013-10-19 12:26 - 00000000 ____D C:\Users\Another\FRANDZ N STUFF
2013-10-16 12:10 - 2013-10-16 12:11 - 00000090 _____ C:\Users\Another\Desktop\New Text Document.txt
2013-10-12 09:28 - 2013-10-12 09:35 - 00000000 ____D C:\Users\Another\Desktop\text
2013-10-11 18:09 - 2013-10-11 18:15 - 00000000 ____D C:\Users\Another\AppData\Local\Darksiders2
2013-10-11 18:03 - 2013-10-11 18:03 - 00045859 _____ C:\Users\Another\Downloads\Darksiders2.CT
2013-10-11 17:14 - 2013-10-11 17:14 - 00002041 _____ C:\Users\Another\Downloads\OrganTrail.CT
2013-10-11 16:52 - 2013-10-11 16:52 - 00000000 ____D C:\Users\Another\Documents\DeadIsland
2013-10-11 04:12 - 2013-10-11 04:12 - 00000000 ____D C:\Users\Another\Documents\Game of Thrones
2013-10-11 03:13 - 2013-09-22 19:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-11 03:13 - 2013-09-22 19:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-11 03:13 - 2013-09-22 19:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-11 03:13 - 2013-09-22 19:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-11 03:13 - 2013-09-22 19:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-11 03:13 - 2013-09-22 19:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-11 03:13 - 2013-09-22 19:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-11 03:13 - 2013-09-22 19:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-11 03:13 - 2013-09-22 19:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-11 03:13 - 2013-09-22 19:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-11 03:13 - 2013-09-22 19:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-11 03:13 - 2013-09-22 19:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-11 03:13 - 2013-09-22 19:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-11 03:13 - 2013-09-22 18:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-11 03:13 - 2013-09-22 18:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-11 03:13 - 2013-09-22 18:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-11 03:13 - 2013-09-22 18:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-11 03:13 - 2013-09-22 18:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-11 03:13 - 2013-09-22 18:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-11 03:13 - 2013-09-22 18:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-11 03:13 - 2013-09-22 18:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-11 03:13 - 2013-09-22 18:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-11 03:13 - 2013-09-22 18:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-11 03:13 - 2013-09-22 18:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-11 03:13 - 2013-09-22 18:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-11 03:13 - 2013-09-22 18:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-11 03:13 - 2013-09-22 18:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-11 03:13 - 2013-09-20 23:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-11 03:13 - 2013-09-20 23:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-11 03:13 - 2013-09-20 22:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-11 03:13 - 2013-09-20 22:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-10 16:17 - 2013-10-10 18:12 - 00000000 ____D C:\Users\Another\AppData\Roaming\W Photo Studio Viewer
2013-10-10 10:53 - 2013-09-13 21:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-10 10:53 - 2013-09-07 22:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-10 10:53 - 2013-09-07 22:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-10 10:53 - 2013-09-07 22:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-10 10:53 - 2013-08-28 22:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-10 10:53 - 2013-08-28 22:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-10 10:53 - 2013-08-28 22:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-10 10:53 - 2013-08-28 22:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-10 10:53 - 2013-08-28 22:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-10 10:53 - 2013-08-28 21:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-10 10:53 - 2013-08-28 21:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-10 10:53 - 2013-08-28 21:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-10 10:53 - 2013-08-28 21:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-10 10:53 - 2013-08-28 21:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-10 10:53 - 2013-08-28 21:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-10 10:53 - 2013-08-28 20:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-10 10:53 - 2013-08-28 20:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-10 10:53 - 2013-08-28 20:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-10 10:53 - 2013-08-28 20:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-10 10:53 - 2013-08-27 21:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 10:53 - 2013-08-27 21:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-10 10:53 - 2013-08-01 08:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-10 10:53 - 2013-07-20 06:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 10:53 - 2013-07-20 06:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 10:53 - 2013-07-12 06:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-10 10:53 - 2013-07-12 06:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-10 10:53 - 2013-07-04 08:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-10 10:53 - 2013-07-04 08:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 10:53 - 2013-07-04 08:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-10 10:53 - 2013-07-04 07:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-10 10:53 - 2013-07-04 07:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-10 10:53 - 2013-07-04 07:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-10 10:53 - 2013-07-04 06:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-10 10:53 - 2013-07-03 00:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 10:53 - 2013-07-03 00:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 10:53 - 2013-06-25 18:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-10 10:53 - 2013-06-06 01:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-10 10:53 - 2013-06-06 01:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-10 10:53 - 2013-06-06 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-10 10:53 - 2013-06-06 01:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-10 10:53 - 2013-06-06 00:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-10 10:53 - 2013-06-06 00:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-10 10:53 - 2013-06-06 00:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-10 10:53 - 2013-06-05 23:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 10:53 - 2013-06-05 23:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-10 10:53 - 2013-06-05 23:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 00:32 - 2009-06-10 17:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20131009-003218.backup
2013-10-05 22:24 - 2013-10-05 22:24 - 00845583 _____ C:\Users\Another\Downloads\LianaSims3_Fashion_126.rar
2013-10-05 22:23 - 2013-10-05 22:24 - 01334542 _____ C:\Users\Another\Downloads\LianaSims3_Fashion_219.rar
2013-10-05 22:23 - 2013-10-05 22:23 - 00669518 _____ C:\Users\Another\Downloads\LianaSims3_Fashion_127.rar
2013-10-05 22:17 - 2013-10-05 22:17 - 01134448 _____ C:\Users\Another\Downloads\LianaSims3_Fashion_155.rar
2013-10-03 15:55 - 2013-10-03 16:13 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-03 15:55 - 2013-10-03 15:55 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-10-03 15:55 - 2013-10-03 15:55 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-10-03 15:55 - 2009-01-25 12:14 - 00017272 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2013-10-03 02:45 - 2013-10-03 02:45 - 00000000 ____D C:\Users\Another\AppData\Roaming\RenPy
2013-10-03 02:44 - 2013-10-03 02:45 - 00000000 ____D C:\ProgramData\Package Cache
2013-10-01 22:11 - 2013-10-01 22:11 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-01 22:11 - 2013-10-01 22:11 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-01 22:11 - 2013-10-01 22:11 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-01 22:11 - 2013-10-01 22:11 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-01 22:11 - 2013-10-01 22:11 - 00000000 ____D C:\ProgramData\Oracle
2013-10-01 22:11 - 2013-10-01 22:11 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-01 22:09 - 2013-10-01 22:09 - 00913832 _____ (Oracle Corporation) C:\Users\Another\Downloads\chromeinstall-7u40.exe
2013-09-30 22:50 - 2013-10-18 17:44 - 00000000 ____D C:\Users\Another\Desktop\=)
 
==================== One Month Modified Files and Folders =======
 
2013-10-21 20:01 - 2009-07-14 00:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-21 20:01 - 2009-07-14 00:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-21 20:00 - 2013-02-26 16:20 - 00000000 ____D C:\Users\Another\AppData\Roaming\Skype
2013-10-21 19:57 - 2013-10-21 19:57 - 01954698 _____ (Farbar) C:\Users\Another\Downloads\FRST64.exe
2013-10-21 19:56 - 2013-02-27 14:00 - 00000000 ____D C:\Users\Another\AppData\Local\PMB Files
2013-10-21 19:31 - 2013-04-04 14:16 - 00000000 ____D C:\ProgramData\MFAData
2013-10-21 19:29 - 2013-02-19 17:34 - 01247510 _____ C:\Windows\WindowsUpdate.log
2013-10-21 19:26 - 2013-09-19 13:59 - 00000000 ____D C:\Users\Another\AppData\Local\Adobe
2013-10-21 19:26 - 2013-02-26 00:51 - 00000000 ____D C:\Program Files (x86)\Steam
2013-10-21 19:26 - 2013-02-25 22:41 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-21 19:25 - 2013-10-21 11:23 - 00000112 _____ C:\Windows\setupact.log
2013-10-21 19:25 - 2013-02-19 18:07 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-21 19:25 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-21 19:23 - 2013-10-21 14:53 - 00000000 ____D C:\AdwCleaner
2013-10-21 19:13 - 2013-02-25 22:41 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-21 19:08 - 2013-03-09 21:45 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-21 16:14 - 2013-10-21 16:14 - 00000000 ____D C:\FRST
2013-10-21 15:38 - 2013-07-22 20:14 - 00000000 ___RD C:\Users\Another\Desktop\Minecraft
2013-10-21 15:03 - 2013-10-21 15:03 - 02347384 _____ (ESET) C:\Users\Another\Downloads\esetsmartinstaller_enu.exe
2013-10-21 15:03 - 2013-10-21 15:03 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-21 14:56 - 2013-10-21 14:55 - 00005931 _____ C:\Users\Another\Desktop\new.txt
2013-10-21 14:53 - 2013-10-21 14:53 - 01060070 _____ C:\Users\Another\Downloads\AdwCleaner.exe
2013-10-21 13:53 - 2013-10-21 13:53 - 00000000 ____D C:\Windows\ERUNT
2013-10-21 13:50 - 2013-10-21 13:50 - 01033335 _____ (Thisisu) C:\Users\Another\Downloads\JRT.exe
2013-10-21 13:41 - 2013-10-21 13:19 - 00000000 ____D C:\Users\Another\Desktop\mbar
2013-10-21 13:39 - 2013-10-21 13:24 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-21 13:19 - 2013-10-21 13:19 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Another\Downloads\mbar-1.07.0.1007.exe
2013-10-21 13:19 - 2013-10-21 13:19 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-21 12:38 - 2013-10-21 12:33 - 00000000 ____D C:\Users\Another\Desktop\RK_Quarantine
2013-10-21 12:33 - 2013-10-21 12:33 - 03989504 _____ C:\Users\Another\Downloads\RogueKillerX64.exe
2013-10-21 12:32 - 2013-10-21 12:32 - 00000000 ____D C:\Windows\ERDNT
2013-10-21 12:31 - 2013-10-21 12:26 - 00000935 _____ C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk
2013-10-21 12:31 - 2013-10-21 12:26 - 00000935 _____ C:\Users\Another\Desktop\NTREGOPT.lnk
2013-10-21 12:31 - 2013-10-21 12:26 - 00000916 _____ C:\Users\UpdatusUser\Desktop\ERUNT.lnk
2013-10-21 12:31 - 2013-10-21 12:26 - 00000916 _____ C:\Users\Another\Desktop\ERUNT.lnk
2013-10-21 12:31 - 2013-10-21 12:26 - 00000000 ____D C:\Program Files (x86)\ERUNT
2013-10-21 12:22 - 2013-10-21 12:22 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Another\Downloads\erunt-setup.exe
2013-10-21 12:19 - 2013-10-21 12:19 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Another\Downloads\rkill.exe
2013-10-21 02:32 - 2013-03-10 19:02 - 00000000 ____D C:\Users\Another\AppData\Roaming\TS3Client
2013-10-20 17:30 - 2013-10-20 17:30 - 00688992 ____R (Swearware) C:\Users\Another\Downloads\dds (1).scr
2013-10-20 17:28 - 2013-10-20 17:28 - 00688992 _____ (Swearware) C:\Users\Another\Downloads\dds.scr
2013-10-20 15:00 - 2013-10-20 15:00 - 00000000 ____D C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2013-10-20 15:00 - 2013-10-20 15:00 - 00000000 ____D C:\Users\Another\AppData\Local\2K Games
2013-10-20 14:59 - 2013-10-20 12:30 - 00037098 _____ C:\Windows\DirectX.log
2013-10-20 12:31 - 2013-10-20 12:31 - 00000000 ____D C:\Users\Another\Documents\Endless Space
2013-10-20 01:15 - 2013-10-20 01:15 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-20 01:15 - 2013-10-20 01:15 - 00000000 ____D C:\Users\Another\AppData\Roaming\Malwarebytes
2013-10-20 01:15 - 2013-10-20 01:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-20 01:15 - 2013-10-20 01:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-20 01:08 - 2013-10-20 01:08 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Another\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-19 12:26 - 2013-10-19 12:25 - 00000000 ____D C:\Users\Another\FRANDZ N STUFF
2013-10-19 12:25 - 2013-02-25 22:35 - 00000000 ____D C:\Users\Another
2013-10-19 01:29 - 2013-09-05 04:15 - 00000000 ____D C:\Users\Another\Desktop\22
2013-10-18 17:44 - 2013-09-30 22:50 - 00000000 ____D C:\Users\Another\Desktop\=)
2013-10-16 12:11 - 2013-10-16 12:10 - 00000090 _____ C:\Users\Another\Desktop\New Text Document.txt
2013-10-16 01:37 - 2013-07-20 01:05 - 00001945 _____ C:\Windows\epplauncher.mif
2013-10-16 01:37 - 2013-07-20 01:04 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-16 01:37 - 2013-07-20 01:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-10-14 21:18 - 2013-03-02 20:32 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2013-10-14 11:42 - 2013-02-26 16:20 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-12 18:31 - 2013-02-27 16:23 - 08734208 ___SH C:\Users\Another\Thumbs.db
2013-10-12 09:35 - 2013-10-12 09:28 - 00000000 ____D C:\Users\Another\Desktop\text
2013-10-12 09:33 - 2013-09-18 14:41 - 00000000 ____D C:\Users\Another\Desktop\CE
2013-10-12 09:32 - 2013-07-06 02:56 - 00000000 ____D C:\Users\Another\Desktop\Crunchyroll Work Docs
2013-10-12 09:28 - 2013-08-09 17:28 - 00000000 ____D C:\Users\Another\Desktop\PapersPlease-0.5.13-Win-Demo
2013-10-11 20:01 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-10-11 18:15 - 2013-10-11 18:09 - 00000000 ____D C:\Users\Another\AppData\Local\Darksiders2
2013-10-11 18:09 - 2013-04-06 03:46 - 00000000 ____D C:\Users\Another\Documents\My Games
2013-10-11 18:08 - 2013-04-12 03:25 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-10-11 18:08 - 2011-11-22 12:50 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-10-11 18:03 - 2013-10-11 18:03 - 00045859 _____ C:\Users\Another\Downloads\Darksiders2.CT
2013-10-11 17:14 - 2013-10-11 17:14 - 00002041 _____ C:\Users\Another\Downloads\OrganTrail.CT
2013-10-11 16:52 - 2013-10-11 16:52 - 00000000 ____D C:\Users\Another\Documents\DeadIsland
2013-10-11 13:20 - 2009-07-14 01:13 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-11 13:13 - 2013-03-14 03:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 13:13 - 2013-03-14 03:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-11 13:13 - 2009-07-14 00:45 - 00294592 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 04:12 - 2013-10-11 04:12 - 00000000 ____D C:\Users\Another\Documents\Game of Thrones
2013-10-11 03:11 - 2013-05-26 04:38 - 00772214 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-11 03:07 - 2013-08-02 03:04 - 00000000 ____D C:\Windows\system32\MRT
2013-10-11 03:06 - 2013-02-26 05:37 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 18:12 - 2013-10-10 16:17 - 00000000 ____D C:\Users\Another\AppData\Roaming\W Photo Studio Viewer
2013-10-05 23:25 - 2013-08-14 15:20 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-10-05 23:08 - 2013-08-14 15:12 - 00000000 ____D C:\Program Files (x86)\Origin
2013-10-05 22:24 - 2013-10-05 22:24 - 00845583 _____ C:\Users\Another\Downloads\LianaSims3_Fashion_126.rar
2013-10-05 22:24 - 2013-10-05 22:23 - 01334542 _____ C:\Users\Another\Downloads\LianaSims3_Fashion_219.rar
2013-10-05 22:23 - 2013-10-05 22:23 - 00669518 _____ C:\Users\Another\Downloads\LianaSims3_Fashion_127.rar
2013-10-05 22:17 - 2013-10-05 22:17 - 01134448 _____ C:\Users\Another\Downloads\LianaSims3_Fashion_155.rar
2013-10-04 11:25 - 2013-03-18 15:16 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-10-03 16:13 - 2013-10-03 15:55 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-03 15:55 - 2013-10-03 15:55 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-10-03 15:55 - 2013-10-03 15:55 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-10-03 02:45 - 2013-10-03 02:45 - 00000000 ____D C:\Users\Another\AppData\Roaming\RenPy
2013-10-03 02:45 - 2013-10-03 02:44 - 00000000 ____D C:\ProgramData\Package Cache
2013-10-03 01:08 - 2013-02-25 22:41 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-03 01:08 - 2013-02-25 22:41 - 00003644 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-01 23:08 - 2013-04-04 14:27 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-10-01 23:08 - 2013-04-04 14:27 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-10-01 22:11 - 2013-10-01 22:11 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-01 22:11 - 2013-10-01 22:11 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-01 22:11 - 2013-10-01 22:11 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-01 22:11 - 2013-10-01 22:11 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-01 22:11 - 2013-10-01 22:11 - 00000000 ____D C:\ProgramData\Oracle
2013-10-01 22:11 - 2013-10-01 22:11 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-01 22:11 - 2013-04-04 15:22 - 00868264 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-10-01 22:11 - 2013-04-04 15:22 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-10-01 22:09 - 2013-10-01 22:09 - 00913832 _____ (Oracle Corporation) C:\Users\Another\Downloads\chromeinstall-7u40.exe
2013-09-22 19:28 - 2013-10-11 03:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-22 19:28 - 2013-10-11 03:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-22 19:27 - 2013-10-11 03:13 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-22 19:27 - 2013-10-11 03:13 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-22 19:27 - 2013-10-11 03:13 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-22 19:27 - 2013-10-11 03:13 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-22 19:27 - 2013-10-11 03:13 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-22 19:27 - 2013-10-11 03:13 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-22 19:27 - 2013-10-11 03:13 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-22 19:27 - 2013-10-11 03:13 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-22 19:27 - 2013-10-11 03:13 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-22 19:27 - 2013-10-11 03:13 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-22 19:27 - 2013-10-11 03:13 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-22 18:55 - 2013-10-11 03:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-22 18:55 - 2013-10-11 03:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-22 18:55 - 2013-10-11 03:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-22 18:54 - 2013-10-11 03:13 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-22 18:54 - 2013-10-11 03:13 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-22 18:54 - 2013-10-11 03:13 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-22 18:54 - 2013-10-11 03:13 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-22 18:54 - 2013-10-11 03:13 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-22 18:54 - 2013-10-11 03:13 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-22 18:54 - 2013-10-11 03:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-22 18:54 - 2013-10-11 03:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-22 18:54 - 2013-10-11 03:13 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-22 18:54 - 2013-10-11 03:13 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-22 18:54 - 2013-10-11 03:13 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
 
Files to move or delete:
====================
C:\Users\Another\jagex_cl_runescape_LIVE.dat
C:\Users\Another\Minecraft (2).exe
C:\Users\Another\Minecraft (3).exe
C:\Users\Another\random.dat
 
 
Some content of TEMP:
====================
C:\Users\Another\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Another\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-10-21 16:48
 
==================== End Of Log ============================
Link to post
Share on other sites

  • Root Admin

Please uninstall ALL versions of Java
Please uninstall Pando Media Booster

Then run the following and restart the computer once completed and post back the log.


Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Link to post
Share on other sites

Also I only found a  Java 7 update ###### which i uninstalled.
I'm assuming there's more on my computer since you specifically said ALL and I believe I remember installing a couple?
Is there another way I can find them? They're not listed in "Uninstall programs" unless it begins with something other than Java like the "Java Update" did

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-10-2013 01

Ran by Another at 2013-10-21 20:43:38 Run:1

Running from C:\Users\Another\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-02-27] ()

MountPoints2: {903a0f4c-7af0-11e2-ab51-806e6f6e6963} - D:\PhotoApp.exe -autorun

MountPoints2: {91895b79-f0d3-11e2-ae54-3085a99cd41d} - E:\TL_Bootstrap.exe

HKLM-x32\...\Run: [] - [x]

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

BootExecute: autocheck autochk * sdnclean64.exe

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nmd.msn.com

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com

SearchScopes: HKCU - DefaultScope {AFF118A4-F688-4FD6-BA72-F9E17AC1BB77} URL = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox

BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

C:\Users\Another\jagex_cl_runescape_LIVE.dat

C:\Users\Another\Minecraft (2).exe

C:\Users\Another\Minecraft (3).exe

C:\Users\Another\random.dat

C:\Users\Another\AppData\Local\Temp\ntdll_dump.dll

C:\Users\Another\AppData\Local\Temp\Quarantine.exe

 

*****************

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Pando Media Booster => Value not found.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{903a0f4c-7af0-11e2-ab51-806e6f6e6963} => Key deleted successfully.

HKCR\CLSID\{903a0f4c-7af0-11e2-ab51-806e6f6e6963} => Key not found.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91895b79-f0d3-11e2-ae54-3085a99cd41d} => Key deleted successfully.

HKCR\CLSID\{91895b79-f0d3-11e2-ae54-3085a99cd41d} => Key not found.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value not found.

HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.

HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.

HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.

HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.

C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found.

C:\Users\Another\jagex_cl_runescape_LIVE.dat => Moved successfully.

C:\Users\Another\Minecraft (2).exe => Moved successfully.

C:\Users\Another\Minecraft (3).exe => Moved successfully.

C:\Users\Another\random.dat => Moved successfully.

C:\Users\Another\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.

C:\Users\Another\AppData\Local\Temp\Quarantine.exe => Moved successfully.

 

==== End of Fixlog ====

Link to post
Share on other sites

  • Root Admin

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

 

Then restart the computer and run the following
 
Please download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.74  

 Windows 7 Service Pack 1 x64 (UAC is disabled!)  

 Internet Explorer 10  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

AVG Internet Security 2013      

Microsoft Security Essentials   

 Antivirus out of date! (On Access scanning disabled!) 

`````````Anti-malware/Other Utilities Check:````````` 

 MVPS Hosts File  

 Spybot - Search & Destroy 

 McAfee SiteAdvisor    

 Malwarebytes Anti-Malware version 1.75.0.1300  

 Adobe Reader XI  

 Google Chrome 30.0.1599.101  

 Google Chrome 30.0.1599.69  

````````Process Check: objlist.exe by Laurent````````  

 Microsoft Security Essentials MSMpEng.exe 

 Microsoft Security Essentials msseces.exe 

 Malwarebytes Anti-Malware mbamservice.exe  

 Spybot Teatimer.exe is disabled! 

 AVG avgwdsvc.exe 

 Malwarebytes' Anti-Malware mbamscheduler.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 0% 

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

  • Root Admin

You need to uninstall Microsoft Security Essentials if you're going to use AVG as they will conflict with each other.

 

Please run AVG and make sure it's up to date and all protections enabled.

 

How is the computer running now?

Are there still any signs of an infection?

Link to post
Share on other sites

Which one of the two has better ACTIVE protection in your opinion? And how do I set the other one to be just not active? (If possible just for the scan functions, and with AVG the tuneup function)
I am going to restart so it turns all the programs back on :) I haven't noticed if the malware bytes protection is still blocking anything, i'll let you know, but no random popups that i've noticed :D

Link to post
Share on other sites

Okay! Thank you! =) Simply uninstall under add/remove programs? And how should I go about removing everything else? (I don't think I'll touch most [with the exception of that nifty temp cleaner] without your guidance for fear of destroying everything X_x)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.