Jump to content

Can't download anything


Recommended Posts

I noticed a couple of weeks ago that I couldn't download a font that I wanted from dafont.com, it wouldn't open after I downloaded it in firefox, it just showed up as an empty folder.  I tried downloading it in internet explorer instead, and it was immediately shutdown with a message saying it contained a virus and was deleted.  I thought maybe the website was having problems and just did without the font, and a few days ago I downloaded photoshop successfully just fine.  This morning I couldn't download an image file that I wanted from an entirely different website, getting the same line about the virus.  I checked the Mozilla website and it said that I should try resetting firefox.  I did, and it stopped working completely, something about an inaccessible profile.  So I uninstalled firefox, and tried to download it again.  Except now IE won't let me download that, either.  I tried a malwarebytes scan, which came up with no problems, and so I came to the forums.  I can't download DDS.  I tried working around it by downloading DDS to a flash drive on a different computer, but when I tried to run it I got this message:

 

"The version of this file is not compatible with the version of Windows you're running.  Check your computer's system information to see whether you need an x86 (32-bit) or x64 (64-bit) version of the program, and then contact the software publisher."

 

I have no idea what to do now or exactly how serious this is, please help me out.

Link to post
Share on other sites

Welcome to the forum, some way try to do this:

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Ok I got it off the flash drive and on to the computer, this is what it came up with

 

RogueKiller V8.7.6 _x64_ [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Matt D [Admin rights]
Mode : Scan -- Date : 10/28/2013 12:53:09
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V2][sUSP PATH] Funmoods : C:\Users\Matt D\AppData\Roaming\Funmoods\UpdateProc\UpdateTask.exe - /Check [x] -> FOUND
[V2][sUSP PATH] Updater21802.exe : C:\Users\Matt - D\AppData\Local\Updater21802\Updater21802.exe /extensionid=21802 /extensionname="Shopping Sidekick Plugin" /chromeid=dlopielgodpjhkbapdlbbicpiefpaack [x][x][x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][Junction] en-US : C:\Program Files\Windows Defender\en-US >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpAsDesc(736).dll : C:\Program Files\Windows Defender\MpAsDesc(736).dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpAsDesc(755).dll : C:\Program Files\Windows Defender\MpAsDesc(755).dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpAsDesc.dll : C:\Program Files\Windows Defender\MpAsDesc.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpCmdRun(737).exe : C:\Program Files\Windows Defender\MpCmdRun(737).exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpCmdRun(756).exe : C:\Program Files\Windows Defender\MpCmdRun(756).exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpCmdRun.exe : C:\Program Files\Windows Defender\MpCmdRun.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpOAV(757).dll : C:\Program Files\Windows Defender\MpOAV(757).dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpOAV.dll : C:\Program Files\Windows Defender\MpOAV.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpRTP(758).dll : C:\Program Files\Windows Defender\MpRTP(758).dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpRTP.dll : C:\Program Files\Windows Defender\MpRTP.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MSASCui(759).exe : C:\Program Files\Windows Defender\MSASCui(759).exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MSASCui.exe : C:\Program Files\Windows Defender\MSASCui.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpLics(738).dll : C:\Program Files\Windows Defender\MsMpLics(738).dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpLics(760).dll : C:\Program Files\Windows Defender\MsMpLics(760).dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpLics.dll : C:\Program Files\Windows Defender\MsMpLics.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpRes(761).dll : C:\Program Files\Windows Defender\MsMpRes(761).dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpRes.dll : C:\Program Files\Windows Defender\MsMpRes.dll >> \systemroot\system32\config [-] --> FOUND

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9320325AS +++++
--- User ---
[MBR] 2d7d94ba8776bd501073fc5c5b67dc55
[bSP] 6038da5abdb86a32e945c2c6aa172f56 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 122098 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 302487552 | Size: 157545 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_10282013_125309.txt >>

 

 

Link to post
Share on other sites

Please read the following information first.

 

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

I would change all my passwords and keep a close eye on all your sensitive accounts.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?)

Please make sure you click download buttons that look like this, not "sponsored ad links":

bleep-crop.jpg

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
MrC
Link to post
Share on other sites

Oh God, this doesn't look good.  Thank you for catching it, here's my results from FRST

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-10-2013
Ran by Matt D (administrator) on MATTD-PC on 28-10-2013 13:48:42
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Sendori) C:\Program Files (x86)\Sendori\sndappv2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriSvc.exe
(sendori) C:\Program Files (x86)\Sendori\Sendori.Service.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriTray.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriUp.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Intel Corporation) C:\Windows\system32\igfxpers.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Farbar) F:\FRST64(1).exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [VizorHtmlDialog.exe] - C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1654992 2011-10-26] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe [213824 2011-10-03] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [416992 2011-08-02] (Trend Micro Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [472984 2013-06-13] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Facebook Update] - C:\Users\Matt D\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-30] (Facebook Inc.)
HKCU\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\aprp.exe [3331312 2012-03-06] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [sonicMasterTray] - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-22] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2319536 2011-10-18] (ASUS)
HKLM-x32\...\Run: [sendori Tray] - C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2013-07-01] (Sendori, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-09-07] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2237328 2013-09-03] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

URLSearchHook: HKLM-x32 - Vgrabber v1 Toolbar - {7f7f82f1-7c95-47cd-814f-950b56d58fc3} - C:\Program Files (x86)\Vgrabber_v1\prxtbVgra.dll (Conduit Ltd.)
SearchScopes: HKLM - DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub12&ir=ironpub12&cd=2XzuyEtN2Y1L1QzutCtD0B0FyEzztD0D0D0B0Fzz0D0B0BtDtN0D0Tzu0CtAyDyEtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1978157413
SearchScopes: HKLM - {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub12&ir=ironpub12&cd=2XzuyEtN2Y1L1QzutCtD0B0FyEzztD0D0D0B0Fzz0D0B0BtDtN0D0Tzu0CtAyDyEtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1978157413
SearchScopes: HKLM-x32 - DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL =
SearchScopes: HKLM-x32 - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^HJ^xdm017^YY^us&si=pconverter&ptb=4C1C74E0-2A73-41BF-98A0-2C6C300840A7&ind=2012122000&n=77ee8b90&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {5B55414E-2C31-41D1-83BC-C5A2EB7CA7E7} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3268935&CUI=UN45798293820926484
SearchScopes: HKCU - {011C4282-08AF-4110-9560-07DCC1DA05F4} URL = http://websearch.ask.com/redirect?client=ie&tb=IJBME&o=102809&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^4M&apn_dtid=^YYYYYY^YY^US&apn_uid=BE19FE53-EADB-41B4-B708-3426C98BC413&apn_sauid=1B826C97-AB62-4F7E-AD74-693C6D5D0E7B
SearchScopes: HKCU - {538FE862-B887-42DB-8DB9-D7898A7330CC} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20130206,19630,0,18,6477
SearchScopes: HKCU - {5B55414E-2C31-41D1-83BC-C5A2EB7CA7E7} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3268935&CUI=UN45798293820926484
SearchScopes: HKCU - {B20D17D9-B9A2-4620-BD13-39336B771000} URL = http://www.mysearchresults.com/search?&c=2653&t=03&q={searchTerms}
SearchScopes: HKCU - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^HJ^xdm017^YY^us&si=pconverter&ptb=4C1C74E0-2A73-41BF-98A0-2C6C300840A7&ind=2012122000&n=77ee8b90&psa=&st=sb&searchfor={searchTerms}
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg.dll (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1081\7.0.1081\TmBpIe64.dll (Trend Micro Inc.)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Vgrabber v1 Toolbar - {7f7f82f1-7c95-47cd-814f-950b56d58fc3} - C:\Program Files (x86)\Vgrabber_v1\prxtbVgra.dll (Conduit Ltd.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1081\7.0.1081\TmBpIe32.dll (Trend Micro Inc.)
Toolbar: HKLM-x32 - VideoDownloadConverter - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll No File
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Vgrabber v1 Toolbar - {7f7f82f1-7c95-47cd-814f-950b56d58fc3} - C:\Program Files (x86)\Vgrabber_v1\prxtbVgra.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {7F7F82F1-7C95-47CD-814F-950B56D58FC3} -  No File
Toolbar: HKCU - No Name - {48586425-6BB7-4F51-8DC6-38C88E3EBB58} -  No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1081\7.0.1081\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1081\7.0.1081\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll (Trend Micro Inc.)
Winsock: Catalog9 01 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)
Winsock: Catalog9 02 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)
Winsock: Catalog9 03 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)
Winsock: Catalog9 04 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)
Winsock: Catalog9 05 C:\PROGRA~2\NetDog\netd.dll [569344] ()
Winsock: Catalog9 06 C:\PROGRA~2\NetDog\netd.dll [569344] ()
Winsock: Catalog9 07 C:\PROGRA~2\NetDog\netd.dll [569344] ()
Winsock: Catalog9 12 C:\PROGRA~2\NetDog\netd.dll [569344] ()
Winsock: Catalog9 14 C:\PROGRA~2\NetDog\netd.dll [569344] ()
Winsock: Catalog9 16 C:\Windows\SysWOW64\Sendori.dll [325920] (Sendori)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

==================== Services (Whitelisted) =================

R2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [119072 2013-07-01] (Sendori, Inc.)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-16] (ASUS)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2013-07-01] (sendori)
R2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2013-07-01] (Sendori)
R3 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [247072 2011-08-02] (Trend Micro Inc.)
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [x]

==================== Drivers (Whitelisted) ====================

R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [91920 2011-08-11] (Trend Micro Inc.)
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [167696 2011-08-11] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [70928 2011-08-11] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2011-09-29] (Trend Micro Inc.)
U2 TMAgent;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-28 13:48 - 2013-10-28 13:48 - 00000000 ____D C:\FRST
2013-10-28 12:53 - 2013-10-28 12:53 - 00004356 _____ C:\Users\Matt D\Desktop\RKreport[0]_S_10282013_125309.txt
2013-10-28 12:51 - 2013-10-28 12:53 - 00000000 ____D C:\Users\Matt D\Desktop\RK_Quarantine
2013-10-28 12:50 - 2013-10-28 12:27 - 04012032 _____ C:\Users\Matt D\Desktop\RogueKillerX64.exe
2013-10-28 12:19 - 2013-10-28 12:19 - 00000000 _____ C:\Users\Matt D\Downloads\RogueKillerX64.exe.lczudw7.partial
2013-10-28 10:26 - 2013-10-28 10:26 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-28 09:37 - 2013-10-28 09:37 - 00003288 ____N C:\bootsqm.dat
2013-10-28 09:13 - 2013-10-28 09:13 - 00000000 ____D C:\Users\Default\AppData\Local\Power2Go
2013-10-28 09:13 - 2013-10-28 09:13 - 00000000 ____D C:\Users\Default User\AppData\Local\Power2Go
2013-10-28 07:19 - 2013-10-28 07:19 - 00000000 __SHD C:\$$PendingFiles
2013-10-28 05:53 - 2013-10-28 05:53 - 00479872 _____ C:\Users\Matt D\Downloads\MetalPrint_10x8.psd.zip
2013-10-26 18:15 - 2013-10-26 18:15 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-10-26 10:22 - 2013-10-26 10:22 - 00000000 ____D C:\Users\Matt D\AppData\Local\{C05A6A41-1F94-4D49-91A1-817F5B00432F}
2013-10-25 16:16 - 2013-10-25 16:16 - 00575625 _____ C:\Users\Matt D\Downloads\painted(1).zip
2013-10-25 15:38 - 2013-10-25 15:39 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-10-25 15:38 - 2013-10-25 15:38 - 00000000 ____D C:\Users\Matt D\AppData\Roaming\PDAppFlex
2013-10-25 15:34 - 2013-10-25 15:34 - 00000000 ____D C:\Program Files\Adobe
2013-10-25 15:26 - 2013-10-25 15:34 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-10-25 14:25 - 2013-10-25 14:25 - 00003504 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-MattD-PC-Matt D
2013-10-25 14:25 - 2013-10-25 14:25 - 00001074 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2013-10-25 14:18 - 2013-10-25 14:18 - 02832256 _____ (Adobe Systems Incorporated) C:\Users\Matt D\Downloads\CreativeCloudSet-Up.exe
2013-10-24 17:49 - 2013-10-24 17:49 - 00575761 _____ C:\Users\Matt D\Downloads\HeatherT-Painted.zip
2013-10-24 14:50 - 2013-10-24 14:51 - 00575625 _____ C:\Users\Matt D\Downloads\painted.zip
2013-10-24 14:23 - 2013-10-24 14:23 - 00020070 _____ C:\Users\Matt D\Downloads\watermark.zip
2013-10-17 16:28 - 2013-10-17 16:28 - 00611031 _____ C:\Users\Matt D\Downloads\kg_chasing_cars.zip
2013-10-17 15:50 - 2013-10-17 15:50 - 00027343 _____ C:\Users\Matt D\Downloads\jenna_sue(1).zip
2013-10-17 15:48 - 2013-10-17 15:48 - 00027343 _____ C:\Users\Matt D\Downloads\jenna_sue.zip
2013-10-11 09:16 - 2013-09-22 16:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-11 09:16 - 2013-09-22 16:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-11 09:16 - 2013-09-22 16:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-11 09:16 - 2013-09-22 16:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-11 09:16 - 2013-09-22 16:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-11 09:16 - 2013-09-22 16:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-11 09:16 - 2013-09-22 16:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-11 09:16 - 2013-09-22 16:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-11 09:16 - 2013-09-22 16:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-11 09:16 - 2013-09-22 16:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-11 09:16 - 2013-09-22 16:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-11 09:16 - 2013-09-22 16:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-11 09:16 - 2013-09-22 16:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-11 09:16 - 2013-09-22 15:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-11 09:16 - 2013-09-22 15:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-11 09:16 - 2013-09-22 15:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-11 09:16 - 2013-09-22 15:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-11 09:16 - 2013-09-22 15:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-11 09:16 - 2013-09-22 15:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-11 09:16 - 2013-09-22 15:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-11 09:16 - 2013-09-22 15:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-11 09:16 - 2013-09-22 15:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-11 09:16 - 2013-09-22 15:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-11 09:16 - 2013-09-22 15:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-11 09:16 - 2013-09-22 15:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-11 09:16 - 2013-09-22 15:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-11 09:16 - 2013-09-22 15:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-11 09:16 - 2013-09-20 20:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-11 09:16 - 2013-09-20 20:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-11 09:16 - 2013-09-20 19:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-11 09:16 - 2013-09-20 19:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-10 12:05 - 2013-07-04 05:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 12:05 - 2013-07-04 04:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-10 12:04 - 2013-06-05 22:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-10 12:04 - 2013-06-05 22:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-10 12:04 - 2013-06-05 22:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-10 12:04 - 2013-06-05 22:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-10 12:04 - 2013-06-05 21:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-10 12:04 - 2013-06-05 21:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-10 12:04 - 2013-06-05 21:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-10 12:04 - 2013-06-05 20:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 12:04 - 2013-06-05 20:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-10 12:04 - 2013-06-05 20:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-10 11:58 - 2013-06-25 15:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-10 11:57 - 2013-07-12 03:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-10 11:57 - 2013-07-12 03:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-10 11:57 - 2013-07-02 21:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 11:57 - 2013-07-02 21:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 11:56 - 2013-07-04 05:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-10 11:56 - 2013-07-04 05:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-10 11:56 - 2013-07-04 04:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-10 11:56 - 2013-07-04 04:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-10 11:56 - 2013-07-04 03:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-10 11:55 - 2013-09-13 18:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-10 11:55 - 2013-09-07 19:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-10 11:55 - 2013-09-07 19:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-10 11:55 - 2013-09-07 19:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-10 11:55 - 2013-08-27 18:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 11:54 - 2013-08-28 19:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-10 11:54 - 2013-08-28 19:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-10 11:54 - 2013-08-28 19:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-10 11:54 - 2013-08-28 19:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-10 11:54 - 2013-08-28 19:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-10 11:54 - 2013-08-28 18:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-10 11:54 - 2013-08-28 18:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-10 11:54 - 2013-08-28 18:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-10 11:54 - 2013-08-28 18:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-10 11:54 - 2013-08-28 18:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-10 11:54 - 2013-08-28 18:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-10 11:54 - 2013-08-28 17:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-10 11:54 - 2013-08-28 17:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-10 11:54 - 2013-08-28 17:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-10 11:54 - 2013-08-28 17:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-10 11:52 - 2013-07-20 03:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 11:52 - 2013-07-20 03:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 11:51 - 2013-08-27 18:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-10 11:51 - 2013-08-01 05:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-07 14:15 - 2013-10-25 16:26 - 00000000 ____D C:\Users\Matt D\Desktop\etsy posts

==================== One Month Modified Files and Folders =======

2013-10-28 13:48 - 2013-10-28 13:48 - 00000000 ____D C:\FRST
2013-10-28 13:40 - 2009-07-13 22:13 - 00795308 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-28 13:32 - 2013-09-08 14:16 - 03394048 ___SH C:\Users\Matt D\Desktop\Thumbs.db
2013-10-28 13:32 - 2012-04-21 23:59 - 01386198 _____ C:\Windows\WindowsUpdate.log
2013-10-28 13:26 - 2013-02-20 01:22 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4BA4EDE1-8ADC-4E23-9CAB-8FC69C1AE1CB}
2013-10-28 12:53 - 2013-10-28 12:53 - 00004356 _____ C:\Users\Matt D\Desktop\RKreport[0]_S_10282013_125309.txt
2013-10-28 12:53 - 2013-10-28 12:51 - 00000000 ____D C:\Users\Matt D\Desktop\RK_Quarantine
2013-10-28 12:30 - 2012-07-30 15:25 - 00000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3160658070-3415962871-2747071126-1000UA.job
2013-10-28 12:27 - 2013-10-28 12:50 - 04012032 _____ C:\Users\Matt D\Desktop\RogueKillerX64.exe
2013-10-28 12:19 - 2013-10-28 12:19 - 00000000 _____ C:\Users\Matt D\Downloads\RogueKillerX64.exe.lczudw7.partial
2013-10-28 11:59 - 2012-07-31 16:42 - 00000000 ____D C:\Users\Matt D\AppData\Roaming\Skype
2013-10-28 11:45 - 2013-02-09 19:17 - 00000000 ____D C:\Program Files (x86)\Yontoo
2013-10-28 10:26 - 2013-10-28 10:26 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-28 10:19 - 2009-07-13 21:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-28 10:19 - 2009-07-13 21:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-28 10:11 - 2012-07-28 21:58 - 00000380 _____ C:\Users\Matt D\AppData\Roaming\sp_data.sys
2013-10-28 10:10 - 2013-02-09 19:27 - 00000416 _____ C:\Windows\Tasks\Quick PC Booster64 startups.job
2013-10-28 10:10 - 2012-07-28 21:57 - 00000000 ___HD C:\ASUS.DAT
2013-10-28 10:10 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-28 10:10 - 2009-07-13 21:51 - 00102868 _____ C:\Windows\setupact.log
2013-10-28 09:38 - 2012-03-06 03:59 - 00000258 __RSH C:\ProgramData\ntuser.pol
2013-10-28 09:37 - 2013-10-28 09:37 - 00003288 ____N C:\bootsqm.dat
2013-10-28 09:13 - 2013-10-28 09:13 - 00000000 ____D C:\Users\Default\AppData\Local\Power2Go
2013-10-28 09:13 - 2013-10-28 09:13 - 00000000 ____D C:\Users\Default User\AppData\Local\Power2Go
2013-10-28 09:13 - 2012-04-22 00:09 - 00045056 _____ C:\Windows\SysWOW64\acovcnt.exe
2013-10-28 09:12 - 2012-03-06 03:27 - 00050992 _____ C:\Windows\PFRO.log
2013-10-28 09:12 - 2009-07-13 22:08 - 00032652 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-28 08:33 - 2013-08-30 08:50 - 00003342 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3160658070-3415962871-2747071126-1000
2013-10-28 08:33 - 2013-02-09 20:26 - 00003210 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3160658070-3415962871-2747071126-1000
2013-10-28 07:19 - 2013-10-28 07:19 - 00000000 __SHD C:\$$PendingFiles
2013-10-28 07:11 - 2013-06-23 13:04 - 00000000 ____D C:\Users\Matt D\AppData\Local\Microsoft Games
2013-10-28 06:29 - 2012-07-31 16:42 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-28 06:29 - 2012-07-31 16:42 - 00000000 ____D C:\ProgramData\Skype
2013-10-28 06:27 - 2012-08-15 20:57 - 00000000 ____D C:\Users\Matt D\AppData\Local\Adobe
2013-10-28 05:53 - 2013-10-28 05:53 - 00479872 _____ C:\Users\Matt D\Downloads\MetalPrint_10x8.psd.zip
2013-10-27 15:38 - 2012-07-30 15:25 - 00000910 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3160658070-3415962871-2747071126-1000Core.job
2013-10-27 07:24 - 2013-07-06 09:20 - 00000000 ____D C:\Users\Matt D\Desktop\heather
2013-10-27 05:29 - 2013-06-23 16:57 - 00000408 ____H C:\Windows\Tasks\Norton Security Scan for Matt D.job
2013-10-26 20:08 - 2012-08-03 21:09 - 00000000 ____D C:\Users\Matt D\AppData\Roaming\SoftGrid Client
2013-10-26 18:15 - 2013-10-26 18:15 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-10-26 18:15 - 2013-06-23 16:57 - 00000000 ____D C:\ProgramData\Norton
2013-10-26 10:22 - 2013-10-26 10:22 - 00000000 ____D C:\Users\Matt D\AppData\Local\{C05A6A41-1F94-4D49-91A1-817F5B00432F}
2013-10-26 07:59 - 2012-04-22 00:07 - 00002360 _____ C:\Windows\system32\AutoRunFilter.ini
2013-10-26 07:57 - 2009-07-13 21:45 - 04938136 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-25 16:26 - 2013-10-07 14:15 - 00000000 ____D C:\Users\Matt D\Desktop\etsy posts
2013-10-25 16:16 - 2013-10-25 16:16 - 00575625 _____ C:\Users\Matt D\Downloads\painted(1).zip
2013-10-25 15:39 - 2013-10-25 15:38 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-10-25 15:39 - 2012-07-28 22:40 - 00000000 ____D C:\Users\Matt D\AppData\Roaming\Adobe
2013-10-25 15:38 - 2013-10-25 15:38 - 00000000 ____D C:\Users\Matt D\AppData\Roaming\PDAppFlex
2013-10-25 15:34 - 2013-10-25 15:34 - 00000000 ____D C:\Program Files\Adobe
2013-10-25 15:34 - 2013-10-25 15:26 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-10-25 15:34 - 2012-07-28 21:57 - 00058016 _____ C:\Users\Matt D\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-25 15:34 - 2012-03-06 03:49 - 00000000 ____D C:\ProgramData\Adobe
2013-10-25 15:29 - 2013-06-21 22:45 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-10-25 14:25 - 2013-10-25 14:25 - 00003504 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-MattD-PC-Matt D
2013-10-25 14:25 - 2013-10-25 14:25 - 00001074 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2013-10-25 14:25 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-10-25 14:18 - 2013-10-25 14:18 - 02832256 _____ (Adobe Systems Incorporated) C:\Users\Matt D\Downloads\CreativeCloudSet-Up.exe
2013-10-24 17:49 - 2013-10-24 17:49 - 00575761 _____ C:\Users\Matt D\Downloads\HeatherT-Painted.zip
2013-10-24 14:51 - 2013-10-24 14:50 - 00575625 _____ C:\Users\Matt D\Downloads\painted.zip
2013-10-24 14:23 - 2013-10-24 14:23 - 00020070 _____ C:\Users\Matt D\Downloads\watermark.zip
2013-10-17 16:28 - 2013-10-17 16:28 - 00611031 _____ C:\Users\Matt D\Downloads\kg_chasing_cars.zip
2013-10-17 15:50 - 2013-10-17 15:50 - 00027343 _____ C:\Users\Matt D\Downloads\jenna_sue(1).zip
2013-10-17 15:48 - 2013-10-17 15:48 - 00027343 _____ C:\Users\Matt D\Downloads\jenna_sue.zip
2013-10-13 13:05 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2013-10-11 09:39 - 2013-03-13 17:29 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 09:39 - 2013-03-13 17:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-11 09:09 - 2012-03-06 03:48 - 00789524 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-01 00:57 - 2013-07-12 11:55 - 00000000 ____D C:\Users\Matt D\AppData\Local\Mozilla

Files to move or delete:
====================
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install


Some content of TEMP:
====================
C:\Users\Matt D\AppData\Local\Temp\59193uninstall.exe
C:\Users\Matt D\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\Matt D\AppData\Local\Temp\lowproc.exe
C:\Users\Matt D\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Matt D\AppData\Local\Temp\plugin.part.1.exe
C:\Users\Matt D\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Matt D\AppData\Local\Temp\Sqlite3.dll
C:\Users\Matt D\AppData\Local\Temp\stubhelper.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\en-US => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


LastRegBack: 2013-10-21 15:23

==================== End Of Log ============================

 

I have the addition too, but when I try to upload it says Upload Skipped (Error 10) in a red box with an exclamation point.

Link to post
Share on other sites

Download the attached fixlist.txt to the same folder as FRST.

Run FRST and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then......

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
To attach a log if needed:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-10-2013
Ran by Matt D at 2013-10-28 15:09:32 Run:1
Running from F:\
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Matt D\AppData\Local\Temp\59193uninstall.exe
C:\Users\Matt D\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\Matt D\AppData\Local\Temp\lowproc.exe
C:\Users\Matt D\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Matt D\AppData\Local\Temp\plugin.part.1.exe
C:\Users\Matt D\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Matt D\AppData\Local\Temp\Sqlite3.dll
C:\Users\Matt D\AppData\Local\Temp\stubhelper.dll
C:\Program Files (x86)\Google\Desktop\Install
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
*****************

C:\Users\Matt D\AppData\Local\Temp\59193uninstall.exe => Moved successfully.
C:\Users\Matt D\AppData\Local\Temp\Creative Cloud Helper.exe => Moved successfully.
C:\Users\Matt D\AppData\Local\Temp\lowproc.exe => Moved successfully.
C:\Users\Matt D\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.
C:\Users\Matt D\AppData\Local\Temp\plugin.part.1.exe => Moved successfully.
C:\Users\Matt D\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Matt D\AppData\Local\Temp\Sqlite3.dll => Moved successfully.
C:\Users\Matt D\AppData\Local\Temp\stubhelper.dll => Moved successfully.
C:\Program Files (x86)\Google\Desktop\Install => Moved successfully.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc(736).dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc(755).dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun(737).exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun(756).exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV(757).dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRTP(758).dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui(759).exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics(738).dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics(760).dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes(761).dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.

==== End of Fixlog ====

 

Ok, I'm downloading the rootkit now.

Link to post
Share on other sites

RogueKiller V8.7.6 _x64_ [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Matt D [Admin rights]
Mode : Scan -- Date : 10/28/2013 15:58:59
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V2][sUSP PATH] Funmoods : C:\Users\Matt D\AppData\Roaming\Funmoods\UpdateProc\UpdateTask.exe - /Check [x] -> FOUND
[V2][sUSP PATH] Updater21802.exe : C:\Users\Matt - D\AppData\Local\Updater21802\Updater21802.exe /extensionid=21802 /extensionname="Shopping Sidekick Plugin" /chromeid=dlopielgodpjhkbapdlbbicpiefpaack [x][x][x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9320325AS +++++
--- User ---
[MBR] 2d7d94ba8776bd501073fc5c5b67dc55
[bSP] 6038da5abdb86a32e945c2c6aa172f56 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 122098 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 302487552 | Size: 157545 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_10282013_155859.txt >>
RKreport[0]_S_10282013_125309.txt

Link to post
Share on other sites

OK, the log looks better now.

Lets run ComboFix to clear up any leftovers.

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please make sure you click download buttons that look like this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

 

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

I did have the illegal operation message but it looks like rebooting did fix it, here's the log

 

ComboFix 13-10-28.01 - Matt D 10/28/2013  16:23:42.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4000.1851 [GMT -7:00]
Running from: C:\Users\Matt D\Desktop\ComboFix.exe
AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

C:\END
C:\Users\Matt D\AppData\Local\Temp\nss9E8.tmp\System.dll
C:\Users\MATTD~1\AppData\Local\Temp\nss9E8.tmp\System.dll
C:\Windows\msvcr71.dll

(((((((((((((((((((((((((   Files Created from 2013-09-28 to 2013-10-28  )))))))))))))))))))))))))))))))

2013-10-28 23:34:53 . 2013-10-28 23:34:53 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-10-28 22:19:19 . 2013-10-28 22:56:40 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-28 22:19:19 . 2013-10-28 22:19:19 116440 ----a-w- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2013-10-28 22:16:25 . 2013-10-28 22:17:49 91352 ----a-w- C:\Windows\system32\drivers\mbamchameleon.sys
2013-10-28 20:48:35 . 2013-10-28 20:48:35 -------- d-----w- C:\FRST
2013-10-28 16:13:42 . 2013-10-28 16:13:42 -------- d-----w- C:\Users\Default\AppData\Local\Power2Go
2013-10-28 14:19:37 . 2013-10-28 14:19:37 -------- d-sh--w- C:\$$PendingFiles
2013-10-25 22:38:46 . 2013-10-25 22:38:46 -------- d-----w- C:\Users\Matt D\AppData\Roaming\PDAppFlex
2013-10-25 22:38:19 . 2013-10-25 22:39:08 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2013-10-25 22:34:32 . 2013-10-25 22:34:32 -------- d-----w- C:\Program Files\Adobe
2013-10-25 22:26:26 . 2013-10-25 22:34:47 -------- d-----w- C:\Program Files\Common Files\Adobe
2013-10-16 17:56:55 . 2013-10-16 17:56:55 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2013-10-10 19:05:50 . 2013-07-04 12:50:39 633856 ----a-w- C:\Windows\system32\comctl32.dll
2013-10-10 19:05:50 . 2013-07-04 11:50:56 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2013-10-10 19:04:21 . 2013-06-06 05:50:51 41472 ----a-w- C:\Windows\system32\lpk.dll
2013-10-10 19:04:21 . 2013-06-06 05:49:52 100864 ----a-w- C:\Windows\system32\fontsub.dll
2013-10-10 19:04:21 . 2013-06-06 05:49:07 14336 ----a-w- C:\Windows\system32\dciman32.dll
2013-10-10 19:04:21 . 2013-06-06 05:47:21 46080 ----a-w- C:\Windows\system32\atmlib.dll
2013-10-10 19:04:21 . 2013-06-06 04:57:01 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2013-10-10 19:04:21 . 2013-06-06 04:51:29 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2013-10-10 19:04:21 . 2013-06-06 04:50:56 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2013-10-10 19:04:21 . 2013-06-06 03:30:53 368128 ----a-w- C:\Windows\system32\atmfd.dll
2013-10-10 19:04:21 . 2013-06-06 03:01:38 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-10-10 19:04:21 . 2013-06-06 03:01:26 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-10-10 18:58:41 . 2013-06-25 22:55:52 785624 ----a-w- C:\Windows\system32\drivers\Wdf01000.sys
2013-10-10 18:57:47 . 2013-07-12 10:41:35 185344 ----a-w- C:\Windows\system32\drivers\usbvideo.sys
2013-10-10 18:57:47 . 2013-07-12 10:41:12 100864 ----a-w- C:\Windows\system32\drivers\usbcir.sys
2013-10-10 18:57:07 . 2013-07-03 04:05:05 76800 ----a-w- C:\Windows\system32\drivers\hidclass.sys
2013-10-10 18:57:07 . 2013-07-03 04:05:04 32896 ----a-w- C:\Windows\system32\drivers\hidparse.sys
2013-10-10 18:56:32 . 2013-07-04 12:57:22 259584 ----a-w- C:\Windows\system32\WebClnt.dll
2013-10-10 18:56:32 . 2013-07-04 12:50:46 102400 ----a-w- C:\Windows\system32\davclnt.dll
2013-10-10 18:56:32 . 2013-07-04 11:57:28 205824 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2013-10-10 18:56:32 . 2013-07-04 11:51:04 81920 ----a-w- C:\Windows\SysWow64\davclnt.dll
2013-10-10 18:56:32 . 2013-07-04 10:11:35 140800 ----a-w- C:\Windows\system32\drivers\mrxdav.sys
2013-10-10 18:55:53 . 2013-09-14 01:10:19 497152 ----a-w- C:\Windows\system32\drivers\afd.sys
2013-10-10 18:55:53 . 2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2013-10-10 18:55:53 . 2013-09-08 02:27:14 327168 ----a-w- C:\Windows\system32\mswsock.dll
2013-10-10 18:55:53 . 2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-10-10 18:55:14 . 2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\system32\win32k.sys
2013-10-10 18:52:36 . 2013-07-20 10:33:12 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 18:52:36 . 2013-07-20 10:33:08 124112 ----a-w- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 18:51:52 . 2013-08-01 12:09:36 983488 ----a-w- C:\Windows\system32\drivers\dxgkrnl.sys
2013-10-10 18:51:08 . 2013-08-28 01:12:33 461312 ----a-w- C:\Windows\system32\scavengeui.dll
.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-10-28 23:38:10 . 2012-07-29 04:58:43 380 ----a-w- C:\Users\Matt D\AppData\Roaming\sp_data.sys
2013-10-28 16:13:38 . 2012-04-22 07:09:11 45056 ----a-w- C:\Windows\SysWow64\acovcnt.exe
2013-09-07 21:02:52 . 2013-09-07 21:02:52 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2013-09-07 21:02:52 . 2013-09-07 21:02:52 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2013-08-29 22:02:10 . 2013-08-29 22:02:10 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-29 22:02:10 . 2013-08-29 22:02:10 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-29 01:48:15 . 2013-10-10 18:54:36 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-05 02:25:45 . 2013-09-11 21:22:51 155584 ----a-w- C:\Windows\system32\drivers\ataport.sys
2013-08-02 02:14:57 . 2013-09-11 21:22:26 215040 ----a-w- C:\Windows\system32\winsrv.dll
2013-08-02 02:13:34 . 2013-09-11 21:22:26 424448 ----a-w- C:\Windows\system32\KernelBase.dll
2013-08-02 02:13:34 . 2013-09-11 21:22:26 1161216 ----a-w- C:\Windows\system32\kernel32.dll
2013-08-02 02:12:47 . 2013-09-11 21:22:26 43520 ----a-w- C:\Windows\system32\csrsrv.dll
2013-08-02 02:12:20 . 2013-09-11 21:22:26 6656 ----a-w- C:\Windows\system32\apisetschema.dll
2013-08-02 02:12:20 . 2013-09-11 21:22:26 6144 ---ha-w- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 02:12:20 . 2013-09-11 21:22:26 4608 ---ha-w- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 02:12:20 . 2013-09-11 21:22:26 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 02:12:20 . 2013-09-11 21:22:26 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 02:12:20 . 2013-09-11 21:22:26 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 02:12:20 . 2013-09-11 21:22:26 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-08-02 02:12:20 . 2013-09-11 21:22:26 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-08-02 02:12:19 . 2013-09-11 21:22:26 4608 ---ha-w- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 02:12:19 . 2013-09-11 21:22:26 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 02:12:19 . 2013-09-11 21:22:26 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 02:12:19 . 2013-09-11 21:22:26 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 02:12:19 . 2013-09-11 21:22:26 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 02:12:19 . 2013-09-11 21:22:26 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 02:12:19 . 2013-09-11 21:22:26 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 02:12:19 . 2013-09-11 21:22:26 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 02:12:19 . 2013-09-11 21:22:26 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 02:12:19 . 2013-09-11 21:22:26 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 02:12:19 . 2013-09-11 21:22:26 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 02:12:19 . 2013-09-11 21:22:26 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-08-02 02:12:19 . 2013-09-11 21:22:26 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 02:12:19 . 2013-09-11 21:22:26 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 02:12:18 . 2013-09-11 21:22:26 5120 ---ha-w- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-08-02 02:12:18 . 2013-09-11 21:22:26 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 02:12:18 . 2013-09-11 21:22:26 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 02:12:18 . 2013-09-11 21:22:26 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 02:12:18 . 2013-09-11 21:22:26 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 02:12:18 . 2013-09-11 21:22:26 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 02:12:18 . 2013-09-11 21:22:26 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:50:42 . 2013-09-11 21:22:26 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:48:15 . 2013-09-11 21:22:26 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-08-02 01:48:15 . 2013-09-11 21:22:26 5120 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-11 21:22:26 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-11 21:22:26 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-11 21:22:26 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-11 21:22:26 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-11 21:22:26 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-11 21:22:26 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-11 21:22:26 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-11 21:22:26 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-11 21:22:26 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-11 21:22:26 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-11 21:22:26 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-11 21:22:26 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-11 21:22:26 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-11 21:22:26 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-11 21:22:26 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-11 21:22:26 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-11 21:22:26 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-11 21:22:26 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 01:48:15 . 2013-09-11 21:22:26 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 01:48:14 . 2013-09-11 21:22:26 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 01:48:14 . 2013-09-11 21:22:26 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 01:48:14 . 2013-09-11 21:22:26 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 01:48:14 . 2013-09-11 21:22:26 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:09:17 . 2013-09-11 21:22:26 338432 ----a-w- C:\Windows\system32\conhost.exe
2013-08-02 00:59:09 . 2013-09-11 21:22:26 112640 ----a-w- C:\Windows\system32\smss.exe
2013-08-02 00:43:05 . 2013-09-11 21:22:26 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 . 2013-09-11 21:22:26 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 . 2013-09-11 21:22:26 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 . 2013-09-11 21:22:26 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7f7f82f1-7c95-47cd-814f-950b56d58fc3}]
2012-11-06 12:01:42 183112 ----a-w- C:\Program Files (x86)\Vgrabber_v1\prxtbVgra.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{7f7f82f1-7c95-47cd-814f-950b56d58fc3}"= "C:\Program Files (x86)\Vgrabber_v1\prxtbVgra.dll" [2012-11-06 12:01:42 183112]

[HKEY_CLASSES_ROOT\clsid\{7f7f82f1-7c95-47cd-814f-950b56d58fc3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="C:\Users\Matt D\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-30 22:25:29 138096]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe" [2013-10-02 18:08:56 20472992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="C:\Program Files (x86)\ASUS\APRP\APRP.EXE" [2012-03-06 10:58:15 3331312]
"ASUSWebStorage"="C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 09:43:58 737104]
"SonicMasterTray"="C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 05:45:00 984400]
"ATKOSD2"="C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-12-23 02:58:42 318080]
"ATKMEDIA"="C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-25 00:20:38 174720]
"HControlUser"="C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 17:29:42 105016]
"Wireless Console 3"="C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-10-19 01:38:26 2319536]
"Sendori Tray"="C:\Program Files (x86)\Sendori\SendoriTray.exe" [2013-07-01 19:28:16 83232]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 10:37:26 958576]
"TkBellExe"="C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" [2013-09-07 21:02:55 295512]
"Adobe Creative Cloud"="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2013-09-03 22:58:26 2237328]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2012-3-6 549040]
FancyStart daemon.lnk - C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe -d [2012-4-22 12862]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe;C:\Program Files (x86)\Skype\Updater\Updater.exe [x]
R3 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys;C:\Windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys;C:\Windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe;C:\Windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys;C:\Windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]
S2 AFBAgent;AFBAgent;C:\Windows\system32\FBAgent.exe;C:\Windows\SYSNATIVE\FBAgent.exe [x]
S2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe;C:\Program Files (x86)\Sendori\SendoriSvc.exe [x]
S2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [x]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe;C:\Program Files (x86)\Sendori\Sendori.Service.exe [x]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe;C:\Program Files (x86)\Sendori\sndappv2.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys;C:\Windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys;C:\Windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys;C:\Windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys;C:\Windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys;C:\Windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys;C:\Windows\SYSNATIVE\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys;C:\Windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys;C:\Windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys;C:\Windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys;C:\Windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys;C:\Windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 TiMiniService;TiMiniService;C:\Program Files\Trend Micro\Titanium\TiMiniService.exe;C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [x]

Contents of the 'Scheduled Tasks' folder

2013-10-28 C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3160658070-3415962871-2747071126-1000Core.job
- C:\Users\Matt D\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-30 22:25:36 . 2012-07-30 22:25:29]

2013-10-28 C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3160658070-3415962871-2747071126-1000UA.job
- C:\Users\Matt D\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-30 22:25:36 . 2012-07-30 22:25:29]

2013-10-27 C:\Windows\Tasks\Norton Security Scan for Matt D.job
- C:\PROGRA~2\NORTON~2\Engine\401~1.16\Nss.exe [2013-06-23 23:57:47 . 2013-05-07 12:59:31]

--------- X64 Entries -----------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2013-08-30 17:01:34 3358064 ----a-w- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2013-08-30 17:01:34 3358064 ----a-w- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2013-08-30 17:01:34 3358064 ----a-w- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09:22 227840 ----a-w- C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09:22 227840 ----a-w- C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VizorHtmlDialog.exe"="C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2011-10-26 17:04:30 1654992]
"Trend Micro Client Framework"="C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-10-04 06:27:10 213824]
"Trend Micro Titanium"="C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe" [2011-08-02 20:33:12 416992]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2011-11-03 10:09:34 167704]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2011-11-03 10:09:32 392472]
"AmIcoSinglun64"="C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 08:07:02 361984]
"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 07:02:12 2277480]
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-06-13 21:28:22 472984]

------- Supplementary Scan -------

uLocal Page = C:\Windows\system32\blank.htm

mLocal Page = C:\Windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{1E86DEAD-D4C2-497E-B8AD-1F96F2095B97}\5364D48563: NameServer = 192.168.1.1,68.238.64.12

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Toolbar-{48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{7F7F82F1-7C95-47CD-814F-950B56D58FC3} - (no file)
HKLM-Run-ETDCtrl - C:\Program Files (x86)\Elantech\ETDCtrl.exe
AddRemove-ASUS_Screensaver - C:\Windows\system32\ASUS_Screensaver.scr
AddRemove-RealPlayer 16.0 - C:\Program Files (x86)\Real\RealPlayer\Update\r1puninst.exe

 

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

------------------------ Other Running Processes ------------------------

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\Sendori\SendoriUp.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

**************************************************************************

Completion time: 2013-10-28  16:55:31 - machine was rebooted
ComboFix-quarantined-files.txt  2013-10-28 23:55:24

Pre-Run: 70,129,078,272 bytes free
Post-Run: 71,315,841,024 bytes free

- - End Of File - - E4716FD48B0B49C8161A2F07F346E49C

Link to post
Share on other sites

Looks Good.....

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look like this, not "sponsored ad links":

bleep-crop.jpg

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

Ok here's the adware scan, next I'll do the malware bytes

 

# AdwCleaner v3.010 - Report created 28/10/2013 at 17:19:43
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Matt D - MATTD-PC
# Running from : C:\Users\Matt D\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Shopping Sidekick Plugin
Folder Deleted : C:\Program Files (x86)\VideoDownloadConverter_4z
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\Program Files (x86)\Vgrabber_v1
Folder Deleted : C:\Users\Matt D\AppData\Local\apn
Folder Deleted : C:\Users\Matt D\AppData\Local\Conduit
Folder Deleted : C:\Users\Matt D\AppData\Local\iac
Folder Deleted : C:\Users\Matt D\AppData\Local\Shopping Sidekick Plugin
Folder Deleted : C:\Users\Matt D\AppData\Local\VideoDownloadConverter_4z
Folder Deleted : C:\Users\Matt D\AppData\Local\Wajam
Folder Deleted : C:\Users\Matt D\AppData\Local\Zoom_Downloader
Folder Deleted : C:\Users\Matt D\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Matt D\AppData\LocalLow\iac
Folder Deleted : C:\Users\Matt D\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Matt D\AppData\LocalLow\VideoDownloadConverter_4z
Folder Deleted : C:\Users\Matt D\AppData\LocalLow\Vgrabber_v1
Folder Deleted : C:\Users\Matt D\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\Matt D\AppData\Roaming\Funmoods
Folder Deleted : C:\Users\Matt D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video downloader
File Deleted : C:\Windows\System32\Tasks\Funmoods

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLMenu
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLMenu.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.RadioSettings
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.RadioSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SettingsPlugin
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SettingsPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\PricePeepInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\PricePeepInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3268935
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{71144427-1368-4D18-8DC9-2AE3CC4C4F83}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F7F82F1-7C95-47CD-814F-950B56D58FC3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61442EE4-AEFC-46A6-95A3-3BCB6C3AC714}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266186602}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F7F82F1-7C95-47CD-814F-950B56D58FC3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F7F82F1-7C95-47CD-814F-950B56D58FC3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F7F82F1-7C95-47CD-814F-950B56D58FC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71144427-1368-4D18-8DC9-2AE3CC4C4F83}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{61442EE4-AEFC-46A6-95A3-3BCB6C3AC714}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15682CF6-91B9-403C-857E-9F533C49A04A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{950631FF-4624-474A-B68A-0813A5040FA1}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7F7F82F1-7C95-47CD-814F-950B56D58FC3}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7F7F82F1-7C95-47CD-814F-950B56D58FC3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7F7F82F1-7C95-47CD-814F-950B56D58FC3}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266186602}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\Vgrabber_v1
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Shopping Sidekick Plugin
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKCU\Software\AppDataLow\Software\Vgrabber_v1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Funmoods
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\Uniblue\DriverScanner
Key Deleted : HKLM\Software\Wajam
Key Deleted : HKLM\Software\Vgrabber_v1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vgrabber_v1 Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720

*************************

AdwCleaner[R0].txt - [11808 octets] - [28/10/2013 17:18:26]
AdwCleaner[s0].txt - [11589 octets] - [28/10/2013 17:19:43]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [11650 octets] ##########

Link to post
Share on other sites

I did hit clean after the adware scan, here's the results of the malware scan

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.28.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Matt D :: MATTD-PC [administrator]

10/28/2013 5:27:53 PM
mbam-log-2013-10-28 (17-27-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203601
Time elapsed: 3 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Link to post
Share on other sites

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.74 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Trend Micro Titanium Internet Security 2012  
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Adobe Flash Player 11.8.800.94 
 Adobe Reader XI 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe  
 Trend Micro Titanium TiMiniService.exe 
 Trend Micro Titanium TiResumeSrv.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Perfect!

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

If you used FRST and can't delete the quarantine folder:

Download the fixlist.txt to the same folder as FRST.

Run FRST and click Fix only once and wait

That will delete the quarantine folder created by FRST.

The rest you can manually delete.

-----------------------------

Please download OTC to your desktop.

http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.

Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (also HERE)

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.