Jump to content

Recommended Posts

My latest scan reported 2 PUPs that are apparently related to a "sweetpacks" tool bar.
I don't have a toolbar on my Firefox but would like to get rid of these. Problem is one of them is in my Firefox prefs.js and I don't want to just delete that if I might loose something that Firefox needs. prefs.js is just a text file and I can see activity related to conduit. Can that just be edited out?
Would appreciate guidance on how to resolve this. I checked the Self Help Guides, 24 pages!, but did not see anything that applied to this issue.
Follows is the "copy to clipboard" data from the threat report dialoge box.
===============================================================
Scan Date: 4/4/2014
Scan Time: 8:46:13 AM
Logfile:
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.04.04.03
Rootkit Database: v2014.03.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Sherron

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 340788
Time Elapsed: 5 hr, 15 min, 22 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.Conduit.A, C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\searchplugins\conduit.xml, , [8cc7f036700b70c6e850f36fb44ed030],
PUP.Optional.SweetPacks.A, C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "http://start.sweetpacks.com/?src=2&st=12&barid={934084FD-B2CE-11E2-B4AB-00188BCBE562}&q=") ;), ,[57fc0e180279e94d8c77f04eeb190af6]

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Welcome to the forum.

Please run a Quick Scan with Malwarebytes like this:

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

If you're using Malwarebytes 2.0, please run a Threat Scan

Then....please start HERE <-------- (may not run on W8)

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes and use the default font)

Don't forget to RogueKiller below

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Thanks for your assistance.  The attach.txt and dds.txt files follow inline.

 

I had some problem with the RogueKiller program. The first time I ran it it reported 5, (I think 5), items. I clicked the report button and exited by pressing the X in the upper right hand corner of the dialog box. Then, reading your instructions again, I closed running programs and ran RogueKiller again but this time no items were reported. Both times I did not ask it to fix anything. So all I have is the log from running it the first time and it follows attach.txt and dds.txt.

 

Thanks again!!

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/31/2011 8:40:54 PM
System Uptime: 4/3/2014 5:15:09 PM (46 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | H67A-UD3H-B3
Processor: Intel® Core i5-2500K CPU @ 3.30GHz | Socket 1155 | 3601/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 596 GiB total, 274.917 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 932 GiB total, 159.595 GiB free.
F: is FIXED (NTFS) - 69 GiB total, 21.739 GiB free.
I: is FIXED (NTFS) - 260 GiB total, 118.066 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP204: 2/21/2014 5:50:14 AM - Windows Update
RP205: 2/24/2014 2:55:41 PM - Restore Operation
RP206: 2/24/2014 3:53:39 PM - Windows Update
RP207: 2/24/2014 4:26:38 PM - Windows Update
RP208: 2/26/2014 8:48:29 AM - Windows Update
RP209: 3/2/2014 11:35:41 AM - pre-Kingsoft Office install
RP210: 3/4/2014 2:27:44 AM - Windows Update
RP211: 3/7/2014 2:37:42 AM - Windows Update
RP212: 3/11/2014 4:25:07 AM - Windows Update
RP213: 3/18/2014 5:29:39 AM - Windows Update
RP214: 3/25/2014 2:38:45 AM - Windows Update
RP215: 3/28/2014 4:51:16 AM - Windows Update
RP216: 4/1/2014 2:39:58 AM - Windows Update
RP217: 4/3/2014 4:53:37 PM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.22beta
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Photoshop Lightroom 3.6 64-bit
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Software Update
BCWipe 3.0
CyberLink PowerDirector 12
Easy Duplicate Finder v. 3.2
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
EPSON Scan
EPSON WorkForce 840 Series Printer Uninstall
EpsonNet Print
EpsonNet Setup 3.3
GIMP 2.8.6
HandBrake 0.9.9.1
HD Tune Pro 5.50
HDHomeRun
Intel® Processor Graphics
Jasc Paint Shop Pro 8
K-Lite Codec Pack 10.0.0 Full
Kaspersky Internet Security
Kingsoft Office 2013 (9.1.0.4480)
MagicTunePremium
Malwarebytes Anti-Malware version 2.00.0.1000
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Mouse and Keyboard Center
Microsoft Office Click-to-Run 2010
Microsoft Office Home and Student 2010 - English
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Mozilla Firefox 28.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird (2.0.0.23)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NewBlue Video Essentials for PowerDirector
ON_OFF Charge B10.0427.1
Paragon Hard Disk Manager™ 2010 Professional
Password Safe
PeerBlock 1.2 (r693)
PFPortChecker 1.0.39
PhotoME
PlayReady PC Runtime amd64
Postbox (3.0.9)
Quicken 2011
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
SeaTools for Windows
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
SILKYPIX Developer Studio 3.1 SE
TurboTax 2010
TurboTax 2010 whiiper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
UFRaw 0.18
UltraVnc
Update for Zip Opener
VLC media player 2.1.2
WinRAR archiver
XXConsole: Super Console Generator  ver 0.96
Zip Opener Packages
.
==== End Of File ===========================
 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521
Run by Sherron at 15:22:13 on 2014-04-05
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8109.2578 [GMT -10:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Internet Security *Enabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
C:\Windows\SysWow64\IntelCpHeciSvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe
C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\ehome\ehRecvr.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
I:\Documents and Settings\All Users\Documents\!My portable apps\MS Schedule Plus\SCHDPL32.EXE
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Postbox\postbox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Program Files (x86)\Password Safe\pwsafe.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\vssvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:Tabs
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [bCWipeTM Startup] "C:\Program Files (x86)\Jetico\BCWipe\BCWipeTM.exe" startup
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\Sherron\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PEERBL~1.LNK - C:\Program Files\PeerBlock\peerblock.exe
StartupFolder: C:\Users\Sherron\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SCHDPL~1.LNK - I:\Documents and Settings\All Users\Documents\!My portable apps\MS Schedule Plus\SCHDPL32.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMMAT~1.LNK - C:\Program Files\MagicTune Premium\GammaTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll

TCP: Interfaces\{A5787263-A0C8-45E9-A3DE-95D33C5A3CC9} : NameServer = 192.168.15.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MagicTuneEngine] C:\Program Files\MagicTune Premium\MagicTuneLauncher.exe
x64-Run: [igfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google


FF - component: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru\components\abhelperxpcom.dll
FF - component: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - component: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru\components\ffvkplugin.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\npsitesafety.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;hc3ServiceName;C:\Windows\System32\drivers\hotcore3.sys [2012-6-20 37392]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2011-4-7 21544]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-8-24 45856]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2013-10-8 29792]
R1 klpd;klpd;C:\Windows\System32\drivers\klpd.sys [2013-4-12 15456]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-5-14 55904]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2013-6-6 178272]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [2013-10-8 214512]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 HDHomeRun Service;HDHomeRun Service;C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe [2013-3-28 18432]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-2 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-2 857912]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2013-12-18 390672]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 uvnc_service;uvnc_service;C:\Program Files\UltraVNC\winvnc.exe [2011-11-16 2169592]
R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [2013-8-25 1643184]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-4-1 317440]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2013-10-8 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2013-10-8 29280]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-1 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-2 119512]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-4-2 63192]
R3 mv2;mv2;C:\Windows\System32\drivers\mv2.sys [2011-5-6 12904]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-7-26 78848]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-7-26 180224]
R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2011-11-20 22600]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-4-1 349800]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfswin7.sys [2013-6-26 768680]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaywin7.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirwin7.sys [2013-6-26 29352]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvolwin7.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S1 Uim_VIM;UIM Virtual Image Plugin;C:\Windows\System32\drivers\uim_vimx64.sys [2011-10-18 352816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-3 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-20 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-4-3 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-2 1255736]
S4 klflt;klflt;C:\Windows\System32\drivers\klflt.sys [2014-1-6 115296]
.
=============== Created Last 30 ================
.
2014-04-04 12:14:15    75888    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{863379CB-7E31-4417-94F2-69651656773E}\offreg.dll
2014-04-04 12:13:36    10521840    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{863379CB-7E31-4417-94F2-69651656773E}\mpengine.dll
2014-04-04 02:56:04    44544    ----a-w-    C:\Windows\System32\TsUsbGDCoInstaller.dll
2014-04-04 02:53:15    999936    ----a-w-    C:\Program Files (x86)\Internet Explorer\networkinspection.dll
2014-04-04 02:52:43    792576    ----a-w-    C:\Windows\SysWow64\TSWorkspace.dll
2014-04-04 02:52:43    1030144    ----a-w-    C:\Windows\System32\TSWorkspace.dll
2014-04-04 02:52:42    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-04-04 02:52:42    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2014-04-04 02:52:41    484864    ----a-w-    C:\Windows\System32\wer.dll
2014-04-04 02:52:41    381440    ----a-w-    C:\Windows\SysWow64\wer.dll
2014-04-04 02:52:41    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2014-04-04 02:52:40    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-04-04 02:52:40    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-04-04 02:52:40    228864    ----a-w-    C:\Windows\System32\wwansvc.dll
2014-04-03 04:22:20    119512    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-04-03 04:21:42    88280    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-04-03 04:21:42    63192    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-04-03 04:21:42    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-19 22:04:58    --------    d-----w-    C:\Users\Sherron\AppData\Local\Apple Computer
2014-03-09 00:35:49    --------    d-----w-    C:\Portable programs
.
==================== Find3M  ====================
.
2014-03-20 10:36:02    115296    ----a-w-    C:\Windows\System32\drivers\klflt.sys
2014-03-12 17:35:10    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 17:35:10    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-05 19:26:04    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-03-01 05:17:02    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33    5768704    ----a-w-    C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11    2041856    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15    4244480    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2014-03-01 03:00:08    1964032    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-02-25 01:40:28    29280    ----a-w-    C:\Windows\System32\drivers\klkbdflt.sys
2014-01-07 02:14:50    178272    ----a-w-    C:\Windows\System32\drivers\kneps.sys
2014-01-07 02:14:47    458336    ----a-w-    C:\Windows\System32\drivers\kl1.sys
2011-05-30 03:20:34    1138397    ----a-w-    C:\Program Files (x86)\7z922.exe
.
============= FINISH: 15:22:23.45 ===============
 

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Sherron [Admin rights]
Mode : Scan -- Date : 04/04/2014 20:09:18
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V1][sUSP PATH] DSite.job : C:\Users\Sherron\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND
[V2][sUSP PATH] DSite : C:\Users\Sherron\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] EAT @firefox.exe (FREEBL_GetVector) : MSACM32.dll -> HOOKED (C:\Program Files (x86)\Mozilla Firefox\freebl3.dll @ 0x59071000)

¤¤¤ External Hives: ¤¤¤
-> F:\Documents and Settings\All Users\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - NOT_FOUND]
-> F:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - FOUND]
-> F:\Documents and Settings\Guest\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - FOUND]
-> F:\Documents and Settings\LocalService\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - FOUND]
-> F:\Documents and Settings\NetworkService\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - FOUND]
-> F:\Documents and Settings\Sherron\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - FOUND]
-> I:\windows\system32\config\SYSTEM | DRVINFO [Drv - I:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> I:\windows\system32\config\SOFTWARE | DRVINFO [Drv - I:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> I:\windows\system32\config\SECURITY | DRVINFO [Drv - I:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> I:\Documents and Settings\Admin\NTUSER.DAT | DRVINFO [Drv - I:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> I:\Documents and Settings\Admin.PUKA\NTUSER.DAT | DRVINFO [Drv - I:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> I:\Documents and Settings\All Users\NTUSER.DAT | DRVINFO [Drv - I:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> I:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - I:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> I:\Documents and Settings\Dennis\NTUSER.DAT | DRVINFO [Drv - I:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> I:\Documents and Settings\LocalService\NTUSER.DAT | DRVINFO [Drv - I:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> I:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT | DRVINFO [Drv - I:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> I:\Documents and Settings\NetworkService\NTUSER.DAT | DRVINFO [Drv - I:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> I:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT | DRVINFO [Drv - I:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> I:\Documents and Settings\Sherron\NTUSER.DAT | DRVINFO [Drv - I:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> I:\Documents and Settings\Sherron.PUKA\NTUSER.DAT | DRVINFO [Drv - I:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD6402AAEX-00Y9A0 ATA Device +++++
--- User ---
[MBR] 5222cb3cf068a270a2330725d5df92bc
[bSP] 0f0b753d2273e02330f8eb18fcf2d8b9 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 610378 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) WDC WD7500BPKT-22PK4T0 ATA Device +++++
--- User ---
[MBR] b8d566b31e31b9e9c9eeb12a9ef61782
[bSP] 7521e845b2ee2dc88ff9b5855e9d383c : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 266248 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) SAMSUNG HD103UJ ATA Device +++++
--- User ---
[MBR] c6a95c712fa17a2d9c008f601ac5119e
[bSP] e6b816a9dbfaa97bf660783b81709c4a : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1 | Size: 953867 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ IDE) WDC WD740GD-00FLA0 ATA Device +++++
--- User ---
[MBR] 8ba46bce50eea54586df68fcd73ef8a7
[bSP] 36ed6f5a28abfef4842269d842d81288 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 70896 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_04042014_200918.txt >>



 

Link to post
Share on other sites

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

 

[V1][sUSP PATH] DSite.job : C:\Users\Sherron\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND

[V2][sUSP PATH] DSite : C:\Users\Sherron\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND

Now click Delete on the right hand column under Options

-------------

Start with this: (make sure you have created a new system restore point)

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Next:

Clean out temp files:

Download TFC from here and save it to your desktop.

http://oldtimer.geekstogo.com/TFC.exe

http://www.bleepingcomputer.com/download/tfc/dl/92/

Close any open programs and Internet browsers.

Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.

Please be patient as clearing out temp files may take a while.

Once it completes you may be prompted to restart your computer, please do so.

Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

Last......

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites

Thanks again for your efforts!!

 

RogueKiller - two registry items marked and deleted

AdwCleaner - no files in log AdwCleaner[R0].txt were saved

TFC - finished without any error, many temp files were deleted.

 

Files you requested are attached or inline.

 

# AdwCleaner v3.023 - Report created 07/04/2014 at 16:47:06
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Sherron - STITCH
# Running from : C:\Users\Sherron\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\DeviceVM
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\openit
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Sherron\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Sherron\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Sherron\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Folder Deleted : C:\Users\Sherron\AppData\Roaming\DeviceVM
Folder Deleted : C:\Users\Sherron\AppData\Roaming\DSite
Folder Deleted : C:\Users\Dennis\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Dennis\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Conduit
File Deleted : C:\Users\Sherron\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\searchplugins\Conduit.xml
File Deleted : C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\searchplugins\SweetIm.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DSite
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\2nfr7k7t.Sherron\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

[ File : C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

[ File : C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\prefs.js ]

Line Deleted : user_pref("CT2786678..clientLogIsEnabled", true);



Line Deleted : user_pref("CT2786678.CTID", "CT2786678");
Line Deleted : user_pref("CT2786678.CurrentServerDate", "19-12-2010");
Line Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2786678.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Sat Dec 18 2010 23:15:52 GMT-1000 (Hawaiian Standard Time)");
Line Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 523);
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375443753", "Sat Dec 18 2010 22:30:50 GMT-1000 (Hawaiian Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375443759", "Sat Dec 18 2010 22:30:50 GMT-1000 (Hawaiian Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444699", "Sat Dec 18 2010 22:30:47 GMT-1000 (Hawaiian Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444705", "Sat Dec 18 2010 22:30:47 GMT-1000 (Hawaiian Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444711", "Sat Dec 18 2010 22:30:47 GMT-1000 (Hawaiian Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444717", "Sat Dec 18 2010 22:30:47 GMT-1000 (Hawaiian Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444723", "Sat Dec 18 2010 22:30:47 GMT-1000 (Hawaiian Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444729", "Sat Dec 18 2010 22:30:47 GMT-1000 (Hawaiian Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444735", "Sat Dec 18 2010 22:30:49 GMT-1000 (Hawaiian Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444741", "Sat Dec 18 2010 22:30:49 GMT-1000 (Hawaiian Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444747", "Sat Dec 18 2010 22:30:49 GMT-1000 (Hawaiian Standard Time)");
Line Deleted : user_pref("CT2786678.FeedTTL129301619375444699", 10);
Line Deleted : user_pref("CT2786678.FeedTTL129301619375444723", 15);
Line Deleted : user_pref("CT2786678.FeedTTL129301619375444735", 5);
Line Deleted : user_pref("CT2786678.FeedTTL129301619375444747", 5);
Line Deleted : user_pref("CT2786678.FirstServerDate", "16-12-2010");
Line Deleted : user_pref("CT2786678.FirstTime", true);
Line Deleted : user_pref("CT2786678.FirstTimeFF3", true);
Line Deleted : user_pref("CT2786678.FixPageNotFoundErrors", false);
Line Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440);

Line Deleted : user_pref("CT2786678.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2786678.Initialize", true);
Line Deleted : user_pref("CT2786678.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2786678.InstallationType", "UnknownIntegration");
Line Deleted : user_pref("CT2786678.InstalledDate", "Thu Dec 16 2010 09:43:34 GMT-1000 (Hawaiian Standard Time)");
Line Deleted : user_pref("CT2786678.IsGrouping", false);
Line Deleted : user_pref("CT2786678.IsMulticommunity", false);
Line Deleted : user_pref("CT2786678.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2786678.IsOpenUninstallPage", false);
Line Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Sat Dec 18 2010 09:43:37 GMT-1000 (Hawaiian Standard Time)");
Line Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);

Line Deleted : user_pref("CT2786678.LastLogin_3.2.5.2", "Sat Dec 18 2010 20:30:45 GMT-1000 (Hawaiian Standard Time)");
Line Deleted : user_pref("CT2786678.LatestVersion", "3.2.3.3");
Line Deleted : user_pref("CT2786678.Locale", "en");
Line Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83");

Line Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295");

Line Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true);

Line Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Sat Dec 18 2010 09:43:36 GMT-1000 (Hawaiian Standard Time)");


Line Deleted : user_pref("CT2786678.ServiceMapLastCheckTime", "Sat Dec 18 2010 09:43:20 GMT-1000 (Hawaiian Standard Time)");
Line Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Sat Dec 18 2010 17:12:48 GMT-1000 (Hawaiian Standard Time)");
Line Deleted : user_pref("CT2786678.SettingsLastUpdate", "1291825117");
Line Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Thu Dec 16 2010 09:43:20 GMT-1000 (Hawaiian Standard Time)");
Line Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1246790578");

Line Deleted : user_pref("CT2786678.UserID", "UN49238619971737285");
Line Deleted : user_pref("CT2786678.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT2786678.WeatherNetwork", "");
Line Deleted : user_pref("CT2786678.WeatherPollDate", "Sat Dec 18 2010 23:01:50 GMT-1000 (Hawaiian Standard Time)");
Line Deleted : user_pref("CT2786678.WeatherUnit", "C");
Line Deleted : user_pref("CT2786678.alertChannelId", "1178763");
Line Deleted : user_pref("CT2786678.components.129315411424256896", false);
Line Deleted : user_pref("CT2786678.myStuffEnabled", true);
Line Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400);

Line Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);

Line Deleted : user_pref("CT2786678.testingCtid", "");
Line Deleted : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Sat Dec 18 2010 09:43:35 GMT-1000 (Hawaiian Standard Time)");
Line Deleted : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Thu Dec 16 2010 09:43:38 GMT-1000 (Hawaiian Standard Time)");
Line Deleted : user_pref("CT2786678.usagesFlag", 2);















Line Deleted : user_pref("CommunityToolbar.EngineOwner", "");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "");
Line Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);

Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "");

Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2786678");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2786678");
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Jan 05 2011 13:43:31 GMT-1000 (Hawaiian Standard Time)");

Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Jan 05 2011 11:08:45 GMT-1000 (Hawaiian Standard Time)");
Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");
Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);

Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.alert.userId", "fb55273f-30af-4ba6-baf2-38beb682f50d");
Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Dec 18 2010 09:43:41 GMT-1000 (Hawaiian Standard Time)");
Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2786678");

Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");

Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");

[ File : C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\epq7sfbg.default\prefs.js ]


[ File : C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\olft3jwu.Dennis\prefs.js ]


[ File : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\twxi73es.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [17634 octets] - [07/04/2014 16:14:49]
AdwCleaner[s0].txt - [17783 octets] - [07/04/2014 16:47:06]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [17844 octets] ##########
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Sherron (administrator) on STITCH on 07-04-2014 17:05:10
Running from C:\Users\Sherron\Portable Aps\Farbar Recovery Scan Tool
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(UltraVNC) C:\Program Files\UltraVNC\WinVNC.exe
(Silicondust USA Inc) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(UltraVNC) C:\Program Files\UltraVNC\WinVNC.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\ehome\ehRecvr.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(SEC) C:\Program Files\MagicTune Premium\MagicTune.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(OldTimer Tools) C:\Users\Sherron\Desktop\TFC.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11464296 2010-09-02] (Realtek Semiconductor)
HKLM\...\Run: [MagicTuneEngine] - C:\Program Files\MagicTune Premium\MagicTuneLauncher.exe [53760 2011-01-17] ()
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-26] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2903448 2011-06-06] (Adobe Systems Inc.)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976832 2009-12-17] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [bCWipeTM Startup] - C:\Program Files (x86)\Jetico\BCWipe\BCWipeTM.exe [311296 2004-11-29] (Jetico, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM Group Policy restriction on software: %LocalAppData%\Temp\wz*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %LocalAppData%\Temp\*.zip\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %AppData%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %LocalAppData%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %LocalAppData%\Temp\Rar*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %LocalAppData%\Temp\7z*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %AppData%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %LocalAppData%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1805509027-3728083206-3070611810-1000\...\Run: [Adobe Acrobat Synchronizer] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1240992 2011-06-06] (Adobe Systems Incorporated)
HKU\S-1-5-21-1805509027-3728083206-3070611810-1000\...\Run: [PeerBlock] - C:\Program Files\PeerBlock\peerblock.exe [2513992 2014-01-14] (PeerBlock, LLC)
Startup: C:\Users\Sherron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PeerBlock (2).lnk
ShortcutTarget: PeerBlock (2).lnk -> C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
Startup: C:\Users\Sherron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SCHDPL32.EXE - Shortcut.lnk
ShortcutTarget: SCHDPL32.EXE - Shortcut.lnk -> I:\Documents and Settings\All Users\Documents\!My portable apps\MS Schedule Plus\SCHDPL32.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6BED53DAA406CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKCU - {056B05FD-3F3A-4535-83A7-D89ADEF79DA9} URL = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=4183257091&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\..\Interfaces\{A5787263-A0C8-45E9-A3DE-95D33C5A3CC9}: [NameServer]192.168.15.1

FireFox:
========
FF ProfilePath: C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP
FF SelectedSearchEngine: Google

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: CheckPlaces - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\checkplaces@andyhalford.com [2014-01-07]
FF Extension: Facebook Translate - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\facebook-translate@oliver.schloebe.de [2014-04-05]
FF Extension: Fast Translation - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\fasttrans@kemot [2014-01-07]
FF Extension: JSONView - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\jsonview@brh.numbera.com [2014-01-07]
FF Extension: Link Gopher - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\linkgopher@oooninja.com [2014-01-07]
FF Extension: Long URL Please - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\longurlplease@darragh.curran [2014-01-07]
FF Extension: Print pages to PDF - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\printPages2Pdf@reinhold.ripper [2014-01-07]
FF Extension: Nuke Anything Enhanced - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace} [2014-01-07]
FF Extension: EPUBReader - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2014-01-07]
FF Extension: Live HTTP Headers - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2014-01-07]
FF Extension: CookieCuller - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460} [2014-01-07]
FF Extension: DictionarySearch - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{a0faa0a4-f1a7-4098-9a74-21efc3a92372} [2014-01-07]
FF Extension: BBCodeXtra - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{af79f858-4b25-4ca4-822b-b5db1be628fc} [2014-01-07]
FF Extension: DownloadHelper - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-26]
FF Extension: FoxClocks - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2014-01-23]
FF Extension: CSHelper - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{d91a2be6-3b56-4dfb-97f5-5e48fe3ed473} [2014-03-06]
FF Extension: Torbutton - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} [2014-01-07]
FF Extension: Exif Viewer - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\exif_viewer@mozilla.doslash.org.xpi [2014-01-07]
FF Extension: Ghostery - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\firefox@ghostery.com.xpi [2014-03-18]
FF Extension: i2Symbol (Emoticons, Smileys, Symbols) - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\i2symbol@sciweavers.org.xpi [2014-01-07]
FF Extension: Lightbeam - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2014-01-07]
FF Extension: Print Edit - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\printedit@DW-dev.xpi [2014-01-07]
FF Extension: Tab Counter - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\tabcounter@morac.xpi [2014-01-07]
FF Extension: Session Manager - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-01-07]
FF Extension: Image Zoom - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2014-01-07]
FF Extension: RefControl - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [2014-01-07]
FF Extension: NoScript - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-01-07]
FF Extension: Adblock Plus - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-07]
FF Extension: BetterPrivacy - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-01-07]
FF Extension: DownThemAll! - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-01-07]
FF Extension: Greasemonkey - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-01-07]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-04-13]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-01-06]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-06]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-01-06]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-01-06]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-01-06]

==================== Services (Whitelisted) =================

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-08] (Kaspersky Lab ZAO)
R2 HDHomeRun Service; C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe [18432 2013-03-28] (Silicondust USA Inc)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-08-08] ()
R2 uvnc_service; C:\Program Files\UltraVNC\WinVNC.exe [2169592 2011-05-18] (UltraVNC)
S2 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-08-25] (AVG Technologies)
S4 BCSWAP; C:\Windows\SysWow64\Drivers\BCSWAP.sys [98452 2001-10-28] (Jetico, Inc.)
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37392 2010-01-17] (Paragon Software Group)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-01-06] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-20] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-08] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-24] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-01-06] (Kaspersky Lab ZAO)
R1 MagicTune; C:\Windows\system32\drivers\MTiCtwl.sys [23096 2008-11-04] (Samsung Electronics, Inc. )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 mv2; C:\Windows\System32\DRIVERS\mv2.sys [12904 2011-05-06] (UVNC BVBA)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [768680 2013-06-26] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2013-06-26] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29352 2013-06-26] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2013-06-26] (Microsoft Corporation)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [48144 2010-01-17] (Windows ® 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [158736 2010-01-17] (Paragon)
S1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-10-18] (Paragon)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-07 17:05 - 2014-04-07 17:05 - 00000000 ____D () C:\FRST
2014-04-07 16:54 - 2014-04-07 16:54 - 00448512 _____ (OldTimer Tools) C:\Users\Sherron\Desktop\TFC.exe
2014-04-07 16:14 - 2014-04-07 16:47 - 00000000 ____D () C:\AdwCleaner
2014-04-07 16:13 - 2014-04-07 16:13 - 01426178 _____ () C:\Users\Sherron\Desktop\AdwCleaner.exe
2014-04-07 16:12 - 2014-04-07 16:12 - 00005916 _____ () C:\Users\Sherron\Desktop\RKreport[0]_D_04072014_161232.txt
2014-04-07 16:09 - 2014-04-07 16:09 - 00005855 _____ () C:\Users\Sherron\Desktop\RKreport[0]_S_04072014_160911.txt
2014-04-07 16:00 - 2014-04-07 16:00 - 00001771 _____ () C:\Users\Sherron\Desktop\RKreport[0]_S_04052014_155734.7z
2014-04-07 15:59 - 2014-04-07 15:59 - 00005223 _____ () C:\Users\Sherron\Desktop\dds.7z
2014-04-07 15:59 - 2014-04-07 15:59 - 00001901 _____ () C:\Users\Sherron\Desktop\attach.7z
2014-04-07 15:48 - 2014-04-07 15:48 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-04-06 15:21 - 2014-04-06 15:43 - 00014188 __RSH () C:\ProgramData\ntuser.pol
2014-04-06 08:41 - 2014-04-07 01:32 - 00000000 ____D () C:\Users\Sherron\AppData\Local\CrashDumps
2014-04-05 15:57 - 2014-04-05 15:57 - 00005926 _____ () C:\Users\Sherron\Desktop\RKreport[0]_S_04052014_155734.txt
2014-04-05 15:12 - 2014-04-05 15:15 - 00000000 ____D () C:\Users\Dennis\Hostess Contest
2014-04-04 20:09 - 2014-04-04 20:09 - 00005893 _____ () C:\Users\Sherron\Desktop\RKreport[0]_S_04042014_200918-OLD01.txt
2014-04-04 20:04 - 2014-04-04 20:15 - 00000000 ____D () C:\Users\Sherron\Desktop\RK_Quarantine
2014-04-04 20:02 - 2014-04-04 20:02 - 04527616 _____ () C:\Users\Sherron\Desktop\RogueKillerX64.exe
2014-04-04 12:41 - 2014-04-05 15:22 - 00020241 _____ () C:\Users\Sherron\Desktop\dds.txt
2014-04-04 12:41 - 2014-04-05 15:22 - 00003942 _____ () C:\Users\Sherron\Desktop\attach.txt
2014-04-04 12:37 - 2014-04-04 12:37 - 00688992 ____R (Swearware) C:\Users\Sherron\Desktop\dds.com
2014-04-04 12:36 - 2014-04-04 12:36 - 00688992 _____ (Swearware) C:\Users\Sherron\Desktop\dds.scr
2014-04-04 12:36 - 2014-04-04 12:34 - 00000824 _____ () C:\Users\Sherron\Desktop\newhosts.txt
2014-04-04 12:34 - 2014-04-04 12:34 - 00000824 _____ () C:\Users\Sherron\Documents\newhosts.txt
2014-04-03 21:20 - 2014-04-03 21:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-03 16:56 - 2013-10-01 16:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-04-03 16:56 - 2013-10-01 16:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-04-03 16:56 - 2013-10-01 16:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-04-03 16:56 - 2013-10-01 15:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-04-03 16:56 - 2013-10-01 15:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-04-03 16:56 - 2013-10-01 15:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-04-03 16:56 - 2013-10-01 15:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-04-03 16:56 - 2013-10-01 14:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-04-03 16:56 - 2013-10-01 14:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-04-03 16:56 - 2013-10-01 14:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-04-03 16:56 - 2013-10-01 14:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-04-03 16:56 - 2013-10-01 14:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-04-03 16:56 - 2013-10-01 13:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-04-03 16:56 - 2013-10-01 13:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-04-03 16:56 - 2013-10-01 13:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-04-03 16:56 - 2013-10-01 12:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-04-03 16:56 - 2013-10-01 10:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-03 16:56 - 2013-10-01 10:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-03 16:53 - 2014-02-28 20:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-03 16:53 - 2014-02-28 19:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-03 16:53 - 2014-02-28 19:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-03 16:53 - 2014-02-28 18:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-03 16:53 - 2014-02-28 18:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-03 16:53 - 2014-02-28 18:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-03 16:53 - 2014-02-28 18:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-03 16:53 - 2014-02-28 18:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-03 16:53 - 2014-02-28 18:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-03 16:53 - 2014-02-28 18:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-03 16:53 - 2014-02-28 18:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-03 16:53 - 2014-02-28 18:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-03 16:53 - 2014-02-28 18:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-03 16:53 - 2014-02-28 18:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-03 16:53 - 2014-02-28 18:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-03 16:53 - 2014-02-28 18:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-03 16:53 - 2014-02-28 18:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-03 16:53 - 2014-02-28 17:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-03 16:53 - 2014-02-28 17:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-03 16:53 - 2014-02-28 17:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-03 16:53 - 2014-02-28 17:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-03 16:53 - 2014-02-28 17:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-03 16:53 - 2014-02-28 17:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-03 16:53 - 2014-02-28 17:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-03 16:53 - 2014-02-28 17:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-03 16:53 - 2014-02-28 17:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-03 16:53 - 2014-02-28 17:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-03 16:53 - 2014-02-28 17:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-03 16:53 - 2014-02-28 17:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-03 16:53 - 2014-02-28 17:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-03 16:53 - 2014-02-28 17:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-03 16:53 - 2014-02-28 17:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-03 16:53 - 2014-02-28 17:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-03 16:53 - 2014-02-28 17:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-03 16:53 - 2014-02-28 16:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-03 16:53 - 2014-02-28 16:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-03 16:53 - 2014-02-28 16:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-03 16:53 - 2014-02-28 16:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-03 16:53 - 2014-02-28 16:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-03 16:53 - 2014-02-28 16:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-03 16:52 - 2014-02-06 15:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-04-03 16:52 - 2014-02-03 16:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-04-03 16:52 - 2014-02-03 16:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-04-03 16:52 - 2014-02-03 16:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-04-03 16:52 - 2014-02-03 16:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-04-03 16:52 - 2014-01-28 16:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-04-03 16:52 - 2014-01-28 16:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-04-03 16:52 - 2014-01-27 16:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-04-03 16:52 - 2013-09-24 16:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-04-03 16:52 - 2013-09-24 15:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-04-02 18:22 - 2014-04-07 16:52 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-02 18:21 - 2014-04-05 21:03 - 00001140 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-02 18:21 - 2014-04-05 21:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-02 18:21 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-02 18:21 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-27 08:36 - 2014-03-27 08:36 - 00001448 _____ () C:\Users\Sherron\Desktop\photome.exe - Shortcut.lnk
2014-03-19 12:04 - 2014-03-19 12:04 - 00000000 ____D () C:\Users\Sherron\AppData\Local\Apple Computer
2014-03-16 09:56 - 2014-03-16 10:03 - 00000741 _____ () C:\Users\Sherron\Desktop\Majjong - GameMenu.exe - Shortcut.lnk
2014-03-09 16:03 - 2014-03-09 16:03 - 00001175 _____ () C:\Users\Sherron\Desktop\TrueCrypt.exe - Shortcut.lnk

==================== One Month Modified Files and Folders =======

2014-04-07 17:05 - 2014-04-07 17:05 - 00000000 ____D () C:\FRST
2014-04-07 17:01 - 2011-06-20 23:59 - 00000000 ____D () C:\Users\Sherron\Portable Aps
2014-04-07 16:57 - 2009-07-13 18:45 - 00015376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-07 16:57 - 2009-07-13 18:45 - 00015376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-07 16:54 - 2014-04-07 16:54 - 00448512 _____ (OldTimer Tools) C:\Users\Sherron\Desktop\TFC.exe
2014-04-07 16:53 - 2011-03-31 05:39 - 02014156 _____ () C:\Windows\WindowsUpdate.log
2014-04-07 16:52 - 2014-04-02 18:22 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-07 16:52 - 2014-01-06 15:18 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-04-07 16:49 - 2009-07-13 19:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-07 16:49 - 2009-07-13 18:51 - 00036628 _____ () C:\Windows\setupact.log
2014-04-07 16:48 - 2012-05-04 13:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-07 16:47 - 2014-04-07 16:14 - 00000000 ____D () C:\AdwCleaner
2014-04-07 16:37 - 2014-03-03 21:09 - 00000378 _____ () C:\Windows\Tasks\WpsNotifyTask_Sherron.job
2014-04-07 16:35 - 2013-05-26 20:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-07 16:34 - 2014-03-03 21:09 - 00000378 _____ () C:\Windows\Tasks\WpsUpdateTask_Sherron.job
2014-04-07 16:13 - 2014-04-07 16:13 - 01426178 _____ () C:\Users\Sherron\Desktop\AdwCleaner.exe
2014-04-07 16:12 - 2014-04-07 16:12 - 00005916 _____ () C:\Users\Sherron\Desktop\RKreport[0]_D_04072014_161232.txt
2014-04-07 16:09 - 2014-04-07 16:09 - 00005855 _____ () C:\Users\Sherron\Desktop\RKreport[0]_S_04072014_160911.txt
2014-04-07 16:08 - 2011-11-20 23:58 - 00000000 ____D () C:\Program Files\PeerBlock
2014-04-07 16:07 - 2014-01-07 23:22 - 00000000 ____D () C:\Users\Sherron\AppData\Local\PasswordSafe
2014-04-07 16:06 - 2014-02-08 21:11 - 00000000 ____D () C:\Users\Sherron\AppData\Roaming\uTorrent
2014-04-07 16:00 - 2014-04-07 16:00 - 00001771 _____ () C:\Users\Sherron\Desktop\RKreport[0]_S_04052014_155734.7z
2014-04-07 15:59 - 2014-04-07 15:59 - 00005223 _____ () C:\Users\Sherron\Desktop\dds.7z
2014-04-07 15:59 - 2014-04-07 15:59 - 00001901 _____ () C:\Users\Sherron\Desktop\attach.7z
2014-04-07 15:48 - 2014-04-07 15:48 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-04-07 01:32 - 2014-04-06 08:41 - 00000000 ____D () C:\Users\Sherron\AppData\Local\CrashDumps
2014-04-07 01:00 - 2013-12-01 12:15 - 00000510 _____ () C:\Windows\Tasks\Malwarebytes' Scheduled Update for Sherron.job
2014-04-06 15:43 - 2014-04-06 15:21 - 00014188 __RSH () C:\ProgramData\ntuser.pol
2014-04-06 11:38 - 2011-04-12 18:15 - 00000000 ____D () C:\Users\Sherron\AppData\Roaming\vlc
2014-04-05 21:03 - 2014-04-02 18:21 - 00001140 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-05 21:03 - 2014-04-02 18:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-05 15:57 - 2014-04-05 15:57 - 00005926 _____ () C:\Users\Sherron\Desktop\RKreport[0]_S_04052014_155734.txt
2014-04-05 15:22 - 2014-04-04 12:41 - 00020241 _____ () C:\Users\Sherron\Desktop\dds.txt
2014-04-05 15:22 - 2014-04-04 12:41 - 00003942 _____ () C:\Users\Sherron\Desktop\attach.txt
2014-04-05 15:15 - 2014-04-05 15:12 - 00000000 ____D () C:\Users\Dennis\Hostess Contest
2014-04-05 15:13 - 2013-11-02 20:54 - 00000000 ____D () C:\Users\Dennis
2014-04-04 20:15 - 2014-04-04 20:04 - 00000000 ____D () C:\Users\Sherron\Desktop\RK_Quarantine
2014-04-04 20:09 - 2014-04-04 20:09 - 00005893 _____ () C:\Users\Sherron\Desktop\RKreport[0]_S_04042014_200918-OLD01.txt
2014-04-04 20:02 - 2014-04-04 20:02 - 04527616 _____ () C:\Users\Sherron\Desktop\RogueKillerX64.exe
2014-04-04 12:37 - 2014-04-04 12:37 - 00688992 ____R (Swearware) C:\Users\Sherron\Desktop\dds.com
2014-04-04 12:36 - 2014-04-04 12:36 - 00688992 _____ (Swearware) C:\Users\Sherron\Desktop\dds.scr
2014-04-04 12:34 - 2014-04-04 12:36 - 00000824 _____ () C:\Users\Sherron\Desktop\newhosts.txt
2014-04-04 12:34 - 2014-04-04 12:34 - 00000824 _____ () C:\Users\Sherron\Documents\newhosts.txt
2014-04-03 21:20 - 2014-04-03 21:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-03 18:27 - 2009-07-13 17:20 - 00000000 ____D () C:\Windows\rescache
2014-04-03 17:16 - 2011-04-12 15:59 - 00218378 _____ () C:\Windows\PFRO.log
2014-04-03 17:16 - 2009-07-13 18:45 - 00294968 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-03 16:55 - 2013-08-06 17:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-03 16:54 - 2011-04-10 11:57 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-03 09:51 - 2014-04-02 18:21 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-02 18:21 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2013-12-01 11:57 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 18:21 - 2013-12-01 11:57 - 00000000 ____D () C:\Users\Sherron\AppData\Roaming\Malwarebytes
2014-04-02 18:21 - 2013-12-01 11:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-02 18:19 - 2011-04-13 17:04 - 00000000 ____D () C:\Users\Public\Documents\Stitch configuration
2014-03-27 08:36 - 2014-03-27 08:36 - 00001448 _____ () C:\Users\Sherron\Desktop\photome.exe - Shortcut.lnk
2014-03-23 12:26 - 2013-06-01 12:40 - 00000000 ____D () C:\Users\Sherron\Documents\My PSP8 Files
2014-03-20 00:36 - 2014-01-06 15:18 - 00625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-03-20 00:36 - 2014-01-06 15:18 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-03-19 12:04 - 2014-03-19 12:04 - 00000000 ____D () C:\Users\Sherron\AppData\Local\Apple Computer
2014-03-16 10:03 - 2014-03-16 09:56 - 00000741 _____ () C:\Users\Sherron\Desktop\Majjong - GameMenu.exe - Shortcut.lnk
2014-03-12 07:35 - 2013-05-26 20:32 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 07:35 - 2012-06-04 23:59 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 07:35 - 2011-06-02 14:28 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-09 16:03 - 2014-03-09 16:03 - 00001175 _____ () C:\Users\Sherron\Desktop\TrueCrypt.exe - Shortcut.lnk
2014-03-09 11:47 - 2014-03-06 14:02 - 00004416 _____ () C:\Users\Sherron\AppData\Roaming\CamStudio.cfg
2014-03-09 11:47 - 2014-03-06 14:02 - 00000408 _____ () C:\Users\Sherron\AppData\Roaming\CamShapes.ini
2014-03-09 11:47 - 2014-03-06 14:02 - 00000408 _____ () C:\Users\Sherron\AppData\Roaming\CamLayout.ini
2014-03-09 11:47 - 2014-03-06 14:02 - 00000120 _____ () C:\Users\Sherron\AppData\Roaming\Camdata.ini

Files to move or delete:
====================
C:\Users\Sherron\AppData\Roaming\CamLayout.ini
C:\Users\Sherron\AppData\Roaming\CamShapes.ini
C:\Users\Public\Adobe Acrobat X (10.0.2) Pro.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-30 00:12

==================== End Of Log ============================

 

 

 

 

Addition.txt

Link to post
Share on other sites
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}

AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

 

Please permanently disable Defender, you have Kaspersky running.

Having two anti-virus programs running on a system only causes poor performance, conflicts and spotty protection.

How to Disable Defender

Dangers of running 2 anti-virus programs

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download the attached fixlist.txt to the same folder as FRST.

Run FRST.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Update and run a Threat scan with Malwarebytes, quarantine everything found

Reboot and let me know how it is, MrC

Link to post
Share on other sites

Many thanks again for all your efforts.!!

Windows Defender Disabled. (I thought Kaspersky did this automatically during the install)

FRST.exe run with fixlist.txt. Results follow.

Malwarebytes Threat Scan run with no problems reported.

Reboot and it seems ok.

Malwarebytes Threat Scan run again after reboot with no problems reported.

I do have a question about the deletion of the Group Policy restriction on software, in the fixlist log.
I entered them there after reading this page:
http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information#prevent

They seemed a rather safe thing to prevent any executable from running from data space.

Are they a problem to be there?

Many thanks again.!!

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Sherron at 2014-04-08 08:09:10 Run:1
Running from C:\Users\Sherron\Portable Aps\Farbar Recovery Scan Tool
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [] - [X]
HKLM Group Policy restriction on software: %LocalAppData%\Temp\wz*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %LocalAppData%\Temp\*.zip\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %AppData%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %LocalAppData%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %LocalAppData%\Temp\Rar*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %LocalAppData%\Temp\7z*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %AppData%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %LocalAppData%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
C:\Users\Sherron\AppData\Roaming\CamLayout.ini
C:\Users\Sherron\AppData\Roaming\CamShapes.ini



*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
C:\Users\Sherron\AppData\Roaming\CamLayout.ini => Moved successfully.
C:\Users\Sherron\AppData\Roaming\CamShapes.ini => Moved successfully.

==== End of Fixlog ====

Link to post
Share on other sites

OK, you can restore those Group Policy Restrictions......I didn't know you put them there.

If there's no other problems......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

Thanks for the info on the Group Policy Restrictions. I will put them back when we are all done.

Here is the checkup.txt output file. It's not clear if both the Windows Firewall and Kaspersky Firewall are enabled. Again, I thought Kaspersky takes over the firewall and disables the Windows Firewall. Maybe not a critical as not running two anti-virus programs at the same time.

 

I am actually running Postbox 3.0.9. Since it is Mozilla based it must have confused SecurityCheck.

 Results of screen317's Security Check version 0.99.81 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Kaspersky Internet Security  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 12.0.0.77 
 Mozilla Firefox (28.0)
 Mozilla Thunderbird (2.0.0 Thunderbird out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe  
 Kaspersky Lab Kaspersky Internet Security 14.0.0 avp.exe 
 Kaspersky Lab Kaspersky Internet Security 14.0.0 avpui.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

To turn the firewall off:
Open Windows Firewall by clicking the Start button , and then clicking Control Panel. In the search box, type firewall, and then click Windows Firewall.

Click Turn Windows Firewall on or off. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

Click Turn off Windows Firewall (not recommended) under each network location that you want to stop trying to protect, and then click OK.

---------------------------------------------------

The rest looks OK.......

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

bwebb7v.jpgDownload Delfix from here and save it to your desktop.

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.

Any other programs or logs you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-------------------------------

Any questions...please post back.
If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (My Preventive Maintenance also found HERE)

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.